HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prepare k3s for external cloud provider
All checks were successful
Deploy Cluster / Terraform (push) Successful in 46s
Details
Deploy Cluster / Ansible (push) Successful in 4m4s
Details

Browse Source
This commit is contained in:
MichaelFisher1997
2026-03-17 01:21:23 +00:00
parent 08a3031276
commit 9d2f30de32
5 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -177,7 +177,7 @@ Set these in your Gitea repository settings (**Settings** → **Secrets** → **
## GitOps (Flux)
This repo now includes a Flux GitOps layout for phased migration from imperative Ansible applies to continuous reconciliation.
This repo uses Flux for continuous reconciliation after Terraform + Ansible bootstrap.
### Runtime secrets
@@ -217,17 +217,11 @@ Terraform/bootstrap secrets remain in Gitea Actions secrets and are not managed
3. Apply `clusters/prod/flux-system/` once to establish source + reconciliation graph.
4. Bootstrap-only Ansible creates prerequisite secrets; Flux manages addon lifecycle after bootstrap.
### Current migration status
### Current addon status
- `addon-observability-content` is now GitOps-managed from `infrastructure/addons/observability-content/`.
- `addon-observability` is now GitOps-managed from `infrastructure/addons/observability/` using Flux `HelmRelease` resources for:
- `kube-prometheus-stack`
- `loki`
- `promtail`
- Remaining addons stay suspended until migrated.
- During transition, avoid applying Grafana content from both Flux and Ansible at the same time.
Ansible `site.yml` now skips `observability` and `observability-content` roles by default when `observability_gitops_enabled=true` (default).
- Core infrastructure addons are Flux-managed from `infrastructure/addons/`.
- Active Flux addons include `addon-ccm`, `addon-csi`, `addon-tailscale-operator`, `addon-tailscale-proxyclass`, `addon-external-secrets`, `addon-observability`, and `addon-observability-content`.
- Ansible is limited to cluster bootstrap, private-access setup, and prerequisite secret creation for Flux-managed addons.
## Observability Stack
@@ -237,7 +231,7 @@ Flux deploys a lightweight observability stack in the `observability` namespace:
- `loki`
- `promtail`
Grafana content is managed as code via ConfigMaps in `infrastructure/addons/observability-content/` (Flux), migrated from `ansible/roles/observability-content/`.
Grafana content is managed as code via ConfigMaps in `infrastructure/addons/observability-content/`.
Grafana and Prometheus are exposed through a single Tailscale front door backed by Traefik when the Tailscale Kubernetes Operator is healthy.