Fluxcd on Apurv Kiri | Tech Notes

Kubernetes - Replicate Secrets with Reflector

Wed, 05 Mar 2025 01:55:15 +0530

This post is part of our ongoing series of posts for Kubernetes. In this post, we will dive into replicating secrets across namespaces using Reflector, a powerful tool for ensuring consistency and security in your Kubernetes environment.

By default, Kubernetes secrets are scoped to individual namespaces. However, there are common use cases where sensitive information, such as API tokens, database credentials, or container registry credentials, needs to be shared across multiple namespaces. Manually managing these secrets can be error-prone and time-consuming.

Kubernetes GitOps with FluxCD - Part 7 - Resource Optimization and Automated Version Management with Github Actions

Tue, 04 Mar 2025 01:55:15 +0530

In our previous post, we set up push based reconciliation using webhooks. Building on what we’ve learned so far—basic FluxCD setup, SOPS-based secret management, image update automation, Helm chart automation, alerts and push based reconciliation — this article focuses on critical day-two operational concerns: optimizing FluxCD resource allocation and establishing automated version management through Github Actions.

1. Sizing FluxCD Containers

By default, FluxCD components are provisioned with the following resource configurations for CPU and memory:

 1kubectl -n flux-system get pods -o json | jq -r '["container", "cpu_requests", "cpu_limits", "memory_requests", "memory_limits"], (.items[].spec.containers[] | [.image, .resources.requests.cpu, .resources.limits.cpu, .resources.requests.memory, .resources.limits.memory]) | @csv' | column -t -s,
 2
 3
 4"container"                                           "cpu_requests"  "cpu_limits"  "memory_requests"  "memory_limits"
 5"ghcr.io/fluxcd/helm-controller:v1.2.0"               "100m"          "1"           "64Mi"             "1Gi"
 6"ghcr.io/fluxcd/image-automation-controller:v0.40.0"  "100m"          "1"           "64Mi"             "1Gi"
 7"ghcr.io/fluxcd/image-reflector-controller:v0.34.0"   "100m"          "1"           "64Mi"             "1Gi"
 8"ghcr.io/fluxcd/kustomize-controller:v1.5.0"          "100m"          "1"           "64Mi"             "1Gi"
 9"ghcr.io/fluxcd/notification-controller:v1.5.0"       "100m"          "1"           "64Mi"             "1Gi"
10"ghcr.io/fluxcd/source-controller:v1.5.0"             "50m"           "1"           "64Mi"             "1Gi"

For our environment with a smaller cluster footprint, these default limits are unnecessarily generous and could lead to resource contention. We’ll refine these allocations by modifying cluster/default/flux-system/kustomization.yaml to better align with our actual resource capacity and workload requirements:

Kubernetes GitOps with FluxCD - Part 6 - Push-based Reconciliation with Webhook Receivers

Mon, 03 Mar 2025 01:55:15 +0530

In our previous post, we set up Discord alerts to get notifications about our cluster’s status. Building on what we’ve learned so far—basic FluxCD setup, SOPS-based secret management, image update automation, Helm chart automation, and alerts—this article focuses on webhook receivers.

By default, FluxCD polls Git repositories at the configured frequency to detect changes. With webhook receivers, your Git provider can notify FluxCD immediately when changes occur, ensuring the reconciliation process doesn’t have to wait for the next scheduled polling interval. This significantly expedites deployments and enhances overall cluster efficiency.

Kubernetes - Setup Cert Manager for Automated TLS Management

Sat, 01 Mar 2025 01:55:15 +0530

This post is part of our ongoing series on Kubernetes infrastructure management. In this installment, we’re focusing on setting up Cert Manager, a critical component for automating TLS certificate management. Although we’re working on a local Kubernetes cluster, we’ve implemented prerequisites in Kubernetes - Routing external traffic to local Kubernetes cluster to enable access to our internal cluster via public IP address, as well as configuring DNS automation with Kubernetes - Setup External DNS.

