Skip to content

cloudlabs-ufscar/incus-sidecar

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
apps
apps
 
 
clusters/prod
clusters/prod
 
 
infrastructure
infrastructure
 
 
README.md
README.md
 
 

Repository files navigation

Incus sidecar

Auxiliary services running in a Kubernetes cluster to support Incus deployments.

This repository contains manifests that are meant to be part of a GitOps workflow using Flux. If you're not familiar with GitOps or Flux, we strongly suggest the reading of this introduction to make the most out of this project.

Deploying

To start deploying these services, you must met the following prerequisites:

  • The Flux CLI installed. We suggest checking the official docs for instructions
  • A Kubernetes cluster deployed and accessible from your machine. We suggest starting with k3s due to its simplicity and low overhead

With those requirements met, the next step is to deploy the Flux components to the Kubernetes cluster and configure them to sync the cluster state from this git repository. Flux calls this process "bootstrap".

For a comprehensive and up to date guide on how to perform the bootstrap process, check the Flux docs. The process consists of two steps:

  1. Create a GitHub token with the required permissions for the GitHub repository and organization (the required permissions for repositories under organizations are described in the Flux docs)
  2. Run the bootstrap command with the generated token and the configuration pointing to this repository

The bootstrap command for this repository should look something like this:

$ GITHUB_TOKEN=<gh-token> flux bootstrap github \
                          --token-auth \
                          --owner=cloudlabs-ufscar \
                          --repository=incus-sidecar \
                          --branch=main \
                          --path=clusters/prod

After running the command, the Flux components should have been installed in the cluster under the flux-system namespace. You can check that by running the following command:

$ kubectl get all -n flux-system

There should also be a git source registered in Flux, usually referencing the latest commit of the main branch. You can check that by running the following command:

$ flux get sources git

With that, the Flux setup is complete. Flux will automatically sync and apply any changes made to the git repository to the Kubernetes cluster. The applying of new changes usually takes a few minutes. If you need to troubleshoot something, the Flux troubleshooting guide is a great resource to get started.

The last step is to create the preshared-keys secret in the auth namespace. This secret will be used by Keycloak and Incus to authenticate against the OpenFGA API.

$ kubectl create secret -n auth generic preshared-keys --from-literal=keys=<secret-key>
$ juju config incus openfga-api-token=<secret-key>

About

Auxiliary services for Incus deployments defined as IaC

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •