Skip to main content
Version: Next

FluxCD

This addon is built based FluxCD

install

vela addon enable fluxcd

If you only want to deploy the helm application with fluxcd addon, you can execute the following command to enable only helm related components.

$ vela addon enable fluxcd onlyHelmComponents=true

Definitions

The following definitions will be enabled after the installation of fluxcd addon.

DEFINITION NAMEDEFINITION TYPEDEFINITION DESCRIPTION
helmComponentDefinitionhelps to deploy a helm chart from git repo, helm repo or S3 compatible bucket
kustomizeComponentDefinitionhelps to deploy a kustomize style artifact and GitOps capability to watch changes from git repo or image registry
kustomize-json-patchTraitDefinitionA list of JSON6902 patch to selected target
kustomize-patchTraitDefinitionA list of StrategicMerge or JSON6902 patch to selected target
kustomize-strategy-mergeTraitDefinitionA list of strategic merge to kustomize config

helm

Parameters

ParametersDescriptionExample
repoTyperequired, indicates the type of repository, should be "helm","git", "oss", or "oci".Helm
pullIntervaloptional, the interval at which to check for repository/bucket and release updates, default to 5m5m
urlrequired, the Git or Helm repository URL, OSS endpoint, accept HTTP/S or SSH address as git urlhttps://charts.bitnami.com/bitnami
secretRefoptional, the name of the Secret object that holds the credentials required to pull the repo. The username and password fields must be included in the HTTP/S basic authentication Secret. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. For TLS authentication, the secret must contain a certFile / keyFile field and/or caCert field.sec-name
timeoutoptional, the timeout for operations like download index/clone repository60s
chartrequired, the relative path to helm chart for git/oss source. The chart name for helm resourceredis-cluster
versionoptional, chart version, * by default6.2.7
targetNamespaceoptional, the namespace to install chart, decided by chart itselfyour-ns
releaseNameoptional, release name after installedyour-rn
valuesoptional, override the Values.yaml inchart, using for the rendering of Helm
valuesFromoptional, valuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. It's a list of ValueReference
installTimeoutoptional, the timeout for operation helm install, and 10 minutes by default20m
intervaloptional, the Interval at which to reconcile the Helm release, default to 30s1m
ossoptional, The oss source configuration
gitoptional, The git source configurationdev
ValueReference
ParametersDescriptionExample
kindrequired, kind of the values referent, valid values are ('Secret', 'ConfigMap').ConfigMap
namerequired, name of the values referent. Should reside in the same namespace as the referring resource.your-cm
valuesKeyoptional, valuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.values.yaml
targetPathoptional, targetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.
optionaloptional, optional marks this ValuesReference as optional. When set, a not found error or the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.
OSS
ParametersDescriptionExample
bucketNamerequired, bucket nameyour-bucket
provideroptional, Generic or aws, if you get the certificate from aws EC2, fill in aws. The default is generic.generic
regionoptional, bucket region
Git
ParametersDescriptionExample
branchoptional, Git branch, master by defaultyour-branch

Example

You can create an application like below to deploy a helm chart which stored in helm repository.

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: helm-redis
spec:
components:
- name: redis
type: helm
properties:
repoType: "helm"
url: "https://charts.bitnami.com/bitnami"
chart: "redis"
version: "16.8.5"
values:
master:
persistence:
size: 16Gi
replica:
persistence:
size: 16Gi

If your helm chart is stored in OCI registry, you can create the application like this:

Note: Please guarantee your fluxcd addon version >= v1.3.1

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: oci-app
namespace: default
spec:
components:
- name: test-oci
type: helm
properties:
repoType: "oci"
url: oci://ghcr.io/stefanprodan/charts
chart: podinfo
version: '6.1.*'

If your helm chart is stored in OSS, you can create the application like this:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: bucket-app
spec:
components:
- name: bucket-comp
type: helm
properties:
repoType: oss
# required if bucket is private
secretRef: bucket-secret
chart: ./chart/podinfo-5.1.3.tgz
url: oss-cn-beijing.aliyuncs.com
oss:
bucketName: definition-registry

