FluxCD: Get Started
Install FluxCD into a cluster
Here i install it with connection to codeberg:
- the path is just for the cluster
- the url a repo where fluxcd (in given path) install itself and monitor
- i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)
flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.gitSecure with verify
Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster. That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.
in your repository the flux cli has created an <path>/flux-system/kustomization.yaml, we will edit them.
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
+patches:
+ - target:
+ kind: GitRepository
+ name: flux-system
+ patch: |-
+ apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ metadata:
+ name: flux-system
+ spec:
+ verify: <1>
+ mode: HEAD
+ secretRef:
+ name: gpg-publickey
+
+generatorOptions:
+ disableNameSuffixHash: true <2>
+
+secretGenerator:
+ - name: gpg-publickey <3>
+ namespace: flux-system
+ files:
+ - gpg-publickey/wrenix.gpg <4>
- <1> add verify, that only HEAD git commit with valide gpg signature is used
- <2> on the next generate, do not add hash
- <3> generate kubernetes Secret with the name
gpg-publickeywhich is used in the patched GitRepository, see <1> - <4> Add list of valide gpg key files