https://6f8f7e98.jjgadgets-tech.pages.dev/categories/kubernetes/Recent content in Kubernetes on JJGadgetsHugo -- gohugo.ioenJJGadgetsSun, 11 May 2025 13:23:18 +0800https://6f8f7e98.jjgadgets-tech.pages.dev/2025/ceph-rgw-list-all-s3-buckets-disk-usage/Sun, 11 May 2025 13:23:18 +0800https://6f8f7e98.jjgadgets-tech.pages.dev/2025/ceph-rgw-list-all-s3-buckets-disk-usage/<p>Quick one liner command to list all Ceph RGW buckets usage, using <code>jq</code> to extract only the bucket name and size KV pairs and converting from bytes to gigabytes (GB):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">radosgw-admin bucket stats <span class="p">|</span> jq <span class="s1">&#39;def calc(val): if val!=null then val|tonumber/1000000000|tostring + &#34;GB&#34; else . end; .[] | {bucket} + (.usage.&#34;rgw.main&#34; | {size: (calc(.size)), size_actual: (calc(.size_actual)), size_utilized: (calc(.size_utilized))})&#39;</span> </span></span></code></pre></td></tr></table> </div> </div><p>For me, I use Rook-Ceph on Kubernetes for my homelab, and like to view the output in Neovim, so the full command line for me looks like this:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">kubectl <span class="nb">exec</span> -it -n rook-ceph deploy/rook-ceph-tools -- radosgw-admin bucket stats <span class="p">|</span> jq <span class="s1">&#39;def calc(val): if val!=null then val|tonumber/1000000000|tostring + &#34;GB&#34; else . end; .[] | {bucket} + (.usage.&#34;rgw.main&#34; | {size: (calc(.size)), size_actual: (calc(.size_actual)), size_utilized: (calc(.size_utilized))})&#39;</span> <span class="p">|</span> nvim </span></span></code></pre></td></tr></table> </div> </div><p>Or only the <code>jq</code> query if you prefer:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span><span class="lnt">6 </span><span class="lnt">7 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="err">def</span> <span class="err">calc(val):</span> <span class="err">if</span> <span class="err">val!=</span><span class="kc">null</span> <span class="err">then</span> <span class="err">val|tonumber/</span><span class="mi">1000000000</span><span class="err">|tostring</span> <span class="err">+</span> <span class="s2">&#34;GB&#34;</span> <span class="err">else</span> <span class="err">.</span> <span class="err">end;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="err">.</span><span class="p">[]</span> <span class="err">|</span> <span class="p">{</span><span class="err">bucket</span><span class="p">}</span> <span class="err">+</span> <span class="err">(.usage.</span><span class="s2">&#34;rgw.main&#34;</span> <span class="err">|</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="err">size:</span> <span class="err">(calc(.size)),</span> </span></span><span class="line"><span class="cl"> <span class="err">size_actual:</span> <span class="err">(calc(.size_actual)),</span> </span></span><span class="line"><span class="cl"> <span class="err">size_utilized:</span> <span class="err">(calc(.size_utilized))</span> </span></span><span class="line"><span class="cl"><span class="p">}</span><span class="err">)</span> </span></span></code></pre></td></tr></table> </div> </div><p>Here&rsquo;s an example output:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span><span class="lnt">42 </span><span class="lnt">43 </span><span class="lnt">44 </span><span class="lnt">45 </span><span class="lnt">46 </span><span class="lnt">47 </span><span class="lnt">48 </span><span class="lnt">49 </span><span class="lnt">50 </span><span class="lnt">51 </span><span class="lnt">52 </span><span class="lnt">53 </span><span class="lnt">54 </span><span class="lnt">55 </span><span class="lnt">56 </span><span class="lnt">57 </span><span class="lnt">58 </span><span class="lnt">59 </span><span class="lnt">60 </span><span class="lnt">61 </span><span class="lnt">62 </span><span class="lnt">63 </span><span class="lnt">64 </span><span class="lnt">65 </span><span class="lnt">66 </span><span class="lnt">67 </span><span class="lnt">68 </span><span class="lnt">69 </span><span class="lnt">70 </span><span class="lnt">71 </span><span class="lnt">72 </span><span class="lnt">73 </span><span class="lnt">74 </span><span class="lnt">75 </span><span class="lnt">76 </span><span class="lnt">77 </span><span class="lnt">78 </span><span class="lnt">79 </span><span class="lnt">80 </span><span class="lnt">81 </span><span class="lnt">82 </span><span class="lnt">83 </span><span class="lnt">84 