Introduction To Flux
GitOps has become a chosen strategy for releasing and deploying cloud-native microservices. The goal of GitOps, a term coined by Alexis Richardson, CEO of Weaveworks, in 2017, is to “make operations automatic for the whole system based on a model of the system which was living outside the system.” And propelling the GitOps practice is Flux, an open source tool that provides GitOps for apps and infrastructure.
In late 2022, Flux became the 18th project to reach graduation status with the Cloud Native Computing Foundation (CNCF). Earlier this year, downloads of the Flux container image surpassed a staggering one billion.
I recently met with Priyanka Ravi, a developer experience engineer at Weaveworks, to learn more. Ravi has extensive Flux experience and Weaveworks has been a top contributor to Flux since its origin. Below, we’ll discover what Flux accomplishes and why it came about. We’ll examine how it works and consider the feature roadmap for the tool.
The Goal: GitOps
First off, what exactly is GitOps? The GitOps philosophy can be summed up as defining infrastructure and operational procedures as code. Integrating with Git repositories enables you to continuously provision infrastructure programmatically when delivering your applications.
GitOps is a common operating model for cloud-native applications. By using a version control system as a “single source of truth,” GitOps can bring stronger security guarantees and improve stability and higher reliability, says Ravi. This avoids the possibility of manual errors and accidental configuration drift. GitOps can also enhance the developer experience and productivity around continuous delivery.
There are emerging standards and toolsets that help enable GitOps. According to OpenGitOps, there are four main pillars of GitOps: GitOps should be declarative, versioned and immutable, pulled automatically and continuously reconciled.
What is Flux?
Flux is a Git-centric package for managing your applications. It’s been developed to cater to the GitOps principles of pulling automatically and performing continuous reconciliation. Traditionally, you would have a pipeline that pushes change. Instead, Flux can monitor a code repository to listen for a new commit and pull in your manifest. And it can be configured to perform this action continuously, such as every five minutes or so.
Flux has seen large-scale production use at AWS, D2iQ, Microsoft, Red Hat, RingCentral, SAP, VMware, Volvo, Weaveworks and elsewhere. Flux is often used in conjunction with Flagger, a Kubernetes operator that enables progressive delivery.
Key Components
Flux is comprised of five controllers:
- Source Controller: The Source controller provides a common interface for artifact acquisition. It continuously listens to a source, such as a Git repository, and checks for changes.
- Kustomize Controller: A Kubernetes operator specialized in running continuous delivery pipelines. The Kustomize Controller looks for a
kustomization.yaml
file in the target namespace or creates one from scratch. - Helm Controller: Allows one to declaratively manage Helm chart releases with Kubernetes manifests.
- Notification Controller: Handles inbound and outbound events. It could be used to set up a webhook and send a notification to Slack, for example.
- Image Reflector & Automation Controllers: The Image Reflector Controller scans image repositories and reflects the image metadata, and the Automation Controller can update YAML files based on the latest images scanned and commit the changes to a repository.
Benefits of Using Flux
According to Ravi, there are many benefits of using Flux for GitOps. One is that it reduces the developer burden for implementing GitOps. It’s easy to start using out of the box—a simple bootstrap command can initiate Flux into a specific repository. Or, if a repository doesn’t exist, Flux will create a repository and push manifests, CRDs and pods for controllers and create a sync file.
Since Flux has a built-in modular design separated by the controllers, it’s easy to customize your ideal experience with Flux. You can stand it up in its basic format and add additional controllers for notifications and observability. Weaveworks also offers a handful of other helpful open source packages often used in tandem with Flux, including a Terraform Controller and a VS Code Extension to bring Flux closer to the typical developer’s workflow.
Flux also works with industry-standard tools like Kyverno, OPA, Helm, Kustomize, Cluster API and others. It supports multi-tenancy and RBAC, so developers are confined to working in the appropriate namespaces. Lastly, the notification controllers make setting up alerts easy.
Future Outlook
Flux has seen a significant uptick in growth since it joined CNCF in 2021. New features include support for the Open Container Initiative (OCI) format and the adoption of Sigstore Cosign to help prove the authenticity of OCI artifacts.
Flux 1.0 has been GA since 2017. Regarding future goalposts, the community roadmap has its sights on reaching a GA for Flux 2.0 in 2023. Although most already consider it mature and stable for production use, Flux has had extensive security vetting to ensure there are no CVEs.
In this post, we’ve only scratched the surface of the intricacies of Flux. For further resources and implementation information, you can read the Flux documentation, participate in the CNCF Slack #Flux channel or join the Flux discussions on GitHub.