{"id":16726226,"url":"https://github.com/deas/flux-conductr","last_synced_at":"2026-05-18T09:07:15.360Z","repository":{"id":142206029,"uuid":"535213334","full_name":"deas/flux-conductr","owner":"deas","description":"Flux Conductr - GitOps Everything","archived":false,"fork":false,"pushed_at":"2023-10-13T01:24:31.000Z","size":349,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-27T09:17:37.607Z","etag":null,"topics":["flux2","gitops","kubernetes","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-11T06:42:46.000Z","updated_at":"2023-07-18T09:16:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"fbf155ad-9de0-440f-ada5-670861887b36","html_url":"https://github.com/deas/flux-conductr","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/deas/flux-conductr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deas%2Fflux-conductr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deas%2Fflux-conductr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deas%2Fflux-conductr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deas%2Fflux-conductr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deas","download_url":"https://codeload.github.com/deas/flux-conductr/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deas%2Fflux-conductr/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33172173,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T05:43:36.989Z","status":"ssl_error","status_checked_at":"2026-05-18T05:43:19.133Z","response_time":71,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flux2","gitops","kubernetes","terraform"],"created_at":"2024-10-12T22:52:32.802Z","updated_at":"2026-05-18T09:07:15.344Z","avatar_url":"https://github.com/deas.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Flux Conductr - GitOps Everything 🧪\n\nThe primary goal of this project is to exercise and experiment with [flux](https://fluxcd.io/) based [GitOps](https://gitops.tech) deployment covering the cycle - up to production via promotion, if you want to. Experimentation and production do not have to conflict.\n\nThe change process starts at localhost. Hence, we consider localhost experience (`kind` and maybe `k3s` soon) very important. That aim is reflected by the way we expose services locally. There is another strong emphasis on fast feedback. We want things to be available quickly. That includes issues surfacing. Hence, we deeply care about observability. \n\nMany elements should be useful in CI context. Most things however, should play nice on produtive environments as well.\n\nThis repo is mostly based on [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example). The docs over there should still be pretty accurate.\n\nAt the moment, we cover deployments of:\n- Terraform resources (via `tf-controller`)\n- Cilium\n- Metallb\n- Knative\n- Istio/Zipkin/Kiali\n- Contour\n- Kube-Prometheus\n- Loki/Promtail\n- Flagger\n- Flamingo/Flux Subsystem for Argo\n- Traefik\n- WeaveWorks GitOps\n- External Secrets\n- CSI Secrets\n- AWS Credentials Sync\n- SOPS Secrets\n- Alerting/Notifications via Slack/MS Teams\n- Image Reflector/Image Automation\n\nBeyond that, we aim at exploring:\n- CrossPlane (Cloud Provider AWS/Azure/GCP appear to make most sense, Terraform least)\n\n\n## Bootrapping\nEncryption keys are required for Image Automation and default gpg (sops) based secrets.\n\nTo get started, generate encryption keys for ssh/gpg:\n\n```shell\n./script/gen-keys.sh\n```\nAdd public deployment key to github. You may also want to disable github actions to start.\n```\ngh repo deploy-key add ...\n```\n\n\nThere is a `terraform` + `kind` based bootstrap in [`tf`](./tf):\n\n```shell\ncp sample.tfvars terraform.tfvars\n# Set proper values in terraform.tfvars\nterraform apply\n```\nAlternatively, you can bootstrap or even upgrade an existing cluster (be sure to have current kube context set properly). Also, make sure `flux --version` shows desired version.\n\n```sh\n./scripts/flux-bootstrap.sh\n```\n\n## Known Issues\n- knative challenging (Some bits need `kustomize.toolkit.fluxcd.io/substitute: disabled` in our context, other things need tweaks to upstream yaml to play with GitOps \"... configured\")\n\n### Speed / Registries\nWe want lifecycle of things (Create/Destroy) to be as fast as possible. Pulling images can slow things down significantly. Contrary docker a host based solution (such as `k3s`), challenges are harder with `kind`. Make sure to understand your the defails of your painpoints before implementing your solution.\n\n- [Local Registry](https://kind.sigs.k8s.io/docs/user/local-registry/)\n- [Pull-through Docker registry on Kind clusters](https://maelvls.dev/docker-proxy-registry-kind/) (`registry:2` supports only one registry per instnance)\n- `kind load` may address some use cases\n- Remove everything in `kind` installed by flux (so we can rebuild from cached images). (s. `make flux-destroy`)\n\n## TODO\n- Naming?\n- [json error during kustomizationResourceDiff](https://github.com/kbst/terraform-provider-kustomization/issues/219) / Fix `make flux-destroy`\n- Deduplicate/Dry things\n- ~~Setup \"envs\" properly / remove literals~~\n- Flux Dashboard\n- [Grafana/Prometheus](https://fluxcd.io/flux/guides/monitoring/)?\n- Demo: Flagger/Rolling/Blue/Green/Canary\n- Improve Github Actions Quality Gates\n- ~~Borrow bits from Tanzu? (Does not appear to make sense in flux focused context)~~\n- Manage github with `terraform`/crossplane\n- babashka scripting?\n- `tfctl` app/`terraform` plan approval via ChatOps (Slack?)\n- Basic sops/lastpass/github key managment?\n- ~~knative?~~\n- ~~Replace Contour with Istio~~ ?\n- ~~Contour appears to play with knative, kind and flux! (use from bitnami)~~\n- Provide tool to wipe (shipping) encrypted secrets\n- Default to auto update everything?\n- ~~Leverage `metallb.universe.tf/allow-shared-ip: \"flux-conductr\"` annotation to share/simplify IP address usage~~\n- External (M)DNS\n- Migrate zipkin to helm / Replace with tempo\n- Introduce Kyverno\n- Enable Flagger/Knative with Istio\n- ~~Enable Alerting to Slack/Discord (needs [alertmanager-discord](https://github.com/masgustavos/alertmanager-discord))~~\n- ~~Integrate Cilium Metrics/Monitoring~~\n- [tf-controller : failed to verify artifact: computed checksum](https://github.com/weaveworks/tf-controller/issues/557)\n- Consider migrating `make` to [`just`](https://github.com/casey/just)\n- Introduce [`resmoio/kubernetes-event-exporter`](https://github.com/resmoio/kubernetes-event-exporter)\n- The `infra` / `config` `Kustomization` naming borrowed from `flux2-kustomize-helm-example` is not ideal. It's mostly about dependencies. Hence, the `wave` terminology from `argcocd` might be a bit better. Also, it is about concurrency.\n- ~~[Hubble UI displays Trying to reconnect streams and Datastream has failed on UI backend: EOF #21582](https://github.com/cilium/cilium/issues/21582)~~\n- Provide easy (make based) access to docker port mappings to host services / secrets + auth\n\n## Misc/Random Bits\n- ~~[Kind cluster with Cilium and no kube-proxy](https://medium.com/@charled.breteche/kind-cluster-with-cilium-and-no-kube-proxy-c6f4d84b5a9d)~~\n- [Cilium Grafana Observability Demo](https://github.com/isovalent/cilium-grafana-observability-demo)\n- [Install Knative using quickstart](https://knative.dev/docs/getting-started/quickstart-install/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeas%2Fflux-conductr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeas%2Fflux-conductr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeas%2Fflux-conductr/lists"}