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-authentik&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;1.688277968GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;1.725648896GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;1.688277968GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-gts-robo&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;0.003353182GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;0.003444736GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;0.003353182GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;joplin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="kc">null</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-atuin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;0.468781088GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;0.48617472GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;0.468781088GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;gotosocial-media&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;7.746584026GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;7.825215488GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;7.746584026GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;gts-robo-media&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="kc">null</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;zipline-data&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;0.00079149GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;0.000794624GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;0.00079149GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-home&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;2.763082224GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;2.787741696GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;2.763082224GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;reactive-resume-media&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="kc">null</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-gotosocial-valetudo&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="kc">null</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="kc">null</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;volsync&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;373.431380366GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;373.502193664GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;373.431380366GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-default&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;2.899299768GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;2.965950464GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;2.899299768GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;k8s-schemas-rgw&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;0.0391532GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;0.040087552GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;0.0391532GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;bucket&#34;</span><span class="p">:</span> <span class="s2">&#34;pg-gotosocial&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size&#34;</span><span class="p">:</span> <span class="s2">&#34;6.635240072GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_actual&#34;</span><span class="p">:</span> <span class="s2">&#34;6.69478912GB&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;size_utilized&#34;</span><span class="p">:</span> <span class="s2">&#34;6.635240072GB&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div>https://6f8f7e98.jjgadgets-tech.pages.dev/2024/flux-repo-structure/Wed, 03 May 2023 00:00:00 +0000https://6f8f7e98.jjgadgets-tech.pages.dev/2024/flux-repo-structure/<h1 id="introduction">Introduction</h1> <p>In this post, I go over the repository structure that I use for my Kubernetes homelab, powered with GitOps by FluxCD.</p> <p>Remember that <em>there is no &ldquo;right way&rdquo; or &ldquo;one size fits all&rdquo; to repo structuring</em>, define and be clear on your goals before you structure your repo.</p> <p><strong>NOTE:</strong> From here on out, all <em>files</em> will be in bold and is prefixed by <strong>./</strong> while all <em>folders</em> will be in bold and suffixed by <strong>/</strong> e.g. <strong>folder/</strong> and <strong>./file.yaml</strong></p> <h1 id="goals">Goals</h1> <ul> <li> <p>Define desired configuration of apps and services deployed in Kubernetes cluster.</p> </li> <li> <p>Version control all configuration changes with Git.</p> </li> <li> <p>Automate all the things! (as much as possible)</p> </li> <li> <p>Establish high security baseline of both Kubernetes cluster&rsquo;s components, and GitOps components.</p> </li> <li> <p>Allow for basic multi-cluster environments (production and non-production) while using monorepo</p> <ul> <li>Cluster-specific configurations using variable substitution in deploy manifests, and cluster-specific secrets.</li> </ul> </li> <li> <p>Allow for opting-in which apps/services/components to deploy per cluster, to optimize resource allocation (CPU, memory, storage, network etc).