4 # Flux CLI 설치 curl -s https://fluxcd.io/install.sh | sudo bash . <(flux completion bash) # 버전 확인 flux --version flux version 2.0.0-rc.5 5 # 자신의 Github 토큰과 유저이름 변수 지정 export GITHUB_TOKEN= export GITHUB_USER= export GITHUB_TOKEN=ghp_### export GITHUB_USER=topasvga1 6 # Bootstrap # fleet-infra 라고 깃헙 계정에 레파지토리가 생성된다. ## Creates a git repository fleet-infra on your GitHub account. ## Adds Flux component manifests to the repository. ## Deploys Flux Components to your Kubernetes Cluster. ## Configures Flux components to track the path /clusters/my-cluster/ in the repository. flux bootstrap github --owner=$GITHUB_USER --repository=fleet-infra --branch=main --path=./clusters/my-cluster --personal private fleet-infra 가 생긴다. yaml file 생김 7 # 설치 확인 - flux-system 네임스페이스에 pod들이 설치된다. kubectl get pods -n flux-system ------------------------------------------------- NAME READY STATUS RESTARTS AGE helm-controller-fbdd59577-knhzg 1/1 Running 0 29s kustomize-controller-6b67b54cf8-5f42s 1/1 Running 0 29s notification-controller-78f4869c94-wmxb4 1/1 Running 0 29s source-controller-75db64d9f7-xhmg7 1/1 Running 0 29s 8 # 전체 리소스 확인 , crd 확인 kubectl get-all -n flux-system kubectl get crd | grep fluxc 9 # gitrepository 확인 kubectl get gitrepository -n flux-system NAME URL AGE READY STATUS NAME URL AGE READY STATUS flux-system ssh://git@github.com/topasvga1/fleet-infra 60s True stored artifact for revision 'main@sha1:e85fa0a392557f733d79b51f6a25408830af2d92' 10 자신의 Github에 private 저장소 확인 : my-cluster 폴더에 설치된 flux manifest 확인 https://github.com/ GitHub: Let’s build from here GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and fea... github.com <2> gitops 도구 설치 1 링크 → flux 대시보드 설치 : admin / password https://docs.gitops.weave.works/docs/installation/weave-gitops/#next-steps # gitops 도구 설치 curl --silent --location "https://github.com/weaveworks/weave-gitops/releases/download/v0.24.0/gitops-$(uname)-$(uname -m).tar.gz" | tar xz -C /tmp sudo mv /tmp/gitops /usr/local/bin gitops version n (분석 n) 2 # flux 대시보드 설치 PASSWORD="password" gitops create dashboard ww-gitops --password=$PASSWORD 4 # 확인 flux -n flux-system get helmrelease NAME REVISION SUSPENDED READY MESSAGE ww-gitops 4.0.24 False True Release reconciliation succeeded kubectl -n flux-system get pod,svc NAME READY STATUS RESTARTS AGE pod/helm-controller-fbdd59577-knhzg 1/1 Running 0 3m9s pod/kustomize-controller-6b67b54cf8-5f42s 1/1 Running 0 3m9s pod/notification-controller-78f4869c94-wmxb4 1/1 Running 0 3m9s pod/source-controller-75db64d9f7-xhmg7 1/1 Running 0 3m9s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/notification-controller ClusterIP 10.100.49.0 80/TCP 3m9s service/source-controller ClusterIP 10.100.129.88 80/TCP 3m9s service/webhook-receiver ClusterIP 10.100.214.50 80/TCP 3m9s <3> Ingress 설정 접속을 위해 인그레스 설정 1 도메인 MyDomain=masterseo1.link MyDomain=taeho11.co.kr 인증서 콘솔에서 cert manger 에서 설정하자. taeho11.co.kr *.taeho11.co.kr route53에서 인증 설정하자. *.taeho11.co.kr cname value CERT_ARN=`aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn[]' --output text` echo $CERT_ARN (aws-topas3-06-26-iam@myeks:ack-system) [root@myeks-bastion ~]# echo $CERT_ARN arn:aws:acm:ap-northeast-2:319485572629:certificate/a59432cedbb242b9521 2 # Ingress 