├── apps ├── base │ └── podinfo │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── release.yaml ├── production │ ├── kustomization.yaml │ ├── s3-bucket.yaml │ └── podinfo-values.yaml └── dev │ ├── kustomization.yaml │ └── podinfo-values.yaml ├── infrastructure ├── dev │ ├── nginx │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── release.yaml │ ├── redis │ │ ├── namespace.yaml │ │ ├── values.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── release.yaml │ ├── notifications │ │ ├── values.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── kustomization.yaml │ └── sources │ │ ├── kustomization.yaml │ │ ├── bitnami.yaml │ │ └── podinfo.yaml ├── production │ ├── nginx │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── release.yaml │ ├── redis │ │ ├── namespace.yaml │ │ ├── values.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── release.yaml │ ├── ack │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ └── release.yaml │ ├── notifications │ │ ├── values.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── kustomization.yaml │ └── sources │ │ ├── kustomization.yaml │ │ ├── bitnami.yaml │ │ ├── podinfo.yaml │ │ └── s3-controller.yaml └── base │ ├── notifications │ ├── values.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── release.yaml │ └── charts │ └── cluster-notifications │ ├── values.yaml │ ├── templates │ ├── sns-Provider.yaml │ ├── info-Alert.yaml │ ├── errors-Alert.yaml │ └── _helpers.tpl │ ├── .helmignore │ └── Chart.yaml ├── .sourceignore ├── .gitignore ├── CODE_OF_CONDUCT.md ├── clusters ├── dev │ ├── infrastructure.yaml │ └── apps.yaml └── production │ ├── infrastructure.yaml │ └── apps.yaml ├── LICENSE ├── scripts └── validate.sh ├── CONTRIBUTING.md └── README.md /apps/base/podinfo/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: podinfo 5 | -------------------------------------------------------------------------------- /infrastructure/dev/nginx/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: nginx 5 | -------------------------------------------------------------------------------- /infrastructure/dev/redis/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: redis 5 | -------------------------------------------------------------------------------- /infrastructure/production/nginx/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: nginx 5 | -------------------------------------------------------------------------------- /infrastructure/production/redis/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: redis 5 | -------------------------------------------------------------------------------- /infrastructure/base/notifications/values.yaml: -------------------------------------------------------------------------------- 1 | provider: 2 | url: https://my-api-url.execute-api.us-west-2.amazonaws.com -------------------------------------------------------------------------------- /infrastructure/dev/notifications/values.yaml: -------------------------------------------------------------------------------- 1 | provider: 2 | url: https://my-api-url.execute-api.us-west-2.amazonaws.com -------------------------------------------------------------------------------- /infrastructure/production/ack/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ack-system 5 | -------------------------------------------------------------------------------- /infrastructure/production/notifications/values.yaml: -------------------------------------------------------------------------------- 1 | provider: 2 | url: https://my-api-url.execute-api.us-west-2.amazonaws.com -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/values.yaml: -------------------------------------------------------------------------------- 1 | provider: 2 | url: https://my-api-url.execute-api.us-west-2.amazonaws.com -------------------------------------------------------------------------------- /infrastructure/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - sources 5 | - nginx 6 | - redis 7 | -------------------------------------------------------------------------------- /infrastructure/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - sources 5 | - nginx 6 | - redis 7 | -------------------------------------------------------------------------------- /apps/base/podinfo/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: podinfo 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/dev/nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: nginx 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | -------------------------------------------------------------------------------- /apps/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base/podinfo 5 | patchesStrategicMerge: 6 | - podinfo-values.