Yet another story about kubernetes and declarative approach to infrastructure, deployments, immutability and development.
... being more verbose ... fully automated kubernetes environment based on FaaS to be run on local environment, virtual machines or in cloud based leveraging nixos and nixpkgs ecosystem. This is an example architecture how things can be modeled in fully reproducible manner, be language agnostic and provide full testing ability of infrastructure as well as on application level following gitops way.
- if you did all steps from
preparatioin, navigate todevelopment/minikubefolder ... after thatdirenvshould take control and spawnlocal environmentjust for you
pro tip: in very first time it would be better if you will leave your computer for a while ... it takes time
- brigade js in action
- knative
- knative comprehensive feature overview
- brigade & virtual-kubelet
- gitops
- argo cd
nix- ecosystem, features overview, kubernetes- nix - sales pitch
- docker images without docker - to get general idea of immutability
- development with
skaffold - gitops - infrastructure and applications described as generated from
nixyamlsand stored ingit - full determinism of results
- monitoring tools with predefined dashboards
- scale pods to
0withknative & istio, scale based on concurrency level or resources level - fully declarative descriptor of environment to provision
localenv,virtual machineas well ascloudsbased onnixpkgs,nixopsandnixOS - building docker without daemon with
nix - distributed storage with
rook-cephandbackupswithresticandvelero - private
nixbinary store andcache- to speed up spawninglocalenv and speed up kubernetes docker image building - great experience development with
lorrianddirenv - private binary channel
- pure
nixsolution - there is no anyyamlfile related to descriptordocker,kubernetesorhelm nixin charge of building and pushing docker images todocker repository- full composability of components and configs
- all parts of project are sharable -
nixis everywhere, inlocalenv,ci workeror atsystemlevel - all scripts and libraries can be used in every context - incremental builds! - if there were no change, artifact, docker or any other thing won't be builded
helm chartswithouthelmandtiller- diverged targeted builds -
darwinandlinuxin the same time within nested closures - required for local docker provisioning - distributed build cache and sharing intermediate states between builds - remote stores to speed up provisioning and
ciresults - work in progress nixopsis provisioningec2orvirtualboxinstances based upondeclarativenix file- custom tool to manage remote state for deployments called
remote-state(checkinfra/shell.nixfor usage or it's docs) - terraform provisioning of infra and deployment of nixos configurations with 4 simple steps
- follows and assumes https://12factor.net/
- conftest & opa for resource validation, access validation with
istio
Start from start guide first.
- interactive mode
- Stack -
toolsand such - How gitops work
- How brigade work
- How cache is handled
- How to debug
- How to setup local development
- What kind of errors you can expect
- How secrets are handled
- What is the technology stack
- Some tips and tricks
- Where I'm and where I want to be
- Some alternative approaches
- Cluster monitoring
- Some good reads
nix-darwinandremote-buildersnix-channels- Build
gopackage - What I have learnt down the road
