FluxCD is a continuous delivery tool that automates the deployment and lifecycle management of applications on Kubernetes. It uses GitOps principles to synchronize application code stored in Git repositories with Kubernetes clusters, ensuring consistency and reliability in the deployment process.
- Install Flux CLI
curl -s https://fluxcd.io/install.sh | sudo bash
- Create a GitHub Personal Access Token Flux bootstrap command needs a PAT to access GitHub API. Click on profile -> Settings -> Developer Settings and create a Classic Personal Access Token. And then export the token as an environment variable
export GITHUB_TOKEN=<gh-token>
- Bootstrap Flux
flux bootstrap github \
--token-auth \
--owner=ex-offenders \
--repository=paas-config \
--branch=main \
--path=clusters/production \
--personal
With this, paas-config GH repository in ex-offenders organization will be initialized.
After this is done, you would be able to see the following files in the new repository
clusters
-- production
----flux-system
------gotk-components.yaml
------gotk-sync.yaml
------kustomization.yaml
Now we can start deploying resources into the Kubernetes cluster by pushing the changes to this github repository. Also please see the docs to learn how flux contributes to our automated release process.
It is helpful to receive notifications on the status of our GitOps pipelines. For this we make use of Flux Notification Controller to send notifications to our slack.
- Create a slack channel. E.g. #flux-notifications
- Create a new slack application by visiting this. Give it an appropriate name. E.g.: FluxCD
- Navigate to Oauth & Permissions section in the slack app and provide channels:read, chat:write, chat:write.customize permissions.
- Install the slack app to the slack workspace and note down Bot User Oauth Token.
- Install the application to #flux-notifications channel.
- Create a secret in flux-system namespace with the above Bot User Oauth Token
Directory Structure
clusters
--production
----flux-system
------slack-secret-enc.yaml
Content
apiVersion: v1
data:
token: <token>
kind: Secret
metadata:
name: slack-secret
namespace: flux-system
type: Opaque
Make sure to encrypt the secret using sealed-secrets
- Create slack provider Directory structure
clusters
--production
----flux-system
------slack-secret-enc.yaml
------notification-provider-slack.yaml
Content
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Provider
metadata:
name: notification-provider-slack
namespace: flux-system
spec:
address: https://slack.com/api/chat.postMessage
channel: flux-notifications
secretRef:
name: slack-secret
type: slack
username: FluxCD
- Create Alert resource to specify on which events we would like to get notified
Directory structure
clusters
--production
----flux-system
------slack-secret-enc.yaml
------notification-provider-slack.yaml
------notification-alert-slack.yaml
Content
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
name: notification-alert-slack
namespace: flux-system
spec:
eventSeverity: info
eventSources:
- kind: Kustomization
name: '*'
- kind: GitRepository
name: '*'
- kind: HelmChart
name: '*'
- kind: HelmRepository
name: '*'
- kind: HelmRelease
name: '*'
- kind: ImageRepository
name: '*'
- kind: ImagePolicy
name: '*'
- kind: ImageUpdateAutomation
name: '*'
providerRef:
name: notification-provider-slack
That would be it. Now we should be able to see Flux notifications in #flux-notifications slack channel