Hands-on GitOps Patterns for Helm Users
0 likes223 views
This document provides an overview of a presentation on hands-on GitOps patterns for Helm users. Some key points: - The presentation will cover why Helm patterns are useful for Flux and how Flux and Helm work better together. - It will demonstrate moving Helm releases from CI to Flux continuous delivery, including common use cases, features, and pitfalls to avoid. - There will be a live demo of an example using infrastructure and application definitions colocated in Git. - The presentation aims to provide a good starting point for adopting GitOps with Flux and Helm. It will explain how Flux controllers automatically reconcile source definitions with cluster state.
Hands-on GitOps Patterns for Helm Users
- 1. Hands-on GitOps Patterns for Helm Users Scott Rigby, Developer Experience Engineer, Weaveworks Stacey Potter, Community Manager, Weaveworks
- 2. GitOpsDays.com June 9-10, 2021 CFP is OPEN Submit your gitops related talk today! (CFP ends April 18 @ 11:59pm PT)
- 5. 👋 Hello GitOps and Flux Users! 👋 Flux users! 😻 Sneak peek to the power of Flux (v2)! New users! ⚡ The Power of GitOps with Flux!
- 6. 👋 Get Connected 💬 1. Check out the Flux docs at: https://toolkit.fluxcd.io/get-started/ 2. GitHub Discussions Q&A: https://github.com/fluxcd/flux2/discussi ons/categories/q-a 3. CNCF Slack #Flux channel
- 7. Weaveworks is founded on open source ● Flux (& GitOps Toolkit) (CNCF Incubating): GitOps for k8s ● Flagger (CNCF): Declarative Progressive Delivery for Service Meshes ● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with Prometheus ● Weave Ignite: VMs with container UX & built-in GitOps management ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) weave.works
- 8. Hands-on GitOps Patterns for Helm Users Speakers Help/Support Duration 30-45 Minutes Scott Rigby DX Engineer Weaveworks Stacey Potter Community Mgr Weaveworks Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app.
- 9. ● GitOps is an app dev and operations methodology ● GitOps is a methodology, not a specific tool or technology. ● GitOps applies to everything and brings business value. What is GitOps? … and why do I want it?
- 10. GitOps leverages: ● an entire system that is described declaratively ● code that is version controlled and ● software agents that reconcile and ensure correctness (along with alerts, etc). 4 Principles of GitOps
- 11. demo
- 12. We’ll be Covering ● Why Helm Patterns for Flux? ○ Helm Scope ○ Flux Helm Controller scope ○ Flux ❤ Helm, Better Together ● Moving Helm Releases from CI to Flux CD ○ Common Use Cases & Helpful Features ○ Common Pitfalls ○ How Flux Source & Helm Controllers Work ○ Kustomize Controller Syncs Plain YAML? 😮 ● Demo Time ○ Example: Infra & App Defs Colocated ● Wrap up: What We Covered ○ <no spoilers!> ● Thanks & Props ○ To all the people for all the things 🤜🤛 🦄 ✊ 💖 🤩 ● Q&A Time
- 13. Why Helm Patterns for Flux?
- 14. ✅ In Scope ● Supports CLI and SDK (which Flux uses) ● Packaging ● Configuration ● Imperative app delivery ● Versioning and rollbacks ● etc… 🚫 Out of Scope ● Manage or structure multiple environments. You must use other tools for this (e.g., Helmfile, bash/Makefile) ● Control loop, or retry logic ● Automated responses (beyond rollback) ● Automated drift detection (imperatively this can be done with helm diff plugin) Helm Scope
- 15. 1. Flux is a pull-first CD system **DIAGRAM** ○ You _can_ also add push webhooks, but unless you're also using the pull model it's missing the major value of Flux 2. Separates CD from CI ○ Often users "continuous delivery" is mixed in with their CI ○ Moves Helm Release to a CD reconciliation loop, rather than imperative event-based job ○ Removes need for a human response to a CI job. Humans are notified when there's a runtime error, you then fix it in Git 3. helm-controller uses the Helm SDK ○ It does not use helm template like many other delivery tools & GitOps solutions ○ Flux HelmRelease supports hooks and post-release `helm test` 4. Flux does still provide feedback ○ The Notification controller notifies you instead of you having to monitor Flux Helm Controller Scope
- 16. Better Together Flux introduces an additional layer of reliability, consistency, observability, and auditability to the benefits of using Helm in CI. ❤
- 17. Moving Helm Releases from CI to Flux CD
- 18. Common Use Cases You can install Flux and helm-controller on an existing cluster with running helm releases, or use new Helm Release configurations to move to new infrastructure. ● In-place lift-and-shift / pivot-to-GitOps ● Migrate on fresh infra You can also mix and match: ● Custom Helm charts ● Shared internal or community Helm charts
