This document provides an overview of a presentation on hands-on GitOps patterns for Helm users. Some key points: - The presentation will cover why Helm patterns are useful for Flux and how Flux and Helm work better together. - It will demonstrate moving Helm releases from CI to Flux continuous delivery, including common use cases, features, and pitfalls to avoid. - There will be a live demo of an example using infrastructure and application definitions colocated in Git. - The presentation aims to provide a good starting point for adopting GitOps with Flux and Helm. It will explain how Flux controllers automatically reconcile source definitions with cluster state.

1. Hands-on GitOps Patterns
for Helm Users
Scott Rigby, Developer Experience Engineer, Weaveworks
Stacey Potter, Community Manager, Weaveworks

2. GitOpsDays.com
June 9-10, 2021
CFP is OPEN
Submit your gitops
related talk today!
(CFP ends April 18 @ 11:59pm PT)

3. /kubecon-cloudnativecon-europe/program/colocated-events/#gitops-con

4. /kubecon-cloudnativecon-europe/program/colocated-events/#gitops-con

5. 👋 Hello GitOps and Flux Users! 👋
Flux users! 😻 Sneak peek to the power
of Flux (v2)!
New users! ⚡ The Power of GitOps
with Flux!

6. 👋 Get Connected 💬
1. Check out the Flux docs at:
https://toolkit.fluxcd.io/get-started/
2. GitHub Discussions Q&A:
https://github.com/fluxcd/flux2/discussi
ons/categories/q-a
3. CNCF Slack #Flux channel

7. Weaveworks is founded on open source
● Flux (& GitOps Toolkit) (CNCF Incubating): GitOps for k8s
● Flagger (CNCF): Declarative Progressive Delivery for Service
Meshes
● Cortex (CNCF): Distributed, Long-term-storage TSDB
compatible with Prometheus
● Weave Ignite: VMs with container UX & built-in GitOps
management
● EKSctl: Create an Amazon EKS cluster with one command
● (and many many more projects!)
weave.works

8. Hands-on GitOps Patterns for Helm Users
Speakers Help/Support
Duration
30-45 Minutes
Scott Rigby
DX Engineer
Weaveworks
Stacey Potter
Community Mgr
Weaveworks
Browser
Safari copy/paste
shortcuts may not work
Using Zoom
Questions?
• Use chat (button: top
left corner of screen)
• Escape to exit full
screen
• “To Everyone” or “To
all panelists and
attendees”
Support:
https://support.zoom.us/hc/
en-us/articles/206175806-T
op-Questions
Troubleshooting
Use chat
If the issue is not easily resolved,
we ask that you follow along as
we demo the sample app.

9. ● GitOps is an app dev and operations methodology
● GitOps is a methodology, not a specific tool or
technology.
● GitOps applies to everything
and brings business value.
What is GitOps? … and why do I want it?

10. GitOps leverages:
● an entire system that is described declaratively
● code that is version controlled and
● software agents that reconcile and ensure correctness
(along with alerts, etc).
4 Principles of GitOps

11. demo

12. We’ll be Covering
● Why Helm Patterns for Flux?
○ Helm Scope
○ Flux Helm Controller scope
○ Flux ❤ Helm, Better Together
● Moving Helm Releases from CI to Flux CD
○ Common Use Cases & Helpful Features
○ Common Pitfalls
○ How Flux Source & Helm Controllers Work
○ Kustomize Controller Syncs Plain YAML? 😮
● Demo Time
○ Example: Infra & App Defs Colocated
● Wrap up: What We Covered
○ <no spoilers!>
● Thanks & Props
○ To all the people for all the things 🤜🤛 🦄 ✊ 💖 🤩
● Q&A Time

13. Why Helm Patterns for Flux?

14. ✅ In Scope
● Supports CLI and SDK (which
Flux uses)
● Packaging
● Configuration
● Imperative app delivery
● Versioning and rollbacks
● etc…
🚫 Out of Scope
● Manage or structure multiple
environments. You must use
other tools for this (e.g.,
Helmfile, bash/Makefile)
● Control loop, or retry logic
● Automated responses (beyond
rollback)
● Automated drift detection
(imperatively this can be done
with helm diff plugin)
Helm Scope

15. 1. Flux is a pull-first CD system **DIAGRAM**
○ You _can_ also add push webhooks, but unless you're also using the pull model it's
missing the major value of Flux
2. Separates CD from CI
○ Often users "continuous delivery" is mixed in with their CI
○ Moves Helm Release to a CD reconciliation loop, rather than imperative
event-based job
○ Removes need for a human response to a CI job. Humans are notified when there's
a runtime error, you then fix it in Git
3. helm-controller uses the Helm SDK
○ It does not use helm template like many other delivery tools & GitOps solutions
○ Flux HelmRelease supports hooks and post-release `helm test`
4. Flux does still provide feedback
○ The Notification controller notifies you instead of you having to monitor
Flux Helm Controller Scope

