Flux

Flux can be used as the GitOps agent for Kratix. This guide will show you how to install Flux to sync Kubernetes resources from your state store to your cluster.

Installing Flux

If you have already installed Flux you can skip this section.

For the most up to date information on installing Flux, see the Flux documentation. The simplest method of installaton is to use the latest FluxCD release manifest from the Flux repo on GitHub:

kubectl --context $WORKER apply -f https://github.com/fluxcd/flux2/releases/latest/download/install.yaml

If you wish to install a different way (e.g. Helm or CLI), or want to install a specific version, follow the instructions in the Flux documentation.

Make sure that flux is ready before proceeding:

$ kubectl --context $WORKER get pods --namespace flux-system
NAME                                       READY   STATUS    RESTARTS   AGE
helm-controller-5f7457c9dd-s5qzt           1/1     Running   0          18s
kustomize-controller-5f58d55f76-hwm5w      1/1     Running   0          19s
notification-controller-685bdc466d-5xmk8   1/1     Running   0          16s
source-controller-86b8b57796-t6xgg         1/1     Running   0          20s

Configuring Flux

Configuring access to the State Store

In order for FluxCD to be able to sync resources to your cluster you need to provide FluxCD access to read from your state store. This can be done by creating a Bucket or GitRepository resource depending on the type of state store you are using.

Bucket (on KinD)

Create a flux-statestore.yaml for giving Flux access to the Minio bucket. Below is an example of a Bucket configured to talk to a MinIO instance running locally. For more information on the different configuration and authentication opitions for the Bucket resource, see the FluxCD docs.

---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: Bucket
metadata:
  name: <state store name>
  namespace: flux-system
spec:
  interval: 10s
  provider: generic
  bucketName: kratix
  endpoint: 172.18.0.2:31337
  insecure: true
  secretRef:
name: minio-credentials
---
apiVersion: v1
kind: Secret
metadata:
  name: minio-credentials
  namespace: default
type: Opaque
stringData:
  accesskey: <access key>
  secretkey: <secret key>

Git Repository

Create a flux-statestore.yaml for giving Flux access to the Git Repository. Below is an example of a GitRepository configured to talk to GitHub repo. For more information on the different configuration and authentication opitions for the GitRepository resource, see the FluxCD docs.

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: podinfo
  namespace: default
spec:
  interval: 10s
  url: https://github.com/syntasso/worker-destination
  ref:
branch: main
  secretRef:
    name: git-credentials
---
apiVersion: v1
kind: Secret
metadata:
name: ssh-credentials
type: Opaque
stringData:
identity: |
  -----BEGIN OPENSSH PRIVATE KEY-----
  ...
  -----END OPENSSH PRIVATE KEY-----
known_hosts: |
  github.com ecdsa-sha2-nistp256 AAAA...

Install the flux-statestore.yaml resources to the worker cluster:

kubectl apply --context $WORKER -f flux-statestore.yaml

Configuring Flux to deploy resources from the State Store

Now that Flux is configured to read from the state store, you need to configure Flux to read the resources from the state store and apply them to the cluster. This is done by creating a Kustomization resources. Kratix creates two, one for the dependencies (documents from the Promise Dependencies or Promise Configure Workflow) and one for the resources (documents from the Resource Configure Workflow).

Create a kustomization.yaml file with the following content, substituting the values for the sourceRef depending on which type of state store you are using.

The path field should point to the directory in the state store where the resources/dependencies are getting written to. By default this is the ./<destination-name>/resources and ./<destination-name>/dependencies directories. If you are configuring more advanced setups, you may need to change this path, see Destination documentation for more information.

---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: kratix-workload-resources
  namespace: <Same namespace as the Bucket/GitRepository>
spec:
  interval: 3s
  prune: true
  dependsOn:
    - name: kratix-workload-dependencies
  sourceRef:
    kind: <Bucket or GitRepository>
    name: <Name of Bucket/GitRepository>
  path: ./<path in state store to destination>/resources
  validation: client
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: kratix-workload-dependencies
  namespace: <Same namespace as the Bucket/GitRepository>
spec:
  interval: 8s
  prune: true
  sourceRef:
    kind: <Bucket or GitRepository>
    name: <Name of Bucket/GitRepository>
  path: ./<path in state store to destination>/dependencies
  validation: client

Once filled in with the correct values, apply the resource to the worker cluster:

kubectl apply --context $WORKER -f kustomization.yaml

To check that Flux is correctly syncing resources from the state store to the cluster you can check the health of the Kustomization resources:

kubectl --context $WORKER get kustomizations -A -w

You should see the kratix-workload-resources and kratix-workload-dependencies resources eventually get in the Ready state.

NAMESPACE     NAME                           AGE   READY   STATUS
flux-system   kratix-platform-dependencies   23s   True    Applied revision: sha256:9610eac643b6cadfd7bce31eb26abea051ae02c5f81b52de1d9d2a8458c3e0b8
flux-system   kratix-platform-resources      23s   True    Applied revision: sha256:9610eac643b6cadfd7bce31eb26abea051ae02c5f81b52de1d9d2a8458c3e0b8