Skip to content

Instantly share code, notes, and snippets.

@jkinred

jkinred/bootstrap_flux.md

Created July 18, 2018 10:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jkinred/b6d1f1c5dd4a6d595dfa031ff669fba0 to your computer and use it in GitHub Desktop.
Save jkinred/b6d1f1c5dd4a6d595dfa031ff669fba0 to your computer and use it in GitHub Desktop.
Download ZIP
Bootstrap Flux into a K8s cluster
Raw
bootstrap_flux.md

Bootstrap flux into a cluster

These instructions assume a working cluster with the Helm Tiller already installed.

GIT_REPO=git@github.org:jkinred/flux-example
helm install \
    --name flux \
    --set helmOperator.create=true \
    --set git.url=$GIT_REPO \
    --set git.chartsPath=charts \
    --namespace flux \
    weaveworks/flux

Get the SSH public key which the installation has generated:

export POD_NAME=$(kubectl get pods --namespace flux -l "app=flux,release=flux" -o jsonpath="{.items[0].metadata.name}")
kubectl -n flux logs $POD_NAME | grep identity.pub

Add the key to the repository configured in the helm install command by going to the repository referenced above in GitHub and adding it under Settings -> Deploy key.

Trust a private Git repository

When using a private git repo further config is required, this hasn't hit the main doco yet: https://github.com/weaveworks/flux/pull/1112/commits/1a399296bb4c63c5f2121e5f2f5f8d3778b072a7

The flux and flux-helm-operator containers are primed with popular repository SSH public keys, private repositories need to be manually trusted.

ssh-keyscan github.company.org > /tmp/known_hosts
kubectl -n flux create configmap flux-known-hosts --from-file=/tmp/known_hosts

Now, edit the flux and flux-helm-operator Deployment's:

kubectl -n flux edit deployment flux
kubectl -n flux edit deployment flux-helm-operator

Use this as a guide and adapt it to each deployment:

--- flux-deploy.yaml.orig	2018-06-17 15:51:10.367137046 +1000
+++ flux-deploy.yaml.new	2018-06-17 15:54:30.379268906 +1000
@@ -63,6 +63,9 @@
        readOnly: true
        - mountPath: /var/fluxd/keygen
        name: git-keygen
+        - mountPath: /root/.ssh/known_hosts
+          name: known-hosts
+          subPath: known_hosts
    dnsPolicy: ClusterFirst
    restartPolicy: Always
    schedulerName: default-scheduler
@@ -78,6 +81,10 @@
    - emptyDir:
        medium: Memory
        name: git-keygen
+      - configMap:
+          name: flux-known-hosts
+        name: known-hosts

Profit!

Depending on how complete the Flux repository is, you can watch the cluster build itself by watching the logs:

export POD_NAME=$(kubectl get pods --namespace flux -l "app=flux,release=flux" -o jsonpath="{.items[0].metadata.name}")
kubectl -n flux logs $POD_NAME --follow

You might also want to watch the flux-helm-operator logs.

It might take a few iterations to get there as dependencies come up. It's declarative so it should eventually become consistent.

Extra notes

If running a later version of the flux-helm-operator then the Git URL format has changed, you will have to use something like: ssh://git@github.org/jkinred/flux-example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment