Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.
Install
Install CLI
Check your Kubernetes cluster
flux check --pre
Dev install
For testing purposes you can install Flux without storing its manifests in a Git repository:
flux install
Or using kubectl:
kubectl apply -f https://github.com/fluxcd/flux2/releases/latest/download/install.yaml
QuickStart
.
├── apps # 应用相关信息
│ └── exmaple
├── clusters # 集群相关配置
│ ├── gitrepo.yaml # gitrepository (CR)
│ ├── terraform.yaml # terraform (CR)
│ ├── helm.yaml # helmrelease (CR)
│ └── notification.yaml # alert & provider (CR)
└── infrastructure # iac 相关配置(主要是 terraform hcl 配置)
├── main.tf
├── provider.tf
└── variable.tf
Source Controller
The main role of the source management component is to provide a common interface for artifacts acquisition. The source API defines a set of Kubernetes objects that cluster admins and various automated operators can interact with to offload the Git and Helm repositories operations to a dedicated controller.
gitrepo.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: gitrepo
namespace: flux-system
spec:
secretRef:
name: https-credentials
interval: 1m
url: https://github.com/blazehu/gitops_example.git
ref:
branch: master
---
apiVersion: v1
kind: Secret
metadata:
name: https-credentials
namespace: flux-system
type: Opaque
data:
username: xxx
password: xxx
- secret 主要是做 git 仓库的认证
- interval 是拉取 git 提交的间隔,每隔一分钟会查看 git 仓库是否会有新的提交
TF Controller
TF-controller is an experimental controller for Flux to reconcile Terraform resources in the GitOps way. With the power of Flux together with Terraform, TF-controller allows you to GitOps-ify infrastructure, and application resources, in the Kubernetes and Terraform universe, at your own pace.
tf config
infrastructure
├── main.tf
├── provider.tf
└── variable.tf
provider.tf
terraform {
required_providers {
tencentcloud = {
source = "tencentcloudstack/tencentcloud"
version = "1.60.5"
}
}
}
provider "tencentcloud" {
}
main.tf
resource "tencentcloud_clb_instance" "example" {
target_region_info_region = var.region
target_region_info_vpc_id = var.vpc
vpc_id = var.vpc
clb_name = var.clb_name
network_type = "OPEN"
project_id = 0
security_groups = [tencentcloud_security_group.sg1.id]
internet_bandwidth_max_out = "10"
internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR"
load_balancer_pass_to_target = "true"
lifecycle {
ignore_changes = [
tags,
]
}
}
resource "tencentcloud_security_group" "sg1" {
description = "默认安全组"
name = "example-sg1"
project_id = "0"
}
resource "tencentcloud_security_group_lite_rule" "sglr1" {
egress = ["ACCEPT#0.0.0.0/0#ALL#ALL"]
ingress = ["ACCEPT#0.0.0.0/0#80,443#TCP", "DROP#0.0.0.0/0#ALL#ALL"]
security_group_id = tencentcloud_security_group.sg1.id
}
output "clb_vip" {
value = tencentcloud_clb_instance.example.clb_vips[0]
}
terraform.yaml
apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
name: tf-example
namespace: flux-system
spec:
interval: 1m
approvePlan: "auto"
destroyResourcesOnDeletion: true
path: ./infrastructure
sourceRef:
kind: GitRepository
name: gitrepo
namespace: flux-system
varsFrom:
- kind: Secret
name: tf-secret
writeOutputsToSecret:
name: tf-output
---
apiVersion: v1
kind: Secret
metadata:
name: tf-secret
namespace: flux-system
type: Opaque
data:
secret_id: xxx
secret_key: xxx
region: xxx
- writeOutputsToSecret 输出相关信息至 secret 便于其他资源引用
- varsFrom 敏感信息通过该方式在 terraform 中引用
Helm Controller
The Helm Controller is a Kubernetes operator, allowing one to declaratively manage Helm chart releases with Kubernetes manifests.
helm.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: example
namespace: flux-system
spec:
interval: 1m
targetNamespace: blazehu
releaseName: example
chart:
spec:
chart: apps/exmaple
version: ">=0.0.1"
valuesFile: ./apps/exmaple/values.yaml
interval: 1m
sourceRef:
kind: GitRepository
name: gitrepo
namespace: flux-system
upgrade:
remediation:
remediateLastFailure: true
valuesFrom:
- kind: Secret
name: tf-output
valuesKey: clb_vip
targetPath: clb.serviceVIP
- version: a SemVer range (i.e. >=4.0.0 <5.0.0) to automatically upgrade your releases when a new chart version is available in the release’s referenced HelmRepository.
- charts: The name or path the Helm chart is available at in the SourceRef.
- valuesFile: Alternative list of values files to use as the chart values.
- releaseName: Defaults to a composition of '[TargetNamespace-]Name'.
- targetNamespace: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.
Notification Controller
The Notification Controller is a Kubernetes operator, specialized in handling inbound and outbound events.
notification.yaml
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Alert
metadata:
name: example-alert
namespace: flux-system
spec:
providerRef:
name: generic
eventSeverity: info
eventSources:
- kind: GitRepository
name: gitrepo
namespace: flux-system
- kind: HelmRelease
name: example
namespace: blazehu
---
apiVersion: notification.toolkit.fluxcd.io/v1beta1
kind: Provider
metadata:
name: generic
namespace: flux-system
spec:
type: generic
address: https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK
