New example app named 'Flipt'

[jmboby]

Summary

New example application: enterprise-ready deployment of Flipt, an open-source feature flag and experimentation platform, packaged as a Helm chart with full Replicated KOTS and Embedded Cluster integration.

Helm Chart

Single chart (applications/flipt/chart) deploying Flipt v1.61.0 with two subchart dependencies managed via Chart.yaml conditions:

Component	Image	Purpose
Flipt	ghcr.io/flipt-io/flipt:v1.61.0	Feature flag API + UI
PostgreSQL 16	ghcr.io/cloudnative-pg/postgresql:16	Durable flag storage (CloudNativePG operator)
Valkey 8.0	ghcr.io/valkey-io/valkey:8.0	Distributed cache for multi-replica consistency
Replicated SDK	proxy.replicated.com/library/replicated-sdk-image:1.15.0	License + admin console integration

• Database: embedded PostgreSQL via CloudNativePG operator (subchart) or external PostgreSQL — toggled via postgresql.type
• Cache: Valkey (Redis-compatible) for cross-replica cache consistency, uses emptyDir (ephemeral cache data)
• Ingress: NGINX or Traefik with optional TLS via cert-manager ClusterIssuer
• HA: PodDisruptionBudget (default), optional HPA with configurable CPU target
• Security: non-root containers, read-only root filesystem, seccomp RuntimeDefault, dropped capabilities

License Field → Flipt Feature Flag Sync

A CronJob that syncs boolean Replicated license fields to Flipt as feature flags, enabling vendor-controlled feature gating from the Replicated Vendor Portal.

• Python script (python:3.12-alpine) fetches fields from the Replicated SDK API, verifies RSA-PSS signatures (MD5) using the vendor public key, and creates/updates boolean flags via the Flipt REST API
• Configurable field names (default: ab_testing), sync interval, and Flipt namespace
• Signature verification is automatic when a public key is provided, disabled when it isn't
• Gated by licenseSync.enabled — no resources created when disabled

Replicated Integration

• KOTS Config: six config groups (basic, ingress, database, valkey, license sync, resources, advanced) with conditional visibility (when clauses)
• HelmChart CR (kots.io/v1beta2): full value mappings with optionalValues for ingress TLS, external PostgreSQL, and snapshot backup labels
• Embedded Cluster: EC config with ingress-nginx (NodePort 80/443) and cert-manager as Helm extensions
• Builder key: static values enabling all components for air-gap image discovery
• Preflights: Kubernetes version, StorageClass, memory checks (embedded in chart as Secret)
• Support bundle: collectors and analyzers for Flipt, PostgreSQL, Valkey, and cluster-level diagnostics
• Status informers: Flipt deployment, CloudNativePG operator, and Valkey

Operational

• Makefile: lint, package, install, release (auto-bumps version, lints, creates Replicated release), port-forward, preflight, support-bundle
• Smoke test: Python script that creates a boolean flag, enables it, evaluates it, and cleans up
• Documentation: README, QUICKSTART, TROUBLESHOOTING, development license guide, SDK examples (Go, Node.js, Python), and example values (minimal, production, external DB)

Test plan

• helm lint passes
• helm template renders all resources with default values
• helm template renders license-sync resources when licenseSync.enabled=true
• helm template excludes license-sync resources when licenseSync.enabled=false
• KOTS Admin Console install on Embedded Cluster VM
• CloudNativePG operator starts, PostgreSQL cluster reaches Running
• Valkey pod starts, Flipt connects to cache
• Flipt Deployment healthy with 2 replicas
• Flipt UI accessible via ingress with TLS
• KOTS config toggles (ingress, TLS, Valkey, autoscaling) apply correctly on reconfig
• License sync CronJob runs on schedule and creates ab_testing flag in Flipt
• License field signature verification passes with correct public key
• Toggling license field value in Vendor Portal → flag state updates in Flipt on next sync
• Smoke test (tests/smoke/test-flipt.py) passes against running instance
• Preflight checks pass on target cluster
• Support bundle collects Flipt logs and pod status

[adamancini]

I mean to hit comment without "request changes"

[jmboby]

Helm Release Review (Ada's Claude Plugin) output -
release-review-flipt-2026-03-03.md

[jmboby]

A quick Loom describing the app and Replicated features I've used -
https://www.loom.com/share/5c1a974fbe0741b9856d594645964392

[kriscoleman]

@jmboby I love this!

I am a feature flag evangelist, would love to talk about it with you sometime.

I also did not know about flipt, but scoped it out, and was so happy to see they use the open-feature spec, even ofrep!