Kubernetes

Complete modernization of legacy PowerShell scraper to containerized Go application with Kubernetes deployment - achieving 90% container size reduction and 10x performance improvement

Deploy a self-hosted, privacy-focused SearXNG metasearch engine on your Kubernetes cluster for integration with AI tools like OpenWebUI. Overview SearXNG is a privacy-respecting metasearch engine that aggregates results from multiple search engines without tracking users. This deployment features proper SOPS encryption, IP whitelisting, and integration-ready JSON API. Features Privacy-focused: No user tracking or data collection Multi-engine aggregation: Combines results from Google, Bing, DuckDuckGo, Brave, Wikipedia, and more JSON API: RESTful API for programmatic access (perfect for AI integration) Rate limiting with IP whitelisting: Protects against abuse while allowing legitimate usage HTTPS with automatic certificates: Let’s Encrypt via cert-manager SOPS-encrypted secrets: Secure secret management following GitOps best practices Repository Structure ├── apps/ │ └── searxng/ │ └── base/ │ ├── kustomization.yaml │ ├── searxng-namespace.yaml │ ├── searxng-settings.yaml │ ├── searxng-deployment.yaml │ ├── searxng-service.yaml │ ├── searxng-certificate.yaml │ └── searxng-ingress.yaml ├── infrastructure/ │ └── security/ │ └── searxng-secrets/ │ ├── kustomization.yaml │ └── searxng-secret.yaml # SOPS encrypted └── clusters/ └── production/ ├── apps/ │ └── kustomization.yaml # References searxng └── flux-system/ ├── kustomization.yaml # References searxng-secrets └── searxng-secrets.yaml # Flux Kustomization Deployment Steps 1. Create Application Structure Create the application folder structure: ...

You can deploy Debug pod from the debug pod guide via GitOps. Manual Steps 1. Create App Folder Structure Create the app folder in your local repo, run at top of repo: mkdir -p apps/debugpod/base 2. Place debugpod.yaml Place debugpod.yaml from the debug pod guide in apps/debugpod/base 3. Create Production Kustomization Create clusters/production/kustomization.yaml: # File: clusters/production/kustomization.yaml --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - apps - flux-system 4. Create Apps Kustomization Create clusters/production/apps/kustomization.yaml: ...

Overview Encrypted GitOps refers to the practice of managing infrastructure and application deployments using GitOps principles, while ensuring that sensitive data (e.g., secrets, keys, credentials, or sensitive configuration) is securely encrypted. GitOps is a workflow that uses Git as the single source of truth for declarative infrastructure and application definitions. In encrypted GitOps, the sensitive information is encrypted to ensure security when storing and using it as part of the GitOps pipeline. ...

Install Flux CLI Install the Flux CLI using the following command: curl -s https://fluxcd.io/install.sh | sudo bash Configure GitHub Repository 1. Create an Empty Repository Go to GitHub and create a new, empty repository. 2. Generate a Personal Access Token Generate a token at GitHub Personal Access Tokens . The token must have the following minimum permissions: Category Permission Metadata Read-only Actions Read and write Administration Read and write Commit statuses Read and write Contents Read and write Dependabot alerts Read and write Dependabot secrets Read and write Deployments Read and write Discussions Read and write Environments Read and write Issues Read and write Merge queues Read and write Pull requests Read and write Repository security advisories Read and write Secret scanning alerts Read and write Secrets Read and write Variables Read and write Webhooks Read and write Workflows Read and write Bootstrap the Cluster 1. Export Required Variables Export your GitHub username, repository name, and token as environment variables: ...

This guide explains how to deploy Ingress-NGINX with dynamically (hostname-based) assigned Let’s Encrypt certificates using Flux GitOps. The steps are based on a working example and provide instructions for configuration, deployment, and testing. Prerequisites Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Let’s Encrypt Certificate: Provisioned for FQDN. Follow the instructions in the Let’s Encrypt guide. Git Repository: A Git repository structured for Flux GitOps, e.g.: . ├── apps/ └── ingress-nginx/ └── base/ ├── clusters/ │ └── production/ │ ├── flux-system/ │ │ └── sources/ │ └── apps/ ├── infrastructure/ └── networking/ ├── metallb/ └── ingress-nginx/ Kubernetes Cluster: A Kubernetes cluster with MetalLB-compatible networking. 1. Deploying Ingress-NGINX via Flux Step 1: Create the Ingress-NGINX Namespace Create a namespace for Ingress-NGINX in your Git repository: ...

Introduction This guide explains how to configure Let’s Encrypt certificates using CertManager in a Kubernetes cluster managed with GitOps using Flux. We’ll use Cloudflare for DNS validation. By the end, you’ll have automated certificate issuance and management, improving security and ease of use. Prerequisites Before proceeding, ensure you have the following: Kubernetes Cluster: A running cluster. Flux: Installed and configured for GitOps. Cloudflare Account: Access with API token privileges. Overview of Steps Set up the namespace and Helm repository for cert-manager. Configure Cloudflare API tokens. Create staging and production issuers. Deploy certificates. Verify and troubleshoot the setup. Here is the repository tree that you likely have at this moment with - new files to deploy in orange - files to update in green ...

This guide explains how to deploy MetalLB, a load balancer for bare-metal Kubernetes clusters, and a sample application using Flux GitOps. The steps are based on a working example and provide instructions for configuration, deployment, and testing. Prerequisites Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . <...> ├── clusters/ │ └── production/ │ ├── flux-system/ │ │ └── sources/ │ └── apps/ ├── infrastructure/ │ ├── networking/ │ │ └── metallb/ <...> Kubernetes Cluster: A bare-metal Kubernetes cluster with MetalLB-compatible networking. 1. Deploying MetalLB via Flux Step 1: Create the MetalLB Namespace Create a namespace for MetalLB in your Git repository: ...

This guide explains how to deploy a sample application using Flux GitOps. It demonstrates creating a simple NGINX application and testing it with MetalLB. Prerequisites MetalLB Installed: Ensure MetalLB is installed and configured in your Kubernetes cluster. Flux Installed: Ensure Flux is installed and running in your Kubernetes cluster. Git Repository: A Git repository structured for Flux GitOps, e.g., . ├── apps/ │ └── nginx-test/ │ └── base/ ├── clusters/ │ └── production/ │ ├── apps/ <...> 1. Deploy a Sample Application Step 1: Create the Application Manifest File: apps/nginx-test/base/nginx-test.yaml: ...

1. Drain the Node Draining a node ensures that workloads are safely evicted before cleaning its configuration: kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data Notes --ignore-daemonsets: Ensures that DaemonSet pods are not deleted. --delete-emptydir-data: Deletes data in emptyDir volumes. ⚠️ Warning: If the node is a control plane node, use --force with caution. 2. Remove the Node from the Cluster To remove the node from the cluster, run: kubectl delete node <node-name> This will delete the node’s representation in the Kubernetes API. ...