Browse Source

first commit

main
Jörg Thalheim 4 months ago
commit
5907008f2b
No known key found for this signature in database GPG Key ID: 3F2096411B5F92
  1. 1
      .gitignore
  2. 1
      cluster-admin.kubeconfig
  3. 8
      default-policy.json
  4. 18
      default.nix
  5. 93
      flake.lock
  6. 27
      flake.nix
  7. 18
      image.nix
  8. 68
      module.nix
  9. 11
      shell.nix

1
.gitignore

@ -0,0 +1 @@
kubtoken

1
cluster-admin.kubeconfig

@ -0,0 +1 @@
{"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority":"/var/lib/kubernetes/secrets/ca.pem","server":"https://10.243.29.174:8443"},"name":"local"}],"contexts":[{"context":{"cluster":"local","user":"cluster-admin"},"current-context":"local"}],"kind":"Config","users":[{"name":"cluster-admin","user":{"client-certificate":"/var/lib/kubernetes/secrets/cluster-admin.pem","client-key":"/var/lib/kubernetes/secrets/cluster-admin-key.pem"}}]}

8
default-policy.json

@ -0,0 +1,8 @@
{
"default": [{ "type": "insecureAcceptAnything" }],
"transports": {
"docker-daemon": {
"": [{ "type": "insecureAcceptAnything" }]
}
}
}

18
default.nix

@ -0,0 +1,18 @@
{ kubenix, registry ? "docker.io/mic92" }:
rec {
# evaluated configuration
inherit (kubenix.evalModules {
modules = [
./module.nix
{ docker.registry.url = registry; }
];
}) config;
# generated: kubernetes List object
# result: JSON file you can deploy to kubernetes
inherit (config.kubernetes) generated result;
# export: Exported docker images
# copyScript: script to push docker images to registry
inherit (config.docker) export copyScript;
}

93
flake.lock

@ -0,0 +1,93 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1610051610,
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"kubenix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1609236987,
"narHash": "sha256-XluRu59pnTxLgTmKSIsb60quYF2n06H0Q+0iHdD7dUg=",
"owner": "Mic92",
"repo": "kubenix",
"rev": "cba0fd941094e79c8a10a529cc6e2a1514886a48",
"type": "github"
},
"original": {
"owner": "Mic92",
"ref": "flake",
"repo": "kubenix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1609233094,
"narHash": "sha256-Ltzng3h4LDNjYAvmoX0kQ3023TvdupwuMvm1D7hZkyY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2b556ea6712cd4fa76a433093df0cb375a267e3d",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1610091690,
"narHash": "sha256-roNY/PYNMzqCnyusT0AQwCWvKDXahZxxf/m7A03VNOM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4786388803d0a44c53749163550857eab26a92cd",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"kubenix": "kubenix",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

27
flake.nix

@ -0,0 +1,27 @@
{
description = "Kubernetes resource builder using nix";
# $ kubectl apply -f <(nix eval --json .#mumble-web.generated)
# $ kubectl destroy -f <(nix eval --json .#mumble-web.generated)
# $ nix run .#mumble-web.copyScript
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.nixpkgs.url = "github:NixOS/nixpkgs";
inputs.kubenix.url = "github:Mic92/kubenix/flake";
outputs = { self
, nixpkgs
, flake-utils
, kubenix
}:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = nixpkgs.legacyPackages.${system};
in rec {
packages.mumble-web = pkgs.callPackage ./default.nix {
kubenix = kubenix.defaultPackage.${system};
};
defaultPackage = packages.mumble-web;
devShell = pkgs.callPackage ./shell.nix {};
});
}

18
image.nix

@ -0,0 +1,18 @@
{ dockerTools, nginx }:
dockerTools.buildLayeredImage {
name = "nginx";
contents = [ nginx ];
extraCommands = ''
mkdir -p etc
chmod u+w etc
echo "nginx:x:1000:1000::/:" > etc/passwd
echo "nginx:x:1000:nginx" > etc/group
'';
config = {
Cmd = ["nginx" "-c" "/etc/nginx/nginx.conf"];
ExposedPorts = {
"8383/tcp" = {};
};
};
}

68
module.nix

@ -0,0 +1,68 @@
{ config, lib, pkgs, kubenix, ... }:
with lib;
let
nginx = pkgs.callPackage ./image.nix { };
in {
imports = with kubenix.modules; [ k8s docker ];
docker.images.nginx.image = nginx;
kubernetes.resources.deployments.nginx = {
spec = {
replicas = 10;
selector.matchLabels.app = "nginx";
template = {
metadata.labels.app = "nginx";
spec = {
securityContext.fsGroup = 1000;
containers.nginx = {
image = config.docker.images.nginx.path;
imagePullPolicy = "IfNotPresent";
volumeMounts."/etc/nginx".name = "config";
volumeMounts."/var/lib/html".name = "static";
volumeMounts."/var/log/nginx".name = "logs";
volumeMounts."/var/log/cache".name = "cache";
};
volumes.config.configMap.name = "nginx-config";
volumes.static.configMap.name = "nginx-static";
volumes.logs.configMap.name = "nginx-logs";
volumes.cache.configMap.name = "nginx-cache";
};
};
};
};
kubernetes.resources.configMaps.nginx-config.data."nginx.conf" = ''
user nginx nginx;
daemon off;
error_log /dev/stdout info;
pid /dev/null;
events {}
http {
access_log /dev/stdout;
server {
listen 8383;
index index.html;
location / {
root /var/lib/html;
}
}
}
'';
kubernetes.resources.configMaps.nginx-static.data."index.html" = ''
<html><body><h1>Hello from NGINX</h1></body></html>
'';
kubernetes.resources.services.nginx = {
spec = {
ports = [{
name = "http";
port = 8383;
}];
selector.app = "nginx";
};
};
}

11
shell.nix

@ -0,0 +1,11 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
nativeBuildInputs = [
pkgs.bashInteractive
pkgs.kubectl
];
shellHook = ''
export KUBECONFIG=$PWD/cluster-admin.kubeconfig
'';
}
Loading…
Cancel
Save