.gitignore

+advanced/

README.md

-# custom-flux-example
+# Example repository for customizing a Stackspin cluster
 
-Example boilerplate for a custom f[lux](https://fluxcd.io/) repository which can be added to a [Stackspin](https://stackspin.net) cluster.
-The main use-case is to add additional applications which are not integrated into Stackspin (yet).
+Example boilerplate for a custom [flux](https://fluxcd.io/) repository
+which can be added to a [Stackspin](https://stackspin.net) cluster.
+The main use-case is to add additional applications
+which are not integrated into Stackspin (yet).
 
-For a more advanced example repo see the [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example) repo.
+For a more advanced example
+see the [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example)
+repository.
 This repo's directory structure is similar to the `flux2-kustomize-helm-example`
 one.
 
+> **NOTE**: Make sure to not re-use the names of kustomizations, 
+> helm releases, or any other Kubernetes manifests 
+> that are already present in the Stackspin `flux2` directory. 
+> If you do, Flux will alternate between reconciling your 
+> and our kustomization, which *will* result in an unstable situation.
+
 ## Basic configuration
 
 We'll start with a very basic configuration:
@@ -24,12 +34,13 @@ basic/install.sh
 List the resource created by this flux repo:
 
 ```sh
-kubectl -n flux-system get gitrepositories
-kubectl -n flux-system get kustomizations
-kubectl -n example get helmreleases
+kubectl -n example-basic get gitrepositories
+kubectl -n example-basic get kustomizations
+kubectl -n example-basic get helmreleases
+kubectl -n example-basic get pods
 ```
 
-Show output of the one and only app applied, [podinfo](https://github.com/stefanprodan/podinfo)
+Show output of the single app applied, [podinfo](https://github.com/stefanprodan/podinfo)
 
 ```sh
 curl --resolve podinfo.local:80:CLUSTER_IPV4_ADDRESS http://podinfo.local
@@ -37,8 +48,24 @@ curl --resolve podinfo.local:80:CLUSTER_IPV4_ADDRESS http://podinfo.local
 
 ## What's next ?
 
-* Fork this repo to a private git remote (Github, Gitab, etc.)
-* Configure flux to use ssh instead of https for cloning
-* Add private ssh key for git pulling to flux
-* Add public ssh key for git pulling to your git remote
-* [Encrypt your secrets using sops](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
+There are two ways of using a custom flux repo to host your custom config/apps
+on a Stackspin cluster.
+
+### A) Manage secrets manually
+
+This approach is easier to start with,
+because you don't need to configure your cluster to handle encrypted secrets
+and access to a private git repository.
+
+* Fork this repository into a public git repo, cloneable via `https://`
+
+### Everything in version control, including secrets
+
+* Fork this repository into a private git repo, cloneable via `ssh://`
+* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication)
+* You shouln't rely solely on transport encryption for your git repository
+  but rather end-to-end encrypt your secrets.
+  Different methods are available for flux:
+  * [Sops](https://fluxcd.io/docs/guides/mozilla-sops/)
+    [Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
+  * [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/)

basic/apps/example/podinfo-release.yaml

@@ -13,7 +13,7 @@ spec:
       sourceRef:
         kind: HelmRepository
         name: podinfo
-        namespace: flux-system
+        namespace: example-basic
   interval: 60m
   # Default values
   # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml

basic/clusters/production/apps-kustomization.yaml

 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
-  name: custom-apps-basic
-  namespace: flux-system
+  name: examle-apps
+  namespace: example-basic
 spec:
   interval: 24h
   sourceRef:
     kind: GitRepository
-    name: custom-flux-example
+    name: stackspin-flux-example
   path: ./basic/apps
   prune: true
   validation: client

basic/clusters/production/infrastructure-kustomization.yaml

 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
-  name: custom-infrastructure-basic
-  namespace: flux-system
+  name: example-infrastructure
+  namespace: example-basic
 spec:
   interval: 24h
   sourceRef:
     kind: GitRepository
-    name: custom-flux-example
+    name: stackspin-flux-example
   path: ./basic/infrastructure
   prune: true
   validation: client

basic/infrastructure/sources/podinfo-hr.yaml

@@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository
 metadata:
   name: podinfo
-  namespace: flux-system
+  namespace: example-basic
 spec:
   interval: 1h
   url: https://stefanprodan.github.io/podinfo

basic/install.sh

 #!/usr/bin/env bash
 
-echo "Creating / updating gitRepository custom-flux-example-basic in namespace flux-system"
-flux create source git custom-flux-example-basic \
-  --url=https://open.greenhost.net/stackspin/custom-flux-example.git \
+echo "Creating / updating gitRepository stackspin-flux-example-basic in namespace example-basic"
+flux create source git stackspin-flux-example \
+  --namespace=example-basic \
+  --url=https://open.greenhost.net/stackspin/stackspin-flux-example.git \
   --branch=main \
   --interval=1h
 
-echo "Creating / updating kustomization custom-flux-example-basic in namespace flux-system"
-flux create kustomization custom-flux-example-basic \
-  --source=GitRepository/custom-flux-example-basic \
+echo "Creating / updating kustomization stackspin-flux-example in namespace example-basic"
+flux create kustomization stackspin-flux-example \
+  --namespace=example-basic \
+  --source=GitRepository/stackspin-flux-example \
   --path="./basic/clusters/production/" \
   --prune=true \
   --interval=1h