Architecture
Kuberik is a GitOps-native orchestration layer that extends the standard controller pattern to handle complex deployment lifecycles.
System Overview
flowchart TB
%% Styles
classDef flux fill:#2D7E9D,stroke:#fff,stroke-width:2px,color:#fff
classDef kuberik fill:#4B4BE8,stroke:#fff,stroke-width:2px,color:#fff
classDef workload fill:#E5E7EB,stroke:#374151,stroke-width:1px,color:#374151
classDef boundary fill:#F3F4F6,stroke:#D1D5DB,stroke-width:1px,color:#374151,stroke-dasharray: 5 5
subgraph Cluster ["Cluster Scope"]
direction TB
subgraph FluxCD ["FluxCD Layer"]
direction TB
IR[ImageRepository]:::flux
IP[ImagePolicy]:::flux
KS[Kustomization]:::flux
end
subgraph Kuberik ["Kuberik Control Plane"]
direction TB
RO[Rollout]:::kuberik
ENV[Environment]:::kuberik
HC[HealthCheck]:::kuberik
RG[RolloutGate]:::kuberik
end
DEP[Workload]:::workload
end
%% Flows
IR --> IP
IP --> RO
RO --> ENV
%% Connections
KS --> DEP
RO -.->|Substitutes Version| KS
HC --> RO
RG --> RO
%% Subgraph Styling
class FluxCD,Kuberik boundary
Component Roles
| Component | Purpose |
|---|---|
| Rollout | The core state machine. Watches ImagePolicy and orchestrates releases. |
| Environment | Maps a Rollout to a logical target (e.g. “production”) and syncs status to external backends (GitHub). |
| HealthCheck | Probes system health during the bake period (HTTP, Datadog, Script). |
| RolloutGate | Blocks a Rollout from proceeding until specific conditions (manual approval, API check) are met. |
The Release Lifecycle
Discovery
Flux detects a new image tag. Kuberik creates a pending Release.
Gating
RolloutGates are evaluated. If any gate fails or is pending, the release waits.
Execution
Kuberik updates the Kustomization variables. Flux applies the changes.
Bake Time
Kuberik waits for a defined stabilization period.
Verification
HealthChecks run continuously.
- All health checks pass — release is promoted. -AvailableA health check fails — release is halted.Failed