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/dev/sources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - bitnami.yaml 6 | - podinfo.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/production/nginx/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: nginx 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/production/ack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: ack-system 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | -------------------------------------------------------------------------------- /infrastructure/production/sources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - bitnami.yaml 6 | - podinfo.yaml 7 | -------------------------------------------------------------------------------- /apps/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: podinfo 4 | resources: 5 | - ../base/podinfo 6 | patchesStrategicMerge: 7 | - podinfo-values.yaml 8 | -------------------------------------------------------------------------------- /infrastructure/dev/sources/bitnami.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta1 2 | kind: HelmRepository 3 | metadata: 4 | name: bitnami 5 | spec: 6 | interval: 30m 7 | url: https://charts.bitnami.com/bitnami 8 | -------------------------------------------------------------------------------- /apps/production/s3-bucket.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: s3.services.k8s.aws/v1alpha1 2 | kind: Bucket 3 | metadata: 4 | name: eks-gitops-workshop-s3-bucket 5 | namespace: default 6 | spec: 7 | name: eks-gitops-workshop-s3-bucket 8 | -------------------------------------------------------------------------------- /infrastructure/dev/sources/podinfo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta1 2 | kind: HelmRepository 3 | metadata: 4 | name: podinfo 5 | spec: 6 | interval: 5m 7 | url: https://stefanprodan.github.io/podinfo 8 | -------------------------------------------------------------------------------- /infrastructure/production/sources/bitnami.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta1 2 | kind: HelmRepository 3 | metadata: 4 | name: bitnami 5 | spec: 6 | interval: 30m 7 | url: https://charts.bitnami.com/bitnami 8 | -------------------------------------------------------------------------------- /infrastructure/production/sources/podinfo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: source.toolkit.fluxcd.io/v1beta1 2 | kind: HelmRepository 3 | metadata: 4 | name: podinfo 5 | spec: 6 | interval: 5m 7 | url: https://stefanprodan.github.io/podinfo 8 | -------------------------------------------------------------------------------- /.sourceignore: -------------------------------------------------------------------------------- 1 | # Flux ignore 2 | # https://toolkit.fluxcd.io/components/source/gitrepositories/#excluding-files 3 | 4 | # Exclude all 5 | /* 6 | 7 | # Include manifest directories 8 | !/apps/ 9 | !/clusters/ 10 | !/infrastructure/ 11 | -------------------------------------------------------------------------------- /infrastructure/dev/redis/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values 2 | # https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml 3 | usePassword: false 4 | cluster: 5 | enabled: false 6 | master: 7 | persistence: 8 | enabled: false 9 | -------------------------------------------------------------------------------- /infrastructure/production/redis/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values 2 | # https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml 3 | usePassword: false 4 | cluster: 5 | enabled: false 6 | master: 7 | persistence: 8 | enabled: false 9 | -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/templates/sns-Provider.