The Challenge:
Ensuring a declarative and automated synchronization between Git and Kubernetes clusters is crucial for consistency, version control, and automated rollback capabilities. Traditional CI/CD pipelines often introduce inconsistencies due to manual triggers and state drift.
The Solution: Flux CD
Flux CD follows the GitOps model, ensuring that the desired state defined in a Git repository is continuously reconciled with the actual state in Kubernetes.
Example Scenario:
We are deploying a secure Nginx application using Flux CD. The goal is to:
- Automate deployments from a private Git repository
- Ensure rollback capabilities with Git versioning
- Enforce a secure and immutable infrastructure
Step 1: Install Flux CLI
Ensure you have kubectl and helm installed, then install the Flux CLI:
curl -s https://fluxcd.io/install.sh | sudo bash
export PATH=$PATH:/usr/local/bin
flux --version
Step 2: Bootstrap Flux in Your Kubernetes Cluster
Flux needs to be bootstrapped with a Git repository that will act as the single source of truth for deployments.
flux bootstrap github \
--owner=<your-github-username> \
--repository=flux-gitops \
--branch=main \
--path=clusters/my-cluster \
--personal
This command:
- Sets up Flux in the cluster
- Connects it to the specified GitHub repository
- Deploys Flux components
Step 3: Define a GitOps Repository Structure
Structure your repository as follows:
flux-gitops/
│── clusters/
│ ├── my-cluster/
│ │ ├── kustomization.yaml
│── apps/
│ ├── nginx/
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ ├── kustomization.yaml
Step 4: Deploy a Secure Nginx Application
apps/nginx/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-secure
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: nginx-secure
template:
metadata:
labels:
app: nginx-secure
spec:
containers:
- name: nginx
image: nginx:1.21.6
ports:
- containerPort: 80
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
apps/nginx/service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: default
spec:
selector:
app: nginx-secure
ports:
- protocol: TCP
port: 80
targetPort: 80
Step 5: Register the Nginx Application with Flux
Flux requires a Kustomization resource to track and deploy applications.
apps/nginx/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: nginx
namespace: flux-system
spec:
targetNamespace: default
interval: 1m
sourceRef:
kind: GitRepository
name: flux-gitops
path: "./apps/nginx"
prune: true
wait: true
Apply the Kustomization to the cluster:
kubectl apply -f apps/nginx/kustomization.yaml
Flux will now continuously monitor and apply the Nginx manifests from the Git repository.
Step 6: Verify Deployment
Check the status of the Nginx deployment:
kubectl get pods -l app=nginx-secure
kubectl get svc nginx-service
Flux’s reconciliation logs can be checked with:
flux get kustomizations
flux get sources git
Step 7: Automatic Rollback
Flux tracks all changes via Git. If an incorrect version of Nginx is deployed, revert using:
git revert <commit-id>
git push origin main
Flux will detect this change and automatically restore the last stable state.
Flux CD ensures:
- Continuous deployment from Git
- Automated rollbacks via Git versioning
- Enhanced security with read-only containers
- Immutable and declarative infrastructure
This is how GitOps transforms Kubernetes deployments into a fully automated and scalable process.
Conclusion
GitOps with Flux CD revolutionizes Kubernetes deployments by making them declarative, automated, and highly secure. With Git as the single source of truth, deployments become version-controlled, reproducible, and rollback-friendly.
Are you using GitOps in production? Drop a comment!
