{"id":22959948,"url":"https://github.com/iconicto/kubernetes-config","last_synced_at":"2026-04-28T11:05:28.542Z","repository":{"id":122342456,"uuid":"298773129","full_name":"Iconicto/Kubernetes-Config","owner":"Iconicto","description":"GitOps Implementation for Iconicto's Kubernetes Cluster","archived":false,"fork":false,"pushed_at":"2021-09-02T07:48:59.000Z","size":77,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-07T17:37:25.774Z","etag":null,"topics":["devops","fluxcd","gitops","hacktoberfest","helm","kubernetes","sealed-secrets"],"latest_commit_sha":null,"homepage":"","language":"YAML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Iconicto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-26T08:43:28.000Z","updated_at":"2022-01-26T11:33:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"3b894b63-3ed7-4c92-a845-01c5c19704de","html_url":"https://github.com/Iconicto/Kubernetes-Config","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Iconicto%2FKubernetes-Config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Iconicto%2FKubernetes-Config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Iconicto%2FKubernetes-Config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Iconicto%2FKubernetes-Config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Iconicto","download_url":"https://codeload.github.com/Iconicto/Kubernetes-Config/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246746622,"owners_count":20827060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","fluxcd","gitops","hacktoberfest","helm","kubernetes","sealed-secrets"],"created_at":"2024-12-14T18:29:43.009Z","updated_at":"2026-04-28T11:05:23.432Z","avatar_url":"https://github.com/Iconicto.png","language":"YAML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Iconicto Kubernetes Config\nGitOps Implementation for Iconicto's Kubernetes Cluster Using Weaveworks' [FluxCD](https://fluxcd.io/)\n\u003e __Disclaimer :__ This repo only contains configs for open source projects maintained by Iconicto, All the configs and helm charts for private/client's projects are stored in private repository for security and privacy concerns\n\n## How it works\n![](https://fluxcd.io/img/flux-cd-diagram.png)\n\n## Prerequisites\n\n- [Helm](https://helm.sh/docs/intro/install/)\n- [fluxctl](https://docs.fluxcd.io/en/1.20.2/references/fluxctl/)\n- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)\n- [kubeseal](https://github.com/bitnami-labs/sealed-secrets#installation)\n\n## Important Links\n\n- \u003chttps://www.weave.works/technologies/gitops\u003e\n- \u003chttps://github.com/fluxcd/helm-operator\u003e\n- \u003chttps://github.com/fluxcd/helm-operator-get-started\u003e\n- \u003chttps://helm.workshop.flagger.dev\u003e\n- \u003chttps://github.com/bitnami-labs/sealed-secrets\u003e\n\n\n### Install Flux\n\nThe first step in automating Helm releases with [Flux](https://github.com/fluxcd/flux) is to create a Git repository with your charts source code.\n\nAdd FluxCD repository to Helm repos:\n\n```bash\nhelm repo add fluxcd https://charts.fluxcd.io\n```\n\nCreate the `fluxcd` namespace:\n\n```sh\nkubectl create ns fluxcd\n```\n\nInstall Flux:\n\n```bash\nhelm upgrade -i flux fluxcd/flux --wait \\\n--namespace fluxcd \\\n--set registry.pollInterval=1m \\\n--set git.pollInterval=1m \\\n--set git.url=git@github.com:Iconicto/Kubernetes-Config.git \\\n--set syncGarbageCollection.enabled=true\n```\n\nInstall Flux Helm Operator with __Helm v3__ support:\n\n```bash\nhelm upgrade -i helm-operator fluxcd/helm-operator --wait \\\n--namespace fluxcd \\\n--set git.ssh.secretName=flux-git-deploy \\\n--set git.pollInterval=1m \\\n--set chartsSyncInterval=1m \\\n--set helm.versions=v3 \\\n--set createCRD=true\n```\n\nThe Flux Helm operator provides an extension to Flux that automates Helm Chart releases for it.\nA Chart release is described through a Kubernetes custom resource named HelmRelease.\nThe Flux daemon synchronizes these resources from git to the cluster,\nand the Flux Helm operator makes sure Helm charts are released as specified in the resources.\n\n_Note that Flux Helm Operator works with Kubernetes 1.11 or newer._\n\nAt startup, Flux generates a SSH key and logs the public key. Find the public key with:\n\n```bash\nfluxctl identity --k8s-fwd-ns fluxcd\n```\n\nIn order to sync your cluster state with Git you need to copy the public key and\ncreate a **deploy key** with **write access** on your GitHub repository.\n\nOpen GitHub, navigate to your fork, go to _Setting \u003e Deploy keys_ click on _Add deploy key_, check\n_Allow write access_, paste the Flux public key and click _Add key_.\n\n## Sealed secrets\n\nA Kubernetes controller and tool for one-way encrypted Secrets\n\nAt startup, the sealed-secrets controller generates a RSA key and logs the public key. Using kubeseal you can save your public key as kubeseal-cert.pem, the public key can be safely stored in Git, and can be used to encrypt secrets without direct access to the Kubernetes cluster:\n\n```bash\nkubeseal --fetch-cert \\\n--controller-namespace=fluxcd \\\n--controller-name=sealed-secrets \\\n\u003e kubeseal-cert.pem\n```\n\nUpdate the FILE variable with kubernetes secret object you want to encrypt\n\n```bash\nFILE=everything-flutter/secrets.yaml; mkdir -p \"secrets/$(dirname $FILE)\" \u0026\u0026 kubeseal --format=yaml --cert=kubeseal-cert.pem \u003c decrypted/$FILE \u003e secrets/$FILE\n```\n\nThen push to origin and Flux will pull it descrypt and deploy it\n\n```bash\ngit add $FILE\ngit commit -m \"Added $FILE Secret\"\ngit push $ENV\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficonicto%2Fkubernetes-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ficonicto%2Fkubernetes-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ficonicto%2Fkubernetes-config/lists"}