If your helm chart stored in git, you can create the application like this:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: app-delivering-chart
spec:
components:
- name: terraform-controller
type: helm
properties:
repoType: git
url: https://github.com/oam-dev/terraform-controller
chart: ./chart
git:
branch: master

kustomize

Parameters

ParametersDescriptionExample
repoTyperequired, indicates the type of repository, should be "helm","git" or "oss".oss
pullIntervaloptional, Synchronize with Git repository, and the time interval between tuning helm release. The default value is 5m (5 minutes)10m
urlrequired, bucket's endpoint, no need to fill in with schemeoss-cn-beijing.aliyuncs.com
secretRefoptional, Save the name of a Secret, which is the credential to read the bucket. Secret contains accesskey and secretkey fieldssec-name
timeoutoptional, The timeout period of the download operation, the default is 20s60s
pathrequired, The directory containing the kustomization.yaml file, or the directory containing a set of YAML files (used to generate kustomization.yaml)./prod
ossoptional, The oss source configuration
gitoptional, The git source configuration
imageRepositoryoptional, The image [repository](#Image Repository) for automatically update image to git
Image Repository
ParameterRequiredDescriptionExample
imagerequiredThe image urloamdev/vela-core
secretRefoptionalIf it's a private image registry, use kubectl create secret docker-registry to create the secretmy-secret
policyoptional[Policy](#Image policy) gives the particulars of the policy to be followed in selecting the most recent image.
filterTagsoptionalFilterTags enables filtering for only a subset of tags based on a set of rules. If no rules are provided, all the tags from the repository will be ordered and compared.$timestamp
commitMessageoptionalUse for more commit message
Image policy
ParameterRequiredDescriptionExample
alphabetical.orderoptionalOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select Aasc
numerical.orderoptionalGiven the integer values from 0 to 9 as tags, ascending order would select 9, and descending order would select 0asc
semver.rangeoptionalRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image'>=1.0.0 <2.0.0'
FilterTags
ParameterRequiredDescriptionExample
extractoptionalExtract allows a capture group to be extracted from the specified regular expression pattern, useful before tag evaluation$timestamp
patternoptionalPattern specifies a regular expression pattern used to filter for image tags'^master-[a-f0-9]'

Example

  1. If your kustomize style artifact is stored in oss, you can create application by flowing these steps:

(Optional)If your OSS bucket needs identity verification, create a Secret first:

$ kubectl create secret generic bucket-secret --from-literal=accesskey=<your-ak> --from-literal=secretkey=<your-sk>
secret/bucket-secret created

Deploy this application:

apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: bucket-app
spec:
components:
- name: bucket-comp
type: kustomize
properties:
repoType: oss
# If the bucket is private, you will need to provide
secretRef: bucket-secret
url: oss-cn-beijing.aliyuncs.com
oss:
bucketName: definition-registry
path: ./app/prod/
  1. If your artifact is stored in git, you can create application like this:
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: git-app
spec:
components:
- name: git-comp
type: kustomize
properties:
repoType: git
url: https://github.com/<path>/<to>/<repo>
git:
branch: master
provider: GitHub
path: ./app/dev/
  1. If you want to create a application which updated automatically when image updated. You can create the application like this.
apiVersion: core.oam.dev/v1beta1
kind: Application
metadata:
name: image-app
spec:
components:
- name: image
type: kustomize
properties:
imageRepository:
image: <your image>
secretRef: imagesecret
filterTags:
pattern: '^master-[a-f0-9]+-(?P<ts>[0-9]+)'
extract: '$ts'
policy:
numerical:
order: asc
commitMessage: "Image: {{range .Updated.Images}}{{println .}}{{end}}"

Note

In this addon, there are five controllers to be installed by default

  • Source controller

    • The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, Helm repositories and S3 buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit.
    • overview
  • Image (metadata) reflector controller

    • This is a controller that reflects container image metadata into a Kubernetes cluster. It pairs with the image update automation controller to drive automated config updates.
  • Image automation controller

    • This controller automates updates to YAML when new container images are available.
    • Its sibling, image-reflector-controller, scans container image repositories and reflects the metadata in Kubernetes resources. This controller reacts to that image metadata by updating YAML files in a git repository, and committing the changes.
  • kustomize-controller

    • The kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize.
    • overview
  • helm-controller

    • The helm-controller is a Kubernetes operator, allowing one to declaratively manage Helm chart releases. It is part of a composable GitOps toolkit and depends on source-controller to acquire the Helm charts from Helm repositories.
    • The desired state of a Helm release is described through a Kubernetes Custom Resource named HelmRelease. Based on the creation, mutation or removal of a HelmRelease resource in the cluster, Helm actions are performed by the operator.
    • overview