This repository contains an example CDK application that creates an EKS cluster with a few basic
add-ons to get started with GitOps using FluxV2. The CDK code is housed in the infra/ directory.
Making it easy to get started, the infrastructure provisioned also includes VPC, NAT Gateways, etc. This could, and should of course be tailored to your specific needs.
Some of the add-ons, such as cluster autoscaler and AWS Load Balancer Controller, do require additional permissions in IAM to properly function, to modify auto scaling groups and load balancers respectively. Hence, these types of addons, are considered part of the infrastructure and provisioned using AWS CDK. Flux is also included here due it is part of the bootstrapping process.
The remaining add-ons, such as metrics server, and other addons you want to run which do not fit into the former category, will be applied by Flux in a GitOps fashion.
The infra/ directory contains all resources which are created using AWS CDK, including add-ons as
described above. Once those resources are created, Flux will look at the content of k8s-config/,
and create Kubernetes resources accordingly.
This example relies on AWS Cloud Development Kit (CDK) for management of infrastructure. If you are not yet familiar with CDK or need to install CDK on your laptop, see the CDK getting started guide.
The goal of this sample is not to provide in-depth coverage of all the features and components available in FluxV2, for further information on the various components and available configuration, see GitOps Toolkit.
Jump into the the infra/ directory and deploy the CDK stack, passing along a set of parameters to
the CDK command. These parameters define which git repository, branch, and path in that repository
that will be used for initial flux bootstrapping of the cluster.
cd infra/
npm i
cdk deploy InfraStack \
--parameters FluxRepoURL="ssh://git@github.com/aws-samples/aws-cdk-eks-fluxv2-example" \
--parameters FluxRepoBranch="main" \
--parameters FluxRepoPath="./k8s-config/clusters/demo"As you can see, multiple cluster configurations could be added to the k8s-config/clusters/<cluster-name> path.
The installation and configuration of flux is managed in infra/lib/addons/fluxv2.ts.
Flux is configured to connect to a GitHub repository, targeting a specific path, connecting using the data from ssh keypair that we will create. We will be using this generic method for authentication as opposed to a GitHub personal access token for easier adaptability to other code hosting solutions.
First, create a keypair using ssh-keygen -C demokey -N "" -f $HOME/.ssh/demo_key_rsa. Then, upload
the public part to GitHub in your settings page.
Use the following script to craft and apply the secret to the flux-system namespace:
#!/bin/sh
cat <<EOF | kubectl -n flux-system apply -f -
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: github-keypair
namespace: flux-system
data:
known_hosts: $(ssh-keyscan -t rsa github.com 2>/dev/null|grep -E '^github\.com'|base64|tr -d '\n')
identity: $(cat ${HOME}/.ssh/demo_key_rsa|base64|tr -d '\n')
'identity.pub': $(cat ${HOME}/.ssh/demo_key_rsa.pub|base64|tr -d '\n')
EOFNote: update the infra-stack.ts file to reference the correct secret if you change the name.
Wait for the state to be reconciled as
defined in the interval field on the various flux component specs.
Alternatively, if you have the Flux CLI installed,
you can manually trigger reconciliation of resources using
flux reconcile kustomization flux-system --with-source. This will ask flux to ensure that the
cluster state matches the desired state, for more information, see the
reconciliation section in the flux docs.
# kubectl -n podinfo get pods
NAME READY STATUS RESTARTS AGE
podinfo-746d58c87-gjkdl 1/1 Running 0 2m3s
podinfo-746d58c87-qfjwk 1/1 Running 0 2m3sSee CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.