Table of Contents
Share this article:
In today’s rapidly evolving software industry, technologies like Kubernetes have enabled teams to execute lightning-fast deployments to critical environments. Maintaining this increased velocity of deployments and ensuring stability, requires a robust set of practices. To manage the pace and stability of production environments, we can rely on the GitOps framework. In this blog, we will be looking at FluxCD, a tool that helps us to execute GitOps-based deployments. We will understand how FluxCD works, what capabilities it offers, and how to quickly set up FluxCD and execute GitOps-based deployments.
What is GitOps?
GitOps is a framework that extends the capability of version control (Git) beyond just managing application code. It leverages Git to manage the infrastructure, application configurations, deployment specifications, and the desired state of the application in a centralized hub. The GitOps framework treats the Git repository as a single source of truth, where the developers define the desired state of their applications and infrastructure, similar to their application code. Whatever changes the developers will be pushing to the specified Git repository, the automated process applies them to the specific applications/services to match the actual state with the desired state. Adopting the GitOps framework for your deployments can offer certain benefits like:
- Increased developers productivity
- Reduced Mean Time to Repair (MTTR)
- Reduced time to market
- Auditing for each deployment
- Maintaining Audit Logs
To facilitate GitOps for your Kubernetes environments, tools like Flux CD and Argo CD add great value. These tools provide functionality like auto reconciliation, and declarative setups, and also support deployments to multiple environments.
GitOps flow for Kubernetes
What is FluxCD?
Flux CD is a GitOps-enabled Continuous Delivery (CD) tool that keeps the Kubernetes clusters in sync with sources of truth (Git repositories and OCI artifacts). It automates the updates of the current state of applications accordingly when the desired state of applications is changed at Git repositories.
To sync with our version controls (Git repositories) Flux CD deploys a controller into our Kubernetes cluster which continuously observes the changes from source repositories. Once the new changes are committed at the source repository, the Flux CD controller syncs and applies the newly updated manifests to the application.
FluxCD GitOps Toolkit
Flux CD is constructed with the GitOps toolkit, a set of modular controllers and tools for executing a continuous delivery (CD) on a Kubernetes cluster. Let’s take a detailed look at the GitOps toolkit i.e. Architecture of FluxCD, and understand how the FluxCD facilities GitOps for Kubernetes.
Let’s get a deeper understanding of the GitOps toolkit and study each controller and how it works.
The major controllers from the Flux CD GitOps toolkit are:
Source Controller
The source controller of the GitOps toolkit is responsible for providing a unified interface for collecting artifacts from multiple sources. The source controller APIs provide a Kubernetes object to us where we can interact with them to offload the artifact repositories to dedicated controllers.
Features of Source Controller
- Validation of the artifact sources
- Authentication with sources
- Detect the source change
- Make the artifacts available for other resources
- Packing resources into tar.gz or Yaml formats
To understand more about Source Controller, look into the FluxCD documentation.
Kustomize Controller
The Kustomize Controller of the GitOps toolkit is an operator, that helps us to set CD pipelines for Kubernetes workloads defined in the Kustomize.
Features of Kustomize Controller
- The Kustomize controller keeps reconciling the state of the Kubernetes cluster with the provided source of truth.
- If the Kubernetes manifests are provided in plain YAML, it converts them to Kustomize manifests before applying them to Kubernetes.
- Performs the Health check for deployed workloads.
To understand more about Kustomize Controller, look into the FluxCD documentation.
Helm Controller
The Helm Controller of the GitOps toolkit is an operator, that helps us to manage the deployments through Helm on Kubernetes clusters. As the desired state of Kubernetes workloads is defined at Helm charts and managed by HelmRelease, a Kubernetes CRD Release is required in our Kubernetes cluster. If there are any mutations in Helm charts, reconciliation gets handled by the Helm Controller.
Features of Helm Controller
- The Helm Controller observes the HelmRelease object and for deployment generates the HelmChart objects.
- Keep watching for the changes at HelmChart.
- The Helm Controller performs automated Helm actions, like rollbacks and uninstalls.
To understand more about Helm Controller, look into the FluxCD documentation.
Notification Controller
The notification controller from the GitOps toolkit facilitates inbound and outbound events. The Notification Controller handles the events from GitHub, Gitlab, and Jenkins and notifies the other GitOps toolkit controllers about the changes. Similarly, it also carries the events from GitOps toolkit controllers and dispatches them to external entities like Discord, Slack, and Teams.
