You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
MTRNord c7661aba00
kustomization/flux-system/0788b29c reconciliation succeeded
kustomization/infra-notifications/0788b29c dependency not ready
kustomization/infra-configs/0788b29c dependency not ready
kustomization/apps-namespaces/0788b29c dependency not ready
kustomization/apps/0788b29c dependency not ready
kustomization/apps-secrets/0788b29c dependency not ready
kustomization/infra-controllers/0788b29c health check failed
Add more log rules
15 minutes ago
apps Add more log rules 15 minutes ago
clusters Revert changing certmanager to make it work on 2 providers. Time to write my own tools 1 week ago
infrastructure Remove control-nodes-2 and 3 19 hours ago
.editorconfig Stay with synchronous_mode 2 months ago
.gitignore Add weave and sops 3 months ago
.pre-commit-config.yaml Fix port 2 months ago
.sops.yaml fix sops 3 months ago Add synapse 2 months ago Add synapse 2 months ago Add synapse 2 months ago

Cluster Configs for Midnightthoughts and Nordgedanken

These are the current running setups at Midnightthoughts and Nordegedanken.

This is based on


You will need a Kubernetes cluster version 1.21 or newer. For a quick local test, you can use Kubernetes kind. Any other Kubernetes setup will work as well though.

Install the Flux CLI on MacOS or Linux using Homebrew:

brew install fluxcd/tap/flux

Or install the CLI by downloading precompiled binaries using a Bash script:

curl -s | sudo bash

Repository structure

The Git repository contains the following top directories:

  • apps dir contains Helm releases with a custom configuration per cluster
  • infrastructure dir contains common infra tools such as ingress-nginx and cert-manager
  • clusters dir contains the Flux configuration per cluster (Note that staging isn't deployed anywhere at this time)
├── apps
│   ├── base
│   ├── production 
│   └── staging
├── infrastructure
│   ├── configs
│   └── controllers
└── clusters
    ├── production
    └── staging


The apps configuration is structured into:

  • apps/base/ dir contains namespaces and Helm release definitions
  • apps/production/ dir contains the production Helm release values
  • apps/staging/ dir contains the staging values
├── base
│   └── podinfo
│       ├── kustomization.yaml
│       ├── namespace.yaml
│       ├── release.yaml
│       └── repository.yaml
├── production
│   ├── kustomization.yaml
│   └── podinfo-patch.yaml
└── staging
    ├── kustomization.yaml
    └── podinfo-patch.yaml


The infrastructure is structured into:

  • infrastructure/controllers/ dir contains namespaces and Helm release definitions for Kubernetes controllers
  • infrastructure/configs/ dir contains Kubernetes custom resources such as cert issuers and networks policies
├── configs
│   ├── cluster-issuers.yaml
│   ├── network-policies.yaml
│   └── kustomization.yaml
└── controllers
    ├── cert-manager.yaml
    ├── ingress-nginx.yaml
    ├── weave-gitops.yaml
    └── kustomization.yaml

In clusters/production/infrastructure.yaml we replace the Let's Encrypt server value to point to the production API:

kind: Kustomization
  name: infra-configs
  namespace: flux-system
  # ...omitted for brevity
    - name: infra-controllers
    - patch: |
        - op: replace
          path: /spec/acme/server
        kind: ClusterIssuer
        name: letsencrypt

Note that with dependsOn we tell Flux to first install or upgrade the controllers and only then the configs. This ensures that the Kubernetes CRDs are registered on the cluster, before Flux applies any custom resources.

Useful things

Watch for the Helm releases being installed:

$ watch flux get helmreleases --all-namespaces

flux-system   weave-gitops  4.0.12    False     True  Release reconciliation succeeded

Watch kustomizations getting deployed:

$ flux get kustomizations -w

NAME            REVISION                SUSPENDED       READY   MESSAGE                              
flux-system     main@sha1:21ebd912      False           True    Applied revision: main@sha1:21ebd912
infra-controllers       main@sha1:21ebd912      False   True    Applied revision: main@sha1:21ebd912


  • Migrate old deployments here
  • Port validate script
  • Setup CI for github and woodpecker (Fluxcd can pull it)
  • Verify sops is working as expected and then publish repo