Este repo es complementario al workshop Introducción a GitOps con Flux, dado en la Introducción a GitOps con Flux.
# Clone
export GITHUB_USERNAME=<user>
git clone git@github.com:$GITHUB_USERNAME/flux-workshop-nerdearla.git
cd flux-workshop-nerdearla
# Fetch del branch init
git fetch origin init
# Merge con main
git merge origin/init- Kubernetes - Con colima o kind está bien
- kubectl
- flux
- Github personal access token (PAT) - https://github.com/settings/tokens
- gitops CLI - (Opcional)
- colima 0.5.5
- kubectl 1.28.2
- flux 2.1.1
colima start --kubernetes --cpu 8 --memory 8 --profile flux-demo
# kind
kind create cluster --name flux-demoColima output
INFO[0000] starting colima [profile=flux-demo] INFO[0000] runtime: docker+k3s INFO[0000] preparing network ... context=vm INFO[0000] creating and starting ... context=vm INFO[0024] provisioning ... context=docker INFO[0025] starting ... context=docker INFO[0031] provisioning ... context=kubernetes INFO[0031] downloading and installing ... context=kubernetes INFO[0038] loading oci images ... context=kubernetes INFO[0045] starting ... context=kubernetes INFO[0048] updating config ... context=kubernetes INFO[0049] Switched to context "colima-flux-demo". context=kubernetes INFO[0051] doneCheck la creación del cluster
kubectl get nodes --watchPrimero vas a necesitar un token personal de Github con todos los permisos del scope repo - https://github.com/settings/tokens.
export GITHUB_USER=<github-user>
export GITHUB_TOKEN=<github-token>flux check --pre
► checking prerequisites
✔ Kubernetes 1.28.1+k3s1 >=1.25.0-0
✔ prerequisites checks passedflux bootstrap github \
--owner=$GITHUB_USER \
--repository=flux-workshop-nerdearla \
--branch=main \
--path=./clusters/dev \
--personal \
--read-write-keyOutput
► connecting to github.com
► cloning branch "main" from Git repository "https://github.com/marcorichetta/flux-workshop-nerdearla.git"
✔ cloned repository
► generating component manifests
✔ generated component manifests
✔ committed sync manifests to "main" ("128f2feb9053ed1863b3e5a8c14cf65488512b12")
► pushing component manifests to "https://github.com/marcorichetta/flux-workshop-nerdearla.git"
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► determining if source secret "flux-system/flux-system" exists
► generating source secret
✔ public key: ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNf54MZoM/zhM6DdYxJwyHf8PY2B6+VVobMzy+2kmpP0jSfFe4alVUbW0t/ljzeJyss5zj75Raw31z7LC7dH8LJZBzamVCmvX4g80S1EUzkbBLkhj0y4++YlLhcE51/19g==
✔ configured deploy key "flux-system-main-flux-system-./clusters/dev" for "https://github.com/marcorichetta/flux-workshop-nerdearla"
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main" ("0426a12bd7de1dc4186311a6bd5f8835d1340212")Ver como se levanta flux
kubectl get pods -n flux-system -wTraerse los manifiestos commiteados por flux
git pull
lsd --tree clusters
clusters
└── dev
└── flux-system
├── gotk-components.yaml
├── gotk-sync.yaml
└── kustomization.yamlflux suspend kustomization flux-system -n flux-systemCrear apps con kubectl
kubectl apply -R -f apps/dev
kubectl port-forward svc/frontend -n podinfo 8000:9898
kubectl get all -n podinfo
kubectl edit -n podinfo deploy/frontendflux resume kustomization flux-system -n flux-systemCrear namespace podinfo
# apps/podinfo/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: podinfoCrear kustomization
flux create kustomization apps \
--source=flux-system \
--path="./apps/dev" \
--prune=true \
--interval=5m \
--export > ./clusters/dev/apps.yamlflux reconcile kustomization apps --with-sourceCrear kustomization para notificar a Flux del dashboard
flux create kustomization infra \
--source=flux-system \
--path="./infrastructure" \
--prune=true \
--interval=1h \
