GitOps repository for managing my personal Kubernetes cluster with Flux.
This repo is structured for Flux. The clusters/personal-cluster path contains the top-level Flux configuration ("flux-system") that bootstraps and reconciles the rest of the cluster state.
clusters/personal-cluster/flux-system/— Flux installation and top-level Kustomizations/Sources for this clusterclusters/personal-cluster/apps/— Application deployments (Plex, Sonarr, Radarr, qBittorrent, etc.)clusters/personal-cluster/notifications/— Flux notification providers and alerts (Discord integration)clusters/personal-cluster/secrets/— Encrypted secrets (Discord webhooks, app configs)clusters/personal-cluster/monitoring/— Monitoring stack (planned).sops/— SOPS configuration and AGE encryption keys
You can add more application and infrastructure manifests under your own directories and reference them from Flux Kustomization objects.
- GitOps with Flux v2: Automated cluster state management
- Discord Notifications: Real-time alerts for Flux operations via Discord webhooks
- Secret Encryption: SOPS + AGE encryption for sensitive data like webhook URLs
- Application Management: Kustomize-based application deployments
- A reachable Kubernetes cluster and valid kubeconfig
kubectlandfluxCLIs installedsopsCLI installed (for secret encryption)ageCLI installed (for SOPS encryption keys)- GitHub access to this repository
- Discord server with webhook access (for notifications)
If you need to (re)bootstrap Flux on a fresh cluster using this repository:
flux bootstrap github \
--owner giraffeingreen \
--repository personal-cluster \
--branch main \
--path clusters/personal-cluster \
--personalThis installs Flux controllers and points them at this repo/path. Adjust flags as needed.
- Check Flux status:
flux check
flux get sources git
flux get ks -A- Force a reconciliation (useful after pushing changes):
flux reconcile source git flux-system -n flux-system
flux reconcile kustomization flux-system -n flux-system- Commit and push your Kubernetes manifests and/or Flux objects to this repository.
- Ensure they are referenced by a Flux
Kustomizationreachable fromclusters/personal-cluster/flux-system. - Flux will reconcile automatically, or you can trigger a reconcile as shown above.
This cluster is configured to send Discord notifications for Flux operations. The notifications include:
- Git repository reconciliation status
- Kustomization deployment status
- HelmRelease deployment status
- Application health status
-
Create Discord Webhook:
- Go to your Discord server settings
- Navigate to "Integrations" → "Webhooks"
- Click "New Webhook"
- Choose the channel for notifications
- Copy the webhook URL
-
Update the Secret:
# Edit the secret with your webhook URL sops clusters/personal-cluster/secrets/discord-webhook.yaml -
The notifications are automatically enabled via the kustomization in
clusters/personal-cluster/notifications/
This repository uses SOPS with AGE encryption to securely store sensitive data like Discord webhook URLs.
To encrypt a new secret file:
sops --age=$(cat .sops/age.pub) \
--encrypt --encrypted-regex '^(data|stringData)$' \
--in-place path/to/secret.yamlTo edit an existing encrypted secret:
sops clusters/personal-cluster/secrets/discord-webhook.yamlTo view decrypted content:
sops -d clusters/personal-cluster/secrets/discord-webhook.yaml- Public key: Stored in
.sops/age.pub - Private key: Should be stored securely (not in repo)
- Flux automatically decrypts secrets using the AGE key during deployment
- Secrets are encrypted using SOPS + AGE before being committed to the repository
- Discord notifications are configured to alert on reconciliation status and failures
- For multiple clusters, create additional directories under
clusters/<cluster-name>and bootstrap each cluster to its corresponding path - The AGE private key must be available to Flux for secret decryption in the cluster