Home Books Blog Games

jsbaasi

GitOps

April 17, 2026

  • pod is one or more containers
  • terraform files describe the entire infra, k3s cluster, then vault, argocd, backstage pods. after creating all of that argocd is the long living process that ensures the cluster does not drift
  • infra lives in one repo
  • backstage in the interface to the development platform, we can enforce our best practices in one place
  • each service is responsible for making their docker container, everything after that is infra.

    self-hosted on vps

  • k3s cluster manager (everything below is running as pods in the cluster)
    • vault
    • argocd
    • backstage
    • observability stack (loki + promtail + grafana)
    • atlantis (for mrs to terraform infrastructure mr)
    • cnpg for postgres
      • 100.111.72.32:5432 loadbalancer glues port 5432 to the pod so i can access postgres instance

        third party hosted

  • gitlab (git repositories)
  • gitlab container registry
  • the project management stack?

    base ci pipeline

  • build, builds the docker image (?) wouldn’t this be app specific? or just runs the app’s dockerfile so “build” is a bit misleading lol
  • deploys to the registry

    base backstage template

  • auto stuff
    • gitlab registry secret for kubelet to pull the image from the registry and into the pod’s namespace by ClusterExternalSecret resource
    • grafana dashboard populated by the services (promtail, prometheus) that scrape the service and pick up anything that’s instrumented, using the ServiceMonitorResource
  • podstates repo
    • values.yaml
      • resource budgets, requests lower bound and limit upper bound
    • kustomization.yaml
  • app repo
    • stack-specific skeleton files based on the template you picked
      • logging setup so it logs in the format that we expect to handle traces to be picked up by promtail and stored in loki
      • /metrics endpoint for prometheus to scrape
    • ci pipeline authored by the infra team that gives stack specific build scripts and then pulls in the build and deploy scripts from ci-templates
    • catalog file for backstage to register the service in backstage catalogue
  • gitlab issue board
  • terraform repo
    • adds service name to dns files to provision dns record

      admin:

  • glab repo clone -g jsbaasi -a=false -p --paginate

    to-do: