Cross-posted from March 2022 Update | Flux
As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here.
It’s the beginning of April 2022 - let’s recap together what happened in March - it has been a lot!
The latest release of Flux is 0.28. One big focus was to graduate its Source API to
To upgrade and fully benefit from this, please follow the upgrade instructions.
This work had been a long time in the making, partly because of a larger refactoring effort, which we had reported about previously. The idea was to abstract reusable components and functionality into the fluxcd/pkg repository. While this is an ongoing effort, we are very happy with what we have learned so far and are convinced that we will get better test coverage this way and are providing external projects with a solid foundation to build on as well.
In this release we added new features and improvements across the board, here’s a quick list of our highlights:
- Add the Git commit message (first 50 characters) to the events and alerts issued by
- Improve performance for Helm repository index and chart download operations.
- Improve observability for the Git, Helm and Bucket resources by providing explicit status conditions which conform to the Kubernetes
- A new annotation ( kustomize.toolkit.fluxcd.io/ssa: merge) is available for allowing Flux to patch cluster addons such as CoreDNS.
- Add Azure Blob Storage native support to Flux Bucket sources.
- Add support for decrypting secrets with SOPS and Azure Key Vault on multi-tenant clusters.
- Retry the Git operations on conflict errors to allow running bootstrap in-parallel for multiple clusters that target the same repository.
- Add a new transport for
libgit2for improved reliability (experimental). We wrote about this in our last blog post as well.
We blogged about this separately already as it is such a big achievement for Team Flagger. With its recent 1.19 release, Flagger brings Gateway API support. This means native Progressive Delivery for all providers supported by the Gateway API project within Kubernetes. Be sure to check out the blog post to find out how to integrate this into your setups.
The Flux community is happy and proud that Flagger is part of our effort to bring GitOps solutions to the world.
Being clear about our priorities in Flux development was always important to us as a project. Discussing this regularly in weekly meetings to be able to get everyone’s input was one measure to do this. Updating our roadmap regularly was another. Monthly updates posted on all of Flux channels yet another.
As the development team around Flux grew and we had more work to be coordinated across Flux controllers with e.g. teams at cloud providers, bigger pieces of code refactoring, etc, we are now pleased to use GitHub’s new project boards for having a “Maintainer’s Focus” page which shows what’s bookmarked for the upcoming Flux releases - this might also be a good resource to check if you would like to get involved with Flux development and help out with one of the next releases.
A particular focus in our project management is GA, the big target we have been following ever since we started the rewrite of Flux. As you can see on the Flux Roadmap, we closed out the vast majority of items and last year we already announced that the Flux APIs will be stable from now on. So what’s left is to finish the refactoring for the remaining controllers, complete some parts of the documentation and some general tidying up. If you want more detail, or would like to help us to achieve this big milestone, you can follow the work here.
The latest addition to our blog series about Flux Security was a post called «Using Pod Security Standard “restricted”». Go check it out, as it you will learn more about Kubernetes’ pod security standard, seccomp and how we apply this in Flux to keep you safe.
The already mentioned blog post about our tight integration with Git APIs could also be of interest, as we discuss upcoming plans for integrating sha256 hash support.
What makes Flux great is its ecosystem. Tools and services which integrate seamlessly because that’s how the Cloud Native ecosystem works. We are celebrating all of this on the Flux Ecosystem page. (Please add yourself if your tool or integration isn’t listed yet.)
Here are a couple of newcomers. Firstly, there’s Renovate, which is an Open Source tool to automate:
- Detecting dependencies in a repository (Open Source and private/closed source)
- Checking if there are dependency updates
- Creating commits and Merge/Pull Requests to update dependencies
- Showing the release notes
We are very pleased that the team at Renovate added a manager to integrate with Flux.
The Weaveworks GitOps Extension provides an intuitive way to manage, troubleshoot and operate your Kubernetes environment following the GitOps operating model, accelerating your development lifecycle and simplifying your continuous delivery pipelines.
— Geert Baeke (@GeertBaeke) March 18, 2022
This extension is under active development and currently available as an alpha product.
FSA (aka Flamingo) is the Flux Subsystem for Argo. Its container image can be used as a drop-in replacement for the equivalent ArgoCD version to visualise, and manage Flux workloads, alongside ArgoCD.
How does it work?
This project is currently available as a technology preview.
In some of our last issues we already reported about the terraform-controller hitting the streets. It’s a Flux controller which reconciles Terraform resources in the GitOps way. We received a short report from the team regarding their achievements of the first quarter of the year:
- TF-controller v0.9.3 is considered the most stable release to date.
