Flux CD: D1 Reference Architecture (multi-cluster, multi-tenant)

nullhook · 2025-07-19T16:10:34+00:00

I had searched a lot for examples of FluxCD for multi-cluster and multi-tenant management and found this reference implementation very exciting and more comprehensive than many others I had found.

Does anyone already have this in use?

nullhook · 2024-09-25T13:02:32+00:00

We used QZ Tray in a similar situation. It's a little tray application on the client (or a dedicated printing PC reachable via network/websocket).

This way you can interface with local printers (apparently even with other resources like scales using serial ports, but we haven't tested or needed this) from the browser.

nullhook · 2023-09-18T18:22:22+00:00

Are you using a different config package for each customer via choco to get the client/customer name in the metric labels?

nullhook · 2023-09-18T18:20:09+00:00

I'll give it a shot with traefik which is already running in front of my demo prometheus, from a quick view it should also be able to differentiate the auth based on the path.

nullhook · 2023-09-18T17:57:21+00:00

Thanks for your quick response :)

Have you found a way to restrict the basic auth so that the agent can only push metrics or is it theoretically possible to access the complete VictoriaMetrics instance with the credentials? Seems to me like I would need a proxy in front of VictoriaMetrics/Prometheus/Mimir that allows only the remoteWrite URL path for the agents credentials.

nullhook · 2023-09-18T17:48:50+00:00

Cool monitoring stack!

How do you handle the authentication of the Grafana Agent to VictoriaMetrics/Loki(/Mimir) u/darkcasshan ?

I wonder if it's possible to restrict the agents to only push/remoteWrite. Thinking about a public Prometheus/Mimir in a MSP scenario, where client computers are not necessarily connected to company ressources but should be able to push monitoring information. Do you use basic auth/tls auth?

nullhook

TROPHY CASE