The State of Flux

Cluster Builder was recently updated to support Flux CD GitOps, which drives the infrastructure serving this site.

Cluster Builder tooling will deploy a base Kubernetes 1.33 cluster using KubeAdm to a cluster of KVM VMs running on Proxmox VE. Included are the foundational Canal CNI, the Flux Operator and a Sealed Secrets deployment based on an external key pair.

Using the external, pre-created key pair for encrypting Sealed Secrets ensures that the same GitOps repo can support multiple clusters, and that the clusters themselves can be deployed and re-deployed as required.

Once the Kubernetes cluster is deployed, a FluxInstance is deployed to the Flux Operator along with the necessary credentials to access the supplied GitOps repo. Flux then takes over and builds out the cluster to spec.

Note that this includes:

• Installing dependent services in the correct order
• Installing Longhorn auto-configured with an existing S3 backup target, and then automatically installing the required secrets and restoring volumes from backup via flux driven manifest to recover stateful workloads and their volumes automatically
• Installing all required secrets (encrypted in the repo via sealed secrets)

As everything can be stored safely in the Git repo, the entire cluster can be brought online in mirror image running order. In the case of this site, the repo always reflects the id of the most recent backup, and will auto-recover to the most recent state upon re-deployment.

Very handy stuff.

Everything is completely repeatable while existing in the state of Flux.