Skip to main content

Production environment

Production environment on bare-metal infrastructure.

The production shape aims to be simple, observable, and reversible. Start small, prove a restore, then scale.

Typical components

A small pool of physical worker nodes and a highly available control plane.
A management network, a workload network, and a dedicated load balancer VIP range.
Certificate management integrated with an internal certificate authority (CA), plus domain certificates for public endpoints.
A local container registry and chart mirror for speed and control.
Backup and recovery tested end to end with clear runbooks.

Guardrails

Flux applies platform changes from Git, never by hand on the cluster.
Secrets are encrypted at rest in the repo with SOPS.
Validation runs in pre-commit and in continuous integration (CI) before merge.

warning

Do not deploy workloads to production until you have timed a full restore and captured every step.

Typical components
Guardrails