This mono-repository demonstrates how to deploy a K3s Kubernetes cluster for free on Oracle always free resources. Infrastructure provisioning, configuration and deployments are managed with Infrastructure as Code (IaC) and GitOps; using toolings from Ansible, HashiCorp, Kubernetes, Helm, Kustomize, Flux, Renovate, and GitHub Actions.
Flux CD monitors the repository's Kubernetes manifests and ensures the cluster matches the desired state in Git. When changes are merged, Flux automatically applies them to the cluster.
Renovate watches for dependency updates, creating pull requests when updates are found. Once merged, Flux detects and applies the changes, deploying the updated dependencies.
Terraform Cloud handles the locking and consistency of state files, which helps prevent issues that might arise from multiple users or processes trying to modify the state simultaneously.
HashiCorp Vault stores and manages secrets, passwords, and API keys. It controls access, provides dynamic secrets, and supports automatic rotation to enhance security and limit exposure.
- cloudflare: dns resolution for layer 4 and layer 7 cluster applications.
- metal-lb: layer 2 & 3 network load balancing to integrate with Oracle cloud without a CCM.
- nginx: an os-level pass through proxy to support cloud integration.
- flannel: internal Kubernetes container networking interface.
- traefik: as a reverse proxy and service load balancing ingress controller.
- authentik: IAM server for multi-factor auth and single sign-ons.
- cert-manager: manages SSL certificates for services in the cluster.
- gatus: monitors the health and performance of services, with alerts.
Here's a macroscopic overview of the state of the network, integrated with Oracle ingress points.
This Git repository contains the following directories:
π infrastructure
βββ π scripts # Utility bash scripts used to assist in preparing credentials
βββ π ansible
β βββ π collections # Required Ansible collections used across playbooks
β βββ π inventory # Inventory files for managing host groups and variables
β βββ π roles # Roles for reusable automation tasks
βββ π kubernetes
β βββ π apps # Application-specific manifests and configurations for Kubernetes
β βββ π flux # ArgoCD configuration files for managing Kubernetes applications
βββ π terraform
βββ π modules
βββ π compute # Terraform modules for managing compute instances
βββ π load_balancers # Terraform modules for configuring load balancers
βββ π networking # Terraform modules for setting up network components
βββ π reserved_ip # Terraform modules for managing reserved IP addresses
βββ π security_groups # Terraform modules for defining network security groups
βββ π security_lists # Terraform modules for configuring network security lists This project was heavily influenced by the following work and communities, shout out to all the amazing people and resources for design, code and ideas: