En esta sección se mostrará la manera en la que Flux utiliza recursos para integrarse con Helm.
Vídeo de la explicación y la demo completa en este enlace.
- Acceso para administrar un cluster de Kubernetes >=v1.19
- Tener instalado cliente Flux >=0.13.2
export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>Utilice el comando bootstrap para instalar los componentes de flux en el cluster, crear el repositorio en GitHub y mucho más:
flux bootstrap github \
--owner=$GITHUB_USER \
--repository=gitops-flux-series-demo \
--branch=main \
--private=false \
--path=./clusters/demoResultado
► connecting to github.com
✔ repository "https://github.com/sngular/gitops-flux-series-demo" created
► cloning branch "main" from Git repository "https://github.com/sngular/gitops-flux-series-demo.git"
✔ cloned repository
► generating component manifests
✔ generated component manifests
✔ committed sync manifests to "main" ("f20fb16201be4cedc86860139c4c30a7a5569bf3")
► pushing component manifests to "https://github.com/sngular/gitops-flux-series-demo.git"
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► determining if source secret "flux-system/flux-system" exists
► generating source secret
✔ public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC42KfDLo5DDDJU+KcLtT155hVQ3Gtd/IQLO2RRqshtRcnGmNebupSzea9CRi2sEzk+cNStXYpci0DWXY7joRnInMg+K/YwPYQGDfL373UNOi7pW6KqnlPmgxvqKXRHIh2/N4PWm+lG43Iq625xHKF1ITzEHPrdRULKB1uF1qHHOJFDTCJKPJrkZBrBspkJc4O/eKzloEjXuBlFwoWm/YvFo04kk3MRqKGGcOB/euxN5xeHgtq2nIS8m1qdJxHvkSA2zgVw3URYWEX+x5qz2zsM9w7Kj9TghmrquICnGkpF6Q7OcDh1MmX+1mrTjkvW//Nlua2x91y/4LVpsWAJDEHL
✔ configured deploy key "flux-system-main-flux-system-./clusters/demo" for "https://github.com/sngular/gitops-flux-series-demo"
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main" ("53202cc8bd759a3e32e6dcc8e8c9b5968c7112e2")
► pushing sync manifests to "https://github.com/sngular/gitops-flux-series-demo.git"
► applying sync manifests
✔ reconciled sync configuration
◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
✔ Kustomization reconciled successfully
► confirming components are healthy
✔ source-controller: deployment ready
✔ kustomize-controller: deployment ready
✔ helm-controller: deployment ready
✔ notification-controller: deployment ready
✔ all components are healthyComprobar que los componentes han sido instalados:
kubectl get pods --namespace flux-systemResultado
NAME READY STATUS RESTARTS AGE
source-controller-85fb864746-4x4s2 1/1 Running 0 65s
helm-controller-85bfd4959d-lsshl 1/1 Running 0 66s
notification-controller-5c4d48f476-qltpw 1/1 Running 0 65s
kustomize-controller-6977b8cdd4-qq482 1/1 Running 0 66s
{
git clone git@github.com:$GITHUB_USER/gitops-flux-series-demo.git
cd gitops-flux-series-demo
}Puede consultar la información del repositorio de Helm en este enlace.
Crear carpeta sources:
mkdir -p ./clusters/demo/sourcesflux create source helm sngular \
--url=https://sngular.github.io/gitops-helmrepository/ \
--interval=5m \
--namespace=flux-system \
--export > clusters/demo/sources/sngular-helmrepository.yamlResultado
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: sngular
namespace: flux-system
spec:
interval: 5m0s
url: https://sngular.github.io/gitops-helmrepository/
Compruebe la nueva estructura del repositorio:
tree
.
