From 5907008f2b96227a46d72c3e8c5de946e1f4dba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 8 Jan 2021 12:19:09 +0100 Subject: [PATCH] first commit --- .gitignore | 1 + cluster-admin.kubeconfig | 1 + default-policy.json | 8 ++++ default.nix | 18 ++++++++ flake.lock | 93 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 27 ++++++++++++ image.nix | 18 ++++++++ module.nix | 68 +++++++++++++++++++++++++++++ shell.nix | 11 +++++ 9 files changed, 245 insertions(+) create mode 100644 .gitignore create mode 100644 cluster-admin.kubeconfig create mode 100644 default-policy.json create mode 100644 default.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 image.nix create mode 100644 module.nix create mode 100644 shell.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b2368bf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +kubtoken diff --git a/cluster-admin.kubeconfig b/cluster-admin.kubeconfig new file mode 100644 index 0000000..c7506ab --- /dev/null +++ b/cluster-admin.kubeconfig @@ -0,0 +1 @@ +{"apiVersion":"v1","clusters":[{"cluster":{"certificate-authority":"/var/lib/kubernetes/secrets/ca.pem","server":"https://10.243.29.174:8443"},"name":"local"}],"contexts":[{"context":{"cluster":"local","user":"cluster-admin"},"current-context":"local"}],"kind":"Config","users":[{"name":"cluster-admin","user":{"client-certificate":"/var/lib/kubernetes/secrets/cluster-admin.pem","client-key":"/var/lib/kubernetes/secrets/cluster-admin-key.pem"}}]} diff --git a/default-policy.json b/default-policy.json new file mode 100644 index 0000000..dc0bee2 --- /dev/null +++ b/default-policy.json @@ -0,0 +1,8 @@ +{ + "default": [{ "type": "insecureAcceptAnything" }], + "transports": { + "docker-daemon": { + "": [{ "type": "insecureAcceptAnything" }] + } + } +} diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..0e3323e --- /dev/null +++ b/default.nix @@ -0,0 +1,18 @@ +{ kubenix, registry ? "docker.io/mic92" }: + +rec { + # evaluated configuration + inherit (kubenix.evalModules { + modules = [ + ./module.nix + { docker.registry.url = registry; } + ]; + }) config; + + # generated: kubernetes List object + # result: JSON file you can deploy to kubernetes + inherit (config.kubernetes) generated result; + # export: Exported docker images + # copyScript: script to push docker images to registry + inherit (config.docker) export copyScript; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..0ac4d2a --- /dev/null +++ b/flake.lock @@ -0,0 +1,93 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1610051610, + "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "kubenix": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1609236987, + "narHash": "sha256-XluRu59pnTxLgTmKSIsb60quYF2n06H0Q+0iHdD7dUg=", + "owner": "Mic92", + "repo": "kubenix", + "rev": "cba0fd941094e79c8a10a529cc6e2a1514886a48", + "type": "github" + }, + "original": { + "owner": "Mic92", + "ref": "flake", + "repo": "kubenix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1609233094, + "narHash": "sha256-Ltzng3h4LDNjYAvmoX0kQ3023TvdupwuMvm1D7hZkyY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2b556ea6712cd4fa76a433093df0cb375a267e3d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1610091690, + "narHash": "sha256-roNY/PYNMzqCnyusT0AQwCWvKDXahZxxf/m7A03VNOM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4786388803d0a44c53749163550857eab26a92cd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "kubenix": "kubenix", + "nixpkgs": "nixpkgs_2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..4b98dca --- /dev/null +++ b/flake.nix @@ -0,0 +1,27 @@ +{ + description = "Kubernetes resource builder using nix"; + + # $ kubectl apply -f <(nix eval --json .#mumble-web.generated) + # $ kubectl destroy -f <(nix eval --json .#mumble-web.generated) + # $ nix run .#mumble-web.copyScript + + inputs.flake-utils.url = "github:numtide/flake-utils"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs"; + inputs.kubenix.url = "github:Mic92/kubenix/flake"; + + outputs = { self + , nixpkgs + , flake-utils + , kubenix + }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + in rec { + packages.mumble-web = pkgs.callPackage ./default.nix { + kubenix = kubenix.defaultPackage.${system}; + }; + defaultPackage = packages.mumble-web; + devShell = pkgs.callPackage ./shell.nix {}; + }); +} diff --git a/image.nix b/image.nix new file mode 100644 index 0000000..a198b13 --- /dev/null +++ b/image.nix @@ -0,0 +1,18 @@ +{ dockerTools, nginx }: + +dockerTools.buildLayeredImage { + name = "nginx"; + contents = [ nginx ]; + extraCommands = '' + mkdir -p etc + chmod u+w etc + echo "nginx:x:1000:1000::/:" > etc/passwd + echo "nginx:x:1000:nginx" > etc/group + ''; + config = { + Cmd = ["nginx" "-c" "/etc/nginx/nginx.conf"]; + ExposedPorts = { + "8383/tcp" = {}; + }; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..3593e65 --- /dev/null +++ b/module.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, kubenix, ... }: + +with lib; + +let + nginx = pkgs.callPackage ./image.nix { }; +in { + imports = with kubenix.modules; [ k8s docker ]; + + docker.images.nginx.image = nginx; + + kubernetes.resources.deployments.nginx = { + spec = { + replicas = 10; + selector.matchLabels.app = "nginx"; + template = { + metadata.labels.app = "nginx"; + spec = { + securityContext.fsGroup = 1000; + containers.nginx = { + image = config.docker.images.nginx.path; + imagePullPolicy = "IfNotPresent"; + volumeMounts."/etc/nginx".name = "config"; + volumeMounts."/var/lib/html".name = "static"; + volumeMounts."/var/log/nginx".name = "logs"; + volumeMounts."/var/log/cache".name = "cache"; + }; + volumes.config.configMap.name = "nginx-config"; + volumes.static.configMap.name = "nginx-static"; + volumes.logs.configMap.name = "nginx-logs"; + volumes.cache.configMap.name = "nginx-cache"; + }; + }; + }; + }; + + kubernetes.resources.configMaps.nginx-config.data."nginx.conf" = '' + user nginx nginx; + daemon off; + error_log /dev/stdout info; + pid /dev/null; + events {} + http { + access_log /dev/stdout; + server { + listen 8383; + index index.html; + location / { + root /var/lib/html; + } + } + } + ''; + + kubernetes.resources.configMaps.nginx-static.data."index.html" = '' +

Hello from NGINX

+ ''; + + kubernetes.resources.services.nginx = { + spec = { + ports = [{ + name = "http"; + port = 8383; + }]; + selector.app = "nginx"; + }; + }; +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..c519121 --- /dev/null +++ b/shell.nix @@ -0,0 +1,11 @@ +{ pkgs ? import {} }: + +pkgs.mkShell { + nativeBuildInputs = [ + pkgs.bashInteractive + pkgs.kubectl + ]; + shellHook = '' + export KUBECONFIG=$PWD/cluster-admin.kubeconfig + ''; +}