Skip to content

Latest commit

 

History

History
101 lines (89 loc) · 9.06 KB

repo-setup.md

File metadata and controls

101 lines (89 loc) · 9.06 KB

Repo Setup

Below section covers how the repo is set up to handle multiple environments and teams with Flux V2.

Key considerations

  • Directory stucture is team/namespace focussed than cluster focussed so that moving teams config to different repos and managing permissions is easy.
  • Every namespace is a directory in apps/
  • Image Automation is run only from CFTPTL cluster and related components/CRDs are installed/created only on CFTPTL.
  • Every team/namespace has a separate Flux Kustomization so that one team won't break another team's config.
  • Everything is Kustomized by default aligning with Flux V2.

Kustomization Naming

Folder Structure

├── apps                                        # apps directory containing all namespaces and manifests
│   │
│   └──<base>
│   │  └── kustomization.yaml                   # Default namespace base  kustomization that all teams extend
│   │  └── kustomize.yaml                       # defaults applied to all base team kustomizations
│   │  └── alert/provider.yaml                  # Default manifests for all namespaces to enable notifications
│   │  └── ...
│   │
│   ├── <namespace>                             # One folder per namespace containing workloads.
│   │   ├── automation
│   │   │   └── kustomization.yaml              # Namespace specific automation kustomization referring to all image repos/policies.
│   │   │
│   │   ├── base
│   │   │   └── kustomization.yaml              # namespace base kustomization that is applied to all clusters (except preview).
│   │   │   └── kustomize.yaml                  # namespace flux kustomization containing the path flux should look at.
│   │   │
│   │   ├── <env>        
│   │   │   └── base                          
│   │   │       └── kustomization.yaml          # namespace env overlay containing patches for a specific environment.
│   │   │       └── sealed-secrets              # Optional sealed secrets manifests.
│   │   │   └── 00/01
│   │   │       └── kustomization.yaml          # Optional cluster overlay containing patches for a specific environment.
│   │   │
│   │   ├── identity
│   │   │   └── identity.yaml                   # Base identity file.
│   │   │   └── <env>.yaml                      # Env specific patch for identity.
│   │   │
│   │   └── <application-name>                  # Folder per app containing manifests and patches for each application.
│   │       └── <application-name>.yaml         # Helm Release for each application.
│   │       └── <env>.yaml                      # Optional patch for each environment
│   │       └── image-repo.yaml                 # ImageRepository CRD used for image automation 
│   │       └── image-policy.yaml               # ImagePolicy CRD used for image automation
│   │       └── <env>-image-policy.yaml         # Optional ImagePolicy for non-ptl environments.
│   │
│   └──<namespace2>
│      └── ...
│
│
└── clusters
    │
    ├── <environment>
    │   ├── 00/01
    │   │   └── kustomization.yaml                # Cluster Overlay with patches on env base.  
    │   │      
    │   ├── base
    │   │   └── kustomization.yaml                # Env Base which includes Flux Kustomizations for all namespaces in that cluster.
    │   │
    │   └── pub-cert.pem                          # pem file for sealed-secrets
    │     
    └──<environment2>
       └── ...

How flux understands the config