Tags | kubernetes fluxcd |
Hard Prerequisites | |
IMPORTANT: Please review these prerequisites, they include important information that will help you with this content. | |
|
|
Soft Prerequisites |
|
Although we are now mostly automated we still need to push code then edit the values file to reflect the new docker tag to rollout new code, how about we automate this step.
Let’s get flux to start staring at the docker-registry by using a imagerepository.
There are 4 things that make the automations work:
# {"$imagepolicy": "flux-system:nginx:tag"}
: in the *.yaml file where you want to update the tag you need to tell flux where to make the commit.Copy the secret from buttons namespace to flux-system so that it can log in to image registry
kubectl get secret your-regcred -n buttons -o yaml | sed 's/namespace: buttons/namespace: flux-system/' | kubectl apply -n flux-system -f -
Create the file and append each section in the same file.
Remember to add the - automation.yaml to your apps/kustomization.yaml
file.
# apps/automation.yaml
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: nginx
namespace: flux-system
spec:
image: <my.domain.com>/application/nginx
interval: 1m
secretRef:
name: your-regcred
Now check if the imagerepository is loaded
kubectl -n flux-system get ImageRepository
# apps/automation.yaml
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: python
namespace: flux-system
spec:
image: <my.domain.com>/application/python
interval: 1m
secretRef:
name: your-regcred
Now we need to give it a policy as we may not want to automate any new images
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: nginx
namespace: flux-system
spec:
imageRepositoryRef:
name: nginx
filterTags:
pattern: '^*-[a-fA-F0-9]+-(?P<ts>.*)'
extract: '$ts'
policy:
numerical:
order: asc
This pattern: ‘^-[a-fA-F0-9]+-(?P.)’ is regex, what you are doing is taking all the tags and filtering out the timestamps and then using the latest tag. You can also filter per branch ‘^staging-[a-fA-F0-9]+-(?P.*)’ so that you only accept images from the staging branch.
You can do the same for python
Lastly we want to tell flux where to go make the commit once it receives an image it wants to update,
so we can add to our automations file the imageupdateautomation.
what this does is look for the apps/values.yaml and searches for # { your reference } then creates a commit with the relavant update
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: buttons
namespace: flux-system
spec:
git:
checkout:
ref:
branch: main
commit:
author:
email: fluxcdbot@users.noreply.github.com
name: fluxcdbot
messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
push:
branch: main
interval: 1m0s
sourceRef:
kind: GitRepository
name: flux-system
update:
path: ./apps/buttons/values.yaml
strategy: Setters
And the last piece to this puzzle is the refrence inside the values.yaml file.
# apps/buttons/values.yaml
---
nginx:
image:
repository: harbor.<myDomain>/application/nginx
tag: main-3e54d47-1706726487 `# {"$imagepolicy": "flux-system:nginx:tag"}`
python:
image:
repository: harbor.<myDomain>/application/python
tag: main-a6c715b-1706875745 `# {"$imagepolicy": "flux-system:python:tag"}`
Now when you create a new build you will notice that flux updates your values.yaml and the new image rolls out automatically.