What is Gitops and Flux?
GitOps for Kubernetes is trending and is being adopted more widely across organisations. With GitOps you can apply your standard development practices to Infrastructure including version control, CI/CD, compliance and more.
Flux is one of the components that is key to a successful Gitops implementation and acts as the controller for monitoring and making changes to your Kubernetes or in this case AKS cluster. It should be the only method of applying changes without providing direct user access to the cluster.
In a Gitops scenario applied to Kubernetes, your Github repository becomes the single source of truth for your infrastructure configuration. Flux monitors for any changes and soon as new configuration is merged into your specified branch it will apply the desired state on to AKS. At a high level the workflow looks something like this:
- Developer creates a feature branch (standard Gitflow approach)
- Feature branch is merged into main with the desired changes following testing etc.
- Flux agent monitors the main branch and as soon as any new desired state is merged it will apply the configuration to the cluster.
Below is a diagram illustrating the Gitops workflow using Flux:
Installing Flux on AKS using a Yaml pipeline
Flux runs an agent installed in a pod/container in a dedicated namespace. The following guide will perform the basic installation through a YAML pipeline in Azure DevOps and assumes some experience with Azure DevOps as not all the steps are outlined (e.g how to create a pipeline). Some pre-requisites to consider:
- Azure Kubernetes Service with at least 1 agent pool and 1 node.
- Minimum version of Kubernetes 1.19 is required.
- Permissions to generate an SSH key in Azure DevOps.
- AKS Pod Identity
We will be using Helm to perform this particular installation however Flux can be installed through the command line directly.
- Prepare your YAML pipeline using the following as a base by replacing the variables:
trigger:
- none
pool:
vmImage: ubuntu-latest
variables:
- group: Kubernetes #Optional variable group
- name: gitUrl
value: git@ssh.dev.azure.com:v3/<devops-organisation>/<devops-project>/<devops-repository> #The Azure DevOps Git URL
- name: gitPath
value: clusters/dev # The directory you wil store your Kuberenetes manifests that Flux will monitor
- name: fluxNamespace # The namespace where Flux will be installed
value: flux
- name: connectedServiceName
value: service-connection-001 # The service connection that will be used to deploy the configuration. Must have access to the cluste.r
- name: aksResourceGroupName
value: aks-rg-001 # The name of the resouce group containing the clustr.
- name: aksName
value: aks-cluster-001 # The name of the AKS cluster
- name: fluxAllowedNamespaces
value: default # Namespace that you want to allow flux to make changes to including deletions.
steps:
- task: Kubernetes@1
displayName: 'Create the Flux Namespace'
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: '$(connectedServiceName)'
azureResourceGroup: '$(aksResourceGroupName)'
kubernetesCluster: '$(aksName)'
useClusterAdmin: true
command: 'apply'
arguments: '-f $(System.DefaultWorkingDirectory)/kubernetes/flux/namespace.yaml --validate=true'
versionSpec: 1.20.9
- task: AzureCLI@2
displayName: 'Add the Flux helm repository and update'
inputs:
azureSubscription: '$(connectedServiceName)'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
helm repo add fluxcd https://charts.fluxcd.io
helm repo update
- task: Kubernetes@1
displayName: 'Apply the Helm Operator CRD'
inputs:
connectionType: 'Azure Resource Manager'
azureSubscriptionEndpoint: '$(connectedServiceName)'
azureResourceGroup: '$(aksResourceGroupName)'
kubernetesCluster: '$(aksName)'
useClusterAdmin: true
namespace: '$(fluxNamespace)'
command: 'apply'
arguments: '-f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml'
versionSpec: 1.20.9
- task: AzureCLI@2
displayName: 'Authenticate to the AKS Cluster'
inputs:
azureSubscription: $(connectedServiceName)
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
az aks get-credentials -g $(aksResourceGroupName) -n $(aksName) --admin
- task: AzureCLI@2
inputs:
azureSubscription: '$(connectedServiceName)'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
helm upgrade -i \
flux fluxcd/flux \
--set git.url=$(gitUrl) \
--set git.branch=master \
--set syncGarbageCollection.enabled=true \
--set git.path=$(gitPath) \
--namespace $(fluxNamespace) \
--version=v1.11.2
2: Run the pipeline and wait for the installation to complete.
Verifying the Install & Testing Flux
You will need to authenticate to the cluster for the next steps and make sure you have the Kubernetes command line installed:
Install Kubernetes command line and AKS CLI
az aks install-cli
Authenticate to the cluster
az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup
1: Check that the Flux namespace is created and that the Flux pod is running
Kubectl get namespaces
Kubectl get pods -n flux
2: Next we need to generate an SSH key using the flux command line or fluxctl. You can install fluxctl using either homebrew for mac or chocolatey for Windows:
Install using Homebrew
brew install fluxctl
Install using Chocolatey
choco install fluxctl
3: After you have installed the command line, run the following command by specifying the namespace "flux" created earlier. You will be presented with the public SSH key
fluxctl identity --k8s-fwd-ns flux
4: Add the public SSH key data to your Azure DevOps Account. The process is simple and be found here - https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-
keys-to-authenticate?view=azure-devops#step-2--add-the-public-key-to-azure-devops-servicestfs
5: Flux is now configured to listen on the path defined in the variables on your chosen repo. Next time you merge any Kubernetes manifests Flux will automatically apply them. You can check the sync status by running the below command:
fluxctl sync --k8s-fwd-ns flux
Hopefully this article has given you a flavour of Gitops using Flux on Kubernetes. Be sure to check out the official Flux documentation
Top comments (0)