Kubernetes + Flagger + Flux + Istio

# Install Flux

Create registry secret for accessing Azure Container Registry in flux namespace:

kubectl create namespace flux
kubectl create secret --namespace flux docker-registry docker-config \
  --docker-server="pruzickak8smyexampledev.azurecr.io" \
  --docker-username="${ARM_CLIENT_ID}" \
  --docker-password="${ARM_CLIENT_SECRET}"

Flux Architecture:

Flux Architecture

Create git repository which will be used by Flux in GitHub:

hub create -d "Flux repository for k8s-flagger-istio-flux" -h "https://ruzickap.github.io/k8s-flagger-istio-flux/" ruzickap/k8s-flux-repository

Output:

A git remote named 'origin' already exists and is set to push to 'ssh://git@github.com/ruzickap/k8s-flagger-istio-flux.git'.
https://github.com/ruzickap/k8s-flux-repository

Clone the git repository:

mkdir tmp
if [ ! -n "$(grep "^github.com " ~/.ssh/known_hosts)" ]; then ssh-keyscan github.com >> ~/.ssh/known_hosts 2> /dev/null; fi
git config --global user.email "petr.ruzicka@gmail.com"
git -C tmp clone git@github.com:ruzickap/k8s-flux-repository.git

Output:

Cloning into 'k8s-flux-repository'...
warning: You appear to have cloned an empty repository.

Create initial Flux repository structure and add it into the git repository:

cp -v files/flux-repository/README.md tmp/k8s-flux-repository/
mkdir -v tmp/k8s-flux-repository/{namespaces,releases,workloads}

git -C tmp/k8s-flux-repository add .
git -C tmp/k8s-flux-repository commit -m "Initial commit"
git -C tmp/k8s-flux-repository push -q

Output:

'files/flux-repository/README.md' -> 'tmp/k8s-flux-repository/README.md'
mkdir: created directory 'tmp/k8s-flux-repository/namespaces'
mkdir: created directory 'tmp/k8s-flux-repository/releases'
mkdir: created directory 'tmp/k8s-flux-repository/workloads'
[master (root-commit) 01ec748] Initial commit
 1 file changed, 1 insertion(+)
 create mode 100644 README.md

Add the Flux repository:

helm repo add fluxcd https://charts.fluxcd.io
helm update

Output:

"fluxcd" has been added to your repositories
Command "update" is deprecated, use 'helm repo update'

Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "fluxcd" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete.

Apply the Helm Release CRD:

kubectl apply -f https://raw.githubusercontent.com/fluxcd/flux/helm-0.10.1/deploy-helm/flux-helm-release-crd.yaml

Output:

customresourcedefinition.apiextensions.k8s.io/helmreleases.flux.weave.works created

Install Flux:

helm install --name flux --namespace flux --wait --version 0.14.1 fluxcd/flux \
  --set git.email="petr.ruzicka@gmail.com" \
  --set git.url="git@github.com:ruzickap/k8s-flux-repository" \
  --set git.user="Flux" \
  --set helmOperator.create="true" \
  --set helmOperator.createCRD="false" \
  --set registry.dockercfg.configFileName="/dockercfg/config.json" \
  --set registry.dockercfg.enabled="true" \
  --set registry.dockercfg.secretName="docker-config" \
  --set registry.pollInterval="10s" \
  --set syncGarbageCollection.enabled="true"

Output:

NAME:   flux
LAST DEPLOYED: Thu Aug 29 09:39:10 2019
NAMESPACE: flux
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME              DATA  AGE
flux-kube-config  1     16s

==> v1/Deployment
NAME                READY  UP-TO-DATE  AVAILABLE  AGE
flux                1/1    1           1          16s
flux-helm-operator  1/1    1           1          16s
flux-memcached      1/1    1           1          16s

==> v1/Pod(related)
NAME                                 READY  STATUS   RESTARTS  AGE
flux-bbb76576-8clvg                  1/1    Running  0         16s
flux-helm-operator-6877b9f564-rt5rl  1/1    Running  0         16s
flux-memcached-88db78d9d-vnrl7       1/1    Running  0         16s

==> v1/Secret
NAME             TYPE    DATA  AGE
flux-git-deploy  Opaque  1     16s

==> v1/Service
NAME            TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)    AGE
flux            ClusterIP  100.70.220.201  <none>       3030/TCP   16s
flux-memcached  ClusterIP  100.64.195.153  <none>       11211/TCP  16s

==> v1/ServiceAccount
NAME  SECRETS  AGE
flux  1        16s

==> v1beta1/ClusterRole
NAME  AGE
flux  16s

==> v1beta1/ClusterRoleBinding
NAME  AGE
flux  16s


NOTES:
Get the Git deploy key by either (a) running

  kubectl -n flux logs deployment/flux | grep identity.pub | cut -d '"' -f2

or by (b) installing fluxctl through
https://github.com/weaveworks/flux/blob/master/docs/references/fluxctl.md#installing-fluxctl
and running:

  fluxctl identity

Install fluxctl (opens new window):

if [ ! -x /usr/local/bin/fluxctl ]; then
  sudo curl -L https://github.com/fluxcd/flux/releases/download/1.14.2/fluxctl_linux_amd64 -o /usr/local/bin/fluxctl
  sudo chmod a+x /usr/local/bin/fluxctl
fi

Set the namespace (flux) where flux was installed for running fluxctl:

export FLUX_FORWARD_NAMESPACE="flux"
export FLUX_TIMEOUT="10m0s"

Obtain the ssh public key through fluxctl:

fluxctl identity
if [ -x /usr/bin/chromium-browser ]; then chromium-browser https://github.com/ruzickap/k8s-flux-repository/settings/keys/new & fi

Output:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyGvcJPcFxvsc9SHtJiOt7G6pvNQgmcf+PIIfy6PoEvXK2naXmKw68+dtKeIoMzvp63QxoNB+B6qamMbkWqaVCjS4glAXKmf68k/eCazcPNZaQRmL/YUmgmyZ8AF02fDmM/RQMz/2hUtUE6UYs/T5vYUdDwYb09nOmVMgclY6jbmQ4b0OgG18p6RnNYtJ4wysC6+wEoy5xVljKWRE03UxD3pJbVdk5KPcJ/mnX44tUwU/oE/Ezz7LaMjVXnXns8zKu3LOAIeolcCFVJUbUMQhOuvwrXp+Sag1VV3OG4Uy6P3/0wIajEumzHO4GvpAEJ1F1Ny4b692wP/TdUX/WWAIr

Add the ssh key to the GitHub "https://github.com/ruzickap/k8s-flux-repository (opens new window)" -> "Settings" -> "Deploy keys" -> "Add new" -> "Allow write access"

Flux logo

Install Tekton and build pipelines