Skip to content
Snippets Groups Projects
Normal view Permalink
README.md 2.42 KiB
Newer Older
Sheogorath's avatar
feat(documentation): Add intial README
Sheogorath committed
1 2 3 
Shivering-Isles GitOps Infrastructure
===
Sheogorath's avatar
docs(README): Remove unneede stuff from README  
Sheogorath committed
4 
This repository contains the Kubernetes objects that are synced and managed by [flux](https://fluxcd.io) in order to be deployed.
Sheogorath's avatar
readme: Provide lessons learned and new premise  
Sheogorath committed
5
Sheogorath's avatar
README: Add more documentation on usage and todos  
Sheogorath committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 
Usage
---

Finally in order to boostrap fluxcd in your cluster. For SI-GitLab this would look like this:

```
export GITLAB_TOKEN=<project access token able to write the API and repository>
flux bootstrap gitlab \
  --hostname=git.shivering-isles.com \
  --ssh-hostname=git.shivering-isles.com:2222 \
  --ssh-key-algorithm ed25519 \
  --owner=<your user / team> \
  --repository=<your repository name> \
  --path=clusters/<your cluster name>
```

Ideas & ToDo's
---

This toolchain is still under development. Before it will be used in production there are still some things left to do:
Sheogorath's avatar
docs(README): Update some TODO-list details  
Sheogorath committed
27 
- [x] Buy hardware for the project.
Sheogorath's avatar
README: Add more documentation on usage and todos  
Sheogorath committed
28 
- [x] Provide CLI container that contains all tools.
Sheogorath's avatar
docs(README): Remove unneede stuff from README  
Sheogorath committed
29 30 31 32 
- [x] Automate overlay network deployment (calico)
- [x] Use encrypted overlay network (calico+wireguard)
- [x] Automate cluster monitoring deployment (kube-prometheus)
- [x] Automate ingress-controller deployment (ingress-nginx)
Sheogorath's avatar
README: Add more documentation on usage and todos  
Sheogorath committed
33 
- [x] Automate policy enforcement (kyverno) deployment
Sheogorath's avatar
docs(README): Remove unneede stuff from README  
Sheogorath committed
34 35 36 37 38 39 
- [x] Encrypt root filesystems for all nodes (LUKS + clevis)
- [x] Enforce SELinux on the deployed machines 
- [x] Automate system upgrades using Kubernetes (system-upgrade-controller)
- [x] Automate system configuration using Kubernetes (system-upgrade-controller)
- [x] Provide an fully encrypted (handled on host level) storage class (longhorn)
- [x] Deploy cert-manager
Sheogorath's avatar
docs(README): Update some TODO-list details  
Sheogorath committed
40 41 42 43 
- [x] Deploy credentials for cert-manager
- [x] Automate ingress-controller default certificate deployment
- [x] Add encrypted deployment instructions (SOPS + fluxcd)
- [x] Integrate [Renovatebot](https://git.shivering-isles.com/shivering-isles/renovate-bot) with this repository to manage updates.
Sheogorath's avatar
docs(README): Check automated Kubernetes upgrades  
Sheogorath committed
44 
- [x] Automate Kubernetes upgrades
Sheogorath's avatar
docs: Mark proxy-protocol todo as done  
Sheogorath committed
45 
- [x] Automate ingress-controller configuration for proxy-protocol
Sheogorath's avatar
fix(kube-system): Run insecure metrics-server  
Sheogorath committed
46 
- [ ] Deploy kubelet with proper certificates
Sheogorath's avatar
README: Add more documentation on usage and todos  
Sheogorath committed
47 
- [ ] Document usage and thoughts in repository and blog posts
Sheogorath's avatar
README: Add hint about flux OpenPGP bootstrap  
Sheogorath committed
48 
- [ ] Automate flux OpenPGP bootstrap
Sheogorath's avatar
README: Add more documentation on usage and todos  
Sheogorath committed
49 50 51 
- [ ] Migrate [apps](https://git.shivering-isles.com/shivering-isles/infrastructure/) to gitops and Kubernetes
- [ ] Move to immutable base-system
Sheogorath's avatar
feat(documentation): Add intial README
Sheogorath committed
52 53 54 
Tools
---
Sheogorath's avatar
README: Add hint that all required tools are in koolbox  
Sheogorath committed
55 
To handle things properly, try to get the following tools (all included in `koolbox`):
Sheogorath's avatar
feat(documentation): Add intial README
Sheogorath committed
56
Sheogorath's avatar
readme: Provide lessons learned and new premise  
Sheogorath committed
57 
- kubectl
Sheogorath's avatar
feat(documentation): Add intial README
Sheogorath committed
58 59 60 
- flux
- [sops](https://github.com/mozilla/sops/releases/) (for secret handling)
- [helm](https://helm.sh/) (just for sake of completeness and validation)
Sheogorath's avatar
readme: Provide lessons learned and new premise  
Sheogorath committed
61 
- make
Sheogorath's avatar
README: Add hint that all required tools are in koolbox  
Sheogorath committed
62 
- git