... managed by Flux and Renovate 🤖
This repository provides the configuration for our cloud infrastructure. Working to adhere to Infrastructure as Code (IaC) and GitOps practices, this system is intended for easy maintenance and use; along with making the system accessible, transparent, and more easily studied in a broader sense.
This repo borrows heavily from k8s-at-home/template-cluster-k3 and its derivatives such as Devil Buhl's home-ops and Toboshii Nakama's in structure and practices.
Clusters run on Talos Linux, an immutable and ephemeral Linux distribution built around Kubernetes, deployed on bare-metal. Rook Ceph running hyper-converged with workloads provides persistent block, object, and file storage.
talhelper is used to organize the Talos config files.
- cilium/cilium: Internal Kubernetes networking plugin.
- rook/rook: Distributed block storage for peristent storage.
- mozilla/sops: Manages secrets for Kubernetes, Ansible and Terraform.
- jetstack/cert-manager: Creates SSL certificates for cluster services.
- kubernetes/ingress-nginx: Ingress controller to expose HTTP traffic to pods over DNS.
Flux watches the k8s directory and makes changes based on the YAML manifests.
Renovate watches the entire repository looking for dependency updates, when they are found a PR is automatically created. When PRs are merged, Flux applies the relevant changes to the cluster.
The cloud infrastructure is intended to be able to support multiple clusters, and as such provides a distinction between global configuration and cluster deployments || config. Clusters are named based on the airport geographically closest (*ish) + sequential discriminator.
📁 k8s # All k8s infrastructure defined below
├─📁 clusters # all instantiated k8s clusters, defined as code
│ └─📁 icao-00 # example cluster
│ ├─📁 apps # Apps in cluster by namespace
│ ├─📁 bootstrap # Cluster-specific keys
│ └─📁 flux # Flux configuration.
└─📁 global # global resources
├─📁 bootstrap # Bootstrapping data (flux installation, global key)
├─📁 config # Universal config data
└─📁 repos # (Helm|Git)Repository Flux sourcesSome cilium nightmare.
Ok question time is over now. go home.
Thanks to all folks who donate their time to the Kubernetes @Home community.