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta1 2 | kind: Provider 3 | metadata: 4 | name: sns 5 | spec: 6 | type: generic 7 | address: {{ .Values.provider.url }}/prod/notification -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 14 | bin/ 15 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /infrastructure/production/sources/s3-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta1 3 | kind: GitRepository 4 | metadata: 5 | name: s3-controller 6 | namespace: flux-system 7 | spec: 8 | interval: 30s 9 | ref: 10 | tag: v0.0.7 11 | url: https://github.com/aws-controllers-k8s/s3-controller 12 | -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/templates/info-Alert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta1 2 | kind: Alert 3 | metadata: 4 | name: on-call-info 5 | spec: 6 | providerRef: 7 | name: sns 8 | eventSeverity: info 9 | eventSources: 10 | - kind: GitRepository 11 | name: '*' 12 | suspend: false -------------------------------------------------------------------------------- /infrastructure/base/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - release.yaml 6 | configMapGenerator: 7 | - name: notification-values 8 | files: 9 | - values.yaml=values.yaml 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /infrastructure/dev/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: redis 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | configMapGenerator: 8 | - name: redis-values 9 | files: 10 | - values.yaml=values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /infrastructure/production/redis/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: redis 4 | resources: 5 | - namespace.yaml 6 | - release.yaml 7 | configMapGenerator: 8 | - name: redis-values 9 | files: 10 | - values.yaml=values.yaml 11 | configurations: 12 | - kustomizeconfig.yaml 13 | -------------------------------------------------------------------------------- /clusters/dev/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: infrastructure 5 | namespace: flux-system 6 | spec: 7 | interval: 1m0s 8 | sourceRef: 9 | kind: GitRepository 10 | name: flux-system 11 | path: ./infrastructure/dev 12 | prune: true 13 | validation: client 14 | -------------------------------------------------------------------------------- /clusters/production/infrastructure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: infrastructure 5 | namespace: flux-system 6 | spec: 7 | interval: 10m0s 8 | sourceRef: 9 | kind: GitRepository 10 | name: flux-system 11 | path: ./infrastructure/production 12 | prune: true 13 | validation: client 14 | -------------------------------------------------------------------------------- /infrastructure/dev/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - ../../base/notifications 6 | configurations: 7 | - kustomizeconfig.yaml 8 | configMapGenerator: 9 | - name: notification-values 10 | behavior: merge 11 | files: 12 | - values.yaml=values.yaml -------------------------------------------------------------------------------- /infrastructure/production/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: flux-system 4 | resources: 5 | - ../../base/notifications 6 | configurations: 7 | - kustomizeconfig.yaml 8 | configMapGenerator: 9 | - name: notification-values 10 | behavior: merge 11 | files: 12 | - values.yaml=values.yaml -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/templates/errors-Alert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: notification.toolkit.fluxcd.io/v1beta1 2 | kind: Alert 3 | metadata: 4 | name: on-call-errors 5 | spec: 6 | providerRef: 7 | name: sns 8 | eventSeverity: error 9 | eventSources: 10 | - kind: HelmRelease 11 | name: '*' 12 | - kind: GitRepository 13 | name: '*' 14 | suspend: false -------------------------------------------------------------------------------- /infrastructure/dev/redis/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Kustomize config for enabling HelmRelease values from 2 | # ConfigMaps and Secrets generated by Kustomize 3 | nameReference: 4 | - kind: ConfigMap 5 | version: v1 6 | fieldSpecs: 7 | - path: spec/valuesFrom/name 8 | kind: HelmRelease 9 | - kind: Secret 10 | version: v1 11 | fieldSpecs: 12 | - path: spec/valuesFrom/name 13 | kind: