-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pkgs(kubenix): overhaul and drop support for the helm CLI (#24)
This is a relatively large re-design which - removes usage of the Helm CLI - expects users to override the default package - performs an interactive diff, confirm, apply by default - prunes removed resources
- Loading branch information
Showing
4 changed files
with
156 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,113 +1,99 @@ | ||
{ | ||
jq, | ||
kubectl, | ||
kubernetes-helm, | ||
nix, | ||
vals, | ||
writeShellScriptBin, | ||
}: | ||
writeShellScriptBin "kubenix" '' | ||
set -Eeuo pipefail | ||
function _help() { | ||
echo " | ||
kubenix - Kubernetes management with Nix | ||
commands: | ||
apply - create resources in target cluster | ||
diff - show a diff between configured and live resources | ||
render - print resource manifests to stdout | ||
options: | ||
-h --help - show this menu | ||
-v --verbose - increase output details | ||
" | ||
} | ||
# path to nix binary (useful to inject flags, e.g.) | ||
_nix="${nix}/bin/nix" | ||
SYSTEM=$($_nix show-config --json | jq -r '.system.value') | ||
function _helm() { | ||
$_nix eval ".#kubenix.$SYSTEM.config.kubernetes.helm" --json | jq -c '.releases[] | del(.objects)' | while read -r release; do | ||
values=$(mktemp) | ||
echo "$release" | jq -r '.values' | ${vals}/bin/vals eval > $values | ||
name=$(echo "$release" | jq -r '.name') | ||
chart=$(echo "$release" | jq -r '.chart') | ||
namespace=$(echo "$release" | jq -r '.namespace // "default"') | ||
args="-n $namespace $name $chart -f $values" | ||
# only apply when there are changes | ||
if [[ "$1" == "upgrade" ]]; then | ||
if ${kubernetes-helm}/bin/helm diff upgrade $args --allow-unreleased --detailed-exitcode 2> /dev/null; then | ||
continue | ||
fi | ||
fi | ||
${kubernetes-helm}/bin/helm $@ $args | ||
done | ||
} | ||
function _kubectl() { | ||
MANIFESTS=$(mktemp) | ||
# TODO: find a better filter, not just not-helm, not-crd | ||
resources=$($_nix build ".#kubenix.$SYSTEM.config.kubernetes.result" --json | jq -r '.[0].outputs.out') | ||
cat $resources | jq '.items[] | ||
| select(.metadata.labels."app.kubernetes.io/managed-by" != "Helm") | ||
| select(.kind != "CustomResourceDefinition")' > $MANIFESTS | ||
[ -s "$MANIFESTS" ] || return 0 | ||
case $1 in | ||
render) | ||
cat $MANIFESTS;; | ||
*) | ||
cat $MANIFESTS | ${vals}/bin/vals eval | ${kubectl}/bin/kubectl $@ -f - || true;; | ||
esac | ||
} | ||
# if no args given, add empty string | ||
[ $# -eq 0 ] && set -- "" | ||
# use kubeconfig, if given | ||
kubeconfig=$($_nix eval ".#kubenix.$SYSTEM.config.kubernetes.kubeconfig" --raw) | ||
[ -n "$kubeconfig" ] && export KUBECONFIG=$kubeconfig | ||
# parse arguments | ||
while test $# -gt 0; do | ||
case "$1" in | ||
apply) | ||
_kubectl apply | ||
_helm upgrade --atomic --install --create-namespace | ||
shift;; | ||
diff) | ||
_kubectl diff | ||
_helm diff upgrade --allow-unreleased | ||
shift;; | ||
render) | ||
_kubectl render | ||
_helm template | ||
shift;; | ||
-h|--help|"") | ||
_help | ||
exit 0;; | ||
-v|--verbose) | ||
_nix="$_nix --show-trace" | ||
set -x | ||
shift;; | ||
*) | ||
_help | ||
exit 1;; | ||
esac | ||
done | ||
'' | ||
colordiff, | ||
evalModules, | ||
runCommand, | ||
writeShellScript, | ||
module ? {}, | ||
specialArgs ? {}, | ||
}: let | ||
kubernetes = | ||
(evalModules { | ||
inherit module specialArgs; | ||
}) | ||
.config | ||
.kubernetes | ||
or {}; | ||
in | ||
runCommand "kubenix" | ||
{ | ||
kubeconfig = kubernetes.kubeconfig or ""; | ||
result = kubernetes.result or ""; | ||
|
||
# kubectl does some parsing which removes the -I flag so | ||
# as workaround, we write to a script and call that | ||
# https://github.com/kubernetes/kubernetes/pull/108199#issuecomment-1058405404 | ||
diff = writeShellScript "kubenix-diff" '' | ||
${colordiff}/bin/colordiff --nobanner -N -u -I ' kubenix/hash: ' -I ' generation: ' $@ | ||
''; | ||
} '' | ||
set -euo pipefail | ||
mkdir -p $out/bin | ||
# write the manifests for use with `nix build` | ||
ln -s $result $out/manifest.json | ||
# create a script for `nix run` | ||
cat <<EOF> $out/bin/kubenix | ||
set -uo pipefail | ||
export KUBECONFIG=$kubeconfig | ||
export KUBECTL_EXTERNAL_DIFF=$diff | ||
function _help() { | ||
echo " | ||
kubenix - Kubernetes management with Nix | ||
commands: | ||
"" - run diff, prompt for confirmation, then apply | ||
apply - create resources in target cluster | ||
diff - show a diff between configured and live resources | ||
render - print resource manifests to stdout | ||
options: | ||
-h --help - show this menu | ||
" | ||
} | ||
function _kubectl() { | ||
${vals}/bin/vals eval -fail-on-missing-key-in-map < $result | ${kubectl}/bin/kubectl \$@ | ||
} | ||
# if no args given, add empty string | ||
[ \$# -eq 0 ] && set -- "" | ||
# parse arguments | ||
while test \$# -gt 0; do | ||
case "\$1" in | ||
-h|--help) | ||
_help | ||
exit 0;; | ||
"") | ||
_kubectl diff -f - --prune | ||
if [[ "\$?" -eq 1 ]]; then | ||
read -p 'apply? [y/N]: ' response | ||
[[ \$response == "y" ]] && _kubectl apply -f - --prune --all | ||
fi | ||
shift;; | ||
render) | ||
${vals}/bin/vals eval < $result | ||
shift;; | ||
apply|diff) | ||
_kubectl \$@ -f - --prune | ||
shift;; | ||
*) | ||
_kubectl \$@ | ||
shift;; | ||
esac | ||
done | ||
EOF | ||
chmod +x $out/bin/kubenix | ||
'' |