https://github.com/rustygreen/gitops

A re-usable mono repository for my Kubernetes clusters which adheres to Infrastructure as Code (IaC) and GitOps practices where possible - with re-usable workload definitions across clusters.
https://github.com/rustygreen/gitops

ansible cert-manager flux fluxcd k3s k8s-at-home kube-vip kubernetes longhorn metallb nginx sops

Last synced: 27 days ago
JSON representation

A re-usable mono repository for my Kubernetes clusters which adheres to Infrastructure as Code (IaC) and GitOps practices where possible - with re-usable workload definitions across clusters.

• Host: GitHub
• URL: https://github.com/rustygreen/gitops
• Owner: rustygreen
• Created: 2022-10-24T17:53:08.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-28T16:40:13.000Z (about 1 year ago)
• Last Synced: 2024-11-12T10:23:24.484Z (3 months ago)
• Topics: ansible, cert-manager, flux, fluxcd, k3s, k8s-at-home, kube-vip, kubernetes, longhorn, metallb, nginx, sops
• Language: Shell
• Homepage:
• Size: 429 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# GitOps

## :information_source: Overview

This repository is a centralized source for all my Kubernetes clusters. It serves as sort of [monorepository](https://fluxcd.io/flux/guides/repository-structure/#monorepo), which allows for workload definition and configuration reusability between clusters and environments. The point of this setup is to provide a single source for many (if not all) clusters which can share workload configurations, scripts, and other provisioning tools.

The point of this setup is to simplify cluster creation, management, and increase re-usability between clusters. All clusters defined in this repository should never be directly modified (using [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/)). All changes are made through commits/PRs to this repository. Each cluster will watch for changes to this repository and update accordingly (via [FluxCD](https://fluxcd.io/)).

## :sparkles: FluxCD

[FluxCD](https://fluxcd.io/) is used as the continuous and progressive delivery solution for watching the repository for changes and applying those changes to the cluster. The structure and use of this repository requires a basic understanding of FluxCD concepts. The following resources are recommended to get started with Flux:

- https://fluxcd.io/flux/concepts/

- https://fluxcd.io/flux/get-started/

- https://www.youtube.com/watch?v=NwAgATWoEcM

- https://anaisurl.com/full-tutorial-getting-started-with-flux-cd/

## :cd: Environment Setup

Each cluster makes use of different scripts/methods for bootstrapping and working with the cluster. View the README.md file in the root of each cluster folder to understand how to work with that cluster.

The idea is to have every cluster in this repository easily repeatable. The cluster should be able to be torn down, re-created, and restored through simple commands.

## :light: Philosophy

The following ideas, patterns, and philosophies are applied for clusters in this repository:

- Reusability of workload definitions and configurations across clusters (change once).

- Individual cluster behavior can be changed through the encrypted settings file see SOPs files section.

- All cluster dependencies are stored in this repository.

- Clusters only get updated through GitOps.

## :open_file_folder: Structure

The structure and setup of this repository is designed to allow for testable and trackable changes to be made to each cluster (by using Git). Each cluster has a documented bootstrapping process to allow for repeatable cluster initializations along with teardown and restore procedures. See the README.md file located in the root of each cluster for specific documentation on each cluster.

The following structure/convention is used:

```bash

📦gitops # repo root

 ┣ 📂base # contains all re-usable cluster workloads

 ┃ ┗ 📂example-workload # projects are grouped by client or other grouping

 ┃

 ┗ 📂clusters # contains all cluster definitions

   ┗ 📂my-cluster # root folder for "my-cluster"

     ┗ 📜README.md # see this file for all info on this cluster

     ┗ 📂staging # the staging environment for this cluster

     ┗ 📂production # the production environment for this cluster

       ┗ 📂workloads # defines all workloads for this cluster/environment

       ┗ 📂settings

         ┗ cluster-settings.sops.yaml # unique settings for cluster (encrypted with SOPS)

```

## :computer: Clusters

The following clusters are managed in this repository.

TODO

## :key: SOPs files

Since the entire state of the cluster is stored in this repository, it is necessary to encrypt certain information for a cluster( such as, passwords, SSH keys, etc.). FluxCD has various decryption providers (see [docs here](https://fluxcd.io/flux/guides/mozilla-sops/#configure-in-cluster-secrets-decryption)). Clusters in this repository use [Mozilla SOPs](https://github.com/mozilla/sops) with the [age encryption tool](https://github.com/FiloSottile/age).