kevinobee/flux-gitops

GitOps with Kubernetes using Flux & Kustomize

Repository contains YAML manifests to bootstrap a Kubernetes cluster maintained by Flux.

Getting Started

To install the Kubernetes cluster and applications for GitOps, run:

git clone https://github.com/kevinobee/flux-gitops.git
cd flux-gitops
./install.sh

The installation script uses the Kind tool, which offers a simple way of creating a local Kubernetes cluster with only a single dependency on Docker.

Your cluster and applications are now running, time to start developing.

GitOps

After Flux has synced the applications the following services will be exposed via a load balancer and ingress:

• Gatekeeper Policy Manager (GPM)

  https://gpm.local/

• Monitoring UI

  https://loki.local

  Loki monitoring stack contains Promtail, Grafana and Prometheus

  Admin users password stored in LOKI_PWD environment variable.

  export LOKI_PWD=$(kubectl get secret --namespace monitoring loki-stack-grafana -o jsonpath="{.data.admin-password}" | base64 --decode)
  echo ${LOKI_PWD}

• Litmus UI

  http://litmus.local/

Host Names

Setup entries for .local domain names in your /etc/hosts file by running the following commands after the install.sh script has completed:

LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
echo "${LB_IP} gpm.local litmus.local loki.local" | sudo tee -a /etc/hosts

CLI Tooling

The install.sh script will add a few useful tools to your environment for working with the Kubernetes cluster. The script itself makes use of Flux and linkerd CLI tooling. Other tools are detailed below:

1. Octant is an open source developer-centric web interface for Kubernetes that lets you inspect a Kubernetes cluster and its applications.

   To open the Octant web interface run the command:

   octant

   The Octant dashboard will be available at http://127.0.0.1:7777/

Build Automation

Refer to the Static Analysis action and Code scanning alerts on GitHub for security and configuration scan results.

References

• Flux declarative, GitOps continuous delivery tool for Kubernetes.

• Loki monitoring stack.

Security and Configuration

• Kubescape

• kube-score

  kube-score is a tool that performs static code analysis of your Kubernetes object definitions.

• OPA Gatekeeper Library

  A community-owned library of policies for the OPA Gatekeeper project.

• Gatekeeper Policy Manager (GPM)

  Gatekeeper Policy Manager is a simple read-only web UI for viewing OPA Gatekeeper policies' status in a Kubernetes Cluster.

• Snyk Infrastructure as Code Action