설정 cat < gitops-ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitops-ingress annotations: alb.ingress.kubernetes.io/certificate-arn: $CERT_ARN alb.ingress.kubernetes.io/group.name: study alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]' alb.ingress.kubernetes.io/load-balancer-name: myeks-ingress-alb alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/ssl-redirect: "443" alb.ingress.kubernetes.io/success-codes: 200-399 alb.ingress.kubernetes.io/target-type: ip spec: ingressClassName: alb rules: - host: gitops.$MyDomain http: paths: - backend: service: name: ww-gitops-weave-gitops port: number: 9001 path: / pathType: Prefix EOT kubectl apply -f gitops-ingress.yaml -n flux-system 3 # 배포 확인 kubectl get ingress -n flux-system gitops-ingress alb gitops.taeho11.co.kr myeks-ingress-alb-1644550780.ap-northeast-2.elb.amazonaws.com 80 9s 4 # GitOps 접속 정보 확인 >> 웹 접속 후 정보 확인 echo -e "GitOps Web https://gitops.$MyDomain" GitOps Web https://gitops.taeho11.co.kr ad/pass <4> hello world (kubstomize) 1 참고 https://github.com/sungwook-practice/fluxcd-test github에 있는 nginx manifest를 쿠버네티스에 배포합니다. 배포할 때 kusotmize를 사용 2 # 소스 생성 : 유형은 git, helm, oci, bucket 이 가능하다. # flux create source {소스 유형} 예제를 nginx 사용 # 여기서는 소스를 git으로 사용 # 악분(최성욱)님이 준비한 repo로 git 소스 생성 GITURL="https://github.com/sungwook-practice/fluxcd-test.git" flux create source git nginx-example1 --url=$GITURL --branch=main --interval=30s 플럭스가 GIT을 원천 소스로 해서 사용한다. 생성! 플럭스가 nginx 사용 확인 3 # 소스 확인 flux get sources git (aws-topas3-06-26-iam@myeks:ack-system) [root@myeks-bastion ~]# flux get sources git NAME REVISION SUSPENDED READY MESSAGE nginx-example1 main@sha1:4478b54c False True stored artifact for revision 'main@sha1:4478b54c' kubectl -n flux-system get gitrepositories NAME URL AGE READY STATUS nginx-example1 https://github.com/sungwook-practice/fluxcd-test.git 2m53s True stored artifact for revision 'main@sha1:4478b54cb7a8eaf1ee2665e2b3dd5bcfd55e9da9' 4 watch -d kubectl get ingress,svc,pods -A <5> 애플리케이션 생성,삭제 과정 (선택) 1 flux 애플리케이션 생성 ? : 유형(kustomization) , 깃 소스 경로( —path ./nginx) → gitops 웹 대시보드에서 확인 2 # [터미널] 모니터링 watch -d kubectl get pod,svc nginx-example1 3 # flux 애플리케이션 생성 : nginx-example1 flux create kustomization nginx-example1 --target-namespace=default --interval=1m --source=nginx-example1 --path="./nginx" --health-check-timeout=2m 4 # 확인 k ns default (aws-topas3-06-26-iam@myeks:flux-system) [root@myeks-bastion ~]# k ns default Context "aws-topas3-06-26-iam@myeks.ap-northeast-2.eksctl.io" modified. Active namespace is "default". kubectl get pod,svc nginx-example1 (aws-topas3-06-26-iam@myeks:default) [root@myeks-bastion ~]# kubectl get pod,svc nginx-example1 NAME READY STATUS RESTARTS AGE pod/nginx-example1 1/1 Running 0 8m20s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/nginx-example1 ClusterIP 10.100.151.110 80/TCP 8m20s kubectl get kustomizations -n flux-system NAME AGE READY STATUS flux-system 70m True Applied revision: main@sha1:e85fa0a392557f733d79b51f6a25408830af2d92 nginx-example1 55m True Applied revision: main@sha1:4478b54cb7a8eaf1ee2665e2b3dd5bcfd55e9da9 # flux 로도 볼수 있다!! flux get kustomizations NAME REVISION SUSPENDED READY MESSAGE flux-system main@sha1:e85fa0a3 False True Applied