-
adeploy
Universal deployment tool for Kubernetes that supports rendering and deployment of lightweight Jinja templated k8s manifests as well as complex Helm charts.
We wrote adeploy which brings Jinja templating for both vanilla manifests and Helm Charts which includes a bench of useful Jinja templating functions i.e. for labeling, secret management etc... The tool supports multiple deployments at different namespaces/releases with different Jinja variables and also includes support to deploy secrets directly from GoPass. It can also be used in CI/CD while secrets are not re-deployed when running via CI/CD. The tool still lacks of some detailed docs and a public pip repo, but this is wip.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
kapp
kapp is a simple deployment tool focused on the concept of "Kubernetes application" — a set of resources with the same label
-
So, if you're fine with losing your app infra state and the respective locks - I'd go for both Flux and ArgoCD, and tf-controller, via Flux Subsystem for Argo. So, you'll get the niceties of both worlds, but Argo come on top in the end... both tf-controller and flux subsystem are a bit clunky, but still usable with some filing and minor contributions.
-
If you look into aws-ia stuff - they have a convention to create an IAM IRSA role for every deployed Helm chart, i.e. every deployed Kubernetes Helm Charts gets a permissions boundary. So, your crossplane, for instance, could manage all the respective resources without getting too much freedom.
-
... and if you're an opinionated person, like me, and you value consolidated infrastructure atomicity as a whole along side locks for everything. You'd port cherry-picked helm charts as terraform modules with k2tf, and build every docker container from scratch, with forced layer invalidation to perform security updates for every image, using the docker and kubernetes providers respectively.
-
... and if you're an opinionated person, like me, and you value consolidated infrastructure atomicity as a whole along side locks for everything. You'd port cherry-picked helm charts as terraform modules with k2tf, and build every docker container from scratch, with forced layer invalidation to perform security updates for every image, using the docker and kubernetes providers respectively.
-
There's json generation libraries. Don't know why they didn't mention jsonnet, which is much more popular than either one and has fairly wide usage in the k8s community
-