Kubernetes - Setup External DNS

Fri, 28 Feb 2025 01:55:15 +0530

This post is part of our ongoing series of posts for Kubernetes. In this post we are focusing on setting up External DNS, a critical component for automating DNS record management. Although we are working on a local Kubernetes cluster, we have implemented prerequisites in Kubernetes - Routing external traffic to local Kubernetes cluster to enable access to our internal cluster via public ip.

We are using Cloudflare as our DNS Provider and implementing this solution using declarative GitOps principles with Flux.

Kubernetes GitOps with FluxCD - Part 5 - Implementing Discord Alerts

Thu, 27 Feb 2025 01:55:15 +0530

In previous post, we explored how to setup helm chart automation with FluxCD, Building on our foundation of basic Flux CD setup, SOPS-based secret management, image update automation and Helm Chart Automation, this article focuses on implementing FluxCD Alerts with Discord integration to enhance GitOps observability stack.

Alerts provide real-time notifications about the state of our GitOps operations, helping us respond promptly to issues and stay informed about successful reconciliations. Let’s dive into configuring in our Kubernetes cluster.

Kubernetes GitOps with FluxCD - Part 4 - Helm Chart Automation - Kube Prometheus Stack

Wed, 26 Feb 2025 22:55:15 +0530

In our previous post, we explored how Flux CD enables automated image updates while maintaining GitOps principles. Building on our foundation of basic Flux CD setup, SOPS-based secret management, and image update automation, this article focuses on Helm Chart Automation - a sophisticated capability that further enhances your GitOps workflow by declaratively managing Helm releases.

Helm serves as Kubernetes’ package manager, simplifying the deployment of complex applications through charts that bundle related Kubernetes resources. While Helm itself is powerful, managing Helm releases manually contradicts GitOps principles of full automation and declarative configuration. Flux CD bridges this gap with its Helm Controller, allowing teams to define, deploy, and update Helm releases through Git-based declarations rather than imperative commands.

Kubernetes GitOps with FluxCD - Part 3 - Automated Image Updates

Tue, 25 Feb 2025 22:55:15 +0530

In our previous post, we explored how to manage secrets in FluxCD with SOPS. Building on our GitOps foundation from part 1 and secure secrets handling from part 2, this article will focus on image update automation - a powerful FluxCD feature that automatically updates your deployments when new container images are available, maintaining GitOps principles while eliminating manual image version updates.

1. Setup image repository

To demonstrate image automation, we’ll create a sample application using Quarkus, a Kubernetes-native Java framework.

Kubernetes GitOps with FluxCD - Part 2 - Secret Management using SOPS

Mon, 24 Feb 2025 22:55:15 +0530

In Kubernetes-based GitOps workflows, securely managing sensitive information presents a unique challenge. While GitOps principles encourage storing all cluster configurations in Git repositories, committing plaintext secrets creates significant security risks. SOPS (Secrets OPerationS) offers an elegant solution to this problem when integrated with FluxCD.

In our previous post, we explored how to perform the initial setup of FluxCD in a Kubernetes cluster. Building on that foundation, we’ll now address one of the most critical aspects of GitOps implementation: Secret Management.

Kubernetes GitOps with FluxCD - Part 1 - Initial Setup

Sun, 23 Feb 2025 22:55:15 +0530

GitOps practice enables us to define our infrastructure as code in a declarative manner. It serves as an audited single source of truth for our cloud/cluster state, providing benefits like:

Version control and audit trails for infrastructure changes
Automated reconciliation between desired and actual states
Improved security through encrypted credentials and access control
Simplified rollback capabilities
Enhanced collaboration through Git workflows

FluxCD is a CNCF graduated project that enables GitOps practices in the Kubernetes ecosystem. It automates the deployment, monitoring, and reconciliation of cluster resources based on Git repositories.