The following explains in depth the reasoning behind the structure of the kustomize directory.
The base directory contains all non-environment specific configuration. This could be:
- Any manifests which are deployed to every environment (e.g. PSPs, Storage Classes, RBAC etc)
HelmReleasemanifests without the environment specific details
This directory should contain all the default cluster resources, examples include:
- Default namespaces
- Priority classes
- Default Pod Security Policies
- Default RBAC permissions
- Storage classes
In this demo repository its only a subset of these things.
This directory is a directory to contain all Helm Operators you may want to deploy to a given cluster.
However, there is an important thing to note within their configuration.
The HelmRelease manifests themselves are deployed to the flux namespace to be reconciled by the default Helm Operator running within that namespace.
However, each of the Helm Operator pods are actually deployed to specific namespaces and are scoped to only reconcile HelmRelease resources in their namespace.
This is made possible by the following:
spec.targetNamespace: cert-manager
spec.values.allowNamespace: cert-manager
This setup allows for faster reconciliation of HelmRelease manifests.
For more information on targetNamespace I would recommend reading this.