HelmRelease 14 | -------------------------------------------------------------------------------- /infrastructure/dev/notifications/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Kustomize config for enabling HelmRelease values from 2 | # ConfigMaps and Secrets generated by Kustomize 3 | nameReference: 4 | - kind: ConfigMap 5 | version: v1 6 | fieldSpecs: 7 | - path: spec/valuesFrom/name 8 | kind: HelmRelease 9 | - kind: Secret 10 | version: v1 11 | fieldSpecs: 12 | - path: spec/valuesFrom/name 13 | kind: HelmRelease 14 | -------------------------------------------------------------------------------- /infrastructure/production/redis/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Kustomize config for enabling HelmRelease values from 2 | # ConfigMaps and Secrets generated by Kustomize 3 | nameReference: 4 | - kind: ConfigMap 5 | version: v1 6 | fieldSpecs: 7 | - path: spec/valuesFrom/name 8 | kind: HelmRelease 9 | - kind: Secret 10 | version: v1 11 | fieldSpecs: 12 | - path: spec/valuesFrom/name 13 | kind: HelmRelease 14 | -------------------------------------------------------------------------------- /infrastructure/base/notifications/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Kustomize config for enabling HelmRelease values from 2 | # ConfigMaps and Secrets generated by Kustomize 3 | nameReference: 4 | - kind: ConfigMap 5 | version: v1 6 | fieldSpecs: 7 | - path: spec/valuesFrom/name 8 | kind: HelmRelease 9 | - kind: Secret 10 | version: v1 11 | fieldSpecs: 12 | - path: spec/valuesFrom/name 13 | kind: HelmRelease 14 | -------------------------------------------------------------------------------- /infrastructure/production/notifications/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Kustomize config for enabling HelmRelease values from 2 | # ConfigMaps and Secrets generated by Kustomize 3 | nameReference: 4 | - kind: ConfigMap 5 | version: v1 6 | fieldSpecs: 7 | - path: spec/valuesFrom/name 8 | kind: HelmRelease 9 | - kind: Secret 10 | version: v1 11 | fieldSpecs: 12 | - path: spec/valuesFrom/name 13 | kind: HelmRelease 14 | -------------------------------------------------------------------------------- /infrastructure/base/notifications/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: notifications 5 | spec: 6 | interval: 5m 7 | chart: 8 | spec: 9 | chart: ./infrastructure/base/charts/cluster-notifications 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | interval: 1m 14 | valuesFrom: 15 | - kind: ConfigMap 16 | name: notification-values -------------------------------------------------------------------------------- /apps/dev/podinfo-values.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | chart: 8 | spec: 9 | version: ">=1.0.0-alpha" 10 | test: 11 | enable: false 12 | values: 13 | replicaCount: 2 14 | ingress: 15 | hosts: 16 | - host: podinfo.dev 17 | paths: 18 | - path: / 19 | pathType: ImplementationSpecific 20 | -------------------------------------------------------------------------------- /apps/production/podinfo-values.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | chart: 8 | spec: 9 | version: ">=1.0.0" 10 | values: 11 | replicaCount: 1 12 | hpa: 13 | enabled: true 14 | maxReplicas: 5 15 | ingress: 16 | hosts: 17 | - host: podinfo.production 18 | paths: 19 | - path: / 20 | pathType: ImplementationSpecific 21 | -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /infrastructure/dev/redis/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: redis 5 | spec: 6 | releaseName: redis 7 | chart: 8 | spec: 9 | chart: redis 10 | sourceRef: 11 | kind: HelmRepository 12 | name: bitnami 13 | namespace: flux-system 14 | version: "11.3.4" 15 | interval: 1h0m0s 16 | install: 17 | remediation: 18 | retries: 3 19 | valuesFrom: 20 | - kind: ConfigMap 21 | name: redis-values 22 | -------------------------------------------------------------------------------- /infrastructure/production/redis/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: redis 5 | spec: 6 | releaseName: redis 7 | chart: 8 | spec: 9 | chart: redis 10 | sourceRef: 11 | kind: HelmRepository 12 | name: bitnami 13 | namespace: flux-system 14 | version: "11.3.4" 15 | interval: 1h0m0s 16 | install: 17 | remediation: 18 | retries: 