CDK Entest

Introduction#

GitHub this note how to getting started with a CI/CD pipeline for EKS using Flux.

Setup Flux on EKS
Monitor ECR image
Flask polly app

Install Flux#

Let install flux

curl -s https://fluxcd.io/install.sh | sudo bash

Check the environment

flux check --pre

Setup GitHub connection with Flux

export GITHUB_TOKEN=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
export GITHUB_USER=entest-hai

Boostrap Flux into the EKS cluster

flux bootstrap github \
  --components-extra=image-reflector-controller,image-automation-controller \
  --owner=$GITHUB_USER \
  --repository=eks-flux-demo \
  --branch=main \
  --path=clusters/EksClusterLevel1 \
  --read-write-key \
  --personal

Should change the repository name

flux-image-updates => eks-flux-demo

Add an yaml file such as an flask-app.yaml, please specify namespace

apiVersion: apps/v1
kind: Deployment
metadata:
  name: flask-app-deployment
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: flask-app
  template:
    metadata:
      labels:
        app: flask-app
    spec:
      containers:
        - image: 392194582387.dkr.ecr.ap-southeast-1.amazonaws.com/flask-app:latest
          name: flask-app
          ports:
            - containerPort: 8080
          resources:
            limits:
              cpu: 50m
            requests:
              cpu: 50m

Then wait a minute or run

flux reconcile kustomization flux-system --with-source

Check the update by flux

watch flux get kustomizations

Scan Image#

Basically, flux will scan ECR image for tags and update the flask-app.yaml with the new tags. Then flux will deploy the updated flask-app.yaml

Register ecr image
Create ecr credentials
Create image update policy

Check the image tag which is using now by the flask-app service

kubectl get deployment/flask-app-deployment -oyaml | grep 'image:'

First, we need to create ImageRepository to tell Flux which container registry to scan for

flux create image repository flask-app \
--image=$ACCOUNT_ID.dkr.ecr.ap-southeast-1.amazonaws.com/flask-app \
--interval=1m \
--export > ./clusters/EksClusterLevel1/flask-app-registry.yaml

and the generated yaml

---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
  name: flask-app
  namespace: flux-system
spec:
  image: $ACCOUNT_ID.dkr.ecr.ap-southeast-1.amazonaws.com/flask-app
  interval: 1m0s

Second, we need grant permissiosn so Flux can scan ecr images by updaing the flux-system/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - gotk-components.yaml
  - gotk-sync.yaml
patches:
  - patch: |-
      - op: add
        path: /spec/template/spec/containers/0/args/-
        value: --aws-autologin-for-ecr
    target:
      version: v1
      group: apps
      kind: Deployment
      name: image-reflector-controller
      namespace: flux-system

Third, create an ImagePolicy to tell Flux which semver range to use when filtering tags

flux create image policy flask-app \
--image-ref=flask-app \
--select-semver=5.0.x \
--export > ./clusters/EksClusterLevel1/flask-app-policy.yaml

and the generated yaml

apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
  name: flask-app
  namespace: flux-system
spec:
  imageRepositoryRef:
    name: flask-app
  policy:
    semver:
      range: 5.0.x

Finally, we need to create ImageUpdateAutomation

flux create image update flux-system \
--interval=30m \
--git-repo-ref=flux-system \
--git-repo-path="./clusters/EksClusterLevel1" \
--checkout-branch=main \
--push-branch=main \
--author-name=fluxcdbot \
--author-email=fluxcdbot@users.noreply.github.com \
--commit-template="{{range .Updated.Images}}{{println .}}{{end}}" \
--export > ./clusters/EksClusterLevel1/flux-system-automation.yaml

and the generated yaml

apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
  name: flux-system
  namespace: flux-system
spec:
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        email: hai@entest.io
        name: fluxcdbot
      messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}"
    push:
      branch: main
  interval: 1m0s
  sourceRef:
    kind: GitRepository
    name: flux-system
  update:
    path: ./clusters/EksClusterLevel1
    strategy: Setters

Troubleshooting#

Check image tag of a deployment

kubectl get deployment/flask-app-deployment -oyaml | grep 'image:'

Get image repository

flux get image repository flask-app

Or describe

kubectl -n flux-system describe imagerepositories podinfo

Get all image of a namespace

flux get images all --all-namespaces

Install Flux#

Scan Image#

Troubleshooting#

Reference#