This mono-repository demonstrates how to deploy a K3s Kubernetes cluster for free on Oracle always free resources. Infrastructure provisioning, configuration and deployments are managed with Infrastructure as Code (IaC) and GitOps; using toolings from Ansible, HashiCorp, Kubernetes, Helm, Kustomize, Flux, Renovate, and GitHub Actions.
Flux CD monitors the repository's Kubernetes manifests and ensures the cluster matches the desired state in Git. When changes are merged, Flux automatically applies them to the cluster.
Renovate watches for dependency updates, creating pull requests when updates are found. Once merged, Flux detects and applies the changes, deploying the updated dependencies.
Terraform Cloud handles the locking and consistency of state files, which helps prevent issues that might arise from multiple users or processes trying to modify the state simultaneously.
HashiCorp Vault stores and manages secrets, passwords, and API keys. It controls access, provides dynamic secrets, and supports automatic rotation to enhance security and limit exposure.
- cloudflare: dns resolution for layer 4 and layer 7 cluster applications.
- metal-lb: layer 2 & 3 network load balancing to integrate with Oracle cloud without a CCM.
- nginx: an os-level pass through proxy to support cloud integration.
- flannel: internal Kubernetes container networking interface.
- traefik: as a reverse proxy and service load balancing ingress controller.
- authentik: IAM server for multi-factor auth and single sign-ons.
- cert-manager: manages SSL certificates for services in the cluster.
- gatus: monitors the health and performance of services, with alerts.
Here's a macroscopic overview of the state of the network, integrated with Oracle ingress points.
This Git repository contains the following directories:
📁 infrastructure
├── 📁 scripts # Utility bash scripts used to assist in preparing credentials
├── 📁 ansible
│ ├── 📁 collections # Required Ansible collections used across playbooks
│ ├── 📁 inventory # Inventory files for managing host groups and variables
│ └── 📁 roles # Roles for reusable automation tasks
├── 📁 kubernetes
│ ├── 📁 apps # Application-specific manifests and configurations for Kubernetes
│ └── 📁 flux # ArgoCD configuration files for managing Kubernetes applications
└── 📁 terraform
└── 📁 modules
├── 📁 compute # Terraform modules for managing compute instances
├── 📁 load_balancers # Terraform modules for configuring load balancers
├── 📁 networking # Terraform modules for setting up network components
├── 📁 reserved_ip # Terraform modules for managing reserved IP addresses
├── 📁 security_groups # Terraform modules for defining network security groups
└── 📁 security_lists # Terraform modules for configuring network security lists This project was heavily influenced by the following work and communities, shout out to all the amazing people and resources for design, code and ideas: