{"id":19200855,"url":"https://github.com/fredrkl/gitops-systems-architecture","last_synced_at":"2026-03-01T19:30:53.023Z","repository":{"id":190697585,"uuid":"683151420","full_name":"fredrkl/gitops-systems-architecture","owner":"fredrkl","description":"GitOps architecture","archived":false,"fork":false,"pushed_at":"2023-08-25T19:40:21.000Z","size":2,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-15T06:54:54.565Z","etag":null,"topics":["flux2","gitops","system"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fredrkl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-25T18:13:23.000Z","updated_at":"2023-08-25T19:40:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"7376dc16-ef28-4869-9441-ae5f8acc8a8c","html_url":"https://github.com/fredrkl/gitops-systems-architecture","commit_stats":null,"previous_names":["fredrkl/gitops-systems-architecture"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2Fgitops-systems-architecture","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2Fgitops-systems-architecture/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2Fgitops-systems-architecture/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2Fgitops-systems-architecture/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fredrkl","download_url":"https://codeload.github.com/fredrkl/gitops-systems-architecture/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240273247,"owners_count":19775214,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flux2","gitops","system"],"created_at":"2024-11-09T12:34:58.876Z","updated_at":"2026-03-01T19:30:53.011Z","avatar_url":"https://github.com/fredrkl.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitOps Systems Architecture\n\nThis is the GitOps architecture I created at If-insurance, a rather large insurance company in the Nordics. It is based on the [GitOps principles](https://www.weave.works/technologies/gitops/) and the [GitOps FAQ](https://www.weave.works/blog/gitops-faq). Please read the blog post and explanation of the setup on [my blog](https://fredrkl.com/blog/infrastructure-as-code-vs-gitops-a-real-world-example/).\n\nThe diagram is created with [mermaid.js](https://mermaid.js.org/).\n\n```mermaid\nflowchart LR\n    %% The entities\n    bko(platform IaC)\n    ssc(Sealed Secret Controller)\n    flux(Flux Controller)\n\n    %% The Git repositories CRDs\n    gr(\"GitRepository\u003c/br\u003e#60;K8s CRD#62;\")\n    grsystems(\"GitRepository\u003c/br\u003e#60;K8s CRD#62;\")\n    grcardissuer(\"GitRepository\u003c/br\u003e#60;K8s CRD#62;\")\n    grfrauddetection(\"GitRepository\u003c/br\u003e#60;K8s CRD#62;\")\n\n    %% The Kustomization CRDs\n    kustomize(\"Kustomization\u003c/br\u003e#60;K8s CRD#62;\")\n    kustomizesystemscardissuer(\"Kustomization\u003c/br\u003e#60;K8s CRD#62;\")\n    kustomizesystemsfrauddetection(\"Kustomization\u003c/br\u003e#60;K8s CRD#62;\")\n    \n    prometheus(\"Prometheus\")\n    grafana(\"Grafana\")\n    linkerd(\"Linkerd\")\n    alertManager(\"Alert Manager\")\n    kustomizesystems(\"Kustomization\u003c/br\u003e#60;K8s CRD#62;\")\n\n    %% Repos\n    platformsystemsdb[(Platform Systems\\nManifest Repo)]\n    systemsdb[(Payment Systems\\nManifest Repo)]\n    cardIssuerdb[(CardIssuer\\nManifest Repo)]\n    fraudDetectiondb[(Fraud detection\\nManifest Repo)]\n\n    %% Repo responsible\n    platformteam((\"#128104;\u003c/br\u003ePlatform Team\"))\n    cardissuerteam((\"#128104;\u003c/br\u003eCard Issuer Team\"))\n    frauddetestionteam((\"#128104;\u003c/br\u003eFraud Detection Team\"))\n\n    platformteam-. responsibe for .-\u003eplatformsystemsdb\n    platformteam-. responsibe for .-\u003esystemsdb\n\n    cardissuerteam-. responsibe for .-\u003e cardIssuerdb\n    frauddetestionteam-. responsibe for .-\u003efraudDetectiondb\n\n    %% The flow\n    subgraph IaC Kickoff\n        bko--\"#9312; Install\"--\u003essc\n        bko--\"#9313; Install\"--\u003eflux\n        bko--\"#9314; Initializing\"--\u003egr\n        bko--\"#9314; Initializing\"--\u003ekustomize\n        kustomize--\"Uses\"--\u003egr\n        subgraph Instances refleting the environment\n            kustomize\n            gr\n        end\n    end\n\n    gr--\"Pulls inn from GitRepo\"--\u003eplatformsystemsdb\n    PlatformSystems-.-\u003eplatformsystemsdb\n    \n    subgraph PlatformSystems\n        grafana\n        prometheus\n        alertManager\n        linkerd\n\n        kustomizesystems--\"Uses\"--\u003egrsystems\n        subgraph SystemSync\n            kustomizesystems\n            grsystems\n        end\n    end\n\n    grsystems--\"Pulls in from GitRepo\"--\u003esystemsdb\n    Systems-.-\u003esystemsdb\n\n    subgraph Systems\n        pv(\"Persistent Volumes\")\n        cr(\"Cluster Roles\")\n        np(\"Networking Policies\")\n        kustomizesystemscardissuer--\"Uses\"--\u003egrcardissuer\n        \n        subgraph CarsIssuer-System\n            kustomizesystemscardissuer\n            grcardissuer\n        end\n\n        kustomizesystemsfrauddetection--\"Uses\"--\u003egrfrauddetection\n        subgraph Fraud detection-System\n            kustomizesystemsfrauddetection\n            grfrauddetection\n        end\n    end\n\n    grcardissuer--\"Pulls in from GirRepo\"--\u003ecardIssuerdb\n    grfrauddetection--\"Pulls in from GitRepo\"--\u003efraudDetectiondb\n\n```\n\nWe use [kustomize](https://kustomize.io/) extensively. Please read on how we use it together with branches to control rolling out changes to different environments [here](./kustomize.md). The Kustomization CRD boxes are the configuration of how the Git changes are applied. Please see [Kustomization CRD](https://fluxcd.io/flux/components/kustomize/kustomization/) for more information and examples.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredrkl%2Fgitops-systems-architecture","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffredrkl%2Fgitops-systems-architecture","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredrkl%2Fgitops-systems-architecture/lists"}