Kubernetes Deployment

Deploy the entire infrastructure to Kubernetes using Helm and Helmfile.

Prerequisites

Kubernetes cluster (1.28+)
kubectl configured
Helm 3.8+ installed
Helmfile 0.155+ installed
Helm Secrets plugin installed

Initial Setup

1. Initialize Helmfile

cd kubernetes
helmfile init --force

2. Install Gateway API

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml

3. Setup GPG/SOPS

# Create GPG key
gpg --full-generate-key

# Get key ID
GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format LONG | grep -E "^sec" | head -1 | grep -oE "[A-F0-9]{40}")

# Configure .sops.yaml
cat > .sops.yaml << EOF
---
creation_rules:
  - pgp: ${GPG_KEY_ID}
EOF

# Set GPG_TTY
export GPG_TTY=$(tty)

4. Configure Secrets

Edit encrypted secrets:

helm secrets edit envs/k8s/secrets/_all.yaml

Deployment

Deploy All Services

helmfile -e k8s apply

Deploy Specific Service

helmfile -e k8s apply -l name=<service-name>

List Deployed Services

helmfile -e k8s list

Available Services

All services are defined in releases/ directory:

authentik.yaml.gotmpl - Authentik SSO
bytebase.yaml.gotmpl - Bytebase
consul.yaml.gotmpl - Consul
dashy.yaml.gotmpl - Dashy dashboard
gitlab.yaml.gotmpl - GitLab
glance.yaml.gotmpl - Glance dashboard
monitoring.yaml.gotmpl - Monitoring stack
notesnook.yaml.gotmpl - Notesnook
postgres.yaml.gotmpl - PostgreSQL
stoat.yaml.gotmpl - Stoat chat
vault.yaml.gotmpl - Vault
vaultwarden.yaml.gotmpl - Vaultwarden
And more...

Configuration

Environment-Specific Values

Values are organized in envs/k8s/:

values/_all.yaml.gotmpl - Common values
secrets/_all.yaml - Encrypted secrets
env.yaml - Environment configuration

Chart Values

Each service has its chart in charts/ with default values in values.yaml.

Verification

Check Pods

kubectl get pods --all-namespaces

Check Services

kubectl get services --all-namespaces

Check Ingress

kubectl get ingress --all-namespaces

Updating Services

Sync Changes

helmfile -e k8s sync

Upgrade Specific Service

helmfile -e k8s apply -l name=<service-name>

Troubleshooting

View Logs

kubectl logs <pod-name> -n <namespace>

Describe Pod

kubectl describe pod <pod-name> -n <namespace>

Check Events

kubectl get events --all-namespaces --sort-by='.lastTimestamp'

Next Steps

Ansible Deployment - Automated provisioning
Service Documentation - Learn about services

Prerequisites​

Initial Setup​

1. Initialize Helmfile​

2. Install Gateway API​

3. Setup GPG/SOPS​

4. Configure Secrets​

Deployment​

Deploy All Services​

Deploy Specific Service​

List Deployed Services​

Available Services​

Configuration​

Environment-Specific Values​

Chart Values​

Verification​

Check Pods​

Check Services​

Check Ingress​

Updating Services​

Sync Changes​

Upgrade Specific Service​

Troubleshooting​

View Logs​

Describe Pod​

Check Events​

Next Steps​