Our great sponsors
-
adeploy
Universal deployment tool for Kubernetes that supports rendering and deployment of lightweight Jinja templated k8s manifests as well as complex Helm charts.
-
kapp
kapp is a simple deployment tool focused on the concept of "Kubernetes application" — a set of resources with the same label
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
We wrote adeploy which brings Jinja templating for both vanilla manifests and Helm Charts which includes a bench of useful Jinja templating functions i.e. for labeling, secret management etc... The tool supports multiple deployments at different namespaces/releases with different Jinja variables and also includes support to deploy secrets directly from GoPass. It can also be used in CI/CD while secrets are not re-deployed when running via CI/CD. The tool still lacks of some detailed docs and a public pip repo, but this is wip.
So, if you're fine with losing your app infra state and the respective locks - I'd go for both Flux and ArgoCD, and tf-controller, via Flux Subsystem for Argo. So, you'll get the niceties of both worlds, but Argo come on top in the end... both tf-controller and flux subsystem are a bit clunky, but still usable with some filing and minor contributions.
If you look into aws-ia stuff - they have a convention to create an IAM IRSA role for every deployed Helm chart, i.e. every deployed Kubernetes Helm Charts gets a permissions boundary. So, your crossplane, for instance, could manage all the respective resources without getting too much freedom.
... and if you're an opinionated person, like me, and you value consolidated infrastructure atomicity as a whole along side locks for everything. You'd port cherry-picked helm charts as terraform modules with k2tf, and build every docker container from scratch, with forced layer invalidation to perform security updates for every image, using the docker and kubernetes providers respectively.
... and if you're an opinionated person, like me, and you value consolidated infrastructure atomicity as a whole along side locks for everything. You'd port cherry-picked helm charts as terraform modules with k2tf, and build every docker container from scratch, with forced layer invalidation to perform security updates for every image, using the docker and kubernetes providers respectively.
There's json generation libraries. Don't know why they didn't mention jsonnet, which is much more popular than either one and has fairly wide usage in the k8s community
Related posts
- libvirt-k8s-provisioner - Ansible and terraform to build a cluster from scratch in less than 10 minutes ok KVM - Updated for 1.26
- Question for declarative GitOps managed shops
- Self-service infrastructure as code
- Weaveworks Seems to Be Disintegrating
- Git going with GitOps on AKS: A Step-by-Step Guide using FluxCD AKS Extension