How to install Flux System with Git
Introduction
FluxCD is a popular open-source tool for continuous delivery (CD) in Kubernetes environments. In this tutorial, I will show you how to bootstrap a Flux System for your K8s cluster using Git.
Prerequisites
- A Git repository.
- A running K8s cluster.
- Basic knowledge of Kubernetes.
- Flux CLI installed on your local machine.
Step-by-step Guide
I use a K8s cluster in my Raspberry Pi and my GitHub repository https://github.com/harrytang/k8 for this demo. I also use the SSH key to authenticate with Github. You can also use any other Git service (GitLab, Bitbucket) if they support SSH Key authentication.
-
Clone the repository:
git clone git@github.com:harrytang/k8s.git cd k8s -
Generate SSH key for authentication with Github repository:
ssh-keygen -t ed25519 -C "raspberrypi" -
Add the generated public key to the Github repository as
Deploy Keyswith write access:
-
Run the Flux bootstrap command:
flux bootstrap git \ --components source-controller,kustomize-controller,helm-controller,notification-controller \ --components-extra image-reflector-controller,image-automation-controller \ --url=ssh://git@github.com/harrytang/k8s \ --branch=main \ --private-key-file=./id_ed25519 \ --path=clusters/raspberrypiOr, for signing Flux's commits:
flux bootstrap git \ --components source-controller,kustomize-controller,helm-controller,notification-controller \ --components-extra image-reflector-controller,image-automation-controller \ --url=ssh://git@github.com/harrytang/k8s \ --branch=main \ --private-key-file=./id_ed25519 \ --path=clusters/fusion \ --gpg-key-id=72B2397E541A5D35 \ --gpg-key-ring=./keyring.gpg \ --author-email=it@harrytang.com \ --author-name=mrgitopsRun
gpg --list-secret-keys --keyid-format=longand look for the key ID, e.g.rsa2048/ABCDEF1234567890whereABCDEF1234567890is the key ID.Run
gpg --export-secret-keys > keyring.gpgto export the GPG keyring. -
Delete the SSH/GPG key:
rm id_ed25519 rm id_ed25519.pub rm keyring.gpg
Testing
We will try to deploy the cert-manager to test the FluxCD system.
-
Create the
cert-managernamespace atclusters/raspberrypi/cert-manager/namespace.yaml:apiVersion: v1 kind: Namespace metadata: name: cert-manager -
Create the
HelmRepositoryatclusters/raspberrypi/cert-manager/repository.yaml:apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: name: jetstack namespace: cert-manager spec: interval: 24h url: https://charts.jetstack.io -
Create the
HelmReleaseatclusters/raspberrypi/cert-manager/release.yaml:apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager namespace: cert-manager spec: interval: 24h chart: spec: chart: cert-manager version: '^1.14.4' sourceRef: kind: HelmRepository name: jetstack namespace: cert-manager interval: 24h values: crds: enabled: true -
Create the
Kustomizationatclusters/raspberrypi/cert-manager/kustomization.yaml:apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml - repository.yaml - release.yaml -
Commit all changes and check the pods deployed by FluxCD:
git add . git commit -m "feat: adds cert-manager" git push kubectl get pods -n cert-manager NAME READY STATUS RESTARTS AGE cert-manager-7b9875fbcc-mhd7k 1/1 Running 0 1m cert-manager-cainjector-948d47c6-f9b5r 1/1 Running 0 1m9s cert-manager-webhook-78bd84d46b-hxn8v 1/1 Running 0 1m9s
Conclusion
Congratulation! You have successfully bootstrapped the Flux System for your K8s cluster, marking the beginning of your GitOps journey.
References
If you found this useful, you can buy me a coffee! Thanks for the support!