Implement a generic helm templater package.

2025-12-29 21:41:23 -05:00
parent f5e80ee3bd
commit a7f2a97125
4 changed files with 111 additions and 116 deletions
--- a/nix/kubernetes/keys/scope.nix
+++ b/nix/kubernetes/keys/scope.nix
@@ -2,6 +2,7 @@
  makeScope,
  newScope,
  callPackage,
+  fetchFromGitHub,
  lib,
 }:
 let
@@ -207,8 +208,68 @@ makeScope newScope (
        }
    );
    encryption_config = (callPackage ./package/k8s-encryption-key/package.nix additional_vars);
-    cilium-manifest = (callPackage ./package/cilium-manifest/package.nix additional_vars);
-    coredns-manifest = (callPackage ./package/coredns-manifest/package.nix additional_vars);
+    cilium-manifest =
+      let
+        version = "1.18.5";
+      in
+      (callPackage ./package/helm-manifest/package.nix (
+        additional_vars
+        // {
+          helm_src = fetchFromGitHub {
+            owner = "cilium";
+            repo = "cilium";
+            tag = "v${version}";
+            hash = "sha256-348inOOQ/fgwTYnaSHrQ363xGYnx2UPts3D4ycDRsWE=";
+          };
+          helm_name = "cilium";
+          helm_namespace = "kube-system";
+          helm_path = "install/kubernetes/cilium";
+          helm_manifest_name = "cilium.yaml";
+          helm_values = {
+            "kubeProxyReplacement" = true;
+            "ipam.mode" = "kubernetes";
+            "k8sServiceHost" = "2620:11f:7001:7:ffff:ffff:ad7:1dd";
+            "k8sServicePort" = 6443;
+            "ipv6.enabled" = true;
+            "ipv4.enabled" = true;
+            "enableIPv6Masquerade" = false;
+            "enableIPv4BIGTCP" = false;
+            "enableIPv6BIGTCP" = false;
+            "routingMode" = "native";
+            "ipv4NativeRoutingCIDR" = "10.0.0.0/8";
+            "ipv6NativeRoutingCIDR" = "2620:11f:7001:7:ffff::/96";
+            # --set hostFirewall.enabled=true
+            # --set routingMode=native
+
+            # --set 'ipam.operator.clusterPoolIPv4PodCIDRList=["10.0.0.0/8"]' \
+            # --set 'ipam.operator.clusterPoolIPv6PodCIDRList=["fd00::/100"]' \
+
+            # --set encryption.enabled=true \
+            # --set encryption.type=wireguard
+            # --set encryption.nodeEncryption=true
+          };
+        }
+      ));
+    coredns-manifest =
+      let
+        version = "1.45.0";
+      in
+      (callPackage ./package/helm-manifest/package.nix (
+        additional_vars
+        // {
+          helm_src = fetchFromGitHub {
+            owner = "coredns";
+            repo = "helm";
+            tag = "coredns-${version}";
+            hash = "sha256-9YHd/jB33JXvySzx/p9DaP+/2p5ucyLjues4DNtOkmU=";
+          };
+          helm_name = "coredns";
+          helm_namespace = "kube-system";
+          helm_path = "charts/coredns";
+          helm_manifest_name = "coredns.yaml";
+          helm_values = { };
+        }
+      ));
    all_keys = (callPackage ./package/k8s-keys/package.nix additional_vars);
    deploy_script = (callPackage ./package/deploy-script/package.nix additional_vars);
    bootstrap_script = (callPackage ./package/bootstrap-script/package.nix additional_vars);