- Create a personal access token
- Create the Flux repository
- Create the Kubernetes manifest repository
- Configure Flux to sync your manifests
- Verify your configuration
Tutorial: Set up Flux for GitOps
This tutorial teaches you how to set up Flux for GitOps. You’ll set up a sample project, complete a bootstrap Flux installation, and authenticate your installation with a project deploy token.
You can find the fully configured tutorial project in this GitLab repository. It works in conjunction with this repository, which contains the example Kubernetes manifests.
To set up Flux for GitOps:
- Create a personal access token
- Create the Flux repository
- Create the Kubernetes manifest repository
- Configure Flux to sync your manifests
- Verify your configuration
Prerequisites:
- You must have a Kubernetes cluster running.
Create a personal access token
To authenticate with the Flux CLI, you must create a personal access token
with the api
scope:
- In the upper-right corner, select your avatar.
- Select Edit profile.
- On the left sidebar, select Access Tokens.
- Enter a name and optional expiry date for the token.
- Select the
api
scope. - Select Create personal access token.
You can also use a project or group access token with the api
scope.
Create the Flux repository
Create a Git repository, install Flux, and authenticate Flux with your repo:
- Make sure your
kubectl
is configured to access your cluster. - Install the Flux CLI. You must install Flux v2 or higher.
- In GitLab, create a new empty project called
flux-config
. - From your shell, export a
GITLAB_TOKEN
environment variable with the value of your personal access token. For example,export GITLAB_TOKEN=<personal-access-token>
. -
Run the
bootstrap
command. The exact command depends on whether you are creating the Flux repository under a GitLab user, group, or subgroup. For more information, see the Flux bootstrap documentation.In this tutorial, you’re working with a public project in a subgroup. The bootstrap command looks like this:
flux bootstrap gitlab \ --owner=gitlab-org/configure/examples/flux \ --repository=flux-config \ --branch=main \ --path=clusters/my-cluster \ --deploy-token-auth
This command installs Flux on the Kubernetes cluster and configures it to manage itself from the repository
flux-config
. The command also automatically creates the project deploy token required to access theflux-config
repository.
Great work! You now have a repository bootstrapped with a Flux configuration. Any updates to your repository are automatically synced to the cluster.
Create the Kubernetes manifest repository
Next, create a repository for your Kubernetes manifests:
- In GitLab, create a new repository called
web-app-manifests
. -
Add a file to
web-app-manifests
namednginx-deployment.yaml
with the following contents:apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80
- In the new repository, create a deploy token with only the
read_repository
scope. - Store your deploy token username and password somewhere safe.
-
In Flux CLI, create a secret with your deploy token and point the secret to the new repository. For example:
flux create secret git flux-deploy-authentication \ --url=https://gitlab.com/gitlab-org/configure/examples/flux/web-app-manifests \ --namespace=default \ --username=<token-user-name> \ --password=<token-password>
-
To check if your secret was generated successfully, run:
kubectl -n default get secrets flux-deploy-authentication -o yaml
Under
data
, you should see base64-encoded values associated with your token username and password.
Congratulations! You now have a manifest repository, a deploy token, and a secret generated directly on your cluster.
Configure Flux to sync your manifests
Next, tell flux-config
to sync with the web-app-manifests
repository.
To do so, create a GitRepository
resource:
- Clone the
flux-config
repo to your machine. -
In your local clone of
flux-config
, add theGitRepository
fileclusters/my-cluster/web-app-manifests-source.yaml
:--- apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: name: web-app-manifests namespace: default spec: interval: 1m0s ref: branch: main secretRef: name: flux-deploy-authentication url: https://gitlab.com/gitlab-org/configure/examples/flux/web-app-manifests
This file uses
secretRef
to refer back to the deploy token secret you created in the last step. -
In your local clone of
flux-config
, add theGitRepository
fileclusters/my-cluster/web-app-manifests-kustomization.yaml
:--- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: nginx-source-kustomization namespace: default spec: interval: 1m0s path: ./ prune: true sourceRef: kind: GitRepository name: web-app-manifests namespace: default targetNamespace: default
This file adds a
Kustomization
resource that tells Flux to sync the manifests fromweb-app-manifests
withkustomize
. - Commit the new files and push.
Verify your configuration
You should see a newly created nginx-deployment
pod in your cluster.
To check whether the nginx-deployment
pod is running in the default namespace, run the following:
kubectl -n default get pods -n default
If you want to see the deployment sync again, try updating the number of replicas in the
nginx-deployment.yaml
file and push to your main
branch. If all is working well, it
should sync to the cluster.
Excellent work! You’ve successfully set up a complete Flux project.