-
Notifications
You must be signed in to change notification settings - Fork 2
/
gke-credential.nix
115 lines (108 loc) · 4.75 KB
/
gke-credential.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
topLevel@{ flake-parts-lib, inputs, lib, ... }: {
imports = [
./kubernetes.nix
inputs.flake-parts.flakeModules.flakeModules
];
flake.flakeModules.gkeCredential = {
imports = [
topLevel.config.flake.flakeModules.kubernetes
];
options.perSystem = flake-parts-lib.mkPerSystemOption
(perSystem@{ lib, pkgs, ... }: {
ml-ops.runtime = runtime: {
config.launcher = launcher: {
options.kubernetes = lib.mkOption {
type = lib.types.submoduleWith {
modules = [
(kubernetes:
let
authModule = {
pipe =
lib.mkIf (kubernetes.config.gke != null)
(lib.mkDerivedConfig kubernetes.options.gke (gke:
[
(previousPackage: previousPackage.overrideAttrs
(previousAttrs: {
gkeCluster = gke.cluster;
gkeRegion = gke.region;
USE_GKE_GCLOUD_AUTH_PLUGIN = "True";
buildCommand = ''
gcloud container clusters get-credentials \
"$gkeCluster" \
--region "$gkeRegion"
${previousAttrs.buildCommand}
'';
nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [
pkgs.cacert
(
pkgs.google-cloud-sdk.withExtraComponents [
pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
pkgs.google-cloud-sdk.components.kubectl
]
)
];
})
)
]
));
};
in
{
options.gke = lib.mkOption {
description = lib.mdDoc ''
The Google Kubernetes Engine (GKE) options.
When `gke` is `null`, the GKE options are disabled.
When `gke` is `{}`, the GKE options are enabled with default values.
'';
default = null;
type = lib.types.nullOr (lib.types.submoduleWith {
modules = [
{
options.region = lib.mkOption {
type = lib.types.str;
description = lib.mdDoc ''
The GCP region.
'';
};
options.cluster = lib.mkOption {
type = lib.types.str;
description = lib.mdDoc ''
The GKE cluster name.
'';
};
}
];
});
};
config.pushImage.pipe =
lib.mkIf (kubernetes.config.gke != null)
(lib.mkDerivedConfig kubernetes.options.gke (gke: [
(previousPackage: previousPackage.overrideAttrs
(previousAttrs: {
buildCommand = ''
export skopeoCopyArgs="$(printf "%q " --dest-registry-token "$(gcloud auth print-access-token)")"
${previousAttrs.buildCommand}
'';
nativeBuildInputs = previousAttrs.nativeBuildInputs ++ [
pkgs.cacert
pkgs.google-cloud-sdk
];
})
)
])
);
config.helmUpgrade.imports = [
authModule
];
config.helmDelete.imports = [
authModule
];
})
];
};
};
};
};
});
};
}