++readme

README.md

@@ -13,13 +13,14 @@ This project is testing, deploying and using IPv6 only k8s clusters.
 * ceph with rook (cephfs, rbd)
 * letsencrypt (nginx, certbot, homemade)
 * k8s test on arm64
+* CI/CD using flux
+* Chart repository (chartmuseum)
 
 ## Not (yet) working or tested
 
 * virtualisation (VMs, kubevirt)
 * network policies
-* prometheus in the cluster
+* Prometheus for the cluster
-* -argocd (?) for CI and upgrades- using flux
 * Maybe LoadBalancer support (our ClusterIP already does that though)
 * (Other) DNS entrys for services
 * Internal backup / snapshots
@@ -242,6 +243,8 @@ referes to an external load balancer that
 
 ## Secrets
 
+### Generating them inside the cluster
+
 Handled via https://github.com/mittwald/kubernetes-secret-generator
 
 ```
@@ -263,7 +266,36 @@ data:
   username: c29tZXVzZXI=
 ```
 
-This will add a password into it. Password only will
+* Advantage: passwords are only in the cluster
+* Disadvantage: passwords are only in the cluster
+
+## CI/CD
+
+### What we want
+
+* Package everything into one git repository (charts, kustomize, etc.)
+* Be usable for multiple clusters
+* Easily apply cross cluster
+
+### What we don't want / what is problematic
+
+* Uploading charts to something like chartmuseum
+  * Is redundant - we have a version in git
+  * Is manual (could probably be automated)
+
+### ArgoCD
+
+Looks too big, too complex, too complicated.
+
+### FluxCD2
+
+Looks ok, handling of helm is ok, but does not feel intuitive. Seems
+to be more orientated on "kustomizing helm charts".
+
+### Helmfile
+
+[helmfile](https://github.com/roboll/helmfile/) seems to do most of
+what we need.
 
 ## The IPv4 "problem"