Skip to content

Add Flux GitOps for ff: app deployment and image automation #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rgardner4012 merged 1 commit into from
Feb 25, 2026
Merged

Add Flux GitOps for ff: app deployment and image automation #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions clusters/hlcl1/apps/ff/externalsecret-deploy-key.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: flux-ff-deploy-key
namespace: flux-system
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: flux-ff-deploy-key
creationPolicy: Owner
data:
- secretKey: identity # pragma: allowlist secret
remoteRef:
key: ff/deploy-key
property: identity
- secretKey: identity.pub # pragma: allowlist secret
remoteRef:
key: ff/deploy-key
property: identity_pub
- secretKey: known_hosts
remoteRef:
key: ff/deploy-key
property: known_hosts
27 changes: 27 additions & 0 deletions clusters/hlcl1/apps/ff/externalsecret-registry-auth.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: flux-ff-registry-auth
namespace: flux-system
spec:
refreshInterval: 1h
secretStoreRef:
name: openbao
kind: ClusterSecretStore
target:
name: flux-ff-registry-auth
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: |
{"auths":{"ghcr.io":{"username":"{{ .username }}","password":"{{ .password }}","auth":"{{ printf "%s:%s" .username .password | b64enc }}"}}}
data:
- secretKey: username # pragma: allowlist secret
remoteRef:
key: ff/registry-auth
property: username
- secretKey: password # pragma: allowlist secret
remoteRef:
key: ff/registry-auth
property: password
12 changes: 12 additions & 0 deletions clusters/hlcl1/apps/ff/gitrepository-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: ff-dev
namespace: flux-system
spec:
interval: 1m
url: ssh://git@github.com/rgardner4012/flockfeed
ref:
branch: dev
secretRef:
name: flux-ff-deploy-key
12 changes: 12 additions & 0 deletions clusters/hlcl1/apps/ff/gitrepository-main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: ff-main
namespace: flux-system
spec:
interval: 1m
url: ssh://git@github.com/rgardner4012/flockfeed
ref:
branch: main
secretRef:
name: flux-ff-deploy-key
13 changes: 13 additions & 0 deletions clusters/hlcl1/apps/ff/imagepolicy-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: ff-dev
namespace: flux-system
spec:
imageRepositoryRef:
name: ff
filterTags:
pattern: '^dev-[0-9]{14}$'
policy:
alphabetical:
order: asc
13 changes: 13 additions & 0 deletions clusters/hlcl1/apps/ff/imagepolicy-production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: ff-production
namespace: flux-system
spec:
imageRepositoryRef:
name: ff
filterTags:
pattern: '^main-[0-9]{14}$'
policy:
alphabetical:
order: asc
10 changes: 10 additions & 0 deletions clusters/hlcl1/apps/ff/imagerepository.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: ff
namespace: flux-system
spec:
image: ghcr.io/rgardner4012/flockfeed
interval: 1m
secretRef:
name: flux-ff-registry-auth
24 changes: 24 additions & 0 deletions clusters/hlcl1/apps/ff/imageupdateautomation-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageUpdateAutomation
metadata:
name: ff-dev
namespace: flux-system
spec:
interval: 1m
sourceRef:
kind: GitRepository
name: ff-dev
git:
checkout:
ref:
branch: dev
commit:
author:
email: fluxcdbot@users.noreply.github.com
name: fluxcdbot
messageTemplate: 'chore: update ff dev image to {{range .Updated.Images}}{{println .}}{{end}}'
push:
branch: dev
update:
path: ./k8s/overlays/dev
strategy: Setters
24 changes: 24 additions & 0 deletions clusters/hlcl1/apps/ff/imageupdateautomation-production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageUpdateAutomation
metadata:
name: ff-production
namespace: flux-system
spec:
interval: 1m
sourceRef:
kind: GitRepository
name: ff-main
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcdbot@users.noreply.github.com
name: fluxcdbot
messageTemplate: 'chore: update ff production image to {{range .Updated.Images}}{{println .}}{{end}}'
push:
branch: main
update:
path: ./k8s/overlays/production
strategy: Setters
16 changes: 16 additions & 0 deletions clusters/hlcl1/apps/ff/ks-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps-ff-dev
namespace: flux-system
spec:
interval: 10m
retryInterval: 1m
path: ./k8s/overlays/dev
prune: true
sourceRef:
kind: GitRepository
name: ff-dev
dependsOn:
- name: infra-ff-postgres
timeout: 5m
16 changes: 16 additions & 0 deletions clusters/hlcl1/apps/ff/ks-production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps-ff-production
namespace: flux-system
spec:
interval: 10m
retryInterval: 1m
path: ./k8s/overlays/production
prune: true
sourceRef:
kind: GitRepository
name: ff-main
dependsOn:
- name: infra-ff-postgres
timeout: 5m
14 changes: 14 additions & 0 deletions clusters/hlcl1/apps/ff/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- externalsecret-deploy-key.yaml
- externalsecret-registry-auth.yaml
- gitrepository-main.yaml
- gitrepository-dev.yaml
- imagerepository.yaml
- imagepolicy-dev.yaml
- imagepolicy-production.yaml
- imageupdateautomation-dev.yaml
- imageupdateautomation-production.yaml
- ks-dev.yaml
- ks-production.yaml
1 change: 1 addition & 0 deletions clusters/hlcl1/infra/databases/postgres/ks-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,5 @@ spec:
dependsOn:
- name: infra-shared-namespaces
- name: infra-cloudnativepg
wait: true
timeout: 10m
1 change: 1 addition & 0 deletions clusters/hlcl1/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ resources:
- infra/databases
- apps/pihole
- apps/monitoring
- apps/ff
Loading