└── clusters
└── demo
├── flux-system
│ ├── gotk-components.yaml
│ ├── gotk-sync.yaml
│ └── kustomization.yaml
└── sources
└── sngular-helmrepository.yaml
4 directories, 4 filesRealice un commit con los cambios al repositorio de código:
{
git add .
git commit -m 'Add Sngular Helm chart repository'
git push origin main
}Sincronizar la información sin esperara al ciclo de reconciliación:
flux reconcile kustomization flux-system --with-sourceComprobar que el estado del objeto HelmRepository en el campo READY sea True:
flux get source helm --all-namespacesResultado
NAMESPACE NAME READY MESSAGE REVISION SUSPENDED
flux-system sngular True Fetched revision: 3f33f697ef0499ad9d54052b1e791c271df1dffd 3f33f697ef0499ad9d54052b1e791c271df1dffd False
En caso de no mostrarse información sobre el objeto HelmRepository utilice el siguiente comando para forzar la sincronización:
flux reconcile source helm sngularResultado
► annotating HelmRepository sngular in flux-system namespace
✔ HelmRepository annotated
◎ waiting for HelmRepository reconciliation
✔ HelmRepository reconciliation completed
✔ fetched revision 2152a065a288c2431275649995b3709e9d3739cb
Crear la carpeta gitops-series para almacenar los manifiestos de despliegue:
mkdir -p ./clusters/demo/gitops-seriesCrear el fichero del namespace:
cat <<EOF > ./clusters/demo/gitops-series/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: gitops-series
EOFCrear el fichero helmrelease a través del comando flux create:
flux create helmrelease echobot \
--interval=1m \
--source=HelmRepository/sngular.flux-system \
--chart=echobot \
--chart-version="0.2.1" \
--namespace=gitops-series \
--export > clusters/demo/gitops-series/echobot-helmrelease.yamlResultado
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: echobot
namespace: gitops-series
spec:
chart:
spec:
chart: echobot
sourceRef:
kind: HelmRepository
name: sngular
namespace: flux-system
version: 0.2.1
interval: 10m0s
Mostrar la estructura de ficheros
tree
.
└── clusters
└── demo
├── flux-system
│ ├── gotk-components.yaml
│ ├── gotk-sync.yaml
│ └── kustomization.yaml
├── gitops-series
│ ├── echobot-helmrelease.yaml
│ └── namespace.yaml
└── sources
└── sngular-helmrepository.yamlAñadir los cambios en el repositorio:
{
git add .
git commit -m 'Add echobot helmrelease file'
git push origin main
}Sincronizar la información sin esperara al ciclo de reconciliación:
flux reconcile source git flux-systemListar los chart registrados por Flux:
flux get sources chart --all-namespacesResultado
NAMESPACE NAME READY MESSAGE REVISION SUSPENDED
flux-system gitops-series-echobot True Fetched revision: 0.2.1 0.2.1 False
Listar los objetos helmreleases desplegados:
flux get helmrelease --all-namespacesResultado
NAMESPACE NAME READY MESSAGE REVISION SUSPENDED
gitops-series echobot True Release reconciliation succeeded 0.2.1 False
Listar los pods del servicio desplegado:
kubectl get pods --namespace gitops-seriesResultado
NAME READY STATUS RESTARTS AGE
echobot-bcfb77fcd-cqnqj 1/1 Running 0 7m42s
Para activar el ciclo de reconciliación del operador de Helm podrá utilizar el siguiente comando:
flux reconcile helmrelease echobot \
--namespace=gitops-seriesResultado
► annotating HelmRelease echobot in gitops-series namespace
✔ HelmRelease annotated
◎ waiting for HelmRelease reconciliation
✔ HelmRelease reconciliation completed
✔ applied revision 0.2.1
Si tiene instalado el binario de Helm en su máquina podrá comproblar que se ha creado un objeto
release:
helm list --namespace gitops-seriesResultado
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
echobot gitops-series 1 2021-06-17 20:37:48.5570711 +0000 UTC deployed echobot-0.2.1 v0.1.3
Para conocer las versiones y parámetros disponibles del chart Echobot consulte este enlace.
