My Kubernetes setup
My CICD setup is to leverage GitHub workflows fed by secrets and vars from my springcloudconfig server.
I am sharing secrets and vars between:
- Different GitHub repositories (Infra Repo vs App Repo)
- Build time settings and runtime settings.
I've created template-able GitHub workflows that call pulumi typescript code which handles kubernetes deployment specifics for each app. Both sets (Pulumi & GitHub workflows) were initially manually written but now have been improved by LLM.
My infrastructure stack:
- MetalLB
- Sealed Secrets
- Sealed Secrets key backup to S3 (100% code generated using LLM)
- Cert Manager
- External-DNS
- Traefik
- Prometheus & Grafana
- LongHorn / Rook
- KeyCloak
- Harbor
- Verdaccio
- BuildKitService (Allows to build docker images on Self Hosted GitHub Action runners on Kubernetes)
- GitHubActionRunner (Run my jobs on my Cluster)
- SpringCloudConfig (Enables sharing config across build & runtime. Also across GitHub projects and repositories)
- I created an action to populate my GitHub vars/secrets.
- I've created code to create kubernetes ConfigMaps from the project config stored in SpringCloudConfig
Some complex issues one will run into.
- Prometheus and dependent projects. (Hint: Just deploy the same chart twice. Claude can help you figure out the settings to just deploy the CRDs)
- OIDC configuration between Keycloak and Harbor. I know how, but haven't gotten to fully automating it after veering off onto my path of LLM discovery.