</p> <ul> <li>I <em>don&rsquo;t really need</em> a Minecraft Java server on both prod and staging if I don&rsquo;t change any of its configuration, do I?</li> </ul> </li> <li> <p>Minimize human errors or forgetfulness by keeping duplicated code to an absolute minimum.</p> </li> </ul> <h1 id="repo-structure-kube">Repo Structure (<strong>kube/</strong>)</h1> <ul> <li> <h2 id="bootstrap"><strong>bootstrap/</strong></h2> <ul> <li> <p><strong>flux/</strong></p> <ul> <li> <p><strong>./kustomization.yaml</strong></p> <ul> <li>Installs Flux from the kustomization.yaml located in ./manifests/install of fluxcd/flux2 remote GitHub repo.</li> </ul> </li> </ul> </li> </ul> </li> <li> <h2 id="clusters"><strong>clusters/</strong></h2> <ul> <li> <p><strong>cluster-name/</strong></p> <ul> <li> <p>Cluster specific folder</p> </li> <li> <p>Any name is fine, e.g. <strong>prod/</strong> and <strong>dev/</strong></p> </li> <li> <p><strong>distro/</strong></p> <ul> <li> <p>Cluster distribution&rsquo;s configuration</p> </li> <li> <p>e.g. Talos via talhelper (<strong>talos/</strong>)</p> </li> </ul> </li> <li> <p><strong>config/</strong></p> <ul> <li> <p>All Flux manifests for cluster-specific configuration state goes here</p> </li> <li> <p><strong>./flux-install.yaml</strong></p> <ul> <li> <p>Flux SourceRepository pointed to Flux&rsquo;s manifests OCI repo, scoped to version branch</p> </li> <li> <p>Fluxtomization to deploy and control Flux&rsquo;s components (takes over control of Flux components from Flux bootstrap)</p> </li> </ul> </li> <li> <p><strong>./flux-repo.yaml</strong></p> <ul> <li> <p>Flux SourceRepository pointed to user&rsquo;s repo (e.g. JJGadgets/Biohazard, onedr0p/home-ops, 0dragosh/homelab etc), use SSH key to clone (and optionally push if configured)</p> </li> <li> <p>&ldquo;Master&rdquo; Fluxtomization to deploy and control cluster-specific configuration (path points to cluster folder) and all other deployments (via cluster folder&rsquo;s ./kustomization.yaml)</p> <ul> <li> <p>Includes configuration and patches for variable substitution ( <code>${VARIABLE}</code> ) and SOPS secret decryption of all other deployments</p> </li> <li> <p>Includes patches for DRYing configs</p> <ul> <li>For the truly lazy, patching a Fluxtomization with patches for other resources controlled by said Fluxtomization (e.g. HelmRelease) is possible</li> </ul> </li> </ul> </li> </ul> </li> <li> <p><strong>./kustomization.yaml</strong></p> <ul> <li> <p>Native Kubernetes Kustomization to control what resources are deployed, either by Fluxtomization or <code>kubectl apply -k</code></p> </li> <li> <p>Used here for opt-in deployment of all cluster-specific configuration manifests in cluster folder.</p> </li> <li> <p>Used here for opt-in deployment of which apps folders to deploy to cluster (from <strong>kube/deploy/</strong>).</p> <ul> <li> <p>References the apps folders to deploy like so: <code>../../../deploy/apps/jellyfin</code></p> </li> <li> <p>Each app folder will then have its own <strong>kustomization.yaml</strong>, which opts-in deployment of the namespaces needed as well as the app&rsquo;s Fluxtomization (<strong>ks.yaml</strong>).</p> <ul> <li> <p>Indirectly the &ldquo;master&rdquo; Fluxtomization <em>also controls the namespaces deployed</em> (since there&rsquo;s no Fluxtomizations in between the chain of <strong>kustomization.yaml</strong>s).</p> </li> <li> <p>This allows the app&rsquo;s Fluxtomization to add &ldquo;master&rdquo; Fluxtomization as dependency (via dependsOn).</p> <ul> <li>Ensures that namespaces are always deployed before the resources are deployed within the namespaces.</li> </ul> </li> <li> <p><em>NOTE:</em> (about namespacing)</p> <ul> <li> <p>I choose to group apps in their own namespace, unless an app requires either multiple containers (e.g. server and web client, or microservices architecture), or 2 different apps must be in the same namespace to share Kubernetes resources or other reasons.</p> </li> <li> <p>My structure is a janky ghetto way to implement &ldquo;multi-cluster&rdquo; with a very specific purpose of having production and non-production (dev/test/staging/UAT, whichever is appropriate) clusters, where the differences in the clusters mostly come down to cluster-specific variables/secrets and control of which apps are deployed, allowing the non-prod cluster(s) to be scaled smaller than the prod cluster (e.g. I <em>don&rsquo;t really need</em> Jellyfin on both prod and staging if I don&rsquo;t change any of its configuration)</p> </li> <li> <p>Other folks like onedr0p, bjw-s, 0dragosh etc will have the &ldquo;master&rdquo; Fluxtomization deploy a separate &ldquo;apps&rdquo; Fluxtomization that points to <strong>kubernetes/apps</strong> which has <strong>kubernetes/apps/namespace/kustomization.yaml</strong> control both namespace and app Fluxtomizations (<strong>kubernetes/apps/namespace/app/ks.yaml</strong>) to deploy, <em>which isn&rsquo;t a wrong way to structure for their needs</em>, however this means that there is no easy way to control which cluster should deploy which apps which I desire</p> </li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> <li> <p><strong>./secrets.yaml</strong></p> <ul> <li> <p>Cluster-specific native Kubernetes secrets, encrypted-at-rest by SOPS (Flux supports decrypting SOPS-encrypted files).