- Flux to monitor manifests/prod folder
- A K8s Cluster with Cert-Manager (cluster issuer) and Ingress installed. You can use the cluster-mgmt project
Before you need to boostrap Flux:
export GITLAB_TOKEN=glpat-XXXX
flux bootstrap gitlab
--owner=adess-demos/demo/gitops
--repository=flux
--branch=main
--path=./clusters/gke
--namespace=flux-system
In the new repository, create a deploy token with only the read_repository scope needs to be maintainer
kubectl create secret docker-registry gitlab-registry-credentials
--namespace=prod
--docker-server=registry.gitlab.com
--docker-username=project_52715995_bot_7e551246aa7957ea86f3bcdb7f84b8c1
--docker-password=glpat-XXXX
imagePullSecrets:
- name: gitlab-registry-credentials
flux create secret git flux-deploy-authentication
--url=https://gitlab.com/adess-demos/demo/app-team/catweb-gitops/manifests
--namespace=default
--username=@project_44576698_bot_bbeba7f497d7d33b877aeb6f802bddad
--password=glpat-XXXXXX
kubectl -n default get secrets flux-deploy-authentication -o yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: GitRepository metadata: name: catweb namespace: prod spec: interval: 1m0s ref: branch: main secretRef: name: flux-deploy-authentication url: https://gitlab.com/adess-demos/demo/app-team/catweb-gitops/manifests
apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: catweb namespace: prod spec: interval: 1m0s url: https://gitlab.com/adess-demos/demo/gitops/catweb-gitops/manifests/prod ref: branch: main
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install quickstart ingress-nginx/ingress-nginx
flux create helmrelease cert-manager \n --chart cert-manager \n --source HelmRepository/cert-manager.flux-system \n --release-name cert-manager \n --target-namespace cert-manager \n --create-target-namespace \n --values values.yaml
values.yaml:
installCRDs: true
letsEncryptClusterIssuer:
email: adess@gitlab.com
ingressShim:
defaultIssuerKind: "ClusterIssuer"
defaultIssuerName: "letsencrypt-prod"
global:
leaderElection:
# Override the namespace used to store the ConfigMap for leader election
namespace: "gitlab"
Setup cluster issuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: adess@gitlab.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
For troubleshooting: kubectl logs -n cert-manager -l app=cert-manager