Kubernetes

You can deploy Debug pod from the debug pod guide via GitOps. Manual Steps 1. Create App Folder Structure Create the app folder in your local repo, run at top of repo: mkdir -p apps/debugpod/base 2. Place debugpod.yaml Place debugpod.yaml from the debug pod guide in apps/debugpod/base 3. Create Production Kustomization Create clusters/production/kustomization.yaml: # File: clusters/production/kustomization.yaml --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - apps - flux-system 4. Create Apps Kustomization Create clusters/production/apps/kustomization.yaml: ...

Overview Encrypted GitOps refers to the practice of managing infrastructure and application deployments using GitOps principles, while ensuring that sensitive data (e.g., secrets, keys, credentials, or sensitive configuration) is securely encrypted. GitOps is a workflow that uses Git as the single source of truth for declarative infrastructure and application definitions. In encrypted GitOps, the sensitive information is encrypted to ensure security when storing and using it as part of the GitOps pipeline. ...

Install Flux CLI Install the Flux CLI using the following command: curl -s https://fluxcd.io/install.sh | sudo bash Configure GitHub Repository 1. Create an Empty Repository Go to GitHub and create a new, empty repository. 2. Generate a Personal Access Token Generate a token at GitHub Personal Access Tokens . The token must have the following minimum permissions: Category Permission Metadata Read-only Actions Read and write Administration Read and write Commit statuses Read and write Contents Read and write Dependabot alerts Read and write Dependabot secrets Read and write Deployments Read and write Discussions Read and write Environments Read and write Issues Read and write Merge queues Read and write Pull requests Read and write Repository security advisories Read and write Secret scanning alerts Read and write Secrets Read and write Variables Read and write Webhooks Read and write Workflows Read and write Bootstrap the Cluster 1. Export Required Variables Export your GitHub username, repository name, and token as environment variables: ...

This guide explains how to deploy Ingress-NGINX with dynamically (hostname-based) assigned Let’s Encrypt certificates using Flux GitOps. The steps are based on a working example and provide instructions for configuration, deployment, and testing. Prerequisites Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Let’s Encrypt Certificate: Provisioned for FQDN. Follow the instructions in the Let’s Encrypt guide. Git Repository: A Git repository structured for Flux GitOps, e.g.: . ├── apps/ └── ingress-nginx/ └── base/ ├── clusters/ │ └── production/ │ ├── flux-system/ │ │ └── sources/ │ └── apps/ ├── infrastructure/ └── networking/ ├── metallb/ └── ingress-nginx/ Kubernetes Cluster: A Kubernetes cluster with MetalLB-compatible networking. 1. Deploying Ingress-NGINX via Flux Step 1: Create the Ingress-NGINX Namespace Create a namespace for Ingress-NGINX in your Git repository: ...

Introduction This guide explains how to configure Let’s Encrypt certificates using CertManager in a Kubernetes cluster managed with GitOps using Flux. We’ll use Cloudflare for DNS validation. By the end, you’ll have automated certificate issuance and management, improving security and ease of use. Prerequisites Before proceeding, ensure you have the following: Kubernetes Cluster: A running cluster. Flux: Installed and configured for GitOps. Cloudflare Account: Access with API token privileges. Overview of Steps Set up the namespace and Helm repository for cert-manager. Configure Cloudflare API tokens. Create staging and production issuers. Deploy certificates. Verify and troubleshoot the setup. Here is the repository tree that you likely have at this moment with - new files to deploy in orange - files to update in green ...

This guide explains how to deploy MetalLB, a load balancer for bare-metal Kubernetes clusters, and a sample application using Flux GitOps. The steps are based on a working example and provide instructions for configuration, deployment, and testing. Prerequisites Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . <...> ├── clusters/ │ └── production/ │ ├── flux-system/ │ │ └── sources/ │ └── apps/ ├── infrastructure/ │ ├── networking/ │ │ └── metallb/ <...> Kubernetes Cluster: A bare-metal Kubernetes cluster with MetalLB-compatible networking. 1. Deploying MetalLB via Flux Step 1: Create the MetalLB Namespace Create a namespace for MetalLB in your Git repository: ...

This guide explains how to deploy a sample application using Flux GitOps. It demonstrates creating a simple NGINX application and testing it with MetalLB. Prerequisites MetalLB Installed: Ensure MetalLB is installed and configured in your Kubernetes cluster. Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . ├── apps/ │ └── nginx-test/ │ └── base/ ├── clusters/ │ └── production/ │ ├── apps/ <...> 1. Deploy a Sample Application Step 1: Create the Application Manifest File: apps/nginx-test/base/nginx-test.yaml: ...

VM Provisioning See https://docs.cloud.oracle.com/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm After account is created, navigate to https://cloud.oracle.com/compute/instances and click “Create Instance”. Set desired instance name and change the instance shape (VM Type) Pick Ampere VM.Standard.A1.Flex and set desired vCPU and RAM Save SSH keys To use saved SSK key with Putty, convert it to Putty format using Puttygen - https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html For Oracle Linux 8 use " opc " as a user name with the converted key ...

VM side On the master node create two files sample-deployment.yaml # file: sample-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: sample-app spec: replicas: 2 selector: matchLabels: app: sample-app template: metadata: labels: app: sample-app spec: containers: - name: nginx image: nginx:alpine ports: - containerPort: 80 sample-service-nodeport.yaml # file: sample-service-nodeport.yaml apiVersion: v1 kind: Service metadata: name: sample-service-nodeport spec: type: NodePort selector: app: sample-app ports: - protocol: TCP port: 80 # ClusterIP port targetPort: 80 # Container port nodePort: 30080 # Node port (any available >30000) Deploy application ...

Client machine Talos nodes have no shell at all, so you would need some box to run configuration commands. In this case I’m using Ubuntu 22.04 LTS for console to run commands, configuring Talos 1.91 # install TalosCTL, KubeCTL, Helm curl -sL https://talos.dev/install | sh snap install kubectl --classic snap install helm --classic helm repo update Note controlplane (master) node IP and save to variable as well as some other staff ...