Published on

Adding flux to microk8s for GitOps



Flux is a GitOps tool that can be used for automating a number of continuous deployment tasks. One of the main ways I've used flux is to automate the deployment and management of deployments across kubernetes clusters. Flux is incredibly powerful and integrates with a number of tools - one of my favorite features is the ability to configure a local cluster in a git repository, and once the local cluster is working as intended, make a few changes so that the k8s cluster can be replicated across multiple cloud k8s services. In this post, I'll walk through the process of installing flux into a local microk8s cluster and adding a resource for flux to manage.

Flux CLI Installation

The Flux CLI is the first thing that needs to be installed. Luckily, the installation instructions are quite thorough and easy to follow. Since I'm using an Ubuntu machine, I'll use the bash script to install the CLI.

curl -s | sudo bash

You can of course download the install script and inspect it before running it, but I've never had an issue with it. Once the CLI is installed, adding autocompletions to the shell is as simple as adding the following line to your shell's configuration file (in my case ~/.bashrc).

. <(flux completion bash)

Run source ~/.bashrc to apply the changes to your current shell session. After installing the CLI, the next step is to bootstrap flux using one of the provided bootstrap methods. I'm going to use a GitHub repository to store the flux configuration.

Bootstrapping Flux with GitHub

Bootstrapping flux with GitHub is fairly straightforward. A Personal Access Token (PAT) is required for flux to authenticate with GitHub. Alternatively, you can bootstrap flux with a private ssh key by following the instructions for a git server.

I'm going to use a PAT for simplicity. Once I've got the PAT, I can export it as an environment variable either in my current shell session or in my ~/.bashrc file with

export GITHUB_TOKEN=<gh-token>
export GITHUB_USER=<gh-username>

If after setting the environment variables you can check the pre-installation requirements with

flux check --pre

On a fresh microk8s installation, I had to create a ~/.kube/config file with the cluster configuration on the main node with

kubectl config view --raw > ~/.kube/config

Once I did that, the flux check --pre command passed. On the main node, run

flux bootstrap github \
    --token-auth \
    --owner=$GITHUB_USER \
    --repository=flux_cluster \
    --branch=main \
    --path=clusters/microk8s \

The docs for flux bootstrap github are pretty comprehensive - the main flag I want to highlight is --path. With this, I can specify a directory to store the clusters configuration - which is handy for multi-tenancy setups. On a cloud k8s instance, I can simply bootstrap flux with a different path and re-use most of my local cluster configuration. Once the bootstrap process is complete, it should output something like

► connecting to
► cloning branch "main" from Git repository ""
✔ cloned repository
► generating component manifests
✔ generated component manifests
✔ committed component manifests to "main" ("fca490d480fe22e792d515e1c28c965888ee268a")
► pushing component manifests to ""
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► determining if source secret "flux-system/flux-system" exists
► generating source secret
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main" ("0945e65bf6938610d9b14bc24b2f6016a9dca5d4")
► pushing sync manifests to ""
► applying sync manifests
✔ reconciled sync configuration
◎ waiting for GitRepository "flux-system/flux-system" to be reconciled
✔ GitRepository reconciled successfully
◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
✔ Kustomization reconciled successfully
► confirming components are healthy
✔ helm-controller: deployment ready
✔ kustomize-controller: deployment ready
✔ notification-controller: deployment ready
✔ source-controller: deployment ready
✔ all components are healthy

Running kubectl get all -n flux-system should show the flux components installed and running in the microk8s cluster without any issues. At this point, flux is installed and ready to manage resources in the cluster. There is a good tutorial explaining how to add a repository to flux, but I'll go through the process of setting up customizable and reproducible resources with the NFS configuration I used in my earlier microk8s post.

Adding NFS StorageClass(es) to Flux

The first step to adding resources to a flux managed cluster is to clone the repository locally. Once that's done, we can add two top level directories to the repository apps/ and infra/. The apps/ directory will contain the various resource configurations and kustomizations for the applications that will be deployed on the cluster, while the infra/ directory will contain the infrastructure components (StorageClasses, Ingresses, Secrets Providers, etc...) that the clusters will use. In each directory, I'll create a base directory that contains the common configurations for the resources, and a directory for each cluster that will apply kustomizations to the base resources. So cd into the flux repository and create the directories with

mkdir -p apps/{base,microk8s} infra/{base,microk8s}
touch apps/{base,microk8s}/.keep

I touch the blank .keep files to ensure that the apps directories are committed. We'll create an apps.yaml and infra.yaml file in the clusters/microk8s directory - these files will be used by flux to apply the resources in the respective directories. The apps.yaml file contains the following content

# clusters/microk8s/apps.yaml
kind: Kustomization
  name: apps
  namespace: flux-system
  interval: 5m
  retryInterval: 1m
  timeout: 5m
    kind: GitRepository
    name: flux-system
  path: ./apps/microk8s
  prune: true
  wait: true

and the infra.yaml file contains the following content

# clusters/microk8s/infra.yaml
kind: Kustomization
  name: infra
  namespace: flux-system
  interval: 5m
  retryInterval: 1m
  timeout: 5m
    kind: GitRepository
    name: flux-system
  path: ./infra/microk8s
  prune: true
  wait: true

Create a directory to store the NFS StorageClass(es) with

mkdir -p infra/base/sc/nfs

In the nfs directory, create a Kubernetes config file sc-nfs.yaml with the appropriate content

# sc-nfs-nvme.yaml
kind: StorageClass
  name: nvme-nfs-csi # Name of the storage class
  server: XXX.XXX.XXX.XXX # IP address of the NFS server
  share: /XXX/XXX/XXX # Path to the NFS share
reclaimPolicy: Delete
volumeBindingMode: Immediate
  - hard
  - nfsvers=4.1

and a kustomization.yaml file in the same directory with the following content

kind: Kustomization
  - sc-nfs.yaml

Next, create a kustomization.yaml file in the infra/microk8s directory with the following content

kind: Kustomization
  - ../base/sc/nfs

Add all of the files to the git repository and push the changes to the remote repository with

git add . && git commit -m "Add NFS StorageClasses"
git push

Run flux get kustomizations --watch and you should see the infra and apps kustomizations get applied! If you were to manually delete any one of the flux managed nfs resources, flux would automatically re-apply the resource to the cluster on its next update.

Going Further

Admittedly, this example is a little too simple - ideally I would've put the csi-driver-nfs helm chart as a resource to be monitored and installed prior to applying the StorageClass kustomizations. However, this post has gotten a little long, and I plan on describing how to use flux to manage more complex resources in a later post.