This document provides a step-by-step guide for configuring Docker within the development environment of fluxcd/flux2-multi-tenancy. It will focus on how Docker is utilized specifically for this purpose, omitting any production-related details.
Step 1: Set Up the Docker Environment
Ensure that Docker is installed and running on your development machine. Confirm the installation by executing:
$ docker --version
Step 2: Clone the Tenant Git Repository
Before proceeding, verify that the tenant Git repository has been cloned properly. This entails checking the sources registered by Flux. Run the following command:
$ flux -n apps get sources git
An expected output should resemble:
NAME READY MESSAGE
dev-team True Fetched revision: dev-team/ca8ec25405cc03f2f374d2f35f9299d84ced01e4
Step 3: Verify Helm Repository Index
Next, confirm that the Helm repository index has been downloaded. Execute:
$ flux -n apps get sources helm
You should see output similar to:
NAME READY MESSAGE
podinfo True Fetched revision: 2022-05-23T10:09:58.648748663Z
Step 4: Install the Demo Application
Monitor the installation of the demo application by watching the Helm releases:
$ watch flux -n apps get helmreleases
Once the app is installed, the output should indicate:
NAME READY MESSAGE REVISION SUSPENDED
podinfo True Release reconciliation succeeded 5.0.3 False
Step 5: Build Docker Images for Development
In the development environment, you can build Docker images that are compatible with the Flux infrastructure. Create a Dockerfile in your application directory for your demo app.
Example Dockerfile:
FROM ghcr.io/fluxcd/source-controller:v0.14.1
COPY . /app
WORKDIR /app
RUN go build -o myapp
ENTRYPOINT ["./myapp"]
After creating the Dockerfile, build the image:
$ docker build -t myapp:latest .
Step 6: Running the Docker Image
To test the Docker image locally, run the following command:
$ docker run --rm myapp:latest
Step 7: Manage Kubernetes Deployments with Docker
When utilizing Docker images in your Kubernetes environment, ensure the configuration properly reflects namespaces and deployment settings defined in the multi-tenancy setup.
For example, the kustomization.yaml should reference your Docker image:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
images:
- name: myapp
newName: ghcr.io/myorg/myapp
newTag: latest
Step 8: Ensure Provenance of Container Images
Use policies to verify the provenance of images. For instance, here’s a sample Kyverno policy to verify Flux images:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: verify-flux-images
spec:
validationFailureAction: enforce
rules:
- name: verify-image-signature
match:
resources:
kinds:
- Pod
verifyImages:
- imageReferences:
- "docker.io/fluxcd/source-controller:*"
- "docker.io/myorg/myapp:*"
attestors:
- entries:
- keyless:
subject: "https://github.com/fluxcd/*"
Conclusion
This document has guided you through the process of configuring Docker within the development environment for fluxcd/flux2-multi-tenancy. With these steps, you can successfully build, run, and verify your Docker images in accordance with Flux’s multi-tenancy principles.
Sources:
- Implementations and examples referenced are sourced from the
README.mdand configuration files in the repository.