--export > ./clusters/dev/infrastructure.yaml
# Port forward para ingresar localmente
kubectl port-forward svc/weave-gitops -n flux-system 9001:9001Agregar image automation y reflector controllers
flux bootstrap github \
--components-extra=image-reflector-controller,image-automation-controller \
--owner=$GITHUB_USER \
--repository=flux-workshop-nerdearla \
--branch=main \
--path=./clusters/dev \
--personal \
--read-write-keykubectl get deploy -n flux-systemgit pull para traerse los cambios que pusheo flux
mkdir ./clusters/dev/images/
flux create image repository podinfo \
--image=ghcr.io/stefanprodan/podinfo \
--interval=5m \
--export > ./clusters/dev/images/podinfo-registry.yamlflux create image policy podinfo \
--image-ref=podinfo \
--select-semver=">=5.0.x" \
--export > ./clusters/dev/images/podinfo-policy.yamlEjemplos: https://fluxcd.io/flux/guides/image-update/#imagepolicy-examples
# deployment.yaml
spec:
containers:
- name: frontend
image: ghcr.io/stefanprodan/podinfo:5.0.0 # {"$imagepolicy": "flux-system:podinfo"}flux create image update flux-system \
--interval=30m \
--git-repo-ref=flux-system \
--git-repo-path="./apps/dev" \
--checkout-branch=main \
--push-branch=main \
--author-name=fluxcdbot \
--author-email=fluxcdbot@users.noreply.github.com \
--commit-template="{{range .Updated.Images}}{{println .}}{{end}}" \
--export > ./clusters/dev/flux-system-automation.yamlkind delete cluster -n flux-demo
colima stop --profile flux-demo
colima delete --profile flux-demokind create cluser -n new-flux-demo
colima start --kubernetes --cpu 4 --memory 8 --profile new-flux-demoflux bootstrap github \
--components-extra=image-reflector-controller,image-automation-controller \
--owner=$GITHUB_USER \
--repository=flux-workshop-nerdearla \
--branch=main \
--path=./clusters/dev \
--personal \
--read-write-key
kubectl port-forward svc/weave-gitops -n flux-system 9001:9001Sealed secrets - https://github.com/bitnami-labs/sealed-secrets
Problem: "I can manage all my K8s config in git, except Secrets." Sealed Secrets: "Hold my beer"
mkdir ./clusters/dev/sealed-secrets
flux create source helm sealed-secrets \
--url=https://bitnami-labs.github.io/sealed-secrets \
--interval=10m \
--export > ./clusters/dev/sealed-secrets/source.yaml
flux create helmrelease sealed-secrets \
--interval=1h \
--release-name=sealed-secrets-controller \
--target-namespace=flux-system \
--source=HelmRepository/sealed-secrets \
--chart=sealed-secrets \
--chart-version=">=1.15.0-0" \
--crds=CreateReplace \
--export > ./clusters/dev/sealed-secrets/helmrelease.yamlkubeseal --fetch-cert \
--controller-name=sealed-secrets-controller \
--controller-namespace=flux-system \
> ./clusters/dev/sealed-secrets/pub-sealed-secrets.pemCrear Secret
kubectl -n default create secret generic podinfo-secret \
--from-literal=SECRET_KEY=super_secret_key \
--dry-run=client \
-o yaml > apps/dev/podinfo/secret.yamlCrear Sealed Secret
kubeseal --scope cluster-wide \
--format=yaml \
--cert=./clusters/dev/sealed-secrets/pub-sealed-secrets.pem \
-f apps/dev/podinfo/secret.yaml \
-w apps/dev/podinfo/sealed-secret.yamlAgregar env en deployment.yaml y agregarlo en kustomization.yaml
# deployment.yaml
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: podinfo-secret
key: SECRET_KEY
# kustomization.yaml
resources:
- ./podinfo/sealed-secret.yaml
kubectl get secret podinfo-secret -o jsonpath={.data.SECRET_KEY} | base64 -dCrear provider
mkdir ./clusters/dev/notifications
flux create alert-provider generic --type generic --export > ./clusters/dev/notifications/provider.yamlCrear alert
flux create alert generic-alert \
--event-severity info \
--event-source Kustomization/flux-system \
--provider-ref generic \
--export > ./clusters/dev/notifications/alert.yaml