- We reached 200 stars on GitHub, now at 211.
- It’s been 45 releases so far.
- We re-factored it to the Controller/Runner architecture.
- Standing on the shoulders of our giants (Flux), we successfully implemented the multi-tenancy feature in 2 months.
- We cleared all Q1 roadmap with 68.2% test coverage.
- We started seeing its adoption in public, from a Helm Controller user, for example.
- We got its first promo video.
- Chanwit Kaewkasi, Piaras Hoban and Tom Huang are the core team around it now!
The team around Weave GitOps has been busy and would love to hear your feedback. If you haven’t heard about it just yet, its GitHub says:
Weave GitOps enables an effective GitOps workflow for continuous delivery of applications into Kubernetes clusters. It is based on CNCF Flux, a leading GitOps engine.
The Flux community particularly loved the last sentence.
Getting started with it is very straight-forward. Please take up the offer of them and give feedback, they are building a very nice tool based on Flux!
It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.
We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In March here are a couple of talks we would like to highlight:
- Flux Maintainer Stefan Prodan at our friends of Tanzu Tuesday: Mar 15: Tanzu Tuesdays #89: GitOps with Flux on Kubernetes with Stefan Prodan
- Flux contributor and VMware Tanzu Advocate Leigh Capili talking about a subject close to the heart of many - security and debugging : Mar 16: Securing GitOps Debug Access with Flux, Pinniped, Dex, & GitHub - Leigh Capili
- Weaveworks’ DX Engineer Priyanka Pinky and Anchore’s OSS Lead Dan Luhring dive deeper into security subjects here: Mar 24: Security: The Value of SBOMs with Dan Luhring & Priyanka Ravi
- Want to hear from professionals who brought GitOps to 7000 devs in a heavily regulated industry? Mae Large, Pinky & Russ Palmer reflect on their work together: Mar 30: From Zero to GitOps Heros with Mae Large, Russ Parmer, Priyanka Ravi
We are happy to announce that we have a number of events coming up in April - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.
- Introduction to GitOps & Flux
You may have heard the term GitOps - it has become a bit of a buzzword, but it’s so much more! The benefits of GitOps are real - bringing better security, reliability, velocity and more! And the project that started it all was Flux - a CNCF Incubating project developed and later donated by Weaveworks (the GitOps company who coined the term).
- GitOps in Microsoft Azure with Flux
To provide Kubernetes admins and app developers with the latest tooling for managing configuration and application deployment, Azure enables GitOps with Flux. In this session Jonathan Innis, Software Engineer II at Microsoft, will live demo how CNCF Flux is enabled in Azure Arc enabled Kubernetes and Azure Kubernetes Services and also give a sneak peek at implementation of Flux.
Whether you’re new to GitOps or a seasoned pro, this talk is for you! We’ll start with the basics of how/where to get started, and then dive into one of the most asked GitOps questions: how to structure your repository!
During this talk, Scott & Pinky will review the Core Concepts of Flux including Git Sources, Reconciliation, Helm Releases, Kustomization, and Bootstrapping, to get you ramped up with how to think with a GitOps mindset! Then they’ll dive into and discuss considerations for and demo ways of structuring your repositories: monorepo, repo per environment, repo per team, or repo per app.
Welcome Helm users! CNCF Flux has a best-in-class way to use Helm according to GitOps principles. For you, that means improved security, reliability, and velocity - no more being on the pager on the weekends or having painful troubleshooting or rollback when things go wrong.
Built on Kubernetes controller-runtime, Flux’s Helm Controller is an example of a mature software agent that uses Helm’s SDK to full effect.
Flux’s biggest addition to Helm is a structured declaration layer for your releases that automatically gets reconciled to your cluster based on your configured rules:
️ The Helm client commands let you imperatively do things
️ Flux Helm Custom Resources let you declare what you want the Helm SDK to do automatically.
In addition, Scott will show how to use Helm Charts to run reliable stateful workloads.
Some organisations depend heavily on their Terraform scripts because they are using multiple providers, have built wrappers around those providers, and might even be deploying their application code along with Terraform. Additionally, GitOps is in every IT roadmap, but unfortunately Terraform doesn’t have an easy way to reconcile its resources. This means that teams won’t notice a sudden change in the running environment often with critical consequences.
What if teams could ensure that what they defined in the Terraform HCL code is what is always running and available? Flux can continuously look for changes on your Terraform resources and do reconciliation with the desired state. You can rest easy knowing that your deployments are always up to date with your desired state. This enables you to take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development!