- 19. Configuring Flux to Own Existing Releases 1. Refer to any Helm values files already checked into Git ○ Whether applied with some scripting per environment (`ENV-values.yaml`) ○ Helmfile used declaratively 2. Inspect the state of the cluster ○ This is important if you have people modifying helm releases imperatively ○ `helm get values my-release` 3. Then configure the Flux HelmRelease with your Helm values ○ Using HelmRelease Values ○ or ConfigMaps/Secrets referenced by HelmRelease `ValuesFrom`
- 20. Pause/Resume Reconciliation per Release 🚧 ⏸ Flux 2 allows pausing automated reconciliation per Helm Release
- 21. DependsOn Feature 🧠💪 More memory efficient than a large umbrella chart Example: ingress controller and cert-manager installed before applications that rely on those
- 22. SemVer Ranges for Charts 📑🤖 Flux 2 supports semver range policies from Helm repositories Examples: >=4.0.0 or <5.0.0
- 23. Install Charts from Storage Bucket Source 📀🍿 S3, google storage, Azure blob storage, KFC etc
- 24. Helm Repo Reference Reusability ♻😗 Flux 2 Helm Releases use references to Helm Repos. Define once, use everywhere
- 25. Optional Credentials Per git or Helm Repo 🆔🔓 ★ Greater flexibility, more composability ★ If you have multiple sources locked down in different ways, it’s no longer a problem ★ Allows you to enforce principle of least privilege more easily
- 26. 👾🛰 ★ Have an out of cluster experience ★ Flux can also sync Cluster API manifests, allowing you to spin up multiple clusters from a single management cluster Out of Cluster Helm Releases
- 27. Common Pitfalls ● If you have custom logic, such as health checks when mixing CI and CD together, you'll need to determine how to port that logic to a Flux-compatible solution ○ If this proves challenging, it can be a sign that your CI and CD are overly coupled, which could cause other issues with your release process ○ To solve: More cleanly separate your CI and CD. You may also want to consider more resilient tools to accomplish the same goals – e.g., use Flagger for traffic directing based on health checks and other conditions (opens up a path to blue/green, canary, etc) ● It's possible to accidentally structure your source repos in ways that make it difficult for people access the things they need ○ Ensure folks can update their HelmReleases during incident response – whether access in the repo, or giving in-cluster access to temporarily suspend Flux reconciliation per Helm release and perform imperative fixes ○ To solve: Can split into multiple repos according to user access rights ○ Solutions vary by git provider: GitHub CODEOWNERS, GitLab has per-directory ACLs
- 28. How Flux Source & Helm Controllers Work
- 29. Don’t let the name scare you 🙈 It just works 💁🌈 Kustomize Controller Syncs Plain YAML? 😮 It seemed like a good name at the time 😅
- 30. Don’t let the name scare you 🙈 It just works 💁🌈 Kustomize Controller Syncs Plain YAML? 😮
- 31. Demo Time!
- 32. Example Infra & App Defs Colocated https://gist.github.com/scottrigby/82b224804052726624fd46d5f0 42146c
- 33. Wrap up: What We Covered
- 34. ● You should now have a good start moving your Helm Releases from CI to Flux CD ● No special knowledge about other tools required (you can always decide to layer Kustomize into your Flux flows later) ● Understand how Flux controllers work to automatically reconcile your source definitions and the actual state of your operations, whenever they diverge ● And one more thing… ✅ ✅ ✅ ✅
- 35. 🤜🤛 Thx! ★ Alison Dowdney collaborated on Slides! ★ Hidde Beydals, Leigh Capili, & Kingdon Barrett collaborated on demo! 🛠 Thanks & Props 🦄 Thx all Flux component & community maintainers! ✊ Thx Helm maintainers! 💖 Thank you all for coming! See you next tiiiime!
- 36. Q&A Time!
- 37. Upcoming 2021 GitOps Talks! (regularly every other Monday @ 10am PT / 18:00 GMT) April 5: Flux 2 Azure Use Cases (Leigh Capili) April 19: Flux 2 Notifications, Alerts & Webhooks (Alison Dowdney)
- 38. Next Steps • Join us on Flux discussions if you have more questions: https://github.com/fluxcd/flux2/discussions • Flux Community: https://fluxcd.io/community/ • Join the GitOps Community Group: https://www.meetup.com/GitOps-Community/ • More info on GitOps? Visit www.gitops.community/ • Join the GitOps Community LinkedIn Group: https://www.linkedin.com/groups/13914610/
- 39. THANK YOU!