Recently I have been going through the AKS-Preview az cli extension and found reference to a GitOps AKS addon. I have been waiting for something like this to come to AKS for a long time. In fact, it is already available for ARC enabled Kubernetes clusters. Below I will go through how to set it up in your AKS cluster.
So, for this you will need the AKS-Preview extension and k8s-configuration of AZ CLI. If you do not already have this installed, you can add it using.
Or to update your existing use.
Register the preview feature
First, you need to register the preview feature. To do that use the following command.
After a while, close to 30 minutes run the following to check the status. It needs to show registered.
Now you will need to re-register the ContainerService provider to enable the new feature. To do that just run the following.
Install the GitOps AKS add-on
It’s time to install the GitOps AKS add-on. You can Install this add-on on cluster creation in the same way you would other add-ons or below you will see the option to upgrade an existing AKS cluster. Just change the resource group and cluster name to yours.
If you look at the pods running in the kube-system namespace you will see some new pods, gitopsmanager and config-agent.
Deploy from a repo
For this example, I have created an example repository you can use. (https://github.com/PixelRobots/aks-gitops-demo). Fork the repo as later you will be changing a value in a manifest to test a change. This repo has a few folders and inside the folders has a few Kubernetes manifest files. The manifests will provision a few namespaces, deploy a sample website, and create a config map. More information about what will be deployed can be found in the readme in the repo.
You are going to use the az cli to do the deployment and use the k8s-configuration extension you installed earlier. The command will also create some objects in your cluster. The command is as follows. You will need to change some bits to match your setup, but I will go into more detail below.
–name is the name you give this configuration deployment. You can name this something else if you want.
–operator-instance-name Instance name of the Operator. You can name this something else if you want.
–operator-namespace the namespace where the GitOps operator is deployed to. You can change this if you want.
–repository-url The URL of your git repo.
–scope this can be set to namespace or cluster.
–cluster-type Is managedclusters as thats what AKS is.
–operator-params=’–git-branch=main’ This needs to be set to the branch where your manifests are. By default it uses master.
You can read about more parameters at https://docs.microsoft.com/en-us/cli/azure/k8s-configuration?view=azure-cli-latest
Check it has worked
It can take up to 5 minutes before anything happens. You can check to see if the resources have deployed. So as we know some namespaces are going to get created we can check by using the following.
You should be able to see your new namespaces and also the labels added fluxcd.io
You can also use the az k8s-configuration command to check the current state of the configuration.
You will notice the complicanceState is Installed and the message has a lot of information in it.
Test a change
As part of the deployment a service with type LoadBalancer was created. You can view it by using the following command.
Copy the IP address and paste it into your browser. A website should pop up.
Now in the repo you are going to make a change to the aks-gitops-demo.yaml file. This can be found in cluster-apps folder.
Change line 31 to another colour. Either red, green, blue or pink.
Commit the change. In about 5 minutes the repo will be deployed to the cluster and website will have a new background colour. You can check by going to the site again.
Awesome. It worked! The new pod has been deployed and is up and running. No other resource was recreated, just the changes that you made.
All in All
I like the way this is going. Hopefully, it will start to use flux v2 once that becomes GA, but for now it is a super quick way to set up GitOps on your AKS cluster. Please remember this is currently in preview and technically an unannounced preview at that. Hopefully once it is in public preview, we will see some integration with the Azure Portal like you do for ARC enabled Kubernetes clusters.
Test at your own peril.
I hope you found this post helpful. If you have any questions, please reach out.