Copied to clipboard
Powered by Flux Operator & Flux CD

One Command
Infinite AI

GitOps-managed Kubernetes infrastructure for AI-powered applications. Secure, reproducible, and ready to modify with your favourite AI coding assistant.

$ npx gitops-ai bootstrap click to copy
Get Started See Architecture
Works with
GitLab GitHub Kubernetes Flux CD SOPS / Age Cloudflare
How It Works

From zero to GitOps in three steps

The interactive wizard handles everything: cluster provisioning, Flux installation, secret encryption, and first reconciliation.

1

Run the Bootstrap

Run npx gitops-ai bootstrap or pipe the bash script to bash to get Node.js if needed, then launch the interactive TUI wizard. Pick your components, enter credentials, and the CLI does the rest.

2

Git Becomes Source of Truth

The template is forked into your GitLab or GitHub namespace. Cluster manifests, Helm values, and SOPS-encrypted secrets are committed automatically.

3

Flux Reconciles Continuously

Flux Operator watches your repo and applies every change. Push a commit and the cluster updates. Manual drift is auto-corrected.

Features

Built for security, speed, and simplicity

Every decision follows NSA Kubernetes hardening guidelines and GitOps best practices.

Security by Default

Non-root containers, read-only filesystems, dropped capabilities, and network policies isolating every workload. Secrets encrypted at rest with SOPS/Age before they touch Git.

Infrastructure as Code

Your entire cluster is defined in Git. Every change is versioned, reviewable, and reversible. Roll back infrastructure by reverting a commit.

Reproducible Deployments

Same bootstrap, identical cluster, every time. Flux auto-corrects drift within minutes. No manual kubectl apply ever needed.

Scalable & Extensible

Add worker nodes, drop in new components like Lego blocks. Need a database, queue, or AI model? Add a HelmRelease and push. Flux deploys it automatically.

AI-Native Infrastructure

Modify your cluster with AI coding assistants

Your infrastructure is YAML and Helm values. Describe what you want in natural language, commit the result, and Flux applies it to the cluster.

Cursor
GitHub Copilot
Claude
ChatGPT
Architecture

Two repos, one reconciliation loop

The bootstrapper clones a battle-tested template into your namespace. Flux watches your repo and keeps the cluster in sync.

Developer / AI

git push

Git Repository

Source of truth

Flux Controllers

Reconciles state

SOPS Secrets

Encrypted at rest, decrypted in-memory

Kubernetes Cluster

Drift auto-corrected on every cycle

Flux Operator

Manages controller lifecycle

Flux Instance

  • source-controller
  • kustomize-controller
  • helm-controller

Two-repo strategy

Template Repository

GitOpsAI/gitops-ai-template

A battle-tested GitOps structure with Helm values, Kustomization overlays, and SOPS config. You never modify this repo directly — it receives upstream improvements and security patches.

View on GitHub
SYNC

Your GitOps Repository

created in your namespace during bootstrap

A fork cloned into your GitHub or GitLab namespace. This is your single source of truth. All cluster changes flow through Git — versioned, reviewable, and reversible.

GitOps reconciliation loop

1

Push a change

Edit a HelmRelease, update values, or add a component. Commit and push to your GitOps repo.

2

Flux detects the commit

source-controller polls your repo and pulls the new revision automatically.

3

Manifests are applied

kustomize-controller renders and applies resources. SOPS secrets are decrypted in-memory using the age key stored in the cluster.

4

Helm charts upgrade

helm-controller processes HelmRelease changes, upgrading or installing charts with your values.

5

Drift is auto-corrected

If someone manually modifies a resource, Flux reverts it to match Git on the next cycle. No manual kubectl apply ever needed.

Security model

Secrets at Rest

All sensitive values (API tokens, keys) are encrypted with SOPS/Age before being committed. The private key exists only in the cluster and on the bootstrap machine.

Container Hardening

Non-root users, read-only root filesystems, and dropped capabilities following NSA Kubernetes hardening guidelines.

Network Isolation

NetworkPolicy resources limit pod-to-pod communication. Ingress is restricted to CIDR ranges you specify during the wizard.

Git Auth

Flux authenticates over HTTPS using a GitLab or GitHub PAT scoped to minimum permissions. No SSH keys or cluster-to-internet exposure.

Monitoring out of the box

Prometheus CRDs

ServiceMonitor and PodMonitor custom resources are installed by default. Every component ships ready-made scrape targets -- add Prometheus and metrics are collected instantly.

Grafana Dashboards

Enable Grafana as an optional component to get pre-built dashboards for cluster health, ingress traffic, and Flux reconciliation status.

Flux Alerts

Flux Web UI shows reconciliation status for every component. Failed deployments and drift corrections surface immediately -- no digging through logs.

Zero Configuration

No YAML to write. The bootstrap wires everything together -- service discovery, scrape intervals, and dashboard provisioning are handled automatically.

Components

Pick what you need

The wizard lets you select which components to install. Required ones are always included; optional ones are your choice.

Ingress Nginx

External HTTP/HTTPS ingress

Cert Manager

Auto TLS via Let's Encrypt

External DNS

DNS records in Cloudflare

Flux Web UI

Dashboard for Flux status

OpenClaw

AI assistant gateway

Monitoring

VictoriaMetrics stack and Grafana

+

Anything You Need

PostgreSQL, Redis, RabbitMQ, Ollama, or any Helm chart. Add a HelmRelease, push, and Flux deploys it.

Required
DNS/TLS
Optional
Requirements

Minimal requirements, maximum output

Run on a bare Ubuntu server or locally on macOS. The bootstrap installs all dependencies.

Compute

2+ CPU cores, 4+ GB RAM, 20+ GB disk. Ubuntu 25.04+ or macOS.

Credentials

GitLab or GitHub PAT (required), Cloudflare API Token (optional), OpenAI Key (optional).

Runtime

Node.js 18+. Docker runtime on macOS (Docker Desktop, OrbStack, or Colima).

Get Started

Your GitOps cluster is one command away

Open your terminal, copy npx or switch to the install script, and the wizard handles the rest.

$ npx gitops-ai bootstrap click to copy
Read the Docs View on GitHub
Back Documentation View on GitHub
Getting Started
Prerequisites Bootstrap Walkthrough
Reference
Architecture Configuration Security Model Scaling Template Sync
Loading documentation...