16. Better Together
Flux introduces an additional
layer of reliability,
consistency, observability,
and auditability to the
benefits of using Helm in CI.
❤

17. Moving Helm Releases from CI
to Flux CD

18. Common Use Cases
You can install Flux and helm-controller on an existing cluster
with running helm releases, or use new Helm Release
configurations to move to new infrastructure.
● In-place lift-and-shift / pivot-to-GitOps
● Migrate on fresh infra
You can also mix and match:
● Custom Helm charts
● Shared internal or community Helm charts

19. Configuring Flux to Own Existing Releases
1. Refer to any Helm values files already checked into Git
○ Whether applied with some scripting per environment
(`ENV-values.yaml`)
○ Helmfile used declaratively
2. Inspect the state of the cluster
○ This is important if you have people modifying helm releases
imperatively
○ `helm get values my-release`
3. Then configure the Flux HelmRelease with your Helm
values
○ Using HelmRelease Values
○ or ConfigMaps/Secrets referenced by HelmRelease `ValuesFrom`

20. Pause/Resume Reconciliation per Release
🚧 ⏸
Flux 2 allows pausing
automated reconciliation per
Helm Release

21. DependsOn Feature
🧠💪
More memory efficient than a large umbrella chart
Example: ingress controller and cert-manager
installed before applications that rely on those

22. SemVer Ranges for Charts
📑🤖
Flux 2 supports semver range policies from
Helm repositories
Examples: >=4.0.0 or <5.0.0

23. Install Charts from Storage Bucket Source
📀🍿
S3, google storage,
Azure blob storage,
KFC etc

24. Helm Repo Reference Reusability
♻😗
Flux 2 Helm Releases use
references to Helm Repos.
Define once, use everywhere

25. Optional Credentials Per git or Helm Repo
🆔🔓
★ Greater flexibility, more composability
★ If you have multiple sources locked
down in different ways, it’s no longer
a problem
★ Allows you to enforce principle of
least privilege more easily

26. 👾🛰
★ Have an out of cluster
experience
★ Flux can also sync Cluster
API manifests, allowing
you to spin up multiple
clusters from a single
management cluster
Out of Cluster Helm Releases

27. Common Pitfalls
● If you have custom logic, such as health checks when mixing CI and CD
together, you'll need to determine how to port that logic to a
Flux-compatible solution
○ If this proves challenging, it can be a sign that your CI and CD are overly coupled,
which could cause other issues with your release process
○ To solve: More cleanly separate your CI and CD. You may also want to consider more
resilient tools to accomplish the same goals – e.g., use Flagger for traffic directing
based on health checks and other conditions (opens up a path to blue/green, canary,
etc)
● It's possible to accidentally structure your source repos in ways that
make it difficult for people access the things they need
○ Ensure folks can update their HelmReleases during incident response – whether
access in the repo, or giving in-cluster access to temporarily suspend Flux
reconciliation per Helm release and perform imperative fixes
○ To solve: Can split into multiple repos according to user access rights
○ Solutions vary by git provider: GitHub CODEOWNERS, GitLab has per-directory ACLs

28. How Flux Source & Helm Controllers Work

29. Don’t let the
name scare
you 🙈 It just
works 💁🌈
Kustomize Controller Syncs Plain YAML? 😮
It seemed like
a good name
at the time
😅

30. Don’t let the
name scare
you 🙈 It just
works 💁🌈
Kustomize Controller Syncs Plain YAML? 😮

31. Demo Time!

32. Example Infra & App Defs Colocated
https://gist.github.com/scottrigby/82b224804052726624fd46d5f0
42146c

33. Wrap up: What We Covered

34. ● You should now have a good start moving your Helm
Releases from CI to Flux CD
● No special knowledge about other tools required (you can
always decide to layer Kustomize into your Flux flows later)
● Understand how Flux controllers work to automatically
reconcile your source definitions and the actual state of your
operations, whenever they diverge
● And one more thing…
✅
✅
✅
✅

35. 🤜🤛 Thx!
★ Alison Dowdney
collaborated on Slides!
★ Hidde Beydals, Leigh
Capili, & Kingdon Barrett
collaborated on demo! 🛠
Thanks & Props
🦄 Thx all Flux
component & community
maintainers!
✊ Thx Helm maintainers!
💖 Thank you all for coming!
See you next tiiiime!

36. Q&A Time!

37. Upcoming
2021 GitOps Talks!
(regularly every other Monday @ 10am PT / 18:00 GMT)
April 5: Flux 2 Azure Use Cases
(Leigh Capili)
April 19: Flux 2 Notifications, Alerts
& Webhooks (Alison Dowdney)

38. Next Steps
• Join us on Flux discussions if you have more questions:
https://github.com/fluxcd/flux2/discussions
• Flux Community: https://fluxcd.io/community/
• Join the GitOps Community Group:
https://www.meetup.com/GitOps-Community/
• More info on GitOps? Visit www.gitops.community/
• Join the GitOps Community LinkedIn Group:
https://www.linkedin.com/groups/13914610/

39. THANK YOU!