Hey Kubernetes warriors! π Ever wanted to spin up a complete, production-like environment faster than you can say "microservices"? Well, buckle up because we're about to explore flux-e2e - a GitOps repository that'll make your infrastructure dreams come true!
The Challenge π€
Picture this: You're building a Kubernetes application, and you need to test it with proper networking, security policies, observability, and all the production bells and whistles. Traditionally, this means hours of YAML wrestling, secret management nightmares, and probably at least three cups of coffee β.
The usual pain points:
- Setting up proper GitOps workflows π
- Configuring secure networking without losing your sanity π
- Getting observability right from day one π
- Making it all work together without breaking π₯
The Solution π‘
Enter flux-e2e - a beautifully orchestrated GitOps repository that gives you a complete Kubernetes testing environment with just one command. Think of it as the "easy button" for infrastructure testing!
What Makes This Special? β¨
This isn't just another "hello world" Kubernetes setup. We're talking about a full-stack, production-ready testing environment that includes:
- GitOps with Flux CD - Because manual deployments are so 2019 π
- Cilium CNI + Tailscale - Networking that actually makes sense π
- Grafana + Loki - Observability that doesn't suck π
- Network policies + sealed secrets - Security that doesn't give you headaches π‘οΈ
- Proper dependency management - Everything deploys in the right order π―
The Architecture That'll Make You Smile π
The genius lies in the numbered directory structure:
βββ 0-bootstrap/ # Start here - namespaces and basics
βββ 1-network-policies/ # Lock it down early
βββ 2-secrets/ # Encrypted secrets (no more leaked passwords!)
βββ 3-config/ # Configuration management
βββ 4-infrastructure/ # The heavy lifting (cert-manager, operators)
βββ 5-system/ # Core services (MariaDB, Redis)
βββ 6-apps/ # Your actual applications
βββ 7-ingress/ # Tailscale funnel magic
βββ cluster/ # Flux orchestrates it all
Why this is brilliant: Dependencies flow naturally from 0 to 7. No more "chicken and egg" deployment problems! π£
The Magic Script πͺ
Ready for the best part? Getting this entire stack running is literally one command:
export TAILSCALE_API_KEY="tskey-api-xxxxx"
# ... set a few more environment variables
./local.sh
What happens next is pure magic:
- Spins up a Kind cluster with Cilium πͺ
- Installs Flux CD and points it to your repo π―
- Deploys everything in the correct dependency order π
- Sets up Tailscale networking for secure access π
- Gives you URLs to access your services! π
The Tailscale Twist π
Here's where things get really cool. Instead of dealing with LoadBalancers or complicated ingress setups, everything is exposed through Tailscale funnel. Your services get URLs like:
https://{random-prefix}grafana.{tailnet}.ts.nethttps://{random-prefix}echo.{tailnet}.ts.net
Why this rocks:
- Secure by default (only your Tailscale network can access) π
- No public IPs or complex firewall rules π«
- Works from anywhere with proper authentication β
- Random prefixes prevent conflicts in shared environments π²
Under the Hood: Smart Design Patterns π§
1. Variable Substitution Magic
Everything is configured through a cluster-vars ConfigMap with variable substitution:
someConfig: ${VARIABLE_NAME}
Change one value, update everything! π
2. Sealed Secrets = Sleep Better at Night
No more secrets in plaintext Git repos. Everything is encrypted with sealed-secrets, so you can commit your secrets safely. Your security team will love you! π
3. Network Policies by Default
Every namespace gets restrictive network policies. Because security shouldn't be an afterthought! π‘οΈ
Real-World Use Cases π
Perfect for:
- Local development - Full-stack testing without the cloud bill π°
- CI/CD pipelines - Spin up environments for each PR π
- Learning GitOps - See how it all fits together π
- Architecture validation - Test your designs before production π§ͺ
Debugging Like a Pro π΅οΈ
When things go sideways (they always do), the repo includes helpful debugging commands:
# Check Flux status
flux get kustomizations
# See what's broken
kubectl get pods -A
# Follow the logs
kubectl logs -n flux-system -l app=helm-controller
The Cleanup is Automatic! π§Ή
Exit the script, and everything cleans up automatically:
- Removes Tailscale devices β
- Optionally deletes the Kind cluster β
- No orphaned resources β
No more "what was that cluster name again?" moments! π
Why This Matters π―
In a world where Kubernetes complexity can make grown developers cry, flux-e2e shows us that:
- GitOps doesn't have to be hard - Good structure makes all the difference
- Security can be baked in - Network policies and sealed secrets from day one
- Observability is achievable - Grafana and Loki working out of the box
- Local testing can be production-like - No more "works on my machine" π€·ββοΈ
Get Started Today! π¦
Ready to revolutionize your Kubernetes testing game?
-
Clone the repo:
git clone https://github.com/pmdroid/flux-e2e - Set your environment variables (don't forget the Tailscale API key!)
-
Run:
./local.sh - Watch the magic happen β¨
Final Thoughts π
flux-e2e isn't just a repository - it's a blueprint for how modern Kubernetes deployments should work. It proves that with the right patterns and tools, we can have:
- Simplicity without sacrificing functionality π
- Security without operational overhead π
- Observability without complexity π
- GitOps without the learning curve π
Whether you're a GitOps newbie or a Kubernetes veteran, this repo will teach you something new about building resilient, secure, and observable systems.
Now go forth and GitOps responsibly! π
Have you tried flux-e2e? Share your experience in the comments! And if you build something cool with it, we'd love to hear about it! π¨οΈ
Top comments (0)