project: Automation

Tags kubernetes fluxcd
Hard Prerequisites
IMPORTANT: Please review these prerequisites, they include important information that will help you with this content.
  • K8S: Manual App Deployment – Project Overview
  • Soft Prerequisites
  • K8S: PostgreSQL buttons
  • Automation

    Although we are now mostly automated we still need to push code then edit the values file to reflect the new docker tag to rollout new code, how about we automate this step.

    Let’s get flux to start staring at the docker-registry by using a imagerepository.

    There are 4 things that make the automations work:

    • ImageRepository: This is used to watch your harbor registry for new tags.
    • ImagePolicy: The decision when a new tag is discovered whether to roll them out.
    • ImageUpdateAutomation: The action of where to make the update in your gitrepository for the tag it discovered.
    • # {"$imagepolicy": "flux-system:nginx:tag"} : in the *.yaml file where you want to update the tag you need to tell flux where to make the commit.

    Copy the secret from buttons namespace to flux-system so that it can log in to image registry

    kubectl get secret your-regcred -n buttons -o yaml | sed 's/namespace: buttons/namespace: flux-system/' | kubectl apply -n flux-system -f -
    

    Create the file and append each section in the same file.

    Remember to add the - automation.yaml to your apps/kustomization.yaml file.

    # apps/automation.yaml
    ---
    apiVersion: image.toolkit.fluxcd.io/v1beta2
    kind: ImageRepository
    metadata:
      name: nginx
      namespace: flux-system
    spec:
      image: <my.domain.com>/application/nginx
      interval: 1m
      secretRef:
        name: your-regcred
    

    Now check if the imagerepository is loaded

    kubectl -n flux-system get ImageRepository
    
    # apps/automation.yaml
    ---
    apiVersion: image.toolkit.fluxcd.io/v1beta2
    kind: ImageRepository
    metadata:
      name: python
      namespace: flux-system
    spec:
      image: <my.domain.com>/application/python
      interval: 1m
      secretRef:
        name: your-regcred
    

    Now we need to give it a policy as we may not want to automate any new images

    ---
    apiVersion: image.toolkit.fluxcd.io/v1beta2
    kind: ImagePolicy
    metadata:
      name: nginx
      namespace: flux-system
    spec:
      imageRepositoryRef:
        name: nginx
      filterTags:
        pattern: '^*-[a-fA-F0-9]+-(?P<ts>.*)'
        extract: '$ts'
      policy:
        numerical:
          order: asc
    

    This pattern: ‘^-[a-fA-F0-9]+-(?P.)’ is regex, what you are doing is taking all the tags and filtering out the timestamps and then using the latest tag. You can also filter per branch ‘^staging-[a-fA-F0-9]+-(?P.*)’ so that you only accept images from the staging branch.

    You can do the same for python

    Lastly we want to tell flux where to go make the commit once it receives an image it wants to update,

    so we can add to our automations file the imageupdateautomation.

    what this does is look for the apps/values.yaml and searches for # { your reference } then creates a commit with the relavant update

    ---
    apiVersion: image.toolkit.fluxcd.io/v1beta1
    kind: ImageUpdateAutomation
    metadata:
      name: buttons
      namespace: flux-system
    spec:
      git:
        checkout:
          ref:
            branch: main
        commit:
          author:
            email: fluxcdbot@users.noreply.github.com
            name: fluxcdbot
          messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
        push:
          branch: main
      interval: 1m0s
      sourceRef:
        kind: GitRepository
        name: flux-system
      update:
        path: ./apps/buttons/values.yaml
        strategy: Setters
    

    And the last piece to this puzzle is the refrence inside the values.yaml file.

    # apps/buttons/values.yaml
    ---
    nginx:
      image:
        repository: harbor.<myDomain>/application/nginx
        tag: main-3e54d47-1706726487 `# {"$imagepolicy": "flux-system:nginx:tag"}`
    python:
      image:
        repository: harbor.<myDomain>/application/python
        tag: main-a6c715b-1706875745 `# {"$imagepolicy": "flux-system:python:tag"}`
    

    Now when you create a new build you will notice that flux updates your values.yaml and the new image rolls out automatically.


    RAW CONTENT URL