3 19 | valuesFrom: 20 | - kind: ConfigMap 21 | name: redis-values 22 | -------------------------------------------------------------------------------- /clusters/dev/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: apps 5 | namespace: flux-system 6 | spec: 7 | interval: 1m0s 8 | dependsOn: 9 | - name: infrastructure 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | path: ./apps/dev 14 | prune: true 15 | validation: client 16 | healthChecks: 17 | - apiVersion: helm.toolkit.fluxcd.io/v1beta1 18 | kind: HelmRelease 19 | name: podinfo 20 | namespace: podinfo 21 | -------------------------------------------------------------------------------- /clusters/production/apps.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 2 | kind: Kustomization 3 | metadata: 4 | name: apps 5 | namespace: flux-system 6 | spec: 7 | interval: 1m0s 8 | dependsOn: 9 | - name: infrastructure 10 | sourceRef: 11 | kind: GitRepository 12 | name: flux-system 13 | path: ./apps/production 14 | prune: true 15 | validation: client 16 | healthChecks: 17 | - apiVersion: helm.toolkit.fluxcd.io/v1beta1 18 | kind: HelmRelease 19 | name: podinfo 20 | namespace: podinfo 21 | -------------------------------------------------------------------------------- /infrastructure/production/ack/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: s3-controller 5 | namespace: flux-system 6 | spec: 7 | releaseName: s3-chart 8 | chart: 9 | spec: 10 | chart: ./helm 11 | sourceRef: 12 | kind: GitRepository 13 | name: s3-controller 14 | namespace: flux-system 15 | interval: 1h0m0s 16 | install: 17 | remediation: 18 | retries: 3 19 | values: 20 | serviceAccount: 21 | create: false 22 | aws: 23 | region: us-west-2 24 | -------------------------------------------------------------------------------- /infrastructure/dev/nginx/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: nginx 5 | spec: 6 | releaseName: nginx-ingress-controller 7 | chart: 8 | spec: 9 | chart: nginx-ingress-controller 10 | sourceRef: 11 | kind: HelmRepository 12 | name: bitnami 13 | namespace: flux-system 14 | version: "5.6.14" 15 | interval: 1h0m0s 16 | install: 17 | remediation: 18 | retries: 3 19 | # Default values 20 | # https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml 21 | values: 22 | service: 23 | type: NodePort 24 | -------------------------------------------------------------------------------- /infrastructure/production/nginx/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: nginx 5 | spec: 6 | releaseName: nginx-ingress-controller 7 | chart: 8 | spec: 9 | chart: nginx-ingress-controller 10 | sourceRef: 11 | kind: HelmRepository 12 | name: bitnami 13 | namespace: flux-system 14 | version: "5.6.14" 15 | interval: 1h0m0s 16 | install: 17 | remediation: 18 | retries: 3 19 | # Default values 20 | # https://github.com/bitnami/charts/blob/master/bitnami/nginx-ingress-controller/values.yaml 21 | values: 22 | service: 23 | type: LoadBalancer 24 | -------------------------------------------------------------------------------- /apps/base/podinfo/release.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 2 | kind: HelmRelease 3 | metadata: 4 | name: podinfo 5 | namespace: podinfo 6 | spec: 7 | releaseName: podinfo 8 | chart: 9 | spec: 10 | chart: podinfo 11 | sourceRef: 12 | kind: HelmRepository 13 | name: podinfo 14 | namespace: flux-system 15 | interval: 5m 16 | install: 17 | remediation: 18 | retries: 3 19 | # Default values 20 | # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml 21 | values: 22 | cache: redis-master.redis:6379 23 | ingress: 24 | enabled: true 25 | annotations: 26 | kubernetes.io/ingress.class: nginx 27 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cluster-notifications 3 | description: A Helm chart for notifying based on changes to Flux resources 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /infrastructure/base/charts/cluster-notifications/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "cluster-notifications.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "cluster-notifications.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "cluster-notifications.