Adicionar la sección values para modificar los valores que vienen por defecto en la chart de helm:
cat <<EOF > ./clusters/demo/gitops-series/echobot-helmrelease.yaml
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: echobot
namespace: gitops-series
spec:
chart:
spec:
chart: echobot
sourceRef:
kind: HelmRepository
name: sngular
namespace: flux-system
version: 0.2.1
install: {}
interval: 1m0s
values:
replicaCount: 3
resources:
limits:
cpu: 40m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
EOFAnalizar las diferencias del nuevo fichero:
git diffResultado
--- a/clusters/demo/gitops-series/echobot-helmrelease.yaml
+++ b/clusters/demo/gitops-series/echobot-helmrelease.yaml
@@ -15,4 +15,13 @@ spec:
version: 0.2.1
install: {}
interval: 1m0s
+ values:
+ replicaCount: 3
+ resources:
+ limits:
+ cpu: 40m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
Adicionar los cambios al repositorio de código:
{
git add .
git commit -m 'Increase replicas count'
git push origin main
}Sincronizar los cambios sin esperar el ciclo de reconciliación:
flux reconcile source git flux-systemResultado
► annotating GitRepository flux-system in flux-system namespace
✔ GitRepository annotated
◎ waiting for GitRepository reconciliation
✔ GitRepository reconciliation completed
✔ fetched revision main/fb7e117d2dc8a1a77b3872403a2d1dbba1f31ebc
Sincronizar los valores de helm:
flux reconcile helmrelease echobot \
--namespace=gitops-seriesListar los pods para cuántos aparecen:
kubectl get pods \
--namespace=gitops-seriesPara conocer las versiones y parámetros disponibles del chart Echobot consulte este enlace.
Modificar la versión del chart por una expresión acorde al versionado semántico.
cat <<EOF > ./clusters/demo/gitops-series/echobot-helmrelease.yaml
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: echobot
namespace: gitops-series
spec:
chart:
spec:
chart: echobot
sourceRef:
kind: HelmRepository
name: sngular
namespace: flux-system
version: 0.x.x
install: {}
interval: 1m0s
values:
replicaCount: 3
resources:
limits:
cpu: 40m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
EOFgit diffResultado
--- a/clusters/demo/gitops-series/echobot-helmrelease.yaml
+++ b/clusters/demo/gitops-series/echobot-helmrelease.yaml
@@ -12,7 +12,7 @@ spec:
kind: HelmRepository
name: sngular
namespace: flux-system
- version: 0.2.1
+ version: 0.x.x
interval: 1m0s
Utilice el siguiente comando para ver el momento de la actualización de los objetos de Flux:
watch -n1 "flux get source chart --all-namespaces && echo \
&& flux get helmrelease --all-namespaces && echo \
&& kubectl get pods --namespace gitops-series"Adicionar los cambios al repositorio de código:
{
git add .
git commit -m 'Setup semver for helm chart'
git push origin main
}Sincronizar los cambios sin esperar el ciclo de reconciliación:
flux reconcile source git flux-systemListar los chart para ver última versión registrada:
flux get sources chart --all-namespacesResultado
NAMESPACE NAME READY MESSAGE REVISION SUSPENDED
flux-system gitops-series-echobot True Fetched revision: 0.3.3 0.3.3 False
Listar los objetos helmrelease para ver la versión desplegada:
flux get helmrelease --all-namespacesResultado
NAMESPACE NAME READY MESSAGE REVISION SUSPENDED
gitops-series echobot True Release reconciliation succeeded 0.3.3 False
Flux te permite decidir en qué momento deseas actualizar los Custom Resource Definitions (CRD) de tus despliegues. Será utilizado el chart de Kyverno para este ejemplo.
