project: Helmrelease

Tags kubernetes fluxcd
Hard Prerequisites
IMPORTANT: Please review these prerequisites, they include important information that will help you with this content.
  • K8S: Manual App Deployment – Project Overview
  • Soft Prerequisites
  • K8S: Helmrepository
  • Helmrelease cert-manager

    To load a helmchart from a helmrepository using FluxCD’s helmcontroller we issue a helmrelease.

    To start let’s create folders and files for each release

    |-- infrastructure
    |   |-- cert-manager
    |   |   |-- kustomization.yaml
    |   |   |-- kustomizeconfig.yaml
    |   |   |-- release.yaml
    |   |   |-- values.yaml
    |   |   |-- namespace.yaml
    |   |   |-- issuer.yaml
    
    # infrastructure/cert-manager/kustomization.yaml
    ---
    apiVersion: kustomize.config.k8s.io/v1beta1
    kind: Kustomization
    namespace: cert-manager
    resources:
      - namespace.yaml
      - release.yaml
    # - issuer.yaml 
    configMapGenerator:
      - name: values
        files:
          - values.yaml=values.yaml
    configurations:
      - kustomizeconfig.yaml
    

    Note that you leave out the issuer.yaml until after cert-manager is started then apply later

    # infrastructure/cert-manager/kuztomizeconfig.yaml
    ---
    # Kustomize config for enabling HelmRelease values from
    # ConfigMaps and Secrets generated by Kustomize
    nameReference:
    - kind: ConfigMap
      version: v1
      fieldSpecs:
      - path: spec/valuesFrom/name
        kind: HelmRelease
    
    # infrastructure/cert-manager/release.yaml
    ---
    apiVersion: helm.toolkit.fluxcd.io/v2beta1
    kind: HelmRelease
    metadata:
      name: cert-manager
      namespace: cert-manager
    spec:
      releaseName: cert-manager
      chart:
        spec:
          chart: cert-manager
          sourceRef:
            kind: HelmRepository
            name: jetstack
            namespace: flux-system
      interval: 24h0m0s
      install:
        remediation:
          retries: 4
      valuesFrom:
        - kind: ConfigMap
          name: values
    
    # infrastructure/cert-manager/namespace.yaml
    ---
    apiVersion: v1
    kind: Namespace
    metadata:
      name: cert-manager
    

    Push this to github first and make sure that cert-manager is running as you can’t load the ClusterIssuer before you have loaded the CRD’s

    Now remember to add the folder in the infrastructure kustomization

      # infrastructure/kustomization.yaml
      ---
      apiVersion: kustomize.config.k8s.io/v1beta1
      kind: Kustomization
      resources:
        - sources
        - cert-manager
    

    And last but not least we need to add the values.yaml

    # infrastructure/cert-manager/values.yaml
    
    installCRDs: true
    ingressShim:
      defaultIssuerName: letsencrypt-prod       
      ingressShim.defaultIssuerKind: ClusterIssuer
    

    git push to your main branch and you should notice the containers rollout in cert-manager namespace

    kubectl -n cert-manager get pods
    kubectl -n flux-system get helmchart
    

    Now you can add the issuer.yaml and change your email

    # infrastructure/cert-manager/issuer.yaml
    ---
    apiVersion: cert-manager.io/v1
    kind: ClusterIssuer
    metadata:
      name: letsencrypt-prod
      namespace: cert-manager
    spec:
      acme:
        server: https://acme-v02.api.letsencrypt.org/directory
        email: `my@email.com`
        privateKeySecretRef:
          name: letsencrypt-prod
        solvers:
          - http01:
              ingress:
                ingressClassName: nginx
    

    Then add the file to your kusotmization so that it can get included in the build

    # infrastructure/cert-manager/kustomization.yaml
    ---
    apiVersion: kustomize.config.k8s.io/v1beta1
    kind: Kustomization
    namespace: cert-manager
    resources:
      - namespace.yaml
      - release.yaml
      - issuer.yaml
    configMapGenerator:
      - name: values
        files:
          - values.yaml=values.yaml
    configurations:
      - kustomizeconfig.yaml
    

    And finally confirm it deployed

    kubectl -n cert-manager get clusterissuer
    

    Now add helmreleases for nginx and harbor by yourself.

    ** ps. remember to add folders in the root kustomization so that flux can pick it up

    Running ‘flux events’ is great for debugging

    # infrastructure/kustomization.yaml
      - sources
      - cert-manager
      - ingress-nignx
      - harbor
    

    RAW CONTENT URL