Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZFGBB-RFC1: Implement GitOps Workflow #39

Closed
gm112 opened this issue Jan 26, 2025 · 0 comments
Closed

ZFGBB-RFC1: Implement GitOps Workflow #39

gm112 opened this issue Jan 26, 2025 · 0 comments
Assignees
@gm112
Labels
documentation Improvements or additions to documentation
Milestone
Read-Only ZFGC.com

Comments

@gm112
Copy link
Contributor

gm112 commented Jan 26, 2025

Request for Comments (RFC)

Justification for the Use of Kubernetes in ZFGBB Project

Abstract

This RFC explains why Kubernetes is the best choice for the ZFGBB project, focusing on secure, turn-key consistent environments for both local development and production.

1. Introduction

We need a secure, consistent environment for ZFGBB development and production. Kubernetes offers:

  • Consistency between local and production environments.
  • Security for sensitive information, like secrets.
  • Scalability and automation for handling resources.

2. Local Development Environment

In the local environment, Kubernetes will:

  • Run Postgres and a ZFGBB instance in a local cluster, replicating production.
  • Ensure the local setup mirrors production to reduce configuration mismatches.

3. Production Environment on Linode

In production, Kubernetes will run on a Linode server:

  • GitHub Runner: Handles CI/CD on Linode, keeping secrets out of Git.
  • Secrets Management: Secrets are pulled directly from the Linode machine running the GitHub Runner, never stored in Git.

4. GitOps for Consistency

  • Single Source of Truth: Git holds both code and Kubernetes configuration (YAML files), ensuring consistency across environments.
  • Declarative Configuration: Kubernetes makes sure the system matches the state defined in Git, avoiding manual errors.

5. Security

  • No Secrets in Git: Secrets are managed on the machine running the GitHub Runner (Linode), keeping them out of version control.
  • Access Control: Git and Kubernetes manage who can change code and configurations, providing an audit trail.

6. Scalability and Reliability

  • Local: Kubernetes ensures local services like Postgres and ZFGBB are running correctly and can scale.
  • Production: Kubernetes automatically handles scaling and recovery, ensuring uptime.

7. Implementation Plan

  1. Set up local Kubernetes cluster for development (Postgres + ZFGBB).
  2. Deploy Kubernetes on Linode for production, with GitHub Runner for CI/CD.
  3. Secure secrets on the Linode machine, not in Git.
  4. Store Kubernetes configuration in Git to keep environments consistent.
  5. Automate deployments with CI/CD using the GitHub Runner.

8. Conclusion

Kubernetes provides a secure, scalable, and consistent environment for ZFGBB. With GitOps, we ensure code and configurations are synchronized, and sensitive information is safely handled.
@gm112 gm112 added the documentation Improvements or additions to documentation label Jan 26, 2025
@gm112 gm112 added this to the Read-Only ZFGC.com milestone Jan 26, 2025
@gm112 gm112 self-assigned this Jan 26, 2025
@gm112 gm112 linked a pull request Jan 26, 2025 that will close this issue
feat(iac): create k8s workspace #38
Closed
16 tasks
@gm112 gm112 closed this as completed Jan 26, 2025
@github-project-automation github-project-automation bot moved this to Done - Triforce Piece Acquired in ZFGCBB v1.0 Jan 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gm112 gm112

Labels
documentation Improvements or additions to documentation
Projects
ZFGCBB v1.0
Status: Done - Triforce Piece Acquired
Milestone
Read-Only ZFGC.com
Development

Successfully merging a pull request may close this issue.

feat(iac): create k8s workspace ZFGCCP/ZFGCBB
1 participant
@gm112