Jose provides an in-depth look at TF-controller, a Flux-based controller to reconcile your Terraform resources the GitOps Way. Jose will share insights on the many benefits of TF-Controller, then demo a common use case implementation.
Our Flux Bug Scrubs still are happening on a weekly basis and remain one of the best ways to get involved in Flux. They are a friendly and welcoming way to learn more about contributing and how Flux is organised as a project.
The next dates are going to be:
- April 6 at 1pm UTC/ 2pm CET
- April 14 at 10am PT / 1pm ET
- April 20 at 1pm UTC/ 2pm CET
- April 28 at 10am PT / 1pm ET
We are flexible with subjects and often go with the interests of the group or of the presenter. If you want to come and join us in either capacity, just show up or if you have questions, reach out to Kingdon on Slack.
We really enjoyed this demo of the k3d git server recently. It’s a local Git server that runs outside of Kubernetes, to support offline dev in a realistic but also simple way that does not depend on GitHub or other hosted services.
As every other project in the Cloud Native space, we are very busy preparing everything for KubeCon / CloudNativeCon Europe 2022, which is going to be 16-20 May 2022 in Valencia, Spain (and virtual of course!).
We will post a separate announcement as soon as everything is confirmed, but we already want to inform you about what’s likely to happen, so you can plan accordingly or collaborate with us!
Leading up to KubeCon, the Bug Bash will run online for the two week period (Monday May 2 - Friday May 13) before KubeCon to maximise developer engagement. At KubeCon there will be awards for top contributors live at the conference!
There will be a separate announcement once we know all the details.
13:00 - 17:00 (Room 2H - Event Center): Flux Project Meeting: We will kick off the Flux get-togethers and festivities with an in-person meeting for all Flux users, contributors, maintainers and generally interested folks. This will be an opportunity to get to know each other, have a chat, see what people’s interests are and to potentially start contributing. ( Sign up here.) Contact people on the ground are: Somtochi Onyekwere and Scott Rigby.
Tuesday 17 May - GitOpsCon
Lots and lots of talks about GitOps in general and Flux in particular, here’s a short selection of what to look forward to:
- What is GitOps and How to Get It Right - Dan Garfield (Codefresh); Chris Short (AWS) & Scott Rigby (Weaveworks) (9:00 - 9:35)
- Hiding in Plain Sight - How Flux Decrypts Secrets - Somtochi Onyekwere (Weaveworks) (11:05 - 11:15)
- Taming the Thundering Gitops Herd with Update Policies - Joaquim Rocha & Iago López Galeiras (Microsoft) (11:35 - 11:45)
- GitOps and Progressive Delivery with Flagger, Istio and Flux - Marco Amador (Anova) (13:20-13:30)
- Creating A Landlord for Multi-tenant K8s Using Flux, Gatekeeper, Helm, and Friends - Michael Irwin (Docker) (13:35-14:05)
- GitOps, A Slightly Realistic Situation on Kubernetes with Flux - Laurent Grangeau (Google) & Ludovic Piot (theGarageBandOfIT) (14:10 - 14:40)
- Solving Environment Promotion with Flux - Sam Tavakoli & Adelina Simion (Form3) (14:10 - 14:40)
- Managing Thousands of Clusters and Their Workloads with Flux - Max Jonas Werner (D2iQ) (14:55 - 15:25)
- Crossing the Divide: How GitOps Brought AppDev & Platform Teams Together! - Russ Palmer (State Farm) & Priyanka ‘Pinky’ Ravi (Weaveworks) (15.30 - 16:00)
- GitOps Everything!? We Sure Can!, AppsFlyer (15:30 - 16:00)
- Lightning Talk: Addressing Log4Shell with Software Supply Chains - Duane DeCapite (VMware) (18:04 - 18:09)
Wednesday 18 May - Friday May 20 - KubeCon
Over these three days we are going to be at the Flux booth (both virtually and on the ground), so come over for a chat. We are planning loads of talks, demos and ample time to have a chat, get to know everyone, ask questions and have great new ideas together!
