kubernetes
/
gitops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 Commits
1 Branch
0 Tags
190 KiB
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
MTRNord 6561e8ec29
kustomization/infra-controllers/0788b29c reconciliation succeeded
kustomization/flux-system/0788b29c reconciliation succeeded
kustomization/infra-configs/0788b29c reconciliation succeeded
kustomization/infra-notifications/0788b29c reconciliation succeeded
kustomization/apps-secrets/0788b29c reconciliation succeeded
kustomization/apps/0788b29c reconciliation succeeded
Fix priority classes 		4 days ago
apps Add rook ceph 1 week ago
clusters Fix flux dashboards deployment 1 week ago
infrastructure Fix priority classes 4 days ago
.gitignore Add weave and sops 2 weeks ago
.pre-commit-config.yaml Fix cosign and add woodpecker 2 weeks ago
.sops.yaml fix sops 2 weeks ago
README.md Fix podmonitors 1 week ago
decrypt.sh fix scopes 2 weeks ago
encrypt.sh Add weave and sops 2 weeks ago

README.md

Cluster Configs for Midnightthoughts and Nordgedanken

These are the current running setups at Midnightthoughts and Nordegedanken.

This is based on https://github.com/fluxcd/flux2-kustomize-helm-example/tree/d54e250182ead1f4a00e9fd78b05dc9e0186246d

Prerequisites

You will need a Kubernetes cluster version 1.21 or newer. For a quick local test, you can use Kubernetes kind. Any other Kubernetes setup will work as well though.

Install the Flux CLI on MacOS or Linux using Homebrew:

brew install fluxcd/tap/flux

Or install the CLI by downloading precompiled binaries using a Bash script:

curl -s https://fluxcd.io/install.sh | sudo bash

Repository structure

The Git repository contains the following top directories:

  • apps dir contains Helm releases with a custom configuration per cluster
  • infrastructure dir contains common infra tools such as ingress-nginx and cert-manager
  • clusters dir contains the Flux configuration per cluster (Note that staging isn't deployed anywhere at this time)
├── apps
│   ├── base
│   ├── production 
│   └── staging
├── infrastructure
│   ├── configs
│   └── controllers
└── clusters
    ├── production
    └── staging

Applications

The apps configuration is structured into:

  • apps/base/ dir contains namespaces and Helm release definitions
  • apps/production/ dir contains the production Helm release values
  • apps/staging/ dir contains the staging values
./apps/
├── base
│   └── podinfo
│       ├── kustomization.yaml
│       ├── namespace.yaml
│       ├── release.yaml
│       └── repository.yaml
├── production
│   ├── kustomization.yaml
│   └── podinfo-patch.yaml
└── staging
    ├── kustomization.yaml
    └── podinfo-patch.yaml

Infrastructure

The infrastructure is structured into:

  • infrastructure/controllers/ dir contains namespaces and Helm release definitions for Kubernetes controllers
  • infrastructure/configs/ dir contains Kubernetes custom resources such as cert issuers and networks policies
./infrastructure/
├── configs
│   ├── cluster-issuers.yaml
│   ├── network-policies.yaml
│   └── kustomization.yaml
└── controllers
    ├── cert-manager.yaml
    ├── ingress-nginx.yaml
    ├── weave-gitops.yaml
    └── kustomization.yaml

In clusters/production/infrastructure.yaml we replace the Let's Encrypt server value to point to the production API:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: infra-configs
  namespace: flux-system
spec:
  # ...omitted for brevity
  dependsOn:
    - name: infra-controllers
  patches:
    - patch: |
        - op: replace
          path: /spec/acme/server
          value: https://acme-v02.api.letsencrypt.org/directory        
      target:
        kind: ClusterIssuer
        name: letsencrypt

Note that with dependsOn we tell Flux to first install or upgrade the controllers and only then the configs. This ensures that the Kubernetes CRDs are registered on the cluster, before Flux applies any custom resources.

Useful things

Watch for the Helm releases being installed:

$ watch flux get helmreleases --all-namespaces

NAMESPACE     NAME          REVISION SUSPENDED READY MESSAGE 
flux-system   weave-gitops  4.0.12    False     True  Release reconciliation succeeded

Watch kustomizations getting deployed:

$ flux get kustomizations -w

NAME            REVISION                SUSPENDED       READY   MESSAGE                              
flux-system     main@sha1:21ebd912      False           True    Applied revision: main@sha1:21ebd912
infra-controllers       main@sha1:21ebd912      False   True    Applied revision: main@sha1:21ebd912

TODOs

  • Migrate old deployments here
    • Gitea
    • Woodpecker
    • Docker repo
    • Traefik
    • Certmanager
    • External DNS
    • Synapse
    • Mjolnir
    • Keycloak
    • Prometheus/grafana
    • Cosign
    • ...
  • Port validate script
  • Setup CI for github and woodpecker
  • Verify sops is working as expected and then publish repo