Skip to main content

Release 0.5.x: HelmOp deployment, safer names, and full GitOps

· 2 min read
Negashev Aleksandr
Negashev Aleksandr
DevOps

0.5.x updates gorizond-cluster, and we rolled it out through our full GitOps stack. This post also explains how fleet-gitops bootstraps the whole platform.

What changed in gorizond-cluster 0.5.x

  • Switched Fleet deployment to HelmOp for headscale/k3s with automatic namespace creation.
  • Hardened name handling for downstream resources to fit DNS-1123 (max 63 chars) and avoid invalid Rancher names.
  • Added validation for gorizond cluster names to prevent invalid provisioning clusters.

Compatibility and cleanup notes

  • 0.5.x is backward compatible with clusters provisioned via 0.4.x.
  • The headscale/k3s cleanup format changed: instead of a Fleet Bundle we now use HelmOp.
  • When deleting older clusters, manually clean up the legacy Fleet Bundle. Ideally, replace old clusters fully to avoid mixed cleanup paths.

GitOps backbone: fleet-gitops

We use fleet-gitops as a bootstrap repository for Fleet. It is a Helm chart that renders Fleet GitRepo and HelmOp resources from values.yaml, so one repo becomes the single source of truth for everything from the runtime cluster to core services and databases.

How it is structured today:

  • fleet-local repos for platform control plane: fleet-gorizond-cluster (gorizond-cluster controller + charts), fleet-workspace-controller, fleet-cert-manager, yookassa-url-generator, docusaurus, jspolicy-for-autoscaler, and fleet-clusters.
  • fleet-default repos for shared runtime workloads: fleet-cert-manager and fleet-gorizond-database.
  • HelmOps for infra charts like jspolicy and longhorn.

Operational details we rely on:

  • Fleet targets clusters by labels like <name>=enabled, plus optional cluster selectors/groups for extra scoping.
  • paths allows pointing GitRepos directly at chart or policy subfolders.
  • Drift correction is enabled in the generated Fleet resources.

How to upgrade

  • In your GitOps/Fleet bundle set chartVersion of gorizond-cluster-controller to 0.5.x (tag v0.5.x).
  • If you manage infrastructure via fleet-gitops, update the controller bundle values there and let Fleet reconcile.
  • Roll out via Fleet/Helm and wait for BundleDeployment to reach Ready and controller pods to restart.

How to verify

  • New headscale/k3s namespaces are created automatically by HelmOp for fresh clusters.
  • Creating a cluster with an invalid name is rejected before provisioning.
  • Controller logs show clean reconcile and Rancher resources use DNS-1123-safe names.