Aller au contenu principal

One year later

· 3 minutes de lecture
Maxime

Well it's been a little more than a year since the last post. I've been busy with a lot of things and I didn't have the time to write anything. But I'm back and I will try to write more often. If you are reading this, thank you for your interest in my blog about the GitOps project. I hope you will find it useful.

What's new

hmmm... Everything ? In the past few day, i just graduated from my Master degree, and just got my first job out of studie. This project never stopped, but i didn't have enough time to write about it.

The goal is stil the same, having a fully automated kubernetes cluster, with a GitOps approach. Will following some Good practice.

Auth me now

One of the most nerf wrecking change was to kick out the old auth system Keycloak and replace it with Zitadel.

Why the change ? Zitadel bring the hability to fully automate (except SAML) the auth process and to create each application with a terraform "CronJob".

The pros of automating the auth process is that you dont need to create each thing by hand, and you can easily create a new application with a simple terraform file. And you are sure that whats automated will be the source of truth thought time.

At the moment i didn't find any cons, except for the huge amout of ram that CochroachDB need to run when considering Keycloak use Postgresql. (The saml part is not a cons, it's just not implemented yet).

Automate me

With the new auth system, i was able to automate the oidc setup for each application. But by discovering Zitadel, i also discoverd Terraform.

It allow me to:

  • Automate the oidc setup for each application (Grafana, Gitea, Harbor, WIP: Sonarqube, Oauth2Proxy, ...)
  • Automate Harbor (Project, Robot account, Configuration, ...)
  • Automate some simple step (creation of Kubeconfig)
  • Automate Sonarqube (WIP)
  • Automate Minio (WIP)

Upgrade

Well we need everything to be up to date, so i upgraded everything to the latest version available like

  • Gitea (need to be done manually, because each upgrade break everything) (1.18 -> 1.20)
  • Tekton (Just an upgrade of the CRD)
  • Harbor (automated)
  • Haproxy (0.14.2 -> 0.14.4)
  • CertManager
  • Tempo (replace Jaeger because it's easier to use)
  • Flux (0.41.2 -> 2.0.1)

Next to do

While i was upgrading everything it become obvious that i need to upgrade my use of Github. Then i moved from the old Github Dashboard to the new one. Event if i wasn't writing the doc, i was still working on the project and updating the dashboard and issues.