Name: capacitor
Author: gimlet-io

Primary Use Case

Capacitor is designed for DevOps and cloud security teams using FluxCD for GitOps-based continuous delivery, offering a visual dashboard to monitor and manage Kubernetes deployments. It enables users to interact with FluxCD-managed clusters more intuitively, similar to how ArgoCD’s UI serves its users.

Key Features

User interface for FluxCD to visualize GitOps workflows

Automatic deployment and update via Flux OCIRepository

Supports port-forwarding for local UI access

Optional OCIRepository verification with Cosign for enhanced security

Kubernetes manifests and Helm chart installation options

Integration with Kubernetes NetworkPolicy and Ingress for secure access

Designed to match or exceed ArgoCD UI capabilities

Insights & Recommendations

Capacitor requires FluxCD v2.0.0 or higher and optionally v2.2.0 for OCIRepository verification with Cosign. When exposing the UI externally, appropriate Kubernetes NetworkPolicy and Ingress configurations are necessary to secure access. The tool is focused on providing a UI experience comparable to ArgoCD for Flux users.

Installation

Ensure Flux v2.0.0 or higher is installed
Add Capacitor manifests to the Flux repository using the provided OCIRepository and Kustomization YAML
Apply Kubernetes RBAC and manifest YAML files using kubectl
Optionally configure OCIRepository verification with Cosign if using Flux v2.2.0 or higher
Use kubectl port-forward to access the Capacitor UI locally
For Helm installation, add the onechart Helm repo and install Capacitor with provided Helm values
Configure Kubernetes NetworkPolicy and Ingress resources if exposing Capacitor UI externally

Usage

kubectl -n flux-system port-forward svc/capacitor 9000:9000

Access the Capacitor UI locally via port forwarding

kubectl apply -f https://raw.githubusercontent.com/gimlet-io/capacitor/main/deploy/k8s/rbac.yaml

Apply RBAC permissions required by Capacitor

kubectl apply -f https://raw.githubusercontent.com/gimlet-io/capacitor/main/deploy/k8s/manifest.yaml

Deploy Capacitor Kubernetes manifests

helm repo add onechart https://chart.onechart.dev

Add the Helm repository containing Capacitor charts

helm upgrade -i capacitor -n flux-system onechart/onechart -f https://raw.githubusercontent.com/gimlet-io/capacitor/main/deploy/helm/onechart-helm-values.yaml

Install or upgrade Capacitor using Helm with predefined values

Smart Usage Notes

Integrate Capacitor with FluxCD pipelines to automate security policy enforcement and configuration drift detection.

Leverage Cosign verification to enhance supply chain security by validating OCIRepository artifacts before deployment.

Use Capacitor’s UI to improve visibility for DevSecOps teams, enabling quicker detection and remediation of misconfigurations.

Combine Capacitor with Kubernetes NetworkPolicies and Ingress configurations to enforce zero-trust network segmentation in clusters.

Employ Capacitor in purple team exercises to simulate and detect attacks leveraging GitOps workflows and Kubernetes resource manipulations.

OpenSec Atlas

capacitor

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like