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "cluster-notifications.labels" -}} 37 | helm.sh/chart: {{ include "cluster-notifications.chart" . }} 38 | {{ include "cluster-notifications.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "cluster-notifications.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "cluster-notifications.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "cluster-notifications.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "cluster-notifications.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /scripts/validate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script downloads the Flux OpenAPI schemas, then it validates the 4 | # Flux custom resources and the kustomize overlays using kubeval. 5 | # This script is meant to be run locally and in CI before the changes 6 | # are merged on the main branch that's synced by Flux. 7 | 8 | # Copyright 2020 The Flux authors. All rights reserved. 9 | # 10 | # Licensed under the Apache License, Version 2.0 (the "License"); 11 | # you may not use this file except in compliance with the License. 12 | # You may obtain a copy of the License at 13 | # 14 | # http://www.apache.org/licenses/LICENSE-2.0 15 | # 16 | # Unless required by applicable law or agreed to in writing, software 17 | # distributed under the License is distributed on an "AS IS" BASIS, 18 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | # See the License for the specific language governing permissions and 20 | # limitations under the License. 21 | 22 | # This script is meant to be run locally and in CI to validate the Kubernetes 23 | # manifests (including Flux custom resources) before changes are merged into 24 | # the branch synced by Flux in-cluster. 25 | 26 | # Prerequisites 27 | # - yq v4.6 28 | # - kustomize v4.1 29 | # - kubeval v0.15 30 | 31 | set -o errexit 32 | 33 | echo "INFO - Downloading Flux OpenAPI schemas" 34 | mkdir -p /tmp/flux-crd-schemas/master-standalone-strict 35 | curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict 36 | 37 | find . -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; 38 | do 39 | echo "INFO - Validating $file" 40 | yq e 'true' "$file" > /dev/null 41 | done 42 | 43 | echo "INFO - Validating clusters" 44 | find ./clusters -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; 45 | do 46 | kubeval ${file} --strict --ignore-missing-schemas --additional-schema-locations=file:///tmp/flux-crd-schemas 47 | if [[ ${PIPESTATUS[0]} != 0 ]]; then 48 | exit 1 49 | fi 50 | done 51 | 52 | # mirror kustomize-controller build options 53 | kustomize_flags="--load-restrictor=LoadRestrictionsNone --reorder=legacy" 54 | kustomize_config="kustomization.yaml" 55 | 56 | echo "INFO - Validating kustomize overlays" 57 | find . -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; 58 | do 59 | echo "INFO - Validating kustomization ${file/%$kustomize_config}" 60 | kustomize build "${file/%$kustomize_config}" $kustomize_flags | \ 61 | kubeval --ignore-missing-schemas --strict --additional-schema-locations=file:///tmp/flux-crd-schemas 62 | if [[ ${PIPESTATUS[0]} != 0 ]]; then 63 | exit 1 64 | fi 65 | done 66 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EKS GitOps Workshop 2 | 3 | For this example we assume a scenario with two clusters: dev and production. 4 | The end goal is to leverage Flux and Kustomize to manage both clusters while minimizing duplicated declarations. 5 | 6 | We will configure Flux to install, test and upgrade a demo app using 7 | `HelmRepository` and `HelmRelease` custom resources. 8 | Flux will monitor the Helm repository, and it will automatically 9 | upgrade the Helm releases to their latest chart version based on semver ranges. 10 | 11 | ## Prerequisites 12 | 13 | You will need a Kubernetes cluster version 1.16 or newer and kubectl version 1.18. 14 | For a quick local test, you can use [Kubernetes kind](https://kind.sigs.k8s.io/docs/user/quick-start/). 15 | Any other Kubernetes setup will work as well though. 16 | 17 | In order to follow the guide you'll need a GitHub account and a 18 | [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) 19 | that can create repositories (check all permissions under `repo`). 