On top of that, here is a list of talks, workshops and sessions during those days:
- Wed 18: Flux Security Deep Dive - Stefan Prodan (Weaveworks) (11:55 - 12:30)
- Wed 18: Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Johee Chung (Microsoft) & Tiffany Wang (Weaveworks) (11:00 - 12:30)
- Wed 18: A New Generation of Trusted GitOps for Mixed K8s and Non-K8s End Users - Alexis & Vasu Chandrasekhara (SAP) (15:25 - 16:00)
- Thu 19: GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger (DigitalOcean) (11:00 - 12:30)
- Thu 19: Flux Project Office Hour - Paulo Gomes (Weaveworks) (13:30 - 14:15)
- Fri 20: Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, (Fastly) (11:00 - 11:35)
- Fri 20: Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors (Google) & Stefan Prodan (Weaveworks) (14:55 - 15:30)
Please note: all of the above might be subject to change. Please double-check the schedule beforehand. Please reach out to Vanessa Abankwah or Daniel Holbach on Slack if you have questions or would like to participate in any of the above.
We very much look forward to seeing you there!
We love it when you all write about Flux and share your experience, write how-tos on integrating Flux with other pieces of software or other things. Give us a shout-out and we will link it from this section!
In this podcast, Wesley Reisz talks to Stefan Prodan about Flux and Flagger–two tools built on top of Flux CD’s GitOps Toolkit. After discussing some of the architectural differences between Flux v1 and v2 and discussing some of the GitOps toolkit use cases, the two discuss the operator pattern on Kubernetes. They specifically spend time talking about the operator pattern, why developers may opt to build API’s on top of Kubernetes, and how the pattern can be used on non-clusters resources. The podcast wraps with a discussion on the work being down towards Flux v2’s push to GA.
Chen wrote up a nice tutorial on using Flagger and has this to say about Flagger itself:
*Flagger is a progressive delivery tool that automates the release process for apps on Kubernetes. It can gradually shift traffic to the new version while measuring metrics and running conformance tests.
I prefer flagger because of two main points:
- It integrates natively: it watches Deployment resources, while Argo uses its own CRD Rollout
- It is highly extensible and comes with batteries included: it provides a load-tester to run basic, or complex scenarios*
Check out this article by Piotr who dives into how to automate the provisioning of cloud resources via Crossplane and combine it with GitOps practices. At the end of it, you will have stopped using kubectl to manage resources, but rather delegate this to Flux using Git. GitOps for the win!
Cora Iberkleid and David Espejo at VMware talk about Cartographer. They say: The Kubernetes ecosystem has a rich set of solutions for various stages of CI/CD. Tools like Flux, Tekton, kpack, Knative, ArgoCD, and more each enable big steps forward in establishing a modern path to production. And yet, the teams and organizations that adopt these tools still struggle with complex, DIY snowflake pipelines. The challenge can be creating and maintaining imperative scripts; orchestrating the flow of information between tools; driving reusability; adopting GitOps practices; and enabling proper separation of concerns.
If you have not already done so, use the instructions here or give us a ping and we will help to add you. Not only is it great for us to get to know and welcome you to our community. It also gives the team a big boost in morale to know where in the world Flux is used.
We are constantly improving our documentation and website - here are a couple of small things we landed recently.
- This was a big effort: The Source API documentation has been refactored to be more user-friendly. See the v1beta2 specification for: Git Repositories, Buckets and Helm Repositories.
- Flux from End-to-End: This was a big part of work as well. It describes the flow of data through Flux, from End to End.
- Cheatsheets: Various configurations of Flux controllers at install time are now available as a bootstrap cheatsheet.
- We added new FAQ entries.
- We added new resources to the site.
In terms of documentation, we are working on a bigger piece of navigation and information architecture refactoring. This was pointed out to us as piece of feedback from the CNCF TechDocs team. As the Flux project has grown over time, we appreciate this opportunity to restructure our docs to make them as easy to find as possible. Your feedback matters here, so if you could leave us a note with your impression on this PR, we would love to hear from you.
And finally on our blog, we added a tag cloud and a note to blog posts that are older than a year - we also typed up how to blog.
Thanks a lot to these folks who contributed to docs and website: Kingdon Barrett, Stefan Prodan, Stacey Potter, Hidde Beydals, Sebastian Bernheim, Ihor Sychevskyi, Colin Humphreys, Filip Sequeira, Jan Lauber, Marcus Noble, Morgan Christiansson, Satish Kumar Kardarkarai Mani, Tom Huang and Nguyen Duc Toan.
We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.
- Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
- Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
- Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
- Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
- Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
- Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
- Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
- Users trust Flux: Flux is a CNCF Incubating project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
- Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.
If you like what you read and would like to get involved, here are a few good ways to do that:
- Join our upcoming dev meetings on 2021-04-07 or 2021-04-13.
- Talk to us in the #flux channel on CNCF Slack
- Join the planning discussions
- And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
- Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.
We look forward to working with you.