Personal Public Services - Applications

This repository contains applications deployed on the public-services-cluster via Flux using GitOps.

Bootstrapping

The Kubernetes cluster needs to be bootstrapped with Flux pointing to this repository.

For sops and Flux to decrypt the initial secrets for configuring the External Secrets Operator using Doppler, a Google Cloud Service Account with access to the correct KMS key needs to be set in the flux namespace.

Attention: some applications will be automatically deployed, others not (yet).

App-of-Apps

The repository follows the app-of-apps pattern.

The first Flux Kustomization being defined needs to reference app-of-apps/.

These are bootstrapping the main Flux applications, referring to the respective <PROJECT>/applications/ kosutomizations:

infrastructure: core cluster infrastructure
core: core applications
applications: (user) applications running on the cluster/network

Each of these applications follows the app-of-apps pattern again using sub-kustomizations defined in the respective application directories.

Hosted Services

Infrastructure

The following applications are defined in infrastructure/.

Cilium - Provides the cluster CNI.
External Secrets Operator - Synchronizes secrets from external stores to Kubernetes Secret objects.
- External Secrets Stores - Deploys the required ClusterSecretStores and Doppler Service Tokens as Kubernetes Secrets.
MetalLB - Provides a Kubernetes network load balancer to expose Kubernetes Services.
Traefik - Exposes Kubernetes Ingress resources to the "outside world".

Core Applications

The following applications are defined in core/.

cert-manager - Certificate management using ACME Let's Encrypt.
External DNS with Google Cloud DNS integration - Creates DNS records in Google Cloud DNS domains for publicly reachable services.
Velero - Performs cluster backups.
- Includes deployment of backup schedules.

(User) Applications

The following applications are defined in applications/.

SimpleLogin - Open Source e-mail relay.

Backup and Restore

The current backup and restore strategy consists of:

Velero as a second layer disaster recovery for critical workloads

Timewise, the layers of backups follow the strategy:

12:00am: in-application backups
02:00am: Velero backups

Continuous Integration and Automations

GitHub Actions are linting all YAML files.
Renovate Bot is updating Helm releases and used container images in the values.yaml files, and GitHub Actions.

Name		Name	Last commit message	Last commit date
Latest commit History 406 Commits
.github		.github
app-of-apps		app-of-apps
applications		applications
core		core
infrastructure		infrastructure
.conform.yaml		.conform.yaml
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.sops.yaml		.sops.yaml
.yamllint		.yamllint
LICENSE.md		LICENSE.md
README.md		README.md
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Personal Public Services - Applications

Bootstrapping

App-of-Apps

Hosted Services

Infrastructure

Core Applications

(User) Applications

Backup and Restore

Continuous Integration and Automations

About

Contributors 2

License

muhlba91/muehlbachler-public-services-cluster-applications

Folders and files

Latest commit

History

Repository files navigation

Personal Public Services - Applications

Bootstrapping

App-of-Apps

Hosted Services

Infrastructure

Core Applications

(User) Applications

Backup and Restore

Continuous Integration and Automations

About

Topics

Resources

License

Stars

Watchers

Forks

Contributors 2