20 | 21 | Install the Flux CLI on MacOS and Linux using Homebrew: 22 | 23 | ```sh 24 | brew install fluxcd/tap/flux 25 | ``` 26 | 27 | Or install the CLI by downloading precompiled binaries using a Bash script: 28 | 29 | ```sh 30 | curl -s https://fluxcd.io/install.sh | sudo bash 31 | ``` 32 | 33 | ## Repository structure 34 | 35 | The Git repository contains the following top directories: 36 | 37 | - **apps** dir contains Helm releases with a custom configuration per cluster 38 | - **infrastructure** dir contains infra tools such as NGINX ingress controller and Helm repository definitions 39 | - **clusters** dir contains the Flux configuration per cluster 40 | 41 | ``` 42 | ├── apps 43 | │   ├── base 44 | │   ├── production 45 | │   └── dev 46 | ├── infrastructure 47 | │   ├── nginx 48 | │   ├── redis 49 | │   └── sources 50 | └── clusters 51 | ├── production 52 | └── dev 53 | ``` 54 | 55 | The apps configuration is structured into: 56 | 57 | - **apps/base/** dir contains namespaces and Helm release definitions 58 | - **apps/production/** dir contains the production Helm release values 59 | - **apps/dev/** dir contains the dev values 60 | 61 | ``` 62 | ./apps/ 63 | ├── base 64 | │   └── podinfo 65 | │   ├── kustomization.yaml 66 | │   ├── namespace.yaml 67 | │   └── release.yaml 68 | ├── production 69 | │   ├── kustomization.yaml 70 | │   └── podinfo-patch.yaml 71 | └── dev 72 | ├── kustomization.yaml 73 | └── podinfo-patch.yaml 74 | ``` 75 | 76 | In **apps/base/podinfo/** dir we have a HelmRelease with common values for both clusters: 77 | 78 | ```yaml 79 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 80 | kind: HelmRelease 81 | metadata: 82 | name: podinfo 83 | namespace: podinfo 84 | spec: 85 | releaseName: podinfo 86 | chart: 87 | spec: 88 | chart: podinfo 89 | sourceRef: 90 | kind: HelmRepository 91 | name: podinfo 92 | namespace: flux-system 93 | interval: 5m 94 | values: 95 | cache: redis-master.redis:6379 96 | ingress: 97 | enabled: true 98 | annotations: 99 | kubernetes.io/ingress.class: nginx 100 | ``` 101 | 102 | In **apps/dev/** dir we have a Kustomize patch with the dev specific values: 103 | 104 | ```yaml 105 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 106 | kind: HelmRelease 107 | metadata: 108 | name: podinfo 109 | spec: 110 | chart: 111 | spec: 112 | version: ">=1.0.0-alpha" 113 | test: 114 | enable: true 115 | values: 116 | ingress: 117 | hosts: 118 | - host: podinfo.dev 119 | ``` 120 | 121 | Note that with ` version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade 122 | the `HelmRelease` to the latest chart version including alpha, beta and pre-releases. 123 | 124 | In **apps/production/** dir we have a Kustomize patch with the production specific values: 125 | 126 | ```yaml 127 | apiVersion: helm.toolkit.fluxcd.io/v2beta1 128 | kind: HelmRelease 129 | metadata: 130 | name: podinfo 131 | namespace: podinfo 132 | spec: 133 | chart: 134 | spec: 135 | version: ">=1.0.0" 136 | values: 137 | ingress: 138 | hosts: 139 | - host: podinfo.production 140 | ``` 141 | 142 | Note that with ` version: ">=1.0.0"` we configure Flux to automatically upgrade 143 | the `HelmRelease` to the latest stable chart version (alpha, beta and pre-releases will be ignored). 144 | 145 | In **infrastructure/dev/** dir we have infrastructure toold with dev specific values: 146 | 147 | ``` 148 | ./infrastructure/dev 149 | ├── nginx 150 | │   ├── kustomization.yaml 151 | │   ├── namespace.yaml 152 | │   └── release.yaml 153 | ├── redis 154 | │   ├── kustomization.yaml 155 | │   ├── namespace.yaml 156 | │   └── release.yaml 157 | └── sources 158 | ├── bitnami.yaml 159 | ├── kustomization.yaml 160 | └── podinfo.yaml 161 | ``` 162 | 163 | In **infrastructure/production/** dir we have infrastructure toold with dev specific values: 164 | ``` 165 | ./infrastructure/production 166 | ├── nginx 167 | │   ├── kustomization.yaml 168 | │   ├── namespace.yaml 169 | │   └── release.yaml 170 | ├── redis 171 | │   ├── kustomization.yaml 172 | │   ├── namespace.yaml 173 | │   └── release.yaml 174 | └── sources 175 | ├── bitnami.yaml 176 | ├── kustomization.yaml 177 | └── podinfo.yaml 178 | ``` 179 | 180 | In **infrastructure/*/sources/** dir we have the Helm repositories definitions: 181 | 182 | ```yaml 183 | apiVersion: source.toolkit.fluxcd.io/v1beta1 184 | kind: HelmRepository 185 | metadata: 186 | name: podinfo 187 | spec: 188 | interval: 5m 189 | url: https://stefanprodan.github.io/podinfo 190 | --- 191 | apiVersion: source.toolkit.fluxcd.io/v1beta1 192 | kind: HelmRepository 193 | metadata: 194 | name: bitnami 195 | spec: 196 | interval: 30m 197 | url: https://charts.bitnami.com/bitnami 198 | ``` 199 | 200 | Note that with ` interval: 5m` we configure Flux to pull the Helm repository index every five minutes. 