Helm or Kustomize? The real question is: how do you get secrets into either one safely?

Andrew Block explains how SOPS integrates with both in this 🌩️ Thunder episode: https://youtu.be/9jgKuHzaYpU

#SOPS #GitOps #Helm #Kustomize #Kubernetes

This weekend's learning activity was figuring out a good way to make k8s templates out of my YAML files. There are a number of ways to do this, including from Ansible or Helm, but after looking at Kustomize, that's the best way for me to go.

Ansible could do it by either:
a) native k8s modules in ansible
b) with YAML files, and the template function, which would just do variable substitution

Helm is extremely overkill for my use case, although I'm sure I could get it to cooperate.

Kustomize is the best mix of $inputFiles + modifications = $outputFiles per environment, and I really like how it works.

You define your top level YAML files and then tell the environments in an overlays/ directory how you want things to change. You can even have it apply a namespace to all resources in there so it's never forgotten or replace values such as ingress hostnames, which have to be unique per env anyways.

This will let me write one set of files and then push the YAML to k8s properly. I also fully intend to use this for a DR kind of situation where I need to recover everything.

All of this will fit very well into my new Gitea instance, replete with an Actions runner.

#homelab #k8s #kubernetes #kustomize #learning #neverstoplearning #technology #yaml #selfhosted

New blog post out 'FluxCD OCI Artifact Verification'

https://calebwoodbine.nz/fluxcd-oci-artifact-verification/

#fluxcd #kustomize #helm #kubernetes #cncf #homelab #sigstore

New post out 'FluxCD OCI Artifact Verification'

https://calebwoodbine.nz/fluxcd-oci-artifact-verification/

#fluxcd #kustomize #helm #kubernetes #cncf #homelab #sigstore

Recently moved to exclusively using OCI for deploying through FluxCD.

For when I need Helm, I’m vendoring packages and syncing them to an OCI registry.

Utilising Sigstore, every OCI image is signed in CI and verified by FluxCD via the verify config in OCIRepository resources.

Very both boring and yet exciting changes!

#fluxcd #kustomize #helm #kubernetes #cncf #homelab #sigstore

pushd overlays/dev
kustomize edit set image ...
popd
kustomize build ...

wait, what? is this the way-to-go with #kustomize?

https://github.com/kubernetes-sigs/kustomize/issues/2803

Is #kustomize alive? What are the reasons I should prefer it over #helm?

🏷️ #k8s #kubernetes

Without proper IaC abstractions, K8S management is copying, pasting, and tweaking large amounts of YAML. It's a data entry job without any proper data entry controls pretending to be SRE. Kustomize + Flux is insufficient for professional K8S deployments, you need a lot better abstractions. This is a hill I will die on.

#k8s #kustomize #flux #iaC

🚀 New (minor) release for #Kustomize, v5.7.0:

Main evolution, we can use replacement with a static value!

Another good way to replace domain in `ingress` instead of the ugly ${HOSTNAME} managed by another tool.

Full changelog: https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize/v5.7.0

#Kubernetes @K8sArchitect #Kustomize #release #K8s

does #helm, #kustomize, #fluxcd #automatoin all *need* to be complicated, all of the time ?

Thankfully no. helm charts in particular can be localized into code bases as part of a greater infra stack and kept simple, as simple as the 'mail merge' like templating in WordPerfect, many moons ago. If you want to that is and there is no need to make things super complicated and hyper optimized for re-use for everything, all of the time. Not unlike a similar principle in SQL - normalization. You can over optimize a database to have it fully 'normalized' only to find you have doubled or more the time taken to execute some queries.

I like the keep it stupid simple approach #kiss whenever possible. I believe Go is a good illustration of a big project like that, kept simple enough to be approachable yet elegant in its design and still highly flexible. Something for us to aspire to. I have a long way to go to match that, but I can dream.

More progress in setting up #talos and #kubernetes!

Because my provider, Netcup, doesn't have a firewall in front of the #vps, I want to set up a #wireguard server to secure things, but that requires storage. Last time I finally got talos to split the SSD into volumes, one part for ephemeral talos, and the rest for #ceph and #ceph-rook.

But for that to work, I also had to do something with #fluxcd (at least as part of the guide I'm following). I think it's working! There's still more to do as far as cleanup and continuing, but I should be able to get #kustomize working soon!

Then, I'll follow more setup steps so that I can finally do what I could have done with #docker on regular #linux lol.

#overcomplicatingThings #putItOnTheResume

The strongest motivation for me to start developing in #golang is to help contribute to #kustomize, perhaps the most important #kubernetes configuration management tool out there. A little sad for someone like myself who loves programming languages because I can only see the collaborative benefits of using Go. I really don't like it as a programming language.

Show HN: Koreo – The platform engineering toolkit for Kubernetes
https://koreo.dev/
#ycombinator #YAML #Infrastructure_as_Code #IaC #Platform_Engineering #DevOps #Kubernetes #Configuration_Management #Resource_Orchestration #Helm #Kustomize #Koreo

I’m continuing my series on running the test suite for each PR on #Kubernetes. In the previous post, I laid the groundwork for our learning journey.

This week, I will raise the ante:

* Create and configure a #GoogleKubernetesEngine instance
* Create a Kubernetes manifest for the app, with #Kustomize for customization
* Allow the #GitHub workflow to use the #GKE instance
* Build the Docker image and store it in the GitHub Docker repo
* Finally, run the end-to-end test

https://blog.frankel.ch/pr-testing-kubernetes/2/

Swapping #Flux2 for #ArgoCD, #Kustomize for #Helm. I see what I'm gaining but it's rough starting more or less from knowing nothing. #kubernetes

☸️ À la recherche d'alternatives à Kustomize ou Helm, je tombe sur https://kubes.guru/ Vous connaissez ?

Voici un comparatif (orienté) qui fait la promotion de kubes https://blog.boltops.com/2020/11/05/kustomize-vs-helm-vs-kubes-kubernetes-deploy-tools/

Intéressé notamment par la partie "Layering" https://kubes.guru/docs/layering/

#kubernetes #kustomize #helm

Mastering Kustomize: Advanced Techniques for Kubernetes Configuration Management
#kubernetes #kustomize
https://deniz-turkmen.medium.com/mastering-kustomize-advanced-techniques-for-kubernetes-configuration-management-b8f87c593aed

for those among us who prefer kustomize, i made the kyverno community policies available as such

https://github.com/xyhhx/kyverno-policies-kustomize

#kubernetes #k8s #kyverno #kustomize

there's owncloud ocis, but they only offer a helm chart and that helm chart isn't even published.

i could write a kustomization i guess but it seems like it'd be a super huge pain

https://github.com/owncloud/ocis

#ownCloud #kustomize #kubernetes #selfHosted

[Перевод] Размышления о декларативной конфигурации

Не кажется ли вам, что декларативная конфигурация и программирование инфраструктуры не так уж хороши, как их расхваливают? Я достаточно долго занимался декларативной конфигурацией в Kubernetes : размышлял о ней , работал с kubectl apply , KRM , kustomize , Google Cloud Config Sync , kpt , porch , ... В то же время параллельно развивалась декларативная автоматизация — эта работа велась в Google, где на протяжении многих лет широко использовалась декларативная конфигурация . При этом вне Google появился Terraform, и на этом лоскутном одеяле также возникло множество других инструментов. Что же такое декларативная конфигурация, в каких случаях она хороша, и как к ней подступиться?

https://habr.com/ru/companies/timeweb/articles/860844/

#timeweb_статьи_перевод #terraform #kubernetes #KRM #google #kustomize #cloud #декларативная_автоматизация #iac #typescript