The document discusses configuration management for Kubernetes using GitOps and Helm, highlighting the advantages of a declarative approach and tools like Flux CD to synchronize cluster state with Git repositories. It explains the benefits of GitOps, including tracking history, easy rollbacks, and disaster recovery, while emphasizing Helm's role in managing application complexity through packages and modules. The document also addresses frequently asked questions regarding secrets management and multi-environment setups.

1. Config management for
Kubernetes: GitOps + Helm
Tomasz Tarczyński, Gigaset

2. Agenda
@ttarczynski
1. Configuration Management
2. Why GitOps
3. Demo: Flux
4. Demo: Helm
5. Demo: Flux Helm Operator

3. Configuration Management
@ttarczynski
● Infrastructure as a Code
● GIT – as a single source of truth
● Tools:
Ansible / Chef / Puppet / Salt

4. Puppet
@ttarczynski
● Declarative: describe the desired state
● Modules: public and private
● Templates: ERB
● DSL: a simple and constrained language
● Code / data separation: Hiera

5. Kubernetes
@ttarczynski
● Control plane provides a Declarative API
● Declare the desired state
● Control plane makes sure that the actual
state converges to the desired state

6. Kubernetes: Why GitOps
@ttarczynski
● Can we declare all the state in GIT?
And expect the system to converge.

7. Kubernetes: Why GitOps
@ttarczynski
● Can we declare all the state in GIT?
And expect the system to converge.
○ Track history

8. Kubernetes: Why GitOps
@ttarczynski
● Can we declare all the state in GIT?
And expect the system to converge.
○ Track history
○ Easy rollback

9. Kubernetes: Why GitOps
@ttarczynski
● Can we declare all the state in GIT?
And expect the system to converge.
○ Track history
○ Easy rollback
○ Disaster Recovery

10. Kubernetes: Why GitOps
@ttarczynski
● Configuration Management:
Declarative vs Imperative

11. GitOps: How
@ttarczynski
Kubernetes
API
push
container images
kubectl apply
pull

12. GitOps: How
@ttarczynski
● Flux CD: a GitOps operator
○ Runs in the cluster
○ Synchronizes the cluster state with a GIT repo
○ CNCF sandbox project

13. GitOps: How
@ttarczynski
Kubernetes
API
push
container images
kubectl apply
pull

14. GitOps: How
@ttarczynski
Kubernetes
API
Flux CD
push
container images
commit
kubectl apply
sync
pull
images metadata
apply / delete

15. GitOps
@ttarczynski
Demo
https://github.com/ttarczynski/gitops-demo

16. GitOps: Why Helm
@ttarczynski
● We declared all the state in GIT
● But can we have something like modules?

17. GitOps: Why Helm
@ttarczynski
● Helm: The package manager for Kubernetes
○ find, share, and use software built for Kubernetes

18. GitOps: Why Helm
@ttarczynski
● Manage complexity: describe complex apps

19. GitOps: Why Helm
@ttarczynski
● Manage complexity: describe complex apps
● Easy updates: in-place upgrades and custom hooks

20. GitOps: Why Helm
@ttarczynski
● Manage complexity: describe complex apps
● Easy updates: in-place upgrades and custom hooks
● Simple sharing: public / private repo

21. GitOps: Why Helm
@ttarczynski
● Manage complexity: describe complex apps
● Easy updates: in-place upgrades and custom hooks
● Simple sharing: public / private repo
● Rollbacks: roll back to an older version with ease

22. Helm
@ttarczynski
Demo
https://github.com/ttarczynski/gitops-demo

23. GitOps + Helm
@ttarczynski
● Flux Helm Operator:
○ automates Helm Chart releases
○ Kubernetes custom resource named HelmRelease
○ charts are released as specified in HelmRelease

24. GitOps + Helm
@ttarczynski
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
spec:
releaseName: demo
chart:
git: git@github.com:ttarczynski/gitops-demo.git
path: charts/demo
values:
…

25. Credit: https://fluxcd.io
GitOps + Helm

26. GitOps + Helm
@ttarczynski
Demo
https://github.com/ttarczynski/gitops-demo

27. GitOps
@ttarczynski
● The entire system is described declaratively
● The canonical desired system state is
versioned (with Git)
● Approved changes to the desired state are
automatically applied to the system
● Software agents ensure correctness

28. GitOps
@ttarczynski
● Declarative:
● Modules:
● Templates:
● DSL / general-purpose language:
● Code / data separation:

29. GitOps
@ttarczynski
● Declarative: k8s + Flux CD
● Modules:
● Templates:
● DSL / general-purpose language:
● Code / data separation:

30. GitOps
@ttarczynski
● Declarative: k8s + Flux CD
● Modules: Helm charts
● Templates:
● DSL / general-purpose language:
● Code / data separation:

31. GitOps
@ttarczynski
● Declarative: k8s + Flux CD
● Modules: Helm charts
● Templates: Helm / Go template
● DSL / general-purpose language:
● Code / data separation:

32. GitOps
@ttarczynski
● Declarative: k8s + Flux CD
● Modules: Helm charts
● Templates: Helm / Go template
● DSL / general-purpose language:
● Code / data separation:

33. GitOps
@ttarczynski
● Declarative: k8s + Flux CD
● Modules: Helm charts
● Templates: Helm / Go template
● DSL / general-purpose language:
● Code / data separation: kustomize ?

34. Agenda
@ttarczynski
1. Configuration Management
2. Why GitOps
3. Demo: Flux
4. Demo: Helm
5. Demo: Flux Helm Operator

35. GitOps: Flux docs
@ttarczynski
● fluxcd.io
● docs.fluxcd.io
● github.com/fluxcd/helm-operator-get-started
● github.com/ttarczynski/gitops-demo

36. Thanks!
Tomasz Tarczynski
@ttarczynski

37. Frequently Asked Questions
@ttarczynski
● How to manage secrets?

38. Frequently Asked Questions
@ttarczynski
● How to manage secrets?
○ github.com/bitnami-labs/sealed-secrets
○ github.com/mozilla/sops
○ git-secret.io
○ HashiCorp Vault

39. Frequently Asked Questions
@ttarczynski
● How to manage multiple environments?

40. Frequently Asked Questions
@ttarczynski
● How to manage multiple environments?
○ Branch-per-environment
○ Directory-per-environment
○ Kustomize overlays
○ github.com/fluxcd/flux/issues/1071

41. Frequently Asked Questions
@ttarczynski
● What version of Helm is supported?

42. Frequently Asked Questions
@ttarczynski
● What version of Helm is supported?
○ Both:
Helm v2 – GA
Helm v3 – beta (in Helm Operator)