• Create a personal access token
• Create the Flux repository
• Create the Kubernetes manifest repository
• Configure Flux to sync your manifests
• Verify your configuration

Tutorial: Set up Flux for GitOps

This tutorial teaches you how to set up Flux for GitOps. You’ll set up a sample project, complete a bootstrap Flux installation, and authenticate your installation with a project deploy token.

You can find the fully configured tutorial project in this GitLab repository. It works in conjunction with this repository, which contains the example Kubernetes manifests.

To set up Flux for GitOps:

1. Create a personal access token
2. Create the Flux repository
3. Create the Kubernetes manifest repository
4. Configure Flux to sync your manifests
5. Verify your configuration

Prerequisites:

• You must have a Kubernetes cluster running.

Create a personal access token

To authenticate with the Flux CLI, you must create a personal access token with the api scope:

1. In the upper-right corner, select your avatar.
2. Select Edit profile.
3. On the left sidebar, select Access Tokens.
4. Enter a name and optional expiry date for the token.
5. Select the api scope.
6. Select Create personal access token.

You can also use a project or group access token with the api scope.

Create the Flux repository

Create a Git repository, install Flux, and authenticate Flux with your repo:

1. Make sure your kubectl is configured to access your cluster.
2. Install the Flux CLI. You must install Flux v2 or higher.
3. In GitLab, create a new empty project called flux-config.
4. From your shell, export a GITLAB_TOKEN environment variable with the value of your personal access token. For example, export GITLAB_TOKEN=<personal-access-token>.

5. Run the bootstrap command. The exact command depends on whether you are creating the Flux repository under a GitLab user, group, or subgroup. For more information, see the Flux bootstrap documentation.

   In this tutorial, you’re working with a public project in a subgroup. The bootstrap command looks like this:

   flux bootstrap gitlab \
     --owner=gitlab-org/configure/examples/flux \
     --repository=flux-config \
     --branch=main \
     --path=clusters/my-cluster
     --deploy-token-auth
   

   This command installs Flux on the Kubernetes cluster and configures it to manage itself from the repository flux-config. The command also automatically creates the project deploy token required to access the flux-config repository.

Great work! You now have a repository bootstrapped with a Flux configuration. Any updates to your repository are automatically synced to the cluster.

Create the Kubernetes manifest repository

Next, create a repository for your Kubernetes manifests:

1. In GitLab, create a new repository called web-app-manifests.

2. Add a file to web-app-manifests named nginx-deployment.yaml with the following contents:

   apiVersion: apps/v1
   
   kind: Deployment
   
   metadata:
     name: nginx-deployment
     labels:
       app: nginx
   spec:
     replicas: 3
     selector:
       matchLabels:
         app: nginx
     template:
       metadata:
         labels:
           app: nginx
       spec:
         containers:
         - name: nginx
           image: nginx:1.14.2
           ports:
           - containerPort: 80
   

3. In the new repository, create a deploy token with only the read_repository scope.
4. Store your deploy token username and password somewhere safe.

5. In Flux CLI, create a secret with your deploy token and point the secret to the new repository. For example:

   flux create secret git flux-deploy-authentication \
            --url=https://gitlab.com/gitlab-org/configure/examples/flux/web-app-manifests \
            --namespace=default \
            --username=<token-user-name> \
            --password=<token-password>
   

6. To check if your secret was generated successfully, run:

   kubectl -n default get secrets flux-deploy-authentication -o yaml
   

   Under data, you should see base64-encoded values associated with your token username and password.

Congratulations! You now have a manifest repository, a deploy token, and a secret generated directly on your cluster.

Configure Flux to sync your manifests

Next, tell flux-config to sync with the web-app-manifests repository.

To do so, create a GitRepository resource:

1. Clone the flux-config repo to your machine.

2. In your local clone of flux-config, add the GitRepository file clusters/my-cluster/web-app-manifests-source.yaml:

   ---
   apiVersion: source.toolkit.fluxcd.io/v1beta2
   kind: GitRepository
   metadata:
     name: web-app-manifests
     namespace: default
   spec:
     interval: 1m0s
     ref:
       branch: main
     secretRef:
       name: flux-deploy-authentication
     url: https://gitlab.com/gitlab-org/configure/examples/flux/web-app-manifests
   

   This file uses secretRef to refer back to the deploy token secret you created in the last step.

3. In your local clone of flux-config, add the GitRepository file clusters/my-cluster/web-app-manifests-kustomization.yaml:

   ---
   apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
   kind: Kustomization
   metadata:
     name: nginx-source-kustomization
     namespace: default
   spec:
     interval: 1m0s
     path: ./
     prune: true
     sourceRef:
       kind: GitRepository
       name: web-app-manifests
       namespace: default
     targetNamespace: default
   

   This file adds a Kustomization resource that tells Flux to sync the manifests from web-app-manifests with kustomize.

4. Commit the new files and push.

Verify your configuration

You should see a newly created nginx-deployment pod in your cluster.

To check whether the nginx-deployment pod is running in the default namespace, run the following:

kubectl -n default get pods -n default

If you want to see the deployment sync again, try updating the number of replicas in the nginx-deployment.yaml file and push to your main branch. If all is working well, it should sync to the cluster.

Excellent work! You’ve successfully set up a complete Flux project.