GitOps Deployment using Rancher's Fleet!

github.com/benspilker/rancher-fleet

If you’re just joining, you’ve landed at an exciting point. In the past 7 videos, we’ve covered a lot, following the scripts from my `proxmox-k3s` GitHub repo. This time, we’re switching to a new repo—**Rancher Fleet**—to explore GitOps.

Quick Recap:
Here’s what we’ve done so far:

Set up a nested Proxmox host with a custom user and SSH key.
Created 9 Ubuntu VMs from a template.
Deployed a K3s cluster across 8 of those VMs.
Set up a UI for managing K3s.
Deployed Nextcloud—first without, then with persistent storage—and hooked it up to a MariaDB database.
In the last video, we stress-tested system dependencies and then reset the setup: Proxmox at 8 cores, Worker VMs at 4, and the rest at 2.

What Is GitOps?

GitOps automates infrastructure changes based on your Git repository. Whenever you push code to GitHub, your environment updates itself to match.

This is a form of Continuous Delivery (CD), a DevOps practice where CI/CD pipelines automatically apply changes.

To follow along, you’ll need:

Git installed on your system
A GitHub account

Create the GitHub Repo and Token:

We’ll start by creating a private GitHub repo (you can make it public later).

Next, go to GitHub , Profile , Settings , Developer Settings. Under "Personal Access Tokens," generate a *fine-grained token* with access to your new repo. Set an expiration date and copy the token—this is the only time you’ll see it.

Connect GitHub to Rancher Using Fleet:

In Rancher, we’ll use **Fleet**, the built-in continuous delivery tool, inspired by Jim’s Garage’s tutorial
   • GitOps Made Easy with Fleet. Kubernetes At...  

A note: GitHub uses `main` as the default branch, while Fleet uses `master`. Make sure to change that setting.

In Rancher:

1. Click the sailboat icon (Fleet).
2. Choose **Fleet Local**—this is our actual cluster.
3. Click *Get Started* , **Git Repos**.
4. Enter the name of your GitHub repo.
5. Under authentication, choose **HTTP Basic Auth Secret**.
Username: your GitHub email
Password: the access token
6. Paste in your repo’s URL and change the branch to `main`.
7. Click *Next* and leave the defaults, then click **Create**.

You’ll get an error about the repo being empty. This is expected and means Fleet is set up properly.

Let’s test the GitOps connection by adding a `nextcloud2` namespace.
kubectl get namespaces

Copy a small YAML file from my existing repo, push it, and then:
kubectl get namespaces

You should see the new namespace appear—Fleet picked up the Git change and applied it. Success!

DNS Setup for a Second Instance:
Before deploying another Nextcloud instance, let’s update DNS.

You can reuse the IP by pointing multiple subdomains to it. Traefik and Kubernetes route things accordingly.

Use the DNS script from Step 5A of my repo, but add a `2` at the end of your domain.

github.com/benspilker/proxmox-k3s/blob/main/5-6_Install-Nextcloud/5A-domainname-dns.sh

Run the updated script for your new subdomain.

Deploying via Fleet:

Copy over files 1–7 from my Fleet repo. They’ll deploy 16 resources in order, using the filename numbers.

Note: This GitOps method is different from the previous shell-script-based approach. Secrets and credentials must be defined within Kubernetes YAML, not Bash variables.

1. *Namespace & RBAC* – Grants permission to manage secrets.
2. *Secret Generator* – Generates and base64-encodes a strong password.
3. *MariaDB Deploy* – Sets up MariaDB with persistent storage, using the secret.
4. *Database Init* – Creates the Nextcloud DB and user.
5. *Nextcloud Deploy* – Deploys Nextcloud and uses a sidecar container to edit `config.php` to include HTTPS and the correct domain.
6. *Self-signed Cert* – Generates a certificate.
7. *Ingress Resource* – Exposes Nextcloud via HTTPS.

After pushing the files, Fleet should start deploying. It might pause at 15/16—don’t worry.

Check deployment status:

kubectl get pods -n nextcloud2

Grab the pod name:

POD_NAME=$(kubectl get pods -n nextcloud2 --no-headers | grep -v maria | awk '{print $1}' | head -n 1)

Then inspect the config:

kubectl exec -it $POD_NAME -n nextcloud2 -- /bin/sh -c 'cat /var/www/html/config/config.php'

Sometimes, the config resets after pod restart. To handle that, the sidecar waits 3 minutes, then runs a loop to ensure the config is set. It may take up to 5 minutes for the changes to fully apply.

If you visit the site too early, you’ll see a "trusted domain" error—but just wait.

Final Steps Once it’s ready, go to:

nextcloud.yourexampledomain2.com
Default login: `admin` / `changeme`.

The first login may need a refresh or new tab. After that, you're good!

Done!

And there you have it. A working Nextcloud instance with persistent storage, using a MySQL database deployed in a Gitops method.

Thanks for watching this series. I hope you learned a lot. I sure did. Especially making this presentation. Thanks again and keep learning!