201 | If the index contains a new chart version that matches a `HelmRelease` semver range, Flux will upgrade the release. 202 | 203 | ## Bootstrap dev and production 204 | 205 | The clusters dir contains the Flux configuration: 206 | 207 | ``` 208 | ./clusters/ 209 | ├── production 210 | │   ├── apps.yaml 211 | │   └── infrastructure.yaml 212 | └── dev 213 | ├── apps.yaml 214 | └── infrastructure.yaml 215 | ``` 216 | 217 | In **clusters/dev/** dir we have the Kustomization definitions: 218 | 219 | ```yaml 220 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 221 | kind: Kustomization 222 | metadata: 223 | name: apps 224 | namespace: flux-system 225 | spec: 226 | interval: 10m0s 227 | dependsOn: 228 | - name: infrastructure 229 | sourceRef: 230 | kind: GitRepository 231 | name: flux-system 232 | path: ./apps/dev 233 | prune: true 234 | validation: client 235 | --- 236 | apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 237 | kind: Kustomization 238 | metadata: 239 | name: infrastructure 240 | namespace: flux-system 241 | spec: 242 | interval: 10m0s 243 | sourceRef: 244 | kind: GitRepository 245 | name: flux-system 246 | path: ./infrastructure/dev 247 | ``` 248 | 249 | Note that with `path: ./apps/dev` we configure Flux to sync the dev Kustomize overlay and 250 | with `dependsOn` we tell Flux to create the infrastructure items before deploying the apps. 251 | 252 | Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name: 253 | 254 | ```sh 255 | export GITHUB_TOKEN= 256 | export GITHUB_USER= 257 | export GITHUB_REPO= 258 | ``` 259 | 260 | Verify that your dev cluster satisfies the prerequisites with: 261 | 262 | ```sh 263 | flux check --pre 264 | ``` 265 | 266 | Set the kubectl context to your dev cluster and bootstrap Flux: 267 | 268 | ```sh 269 | flux bootstrap github \ 270 | --context=dev \ 271 | --owner=${GITHUB_USER} \ 272 | --repository=${GITHUB_REPO} \ 273 | --branch=main \ 274 | --private=false \ 275 | --personal \ 276 | --path=clusters/dev 277 | ``` 278 | 279 | The bootstrap command commits the manifests for the Flux components in `clusters/dev/flux-system` dir 280 | and creates a deploy key with read-only access on GitHub, so it can pull changes inside the cluster. 281 | 282 | Watch for the Helm releases being install on dev: 283 | 284 | ```console 285 | $ watch flux get helmreleases --all-namespaces 286 | NAMESPACE NAME REVISION SUSPENDED READY MESSAGE 287 | nginx nginx 5.6.14 False True release reconciliation succeeded 288 | podinfo podinfo 5.0.3 False True release reconciliation succeeded 289 | redis redis 11.3.4 False True release reconciliation succeeded 290 | ``` 291 | 292 | Verify that the demo app can be accessed via ingress: 293 | 294 | ```console 295 | $ kubectl -n nginx port-forward svc/nginx-ingress-controller 8080:80 & 296 | 297 | $ curl -H "Host: podinfo.dev" http://localhost:8080 298 | { 299 | "hostname": "podinfo-59489db7b5-lmwpn", 300 | "version": "5.0.3" 301 | } 302 | ``` 303 | 304 | Bootstrap Flux on production by setting the context and path to your production cluster: 305 | 306 | ```sh 307 | flux bootstrap github \ 308 | --context=production \ 309 | --owner=${GITHUB_USER} \ 310 | --repository=${GITHUB_REPO} \ 311 | --private=false \ 312 | --branch=main \ 313 | --personal \ 314 | --path=clusters/production 315 | ``` 316 | 317 | Watch the production reconciliation: 318 | 319 | ```console 320 | $ watch flux get kustomizations 321 | NAME REVISION READY 322 | apps main/797cd90cc8e81feb30cfe471a5186b86daf2758d True 323 | flux-system main/797cd90cc8e81feb30cfe471a5186b86daf2758d True 324 | infrastructure main/797cd90cc8e81feb30cfe471a5186b86daf2758d True 325 | ``` 326 | --------------------------------------------------------------------------------