{"id":16401457,"url":"https://github.com/hawkkiller/flux_config","last_synced_at":"2025-10-26T16:31:00.130Z","repository":{"id":153328172,"uuid":"628949237","full_name":"hawkkiller/flux_config","owner":"hawkkiller","description":"Gitops repository configs driven by FluxCD.","archived":false,"fork":false,"pushed_at":"2024-01-25T12:32:40.000Z","size":741,"stargazers_count":5,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-31T21:34:25.673Z","etag":null,"topics":["fluxcd","gitops","helm","k8s"],"latest_commit_sha":null,"homepage":"https://lazebny.io","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hawkkiller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-04-17T10:07:12.000Z","updated_at":"2024-01-28T16:46:53.000Z","dependencies_parsed_at":"2023-12-14T14:44:56.451Z","dependency_job_id":"ad6e9cec-93f1-4eb0-8490-b964ae29b8fd","html_url":"https://github.com/hawkkiller/flux_config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hawkkiller%2Fflux_config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hawkkiller%2Fflux_config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hawkkiller%2Fflux_config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hawkkiller%2Fflux_config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hawkkiller","download_url":"https://codeload.github.com/hawkkiller/flux_config/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238366813,"owners_count":19460191,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fluxcd","gitops","helm","k8s"],"created_at":"2024-10-11T05:43:08.039Z","updated_at":"2025-10-26T16:30:59.679Z","avatar_url":"https://github.com/hawkkiller.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# LazebnyIO\n\nThe project is a set of configs to deploy various self-hosted\napplications to Kubernetes Cluster using FluxCD.\n\n## Prerequisites\n\n- Kubernetes Cluster\n- Sops CLI with `age` installed\n- FluxCD CLI installed\n\n## Configuration\n\nSteps that should be performed before installation.\n\n### Secrets\n\nFluxCD supports Mozilla SOPS for secrets encryption. This project uses\n`age` format. To generate a new key pair use the following command:\n\n```bash\nage-keygen -o age.agekey\n```\n\nIt puts both private and public keys into `age.agekey` file. The\nprivate key should be stored in a secure place. The public key should be\nsaved in .sops.yaml file in the project root in \"age\" section.\n\n```yaml\ncreation_rules:\n  - path_regex: .*.ya?ml\n    encrypted_regex: ^(data|stringData)$\n    age: Paste it here!\n```\n\nIt is needed to put the private key into kubernetes cluster as a secret. To do so, run the following command:\n\n```bash\ncat age.agekey |\nkubectl create secret generic sops-age \\\n--namespace=flux-system \\\n--from-file=age.agekey=/dev/stdin\n```\n\nTo create a new secret, create a secret manifest:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n    name: secret-name\n    namespace: namespace\ntype: Opaque\ndata:\n  KEY: BASE64_ENCODED_VALUE\n```\n\nThen encode this file using sops:\n\n```bash\nsops -e -i secret.yaml\n```\n\nThis way, this secret will be encrypted and can be stored in the git\nrepository. FluxCD will decrypt it during the deployment. To decrypt\nthe secret, use the following command:\n\n```bash\nsops -i -d secret.yaml\n```\n\n## Installation\n\n1. `export GITHUB_TOKEN=\u003cyour github token\u003e`\n2. kubectl create ns flux-system --dry-run=client -o yaml | kubectl apply -f -\n3. cat age.agekey |\nkubectl create secret generic sops-age \\\n--namespace=flux-system \\\n--from-file=age.agekey=/dev/stdin\n4. flux bootstrap github \\\n  --token-auth \\\n  --owner=hawkkiller \\\n  --repository=flux_config \\\n  --branch=main \\\n  --path=./kubernetes/flux \\\n  --components-extra=image-reflector-controller,image-automation-controller \\\n  --version=latest \\\n  --personal\n\n## Applications\n\nThe list of applications that are deployed to the cluster.\n\n### Weave GitOps\n\nWeave GitOps is a program that is used to track deployed\napplications, sources and other Flux components.\n\nSecret needed to deploy Weave GitOps:\n\n```yaml\n# oidc-auth.sops.yaml\napiVersion: v1\nkind: Secret\nmetadata:\n    name: oidc-auth\n    namespace: flux-system\ntype: Opaque\ndata:\n    # The URL of the issuer, typically the discovery URL without a path\n    issuerURL: aHR0cHM6Ly9kZXgubGF6ZWJueS5pbw==\n    # The client ID that has been setup for Weave GitOps in the issuer (DEX)\n    # This is configured in dex/app/helmrelease.yaml (staticClients)\n    clientID: BASE64_ENCODED_CLIENT_ID\n    # The client secret that has been setup for Weave GitOps in the issuer (DEX)\n    # This is configured in dex/app/helmrelease.yaml (staticClients)\n    clientSecret: BASE64_ENCODED_CLIENT_SECRET\n    # The redirect URL that has been setup for Weave GitOps in the issuer, typically the dashboard URL followed by /oauth2/callback\n    redirectURL: aHR0cHM6Ly93ZWF2ZS5sYXplYm55LmlvL29hdXRoMi9jYWxsYmFjaw==\n```\n\n### Dex\n\nDex is an OpenID Connect provider that is used to authenticate users\nin Weave GitOps.\n\nSecret needed to deploy Dex:\n\n```yaml\n# github-client.sops.yaml\napiVersion: v1\nkind: Secret\nmetadata:\n    name: github-client\ntype: Opaque\ndata:\n    # To get these values, create a new OAuth app in GitHub and use the client ID and secret\n    # Note, that it is not weave gitops client id and secret\n    # GITHUB_CLIENT_ID\n    client-id: BASE64_ENCODED_GITHUB_CLIENT_ID\n    # GITHUB_CLIENT_SECRET\n    client-secret: BASE64_ENCODED_GITHUB_CLIENT_SECRET\n```\n\nYou also need to configure dex/app/helmrelease.yaml to use the correct\nclient id and secret and redirect url.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhawkkiller%2Fflux_config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhawkkiller%2Fflux_config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhawkkiller%2Fflux_config/lists"}