Adicionar el repositorio de Kyverno
flux create source helm kyverno \
--url=https://kyverno.github.io/kyverno/ \
--interval=5m \
--namespace=flux-system \
--export > clusters/demo/sources/kyverno-helmrepository.yamlResultado
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: kyverno
namespace: flux-system
spec:
interval: 5m0s
url: https://kyverno.github.io/kyverno/
Crear namespace kyverno-system:
mkdir -p ./clusters/demo/kyverno-systemcat <<EOF > ./clusters/demo/kyverno-system/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kyverno-system
EOFCrear el fichero helmrelease del servicio Kyverno:
flux create helmrelease kyverno \
--interval=1m \
--source=HelmRepository/kyverno.flux-system \
--chart=kyverno \
--chart-version="1.4.x" \
--namespace=kyverno-system \
--crds=CreateReplace \
--export > ./clusters/demo/kyverno-system/kyverno-helmrelease.yamlResultado
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kyverno
namespace: kyverno-system
spec:
chart:
spec:
chart: kyverno
sourceRef:
kind: HelmRepository
name: kyverno
namespace: flux-system
version: 1.4.x
install:
crds: Create
interval: 1m0s
upgrade:
crds: CreateReplace
Listar la estructura del repositorio:
tree
.
└── clusters
└── demo
├── flux-system
│ ├── gotk-components.yaml
│ ├── gotk-sync.yaml
│ └── kustomization.yaml
├── gitops-series
│ ├── echobot-helmrelease.yaml
│ └── namespace.yaml
├── kyverno-system
│ ├── kyverno-helmrelease.yaml
│ └── namespace.yaml
└── sources
├── kyverno-helmrepository.yaml
└── sngular-helmrepository.yamlIncluir los ficheros generados en el control de versiones:
{
git add .
git commit -m 'Adicionar los manifiestos de Kyverno'
git push origin main
}Observar la creación de los nuevos objetos adicionados
watch -n1 "flux get source chart --all-namespaces && echo \
&& flux get helmrelease --all-namespaces && echo \
&& kubectl get pods --namespace kyverno-system"Utilice el siguiente comando para desintalar flux del cluster:
flux uninstall --silentCompruebe que el repositorio en GitHub no ha sido eliminado.
Resultado
► deleting components in flux-system namespace
✔ Deployment/flux-system/helm-controller deleted
✔ Deployment/flux-system/kustomize-controller deleted
✔ Deployment/flux-system/notification-controller deleted
✔ Deployment/flux-system/source-controller deleted
✔ Service/flux-system/notification-controller deleted
✔ Service/flux-system/source-controller deleted
✔ Service/flux-system/webhook-receiver deleted
✔ NetworkPolicy/flux-system/allow-egress deleted
✔ NetworkPolicy/flux-system/allow-scraping deleted
✔ NetworkPolicy/flux-system/allow-webhooks deleted
✔ ServiceAccount/flux-system/helm-controller deleted
✔ ServiceAccount/flux-system/kustomize-controller deleted
✔ ServiceAccount/flux-system/notification-controller deleted
✔ ServiceAccount/flux-system/source-controller deleted
✔ ClusterRole/crd-controller-flux-system deleted
✔ ClusterRoleBinding/cluster-reconciler-flux-system deleted
✔ ClusterRoleBinding/crd-controller-flux-system deleted
► deleting toolkit.fluxcd.io finalizers in all namespaces
✔ GitRepository/flux-system/flux-system finalizers deleted
✔ Kustomization/flux-system/flux-system finalizers deleted
► deleting toolkit.fluxcd.io custom resource definitions
✔ CustomResourceDefinition/alerts.notification.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/buckets.source.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/gitrepositories.source.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/helmcharts.source.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/helmreleases.helm.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/helmrepositories.source.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/kustomizations.kustomize.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/providers.notification.toolkit.fluxcd.io deleted
✔ CustomResourceDefinition/receivers.notification.toolkit.fluxcd.io deleted
✔ Namespace/flux-system deleted
✔ uninstall finished