FluxCD
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.
CLI Upgrade
asdf list all flux2 curl -s https://fluxcd.io/install.sh | sudo bash # after flux cli upgrade... export CLUSTER=mycluster flux install --export > clusters/$CLUSTER/flux-system/gotk-components.yaml kubectl apply --server-side --force-conflicts \ -f clusters/$CLUSTER/flux-system/gotk-components.yaml flux uninstall # to start over flux bootstrap git \ --components-extra=image-reflector-controller,image-automation-controller \ --url=git@github.com:mroverton1/private-devops.git \ --branch=master \ --path=clusters/$CLUSTER \ --private-key-file=$KEYFILE
SOPS
- Using SOPS - see aws section for service account setup
Repos
- https://github.com/fluxcd - top-level github
- https://github.com/fluxcd/flux2-multi-tenancy - docs on security
- https://github.com/fluxcd/flagger - Deployment controller
Example
echog "Add podinfo repository to Flux" flux create source git podinfo \ --url=https://github.com/stefanprodan/podinfo \ --branch=master \ --interval=30s \ --export > podinfo-source.yaml git add -A && git commit -m "Add podinfo GitRepository" git push
Bootstrap flux repo, then attach target links
# gen ssh key flux bootstrap git \ --components-extra=image-reflector-controller,image-automation-controller \ --url=ssh://git@github.com:mroverton1/x-x.git \ --branch=myron \ --path=clusters/k3s-default \ --private-key-file=/Users/myron/.ssh/id_rsa flux bootstrap git --url=ssh://git@bitbucket.org/x/x-flux-dev.git --branch=myron --path=clusters/k3s-default --private-key-file=/Users/myron/.ssh/id_rsa ► cloning branch "myron" from Git repository "ssh://git@bitbucket.org/xx/x-flux-dev.git" ✔ cloned repository ► generating component manifests ✔ generated component manifests ✔ committed sync manifests to "myron" ("2a1679a44cxxa75a93a6f70") ► pushing component manifests to "ssh://git@bitbucket.org/xx/x-flux-dev.git" ✔ reconciled components ► determining if source secret "flux-system/flux-system" exists ► generating source secret ✔ public key: ssh-rsa AAAAB3NzaC1yc2EAAxxeKx Please give the key access to your repository: y ► applying source secret "flux-system/flux-system" ✔ reconciled source secret ► generating sync manifests ✔ generated sync manifests ✔ committed sync manifests to "myron" ("14b02f4c7bcfdb") ► pushing sync manifests to "ssh://git@bitbucket.org/xx/x-flux-dev.git" ► applying sync manifests ✔ reconciled sync configuration ◎ waiting for Kustomization "flux-system/flux-system" to be reconciled ✔ Kustomization reconciled successfully ► confirming components are healthy ✔ helm-controller: deployment ready ✔ kustomize-controller: deployment ready ✔ notification-controller: deployment ready ✔ source-controller: deployment ready ✔ all components are healthy
OCI Repos not ready
- May not be bad. Just no status. Run this and look for suceeded
flux get helmreleases -A