</p> </li> <li> <p>Can be used via variable substitution at deploy-time.</p> </li> <li> <p>external-secrets is preferred over storing secrets in here to easily sync and/or consume namespace-specific secrets.</p> </li> <li> <p>One hacky way to have cluster-specific yet namespace-specific native Kubernetes secrets (you can&rsquo;t reference a secret stored in <code>flux-system</code> namespace from e.g. <code>minecraft</code> namespace) is to variable substitute the secret data into a <code>kind: Secret</code> manifest in <strong>kube/deploy/</strong>.</p> </li> </ul> </li> <li> <p><strong>./vars.yaml</strong></p> <ul> <li> <p>Cluster-specific variables.</p> </li> <li> <p>Can be used via variable substitution at deploy-time.</p> </li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> <li> <h2 id="deploy"><strong>deploy/</strong></h2> <ul> <li> <p>Apps, services and components to be deployed to clusters.</p> </li> <li> <p>Contains baseline common manifests that are written to work across all clusters.</p> </li> <li> <p>Cluster-specific configuration is achieved via variable substitution and optionally patches.</p> </li> <li> <p><strong>core/</strong></p> <ul> <li>Backend(-related) components that are &ldquo;core&rdquo; to Kubernetes clusters for them to operate, such as CNI, storage solution, Ingress Controller, and more.</li> </ul> </li> <li> <p><strong>apps/</strong></p> <ul> <li> <p>User-facing apps and services.</p> </li> <li> <p><strong>app-name/</strong></p> <ul> <li> <p>Replace <strong>app-name/</strong> with app name, such as <strong>minecraft/</strong>, <strong>authentik/</strong>, or <strong>immich/</strong>.</p> </li> <li> <p><strong>./ns.yaml</strong></p> <ul> <li>Namespace definition for app, or group of apps.</li> </ul> </li> <li> <p><strong>./ks.yaml</strong></p> <ul> <li> <p>All app-specific Fluxtomizations that deploy and control the app&rsquo;s resources.</p> </li> <li> <p>Points to either <strong>app/</strong> and/or <strong>component-name/</strong> folders which are explained below.</p> </li> <li> <p>Use dependsOn to ensure that dependencies (such as storage solution and Ingress Controller) are deployed and configured before app&rsquo;s resources are deployed and configured.</p> </li> </ul> </li> <li> <p><strong>./repo.yaml</strong></p> <ul> <li>Only needed if deployment method relies on Flux SourceRepository, such as HelmRepository or OCIRepository.</li> </ul> </li> <li> <p><strong>./kustomization.yaml</strong></p> <ul> <li> <p>Native Kubernetes Kustomization to control what resources are deployed, either by Fluxtomization or <code>kubectl apply -k</code></p> </li> <li> <p>Used here for opting-in all YAML files but not folders, since folders are controlled by app-specific Fluxtomization which itself is controlled by &ldquo;master&rdquo; Fluxtomization via this and cluster&rsquo;s <strong>kustomization.yaml</strong>.</p> </li> </ul> </li> <li> <p><strong>app/</strong> OR <strong>component-name/</strong></p> <ul> <li> <p>All manifests used to deploy Kubernetes resources needed for app are placed here.</p> </li> <li> <p>Usually if both <strong>app/</strong> and another folder such as <strong>config/</strong> or <strong>certs/</strong> are present, <strong>app/</strong> is used to deploy components which are a dependency for the other folders&rsquo; resources to be deployed.</p> </li> <li> <p><strong>./netpol.yaml</strong></p> <ul> <li> <p>CiliumNetworkPolicy or Kubernetes native Network Policy</p> </li> <li> <p>&ldquo;<em>Principle of Least Privilege</em>&rdquo; and &ldquo;<em>Default Deny</em>&rdquo; practices are followed, only allow necessary connections</p> <ul> <li> <p>Commonly allowed include Ingress Controller, intra-namespace traffic, communication with other apps&rsquo; Kubernetes services <em>as needed</em>.</p> </li> <li> <p>Not all Kubernetes components need to be network accessible by every application, such as APIServer, storage solution pods/services, or Flux. Assign only if such traffic is necessary for app to function.</p> </li> </ul> </li> </ul> </li> <li> <p><strong>./hr.yaml</strong></p> <ul> <li>HelmRelease deployment method.</li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul> </li> </ul>