Conversation
stealthybox
commented
Jun 4, 2025
stealthybox
commented
- feat: structure k8s manifests w/ kustomize for flux d2 architecture
- Add gh actions for signed Flux Artifacts (D2)
- Add gh actions for signed multi-arch images
- ci: fine-tune workflows
- Pin tags in manifests
- chore: temporarily disable path filters to trigger push latest
- chore: reenable push path filters
- Split out ns/secret creation in Makefile for bootstrap
There was a problem hiding this comment.
Pull Request Overview
This PR replatforms the project to use D2 architecture by implementing Kustomize-based Kubernetes manifest management with Flux and establishing CI/CD pipelines for signed container images and artifacts.
- Restructures Kubernetes manifests using Kustomize for better organization and component-based deployment
- Implements GitHub Actions workflows for building, signing, and publishing multi-architecture container images and Flux artifacts
- Updates the Makefile to separate namespace/secret creation from infrastructure deployment for improved bootstrap process
Reviewed Changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| k8s/manifests/netpols/kustomization.yaml | Adds Kustomize component configuration for network policies |
| k8s/manifests/kustomization.yaml | Main Kustomization configuration defining resources, components, and image mappings |
| Makefile | Splits namespace/secret creation into separate target from infrastructure deployment |
| .github/workflows/release-image.yaml | CI workflow for releasing signed multi-arch container images on tag push |
| .github/workflows/release-artifact.yaml | CI workflow for releasing signed Flux artifacts on tag push |
| .github/workflows/push-image.yaml | CI workflow for pushing signed container images to latest on main branch |
| .github/workflows/push-artifact.yaml | CI workflow for pushing Flux artifacts to latest on main branch |
| - 05-ctrl-prompt.yaml | ||
| - 06-pvcs.yaml | ||
| components: | ||
| # - ./netpols/ |
There was a problem hiding this comment.
The commented-out netpols component suggests incomplete implementation. Either enable the component or remove the commented line to avoid confusion.
| # - ./netpols/ |
| push: true | ||
| builder: ${{ steps.buildx.outputs.name }} | ||
| context: "./container/${{ steps.prep.outputs.COMPONENT }}" | ||
| platforms: linux/amd64,linux/arm/v7,linux/arm64 |
There was a problem hiding this comment.
[nitpick] Consider using linux/arm64/v8 instead of linux/arm64 for more explicit ARM64 architecture specification, as linux/arm64 is an alias that may be deprecated.
| platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64/v8 |
| push: true | ||
| builder: ${{ steps.buildx.outputs.name }} | ||
| context: "./container/${{ matrix.component }}" | ||
| platforms: linux/amd64,linux/arm/v7,linux/arm64 |
There was a problem hiding this comment.
[nitpick] Consider using linux/arm64/v8 instead of linux/arm64 for more explicit ARM64 architecture specification, as linux/arm64 is an alias that may be deprecated.
| platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64/v8 |