FluxCD vs ArgoCD
After understanding GitOps principles and what FluxCD is, you may wonder about alternative tools for implementing GitOps in Kubernetes environments. One prominent option is ArgoCD, which offers a rich graphical interface for teams that prioritize visual controls over deployments. In contrast, FluxCD takes a lightweight and native Kubernetes approach with integration with tools like Helm Controller and Kustomize Controller, and a pull-based, source-controlled architecture that improves the security. Both ArgoCD and FluxCD support advanced deployment strategies, multi-cluster management, and major GitOps features.
To gain a deeper understanding of the differences between these two GitOps tools, refer to this detailed comparison blog that examines the unique features and tradeoffs of ArgoCD and FluxCD.
Flux CD Features and Capabilities
Flux CD as a GitOps tool provides us with some exceptional features and capabilities, by integrating Flux CD we can harness the powerful capabilities to make our CD pipelines robust.
GitOps Workflow
Flux CD implements GitOps best practices for managing continuous delivery (CD) on Kubernetes. It allows developers to define the desired state of their applications, configurations, and infrastructure in Git. The use of version controls helps developers to keep an audit of overtime changes in configuration, facilitates quick rollbacks, and reduces the chances of service disruptions as Git is the only source of truth.
Automated Deployments to Kubernetes
Flux CD automates the process of Continuous Delivery (CD) of software, it reduces the manual process of making changes to configurations and infrastructure. Flux CD agent continuously keeps looking for any change at the specified Git repository, if any change is noticed it syncs the current state of the Kubernetes cluster with the desired state at Git.
Secured
Flux CD is built with security considerations in mind, it allows us to set the least privileged access control, pull-based operations, and integration with multiple security tools from the CNCF landscape. These features combined help us to maintain the security posture of CD pipelines.
Advance Deployments Strategies
While deploying newer versions of applications we always want to ensure that the newer version does not interrupt the user experience or give any downtime. To ensure smooth deployments advanced deployment strategies like Canary, and Blue-Green deployments are used. To facilitate these deployment strategies Flux CD joins hands with Flagger and both of these tools help us to execute smooth deployments.
Multiple External Tools can be Integrated
Flux CD seamlessly integrates with numerous external Kubernetes tools, streamlining cluster management. It supports essential tools like Kustomize, Helm, GitHub, GitLab, and Harbor, as well as policy engines such as OPA and Kyverno. This extensive compatibility offers users flexibility and enables smooth operations across diverse Kubernetes ecosystems.
Now that we already know what is Flux CD and what features it offers, let’s do some hands-on. In the further section, we will be looking at how to install Flux CD, and how to deploy applications to Kubernetes using FluxCD.
Quick Installation Guide for FluxCD
To install FluxCD, we need to spin a Kubernetes cluster, which should be version 1.28 or newer. For this blog, we will use a Microk8s cluster.
Also, create a GitHub account, fork the repo flux2-kustomize-helm-example and generate a GitHub access token to access the repository.
Step 1: FluxCD Installation
To install the FluxCD CLI execute the following commands.
Precompiled binaries using a Bash script:
curl -s https://fluxcd.io/install.sh | sudo bash
For macOS or Linux using Homebrew:
brew install fluxcd/tap/flux
Export the following GitHub credentials and repository.
export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>
export GITHUB_REPO=<repository-name>
Step 2: Deploying Application to Kubernetes Cluster using FluxCD
The manifests of the application we have to deploy need to be in the Git repository that we provided in the above steps. For this blog, we are using a sample repository that contains some applications, to understand the structure of the repository and application you can navigate to the flux2-kustomize-helm-example GitHub repository.
Let’s deploy FluxCD applications, and execute the following command it will deploy applications from our specified GitHub repository to the Kubernetes cluster.
flux bootstrap github \
–owner=${GITHUB_USER} \
–repository=${GITHUB_REPO} \
–branch=main \
–personal \
–path=clusters/staging
To visualize the helm releases getting installed to staging, run the following command.
watch flux get helmreleases –all-namespaces
Once we deploy the application through FluxCD, we can run kubectl commands to check the status of application resources.
Simply run kubectl get pods -n podinfo
Step 4: GitOps Approach
As we know FluxCD is a GitOps tool, it should keep reconciling our specified GitHub repository which contains our applications. To check the reconciliation we can look at the FluxCD events.
Run flux events , this command will list all the FluxCD events.
