This repository is meant for me to configure and manage my cluster. And to learn more K8s concepts and GitOps, DevOps I'll try to create my own [Helm Charts](https://github.com/Cloufish/helm-charts)
| Logo | Name | Description |
|---|---|---|
 |
NGINX Ingress Controller | Ingress Controller implementation for NGINX that can load balance Websocket, gRPC, TCP and UDP applications. |
 |
Cert Manager | X.509 certificate management for Kubernetes. |
 |
Flannel | My CNI of choice, used on all clusters |
 |
Cloudflare Zero Trust | Used for private tunnels to expose public services (without requiring a public IP). |
 |
CloudNativePG | Database operator for running PostgreSQL clusters |
 |
OAuth2-Proxy | Simple Middleware that provides authentication using Identity Providers like Google, GitHub |
 |
Authelia (**Coming soon**) | Authelia is a 2FA & SSO authentication server which is dedicated to the security of applications and users. |
| SOPS and AGE Encryption | Used to encrypt secrets used by this repository | |
 |
Flux CD | My GitOps solution of choice. For K8s Administrator it's better than ArgoCD. |
 |
Prometheus Operator | Manages deploying Prometheus, Grafana, AlertManager in my cluster |
 |
Renovate | Automated dependency updates through pull requests on GitHub |
 |
Longhorn | A distributed block storage system for Kubernetes with built-in Backups and Snapshots mechanism |
 |
AWS S3 Bucket | For Storing Backups in the Cloud |
 |
TrueNAS Core | For Storing Backups on-premise with NFSv4 Protocol |
 |
Reloader | Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods |
- Define
${APP_app_name}variable inclusters/production/apps.yamlinpostBuild.substitute - Copy the existing application implementation in
apps/base/APPandapps/base/production(ORapps/base/staging) - Change name of variables inside
release.yamlby highlighting APP keyword and using shortcut Ctrl + Shift + L
- When deploying infrastructure app there's no distinction between production and staging.
- You define your HelmRelease inside
infrastructure/controllers/release.yaml - You need to add a resource to your release.yaml inside
infrastructure/controllers/kustomization.yaml - Additional Resources need to be inside
infrastructure/configs/and also need to be added toinfrastructure/configs/kustomization.yaml
- Proceed with the initial guide https://fluxcd.io/flux/guides/mozilla-sops/
Following instructions will be for WSL. If you are working on Linux then it's better to use VSCode Extension for SOPS. However VSCode installed on Windows didn't detect sops in WSL environment, and also on Windows
- Put your generated keys with
ageinside default folder for sops keys, which is$HOME/.config/sops/age/age.agekey - Configure config file for
.sops.yaml(Already in the repository). Put there your publicagekey - In your
$HOME/.bashrcsetexport SOPS_AGE_KEY_FILE="/home/cloufish/.config/sops/age/age.agekey" - Use
sops decrypt secrets.yaml --output=secrets.yamlorsops encrypt secrets.yaml --output=secrets.yaml - However, even better option is to use VSCode Extension to automatically (This is tricky in Windows environment)
- Pre-commits hook with Linting and Secret Detection
- Implement Shell-Operator
- Alerts for TLS certificate expiration
- Renovate
- longhorn
- Backups
- Set up S3 Bucket
- Set up NFS Storage
- Figure out why Manual Backups work, while Recurring Backups, Snapshots are not
- See If you can encrypt backups before sending
- Vaultwarden
- Deploy it only when encrypted Backups, Snapshots are set
- If encryption isn't possible, don't migrate this app to K8s
- Grafana
- Prometheus
- Alert Manager
- Loki with Grafana-Operator
- Authelia
- languagetool
- Figure out why Docker version of this app stopped working
- Figure out how to download ngrams in GitOps way
- Blocky DNS Server (Stateless)
- Searxng
- Compozerize (Stateless)
- DSOMM
- Deepwiki
- Home Assistant
- n8n
- pgadmin
- commafeed
- ReadLater
- ChatGPT Frontend (Stateless)
- Error [Org ID] is not set up. Related GitHub Issue ChatGPTNextWeb/NextChat#6174
- Lidify