This repository serves as the source of truth for production Kubernetes clusters IaC management powered by FluxCD and GitLab Agent for Kubernetes.
All cluster configurations are version-controlled, reviewed, and automatically reconciled through pull-based continuous delivery, ensuring immutable infrastructure and audit-ready changes in production.
NATS is a simple, secure and high performance open source data layer for cloud native applications, IoT messaging, and microservices architectures. It is an adaptive, high performance, distributed, and scalable message exchange middleware, providing basic functionalities like message queues (core NATS), persistent message queues (NATS Jetstream), and message routing (subjects and consumers), as well as more versatile microservice middlewares like K/V stores and Object stores.
NATS was accepted to CNCF on March 15, 2018 at the Incubating maturity level.
Flux maanges the following resources under the namespace nats:
- HelmRelease:
primary - Issuer:
nats-ca-issuer - Certificates:
nats-ca,nats-server
Cert Manager is a a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.
Cert Manager was donated to CNCF in 2020, moved to the Incubating maturity level on September 19, 2022, and then moved to the Graduated maturity level on September 29, 2024.
Flux manages the following resources under the namespace cert-manager:
- HelmRelease:
cert-manager - ClusterIssuer:
self-signed-issuer
Democratic CSI is a CSI solution for container orchestration systems. It primarily supports integration with ZFS backend storage solutions (e.g. TrueNAS) via NFS for iSCSI remote file/block stroage protocals, but also supports many other clients. Since we already have juicefs as a distributed remote storage solution, we use ZFS and iSCSI to create efficient block storage for low latency random read-write tasks (e.g. database).
Democratic CSI is a community maintained project but works exceptionally well.
Flux manages the following resources under the namespace storage:
- HelmRelease:
democratic-csi - StorageClass:
iscsi
Juicefs (中文站) is a cloudnative high performance, cloudnative, distributed file system.
JuiceFS is a open-source project maintained by Juicedata, Inc. The company profits through enterprise SaaS, and is actively maintaining the project.
Flux manages the following resources under the namespace juicefs:
- HelmRelease:
juicefs-csi-driver - StorageClass:
juicefs-0 - PodMonitor:
juicefs-mounts-monitor - ConfigMap:
juicefs-dashboard
Kube Prometheus Stack is a prometheus operator for kubernetes.
Kube Prometheus Stack is a jointly maintained community project that adapts prometheus for kubernetes using operators. It is an abstaction atop the existing popular monitoring solution including Prometheus and Grafana, which themselves are maintained by Grafana Labs. The company profits through enterprice SaaS, and is actively maintaining the projects.
Flux manages the following resources under the namespace kube-prometheus:
- HelmRelease:
kube-prometheus-stack
Cloud Native PostgreSQL is a cloud native solution for running postgresql in kubernetes using operators. It offeres native WAL streaming replication, promary/standby clustering, and many more features.
CNPG was originally created by EDB and was accepted to CNCF on January 21, 2025 at the Sandbox maturity level.
Flux manages the following resources under the namespace cnpg-system:
- HelmRelease:
cnpg
Remark: When creating clusters, be sure to add custom labels zty89.com/prometheus: default-prometheus if .spec.monitoring.enablePodMonitor was set to true.