Tags | kubernetes fluxcd |
Hard Prerequisites | |
IMPORTANT: Please review these prerequisites, they include important information that will help you with this content. | |
|
|
Soft Prerequisites |
|
To load a helmchart from a helmrepository using FluxCD’s helmcontroller we issue a helmrelease.
To start let’s create folders and files for each release
|-- infrastructure
| |-- cert-manager
| | |-- kustomization.yaml
| | |-- kustomizeconfig.yaml
| | |-- release.yaml
| | |-- values.yaml
| | |-- namespace.yaml
| | |-- issuer.yaml
# infrastructure/cert-manager/kustomization.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- release.yaml
# - issuer.yaml
configMapGenerator:
- name: values
files:
- values.yaml=values.yaml
configurations:
- kustomizeconfig.yaml
Note that you leave out the issuer.yaml until after cert-manager is started then apply later
# infrastructure/cert-manager/kuztomizeconfig.yaml
---
# Kustomize config for enabling HelmRelease values from
# ConfigMaps and Secrets generated by Kustomize
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- path: spec/valuesFrom/name
kind: HelmRelease
# infrastructure/cert-manager/release.yaml
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
releaseName: cert-manager
chart:
spec:
chart: cert-manager
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
interval: 24h0m0s
install:
remediation:
retries: 4
valuesFrom:
- kind: ConfigMap
name: values
# infrastructure/cert-manager/namespace.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
Push this to github first and make sure that cert-manager is running as you can’t load the ClusterIssuer before you have loaded the CRD’s
Now remember to add the folder in the infrastructure kustomization
# infrastructure/kustomization.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- sources
- cert-manager
And last but not least we need to add the values.yaml
# infrastructure/cert-manager/values.yaml
installCRDs: true
ingressShim:
defaultIssuerName: letsencrypt-prod
ingressShim.defaultIssuerKind: ClusterIssuer
git push to your main branch and you should notice the containers rollout in cert-manager namespace
kubectl -n cert-manager get pods
kubectl -n flux-system get helmchart
Now you can add the issuer.yaml
and change your email
# infrastructure/cert-manager/issuer.yaml
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: `my@email.com`
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
ingressClassName: nginx
Then add the file to your kusotmization so that it can get included in the build
# infrastructure/cert-manager/kustomization.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- release.yaml
- issuer.yaml
configMapGenerator:
- name: values
files:
- values.yaml=values.yaml
configurations:
- kustomizeconfig.yaml
And finally confirm it deployed
kubectl -n cert-manager get clusterissuer
** ps. remember to add folders in the root kustomization so that flux can pick it up
Running ‘flux events’ is great for debugging
# infrastructure/kustomization.yaml
- sources
- cert-manager
- ingress-nignx
- harbor