DEV Community

Martin
Martin

Posted on

How to Install Flux on Azure Kubernetes Service using Azure DevOps

What is Gitops and Flux?

GitOps for Kubernetes is trending and is being adopted more widely across organisations. With GitOps you can apply your standard development practices to Infrastructure including version control, CI/CD, compliance and more.

Flux is one of the components that is key to a successful Gitops implementation and acts as the controller for monitoring and making changes to your Kubernetes or in this case AKS cluster. It should be the only method of applying changes without providing direct user access to the cluster.

In a Gitops scenario applied to Kubernetes, your Github repository becomes the single source of truth for your infrastructure configuration. Flux monitors for any changes and soon as new configuration is merged into your specified branch it will apply the desired state on to AKS. At a high level the workflow looks something like this:

  1. Developer creates a feature branch (standard Gitflow approach)
  2. Feature branch is merged into main with the desired changes following testing etc.
  3. Flux agent monitors the main branch and as soon as any new desired state is merged it will apply the configuration to the cluster.

Below is a diagram illustrating the Gitops workflow using Flux:

Flux Workflow Overview

Installing Flux on AKS using a Yaml pipeline

Flux runs an agent installed in a pod/container in a dedicated namespace. The following guide will perform the basic installation through a YAML pipeline in Azure DevOps and assumes some experience with Azure DevOps as not all the steps are outlined (e.g how to create a pipeline). Some pre-requisites to consider:

  • Azure Kubernetes Service with at least 1 agent pool and 1 node.
  • Minimum version of Kubernetes 1.19 is required.
  • Permissions to generate an SSH key in Azure DevOps.
  • AKS Pod Identity

We will be using Helm to perform this particular installation however Flux can be installed through the command line directly.

  1. Prepare your YAML pipeline using the following as a base by replacing the variables:


trigger:
- none

pool:
  vmImage: ubuntu-latest

variables:

- group: Kubernetes #Optional variable group

- name: gitUrl
  value: git@ssh.dev.azure.com:v3/<devops-organisation>/<devops-project>/<devops-repository> #The Azure DevOps Git URL

- name: gitPath
  value: clusters/dev # The directory you wil store your Kuberenetes manifests that Flux will monitor

- name: fluxNamespace # The namespace where Flux will be installed
  value: flux  

- name: connectedServiceName
  value: service-connection-001 # The service connection that will be used to deploy the configuration. Must have access to the cluste.r

- name: aksResourceGroupName
  value: aks-rg-001 # The name of the resouce group containing the clustr.

- name: aksName
  value: aks-cluster-001 # The name of the AKS cluster

- name: fluxAllowedNamespaces
  value: default # Namespace that you want to allow flux to make changes to including deletions.

steps:
- task: Kubernetes@1
  displayName: 'Create the Flux Namespace'
  inputs:
    connectionType: 'Azure Resource Manager'
    azureSubscriptionEndpoint: '$(connectedServiceName)'
    azureResourceGroup: '$(aksResourceGroupName)'
    kubernetesCluster: '$(aksName)'
    useClusterAdmin: true
    command: 'apply'
    arguments: '-f $(System.DefaultWorkingDirectory)/kubernetes/flux/namespace.yaml --validate=true'
    versionSpec: 1.20.9

- task: AzureCLI@2
  displayName: 'Add the Flux helm repository and update'
  inputs:
    azureSubscription: '$(connectedServiceName)'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      helm repo add fluxcd https://charts.fluxcd.io
      helm repo update

- task: Kubernetes@1
  displayName: 'Apply the Helm Operator CRD'
  inputs:
    connectionType: 'Azure Resource Manager'
    azureSubscriptionEndpoint: '$(connectedServiceName)'
    azureResourceGroup: '$(aksResourceGroupName)'
    kubernetesCluster: '$(aksName)'
    useClusterAdmin: true
    namespace: '$(fluxNamespace)'
    command: 'apply'
    arguments: '-f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml'
    versionSpec: 1.20.9

- task: AzureCLI@2
  displayName: 'Authenticate to the AKS Cluster'
  inputs: 
    azureSubscription: $(connectedServiceName)
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az aks get-credentials -g $(aksResourceGroupName) -n $(aksName) --admin

- task: AzureCLI@2
  inputs:
    azureSubscription: '$(connectedServiceName)'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      helm upgrade -i \
      flux fluxcd/flux \
      --set git.url=$(gitUrl) \
      --set git.branch=master \
      --set syncGarbageCollection.enabled=true \
      --set git.path=$(gitPath) \
      --namespace $(fluxNamespace) \
      --version=v1.11.2 


Enter fullscreen mode Exit fullscreen mode

2: Run the pipeline and wait for the installation to complete.

Verifying the Install & Testing Flux

You will need to authenticate to the cluster for the next steps and make sure you have the Kubernetes command line installed:

Install Kubernetes command line and AKS CLI

az aks install-cli

Authenticate to the cluster

az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup

1: Check that the Flux namespace is created and that the Flux pod is running

Kubectl get namespaces

Image description

Kubectl get pods -n flux

Image description

2: Next we need to generate an SSH key using the flux command line or fluxctl. You can install fluxctl using either homebrew for mac or chocolatey for Windows:

Install using Homebrew
brew install fluxctl

Install using Chocolatey
choco install fluxctl

3: After you have installed the command line, run the following command by specifying the namespace "flux" created earlier. You will be presented with the public SSH key
fluxctl identity --k8s-fwd-ns flux

4: Add the public SSH key data to your Azure DevOps Account. The process is simple and be found here - https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-
keys-to-authenticate?view=azure-devops#step-2--add-the-public-key-to-azure-devops-servicestfs

5: Flux is now configured to listen on the path defined in the variables on your chosen repo. Next time you merge any Kubernetes manifests Flux will automatically apply them. You can check the sync status by running the below command:

fluxctl sync --k8s-fwd-ns flux

Image description

Hopefully this article has given you a flavour of Gitops using Flux on Kubernetes. Be sure to check out the official Flux documentation

Top comments (0)