🚀 Phase 1: The Manual Foundation
Goal: Set up the cluster and deploy a "Hello World" app the old-fashioned way to understand what we are automating.
🛠️ Step 1: Install Tools
# Install the Big Three (macOS example)
brew install minikube kubectl fluxcd/tap/flux
🏗️ Step 2: Start Minikube
minikube start --cpus 2 --memory 4096 --driver=docker
minikube addons enable ingress
📂 Step 3: Directory Layout
Create this structure on your local machine:
flux-lab/
└── base/
├── kustomization.yaml
└── web-server.yaml
📄 Step 4: The Manifests
flux-lab/base/web-server.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-server
namespace: engineering
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25
ports:
- containerPort: 80
flux-lab/base/kustomization.yaml
resources:
- web-server.yaml
🚀 Step 5: Deploy Manually
kubectl create namespace engineering
kubectl apply -k flux-lab/base/
kubectl get pods -n engineering
🤖 Phase 2: The Great Automation (FluxCD)
Goal: Connect GitHub to Minikube. From this point on, we never use kubectl apply again.
🛠️ Step 1: Environment Setup
export GITHUB_TOKEN=your_personal_access_token
export GITHUB_USER=your_github_username
🏗️ Step 2: Bootstrap Flux
flux bootstrap github \
--owner=$GITHUB_USER \
--repository=flux-minikube-lab \
--branch=main \
--path=clusters/my-cluster \
--personal
📂 Step 3: Final Git Directory Layout
Clone your new repo and organize it exactly like this:
flux-minikube-lab/
├── apps/
│ └── web-server/
│ ├── kustomization.yaml
│ └── web-server.yaml
└── clusters/
└── my-cluster/
├── flux-system/ # (Auto-generated)
└── web-server-sync.yaml
📄 Step 4: Create the "Sync" Instruction
clusters/my-cluster/web-server-sync.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: web-server-sync
namespace: flux-system
spec:
interval: 1m
path: ./apps/web-server
prune: true
sourceRef:
kind: GitRepository
name: flux-system
targetNamespace: engineering
🚀 Step 5: Push and Pray (The GitOps Way)
git add .
git commit -m "Onboard web-server to GitOps"
git push origin main
# Force immediate sync
flux reconcile kustomization flux-system --with-source
🔐 Phase 3: The Secret Sauce (Sealed Secrets)
Goal: Store passwords in GitHub securely using encryption.
🏗️ Step 1: Install Infrastructure
Place these files in infrastructure/sources/ and infrastructure/controllers/.
clusters/my-cluster/infra-sync.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infra-sync
namespace: flux-system
spec:
interval: 1h
path: ./infrastructure
prune: true
sourceRef:
kind: GitRepository
name: flux-system
📂 Step 2: Final Phase 3 Directory Layout
flux-minikube-lab/
├── apps/
│ └── web-server/
│ ├── kustomization.yaml # (Update to include sealed-db-pass.yaml)
│ ├── web-server.yaml
│ └── sealed-db-pass.yaml # (Generated)
├── clusters/
│ └── my-cluster/
│ ├── infra-sync.yaml
│ └── web-server-sync.yaml
└── infrastructure/
├── controllers/
│ └── sealed-secrets.yaml
└── sources/
└── sealed-secrets.yaml
🔐 Step 3: Create an Encrypted Secret
# 1. Create a raw secret (DO NOT PUSH TO GIT)
kubectl create secret generic mwd-db-pass \
--from-literal=password=SuperSecret123 \
--namespace engineering \
--dry-run=client -o yaml > temp.yaml
# 2. Encrypt it using the cluster's key
kubeseal \
--controller-name sealed-secrets \
--controller-namespace flux-system \
--format yaml < temp.yaml > apps/web-server/sealed-db-pass.yaml
# 3. Clean up
rm temp.yaml
🚀 Step 4: Deploy
git add .
git commit -m "Add sealed secret"
git push origin main
flux reconcile kustomization infra-sync --with-source
flux reconcile kustomization web-server-sync --with-source
🧠 Summary of Progress
- Phase 1: Learned Kubernetes resources.
- Phase 2: Learned FluxCD automation and the "Pull Model."
- Phase 3: Learned Security and encryption in Git.
Top comments (0)