revision: main@sha1:e85fa0a3 nginx-example1 main@sha1:4478b54c False True Applied revision: main@sha1:4478b54c 5 애플리케이션 삭제 # [터미널] 모니터링 watch -d kubectl get pod,svc nginx-example1 6 # flux 애플리케이션 삭제 >> 파드와 서비스는? flux 애플리케이션 생성 시 --prune 옵션 false(default 값) - 쿠버네티스 리소스는 삭제 되지 않는다. flux delete kustomization nginx-example1 flux get kustomizations kubectl get pod,svc nginx-example1 7 # flux 애플리케이션 다시 생성 : --prune 옵션 true flux create kustomization nginx-example1 --target-namespace=default --prune=true --interval=1m --source=nginx-example1 --path="./nginx" --health-check-timeout=2m 8 # 확인 flux get kustomizations kubectl get pod,svc nginx-example1 # flux 애플리케이션 삭제 >> 파드와 서비스는? flux로 지울수 있다. flux delete kustomization nginx-example1 flux get kustomizations kubectl get pod,svc nginx-example1 9 # flux 소스 삭제 flux delete source git nginx-example1 //prune 옵션 true 로 쿠버네티스에서도 삭제 된다. // 디폴트는 false로 쿠버네티스에서 삭제되지 않는다. 10 # 소스 확인 flux get sources git kubectl -n flux-system get gitrepositories <6> 공식 Docs 샘플 실습 (선택) 1 https://fluxcd.io/flux/get-started/ # Clone the git repository : 자신의 Github 의 Username, Token 입력 git clone https://github.com/$GITHUB_USER/fleet-infra Username for 'https://github.com': <자신의 Github 의 Username> Password for 'https://gasida@github.com': <자신의 Github의 Token> # 폴더 이동 cd fleet-infra tree 2 Add podinfo repository to Flux https://github.com/stefanprodan/podinfo # GitRepository yaml 파일 생성 flux create source git podinfo --url=https://github.com/stefanprodan/podinfo --branch=master --interval=30s --export > ./clusters/my-cluster/podinfo-source.yaml # GitRepository yaml 파일 확인 cat ./clusters/my-cluster/podinfo-source.yaml | yh # Commit and push the podinfo-source.yaml file to the fleet-infra repository >> Github 확인 git config --global user.name "Your Name" git config --global user.email "you@example.com" git add -A && git commit -m "Add podinfo GitRepository" git push Username for 'https://github.com': <자신의 Github 의 Username> Password for 'https://gasida@github.com': <자신의 Github의 Token> # 소스 확인 flux get sources git kubectl -n flux-system get gitrepositories 3 Deploy podinfo application : Configure Flux to build and apply the kustomize directory located in the podinfo repository https://fluxcd.io/flux/get-started/#deploy-podinfo-application 4 # [터미널] watch -d kubectl get pod,svc # Use the flux create command to create a Kustomization that applies the podinfo deployment. flux create kustomization podinfo --target-namespace=default --source=podinfo --path="./kustomize" --prune=true --interval=5m --export > ./clusters/my-cluster/podinfo-kustomization.yaml # 파일 확인 cat ./clusters/my-cluster/podinfo-kustomization.yaml | yh # Commit and push the Kustomization manifest to the repository: git add -A && git commit -m "Add podinfo Kustomization" git push # 확인 kubectl get pod,svc kubectl get kustomizations -n flux-system flux get kustomizations tree 5 Watch Flux sync the application # [터미널] watch -d kubectl get pod,svc # 파드 갯수 변경 시도 >> 어떻게 되는가? kubectl scale deployment podinfo --replicas 1 ... kubectl scale deployment podinfo --replicas 3 ... # flux delete kustomization podinfo flux delete source git podinfo # flux uninstall --namespace=flux-system 7 Github에 fleet-infra Repo 제거하기