Hey Kubernetes warriors! ๐ Ever wanted to spin up a complete, production-like environment faster than you can say "microservices"? Well, buckle up because we're about to explore flux-e2e - a GitOps repository that'll make your infrastructure dreams come true!
The Challenge ๐ค
Picture this: You're building a Kubernetes application, and you need to test it with proper networking, security policies, observability, and all the production bells and whistles. Traditionally, this means hours of YAML wrestling, secret management nightmares, and probably at least three cups of coffee โ.
The usual pain points:
- Setting up proper GitOps workflows ๐
- Configuring secure networking without losing your sanity ๐
- Getting observability right from day one ๐
- Making it all work together without breaking ๐ฅ
The Solution ๐ก
Enter flux-e2e - a beautifully orchestrated GitOps repository that gives you a complete Kubernetes testing environment with just one command. Think of it as the "easy button" for infrastructure testing!
What Makes This Special? โจ
This isn't just another "hello world" Kubernetes setup. We're talking about a full-stack, production-ready testing environment that includes:
- GitOps with Flux CD - Because manual deployments are so 2019 ๐
- Cilium CNI + Tailscale - Networking that actually makes sense ๐
- Grafana + Loki - Observability that doesn't suck ๐
- Network policies + sealed secrets - Security that doesn't give you headaches ๐ก๏ธ
- Proper dependency management - Everything deploys in the right order ๐ฏ
The Architecture That'll Make You Smile ๐
The genius lies in the numbered directory structure:
โโโ 0-bootstrap/ # Start here - namespaces and basics
โโโ 1-network-policies/ # Lock it down early
โโโ 2-secrets/ # Encrypted secrets (no more leaked passwords!)
โโโ 3-config/ # Configuration management
โโโ 4-infrastructure/ # The heavy lifting (cert-manager, operators)
โโโ 5-system/ # Core services (MariaDB, Redis)
โโโ 6-apps/ # Your actual applications
โโโ 7-ingress/ # Tailscale funnel magic
โโโ cluster/ # Flux orchestrates it all
Why this is brilliant: Dependencies flow naturally from 0 to 7. No more "chicken and egg" deployment problems! ๐ฃ
The Magic Script ๐ช
Ready for the best part? Getting this entire stack running is literally one command:
export TAILSCALE_API_KEY="tskey-api-xxxxx"
# ... set a few more environment variables
./local.sh
What happens next is pure magic:
- Spins up a Kind cluster with Cilium ๐ช
- Installs Flux CD and points it to your repo ๐ฏ
- Deploys everything in the correct dependency order ๐
- Sets up Tailscale networking for secure access ๐
- Gives you URLs to access your services! ๐
The Tailscale Twist ๐
Here's where things get really cool. Instead of dealing with LoadBalancers or complicated ingress setups, everything is exposed through Tailscale funnel. Your services get URLs like:
https://{random-prefix}grafana.{tailnet}.ts.nethttps://{random-prefix}echo.{tailnet}.ts.net
Why this rocks:
- Secure by default (only your Tailscale network can access) ๐
- No public IPs or complex firewall rules ๐ซ
- Works from anywhere with proper authentication โ
- Random prefixes prevent conflicts in shared environments ๐ฒ
Under the Hood: Smart Design Patterns ๐ง
1. Variable Substitution Magic
Everything is configured through a cluster-vars ConfigMap with variable substitution:
someConfig: ${VARIABLE_NAME}
Change one value, update everything! ๐ญ
2. Sealed Secrets = Sleep Better at Night
No more secrets in plaintext Git repos. Everything is encrypted with sealed-secrets, so you can commit your secrets safely. Your security team will love you! ๐
3. Network Policies by Default
Every namespace gets restrictive network policies. Because security shouldn't be an afterthought! ๐ก๏ธ
Real-World Use Cases ๐
Perfect for:
- Local development - Full-stack testing without the cloud bill ๐ฐ
- CI/CD pipelines - Spin up environments for each PR ๐
- Learning GitOps - See how it all fits together ๐
- Architecture validation - Test your designs before production ๐งช
Debugging Like a Pro ๐ต๏ธ
When things go sideways (they always do), the repo includes helpful debugging commands:
# Check Flux status
flux get kustomizations
# See what's broken
kubectl get pods -A
# Follow the logs
kubectl logs -n flux-system -l app=helm-controller
The Cleanup is Automatic! ๐งน
Exit the script, and everything cleans up automatically:
- Removes Tailscale devices โ
- Optionally deletes the Kind cluster โ
- No orphaned resources โ
No more "what was that cluster name again?" moments! ๐
Why This Matters ๐ฏ
In a world where Kubernetes complexity can make grown developers cry, flux-e2e shows us that:
- GitOps doesn't have to be hard - Good structure makes all the difference
- Security can be baked in - Network policies and sealed secrets from day one
- Observability is achievable - Grafana and Loki working out of the box
- Local testing can be production-like - No more "works on my machine" ๐คทโโ๏ธ
Get Started Today! ๐ฆ
Ready to revolutionize your Kubernetes testing game?
-
Clone the repo:
git clone https://github.com/pmdroid/flux-e2e - Set your environment variables (don't forget the Tailscale API key!)
-
Run:
./local.sh - Watch the magic happen โจ
Final Thoughts ๐ญ
flux-e2e isn't just a repository - it's a blueprint for how modern Kubernetes deployments should work. It proves that with the right patterns and tools, we can have:
- Simplicity without sacrificing functionality ๐
- Security without operational overhead ๐
- Observability without complexity ๐
- GitOps without the learning curve ๐
Whether you're a GitOps newbie or a Kubernetes veteran, this repo will teach you something new about building resilient, secure, and observable systems.
Now go forth and GitOps responsibly! ๐
Have you tried flux-e2e? Share your experience in the comments! And if you build something cool with it, we'd love to hear about it! ๐จ๏ธ
Top comments (0)