On executing the flux events we can see the reconciliation status and next reconciliation time. Now FluxCD will be treating the GitHub repository as a single source of truth and whenever there are updates in a specified repository FluxCD will apply them to our Kubernetes cluster.
Pros and Cons of FluxCD
There are a few advantages and disadvantages of FluxCD. Let’s take a look at some of those.
Pros of FluxCD
GitOps-native
Implements the GitOps best practices for our continuous delivery, strengthening the security and increasing the operational efficiency of teams. The GitOps approach also provides stability for critical environments like productions by treating Git as a single source of truth.
Multi-cluster support
Flux CD can manage Kubernetes deployments to multiple Kubernetes clusters, we can implement Flux CD deployments in two ways i.e. a Standalone mode and a Hub Spoke Model. To know how to implement these deployment models you can refer to this blog.
Extensibility
Flux CD can be integrated with multiple external tools like we can Integrate Flux CD with Flagger to adopt the advanced deployment strategies.
Automated reconciliation
Flux CD continuously reconciles the specified Git repository, as any newer change is recognized at the Git repository, the Flux CD applies the updated Kubernetes manifest and gets sync-in with the Git repository.
Security-focused
Flux CD is built with security security-first approach, it uses the Kubernetes RBAC, and secrets encryption helps us to restrict unauthorized access making some changes and resulting in disruptions and downtimes.
Cons of FluxCD
No UI
Flux CD comes as a CLI tool, it does not have its own native User Interface (UI) to operate on. The CLI makes things complex and difficult to manage for teams, as teams do not get a clear understanding and visibility of their applications and deployments.
Learning curve
As Flux CD does not have its own UI, for teams new to CLI tools and the GitOps approach there is a learning curve they have to overcome.
Flux CD Need UI
Despite its power as a GitOps tool, FluxCD has limitations in providing visibility and ease of management for Kubernetes deployments through UI. The absence of UI for gaining operational visibility hampers users when they need quick insights into application status and deployments. As a CLI-centric tool, FluxCD faces common operational challenges like:
- Limited visibility
- Increased potential for user errors
- learning curve for new users
- Reduced operational efficiency
These challenges can impact the overall effectiveness of GitOps workflows, particularly at scale and in complex environments.
To overcome these challenges a UI where we can gain visibility for all applications and their deployments and ability to operate over these applications can be helpful.
Kubernetes Dashboard by Devtron: A User Interface for Your Flux CD Applications
Devtron, an Open-Source Kubernetes dashboard for managing applications over Kubernetes, offers a unified dashboard for Flux CD applications. The Kubernetes dashboard by Devtron provides complete visibility for Flux CD applications deployed across multiple Kubernetes clusters at one single pane of glass. For each application deployed using Flux CD, Devtron’s Kubernetes dashboard provides:
Multi-Cluster Visibility
The Kubernetes dashboard of Devtron provides comprehensive visibility for all Flux CD applications deployed across multiple Kubernetes clusters. Which helps teams to navigate and operate over the application quickly and without the tedious process of struggling with CLI.
Application Status
The Kubernetes dashboard of Devtron provides the current status of the Flux CD application, it helps teams when it’s time to take a quick look at the application’s health.
Grouping of Kubernetes Resources
All resources deployed with the Kubernetes application i.e. Deployment, Pod, Service, RBAC, and CRDs are logically grouped. This logical separation simplifies operations for teams by presenting a clear application hierarchy, eliminating the need to navigate through numerous Kubernetes resources.
Ease in troubleshooting
Devtron’s Kubernetes dashboard provides some advanced capabilities like tracing the logs, terminal support for troubleshooting, tracing application events, and the capability to visualize and edit live application manifest.
Conclusion
In this blog, we have discussed a GitOps tool i.e. FluxCD, which implements the best practices of GitOps for the continuous delivery process on Kubernetes clusters. FluxCD as a GitOps tool offers features like automated deployments, audit logs for deployments, multi-cluster deployment support, security-focused design, and flexibility to integrate external tools. We have also talked about some of the pros and cons of FluxCD, where one highlighted limitation is the absence of native UI to take action. To bridge this gap, we introduced the Kubernetes Dashboard by Devtron as a complementary solution. This dashboard provides a user-friendly interface for FluxCD applications, offering multi-cluster visibility, application status monitoring, logical resource grouping, and advanced troubleshooting capabilities. By combining FluxCD’s robust GitOps functionality with Devtron’s intuitive UI, teams can achieve a more efficient, visible, and manageable Kubernetes deployment process, ultimately streamlining operations.