K8s to NixOS - Need Advice

Hi,

I would like some guidance on how to approach this with NixOS , bear in mind I have read pretty much all the docs and listen to some YT videos but I have no real experience with NixOS. I’m trying to assess if NixOS is the tool for the job before I fully commit.

I need to deploy on a green field a new K8s cluster , is has some hard requirements like :

  • End to End Encryption
  • Mutual TLS
  • Encryption At Rest
  • An API Gateway + Ingress Controll in k8s parlance
  • SPIFEE or similar to avoid the “zero-credential” problem
  • AutoScale

Now K8s is a large beast that requires expertise and time but I can achieve all the above with it.
I’m attaching an image so we can have an idea of what I’m talking about.
The diagrams are over simplified regrding connections

( I don’t want anyone to fish for me I just want to get pointers )
Is this even a valid use case ?
How would you design this with NixOs ?
How would you maximise resource usage ?
How to deal with a host fail over ?
AutoScaling & Node-Balancing ?
How to deal with the sidecar functionally of k8s, do you build a package with multiple software within ?

I was unable to find in my endeavours a post/video that refers in how to build more advanced infrastructure with NixOs that goes beyond a normal webserver+backend.

Thank you all for your time.

1 Like

Hi,

Sorry for bumping this just trying to collect some information that I think would also be interesting for the Nix Community.