Flux

Overview Encrypted GitOps refers to the practice of managing infrastructure and application deployments using GitOps principles, while ensuring that sensitive data (e.g., secrets, keys, credentials, or sensitive configuration) is securely encrypted. GitOps is a workflow that uses Git as the single source of truth for declarative infrastructure and application definitions. In encrypted GitOps, the sensitive information is encrypted to ensure security when storing and using it as part of the GitOps pipeline. ...

Install Flux CLI Install the Flux CLI using the following command: curl -s https://fluxcd.io/install.sh | sudo bash Configure GitHub Repository 1. Create an Empty Repository Go to GitHub and create a new, empty repository. 2. Generate a Personal Access Token Generate a token at GitHub Personal Access Tokens . The token must have the following minimum permissions: Category Permission Metadata Read-only Actions Read and write Administration Read and write Commit statuses Read and write Contents Read and write Dependabot alerts Read and write Dependabot secrets Read and write Deployments Read and write Discussions Read and write Environments Read and write Issues Read and write Merge queues Read and write Pull requests Read and write Repository security advisories Read and write Secret scanning alerts Read and write Secrets Read and write Variables Read and write Webhooks Read and write Workflows Read and write Bootstrap the Cluster 1. Export Required Variables Export your GitHub username, repository name, and token as environment variables: ...

This guide explains how to deploy MetalLB, a load balancer for bare-metal Kubernetes clusters, and a sample application using Flux GitOps. The steps are based on a working example and provide instructions for configuration, deployment, and testing. Prerequisites Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . <...> ├── clusters/ │ └── production/ │ ├── flux-system/ │ │ └── sources/ │ └── apps/ ├── infrastructure/ │ ├── networking/ │ │ └── metallb/ <...> Kubernetes Cluster: A bare-metal Kubernetes cluster with MetalLB-compatible networking. 1. Deploying MetalLB via Flux Step 1: Create the MetalLB Namespace Create a namespace for MetalLB in your Git repository: ...

This guide explains how to deploy a sample application using Flux GitOps. It demonstrates creating a simple NGINX application and testing it with MetalLB. Prerequisites MetalLB Installed: Ensure MetalLB is installed and configured in your Kubernetes cluster. Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . ├── apps/ │ └── nginx-test/ │ └── base/ ├── clusters/ │ └── production/ │ ├── apps/ <...> 1. Deploy a Sample Application Step 1: Create the Application Manifest File: apps/nginx-test/base/nginx-test.yaml: ...

OpenWebUI Deployment in FluxCD Kubernetes Cluster Overview Successfully deployed OpenWebUI in a production Kubernetes cluster managed by FluxCD GitOps. OpenWebUI provides a web interface for interacting with Large Language Models (LLMs) and is configured to connect to a llama.cpp backend. Architecture graph TB A[User] --> B[Nginx Ingress] B --> C[OpenWebUI Service] C --> D[OpenWebUI Pod] D --> E[External llama.cpp Backend] F[FluxCD] --> G[Git Repository] G --> H[OpenWebUI Kustomization] H --> I[Kubernetes Resources] J[Cert-Manager] --> K[Let's Encrypt] K --> L[TLS Certificate] L --> B Deployment Configuration Core Components Namespace: openwebui Image: ghcr.io/open-webui/open-webui:main Backend: http://llama-cpp.<yourdomain.com>:11434 (external Ollama-compatible API) Storage: 10Gi PersistentVolume for user data persistence Access: HTTPS via nginx-ingress with Let’s Encrypt certificates Resource Specifications # Resource Limits & Requests resources: limits: cpu: 500m memory: 1Gi requests: cpu: 100m memory: 256Mi Key Features Configured Persistent Storage: User conversations and settings preserved across pod restarts TLS Encryption: Automatic HTTPS certificates via cert-manager + Let’s Encrypt External LLM Backend: Configured to use existing llama.cpp server GitOps Management: Fully managed via FluxCD from Git repository Access Information URL: https://openwebui.<yourdomain.com> TLS Certificate: Auto-provisioned by cert-manager using Let’s Encrypt production issuer DNS Challenge: Uses Cloudflare DNS-01 for certificate validation FluxCD GitOps Structure The deployment follows GitOps principles with the following structure: ...