Docs
FluxCD Charts
Infrastructure

Infrastructure

a bundle of software which should run on every kubernetes cluster.

Components

The following components for an infrastructure setup exists:

Usage

My base-values/infra.yaml use for the different components extra namespaces.

⚠️
The base-values are not versioned, see Base.
Example usage
---
apiVersion: v1
kind: Namespace
metadata:
  name: infra <1>
---
apiVersion: v1
kind: Secret <2>
metadata:
  name: infra-secret
  namespace: infra <1>
data:
  masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: wrenix-flux-charts <3>
  namespace: flux-system
spec:
  url: https://codeberg.org/wrenix/flux-charts.git
  ref:
    branch: main
  interval: 10m
  # for more info about verification take an look here:
  #   - https://fluxcd.io/flux/components/source/gitrepositories/#verification
  #   - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify
  # later replaced with oci and cosign
  # verify:
  #   mode: HEAD
  #   secretRef:
  #     name: gpg-publickey
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: infra <4>
  namespace: infra <1>
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: wrenix-flux-charts <3>
        namespace: flux-system
      chart: "./base"
      reconcileStrategy: "Revision"
      valuesFiles:
        - "./base/values.yaml"
        - "./base-values/commons.yaml" <5>
        - "./base-values/infra.yaml" <6>
  interval: 10m
  values:
    ##
    # Commons
    ##
    commons:

      helm:
        chart:
          sourceRef: <3>
            kind: GitRepository
            name: wrenix-flux-charts
            namespace: flux-system

      ingress:
        domain: "my-infra.eu" <7>

    componentCommons:
      helm:
        release:
          valuesFrom:
            - kind: Secret <2>
              name: infra-secret
              valuesKey: masterPassword
              targetPath: commons.masterPassword
    ##
    # Compoments
    ##
    components: <8>
      infra-certificates:
        values:
          email: host.acme@wrenix.eu
      infra-monitoring:
        values:
          prometheus:
            exporter:
              blackbox:
                enabled: true
  • <1> namespace where install all the components later
  • <2> secret to bypass secure values into the infra-components (masterPassword)
  • <3> reference where base and all the components are founded by fluxcd
  • <4> use of base-helm chart for fluxcd to bundle the different infra-components together
  • <5> use my default commons values for flux-chart components
  • <6> use my default to setup all commons for infra and infra components
  • <7> setup default domain (where subdomains are generate for the different components)
  • <8> overwrite componets values (here setup default also certmanager email for Let’s Encrypt and setup prometheus-blackbox-exporter)