This documentation provides a step-by-step guide to deploy FluxCD for multi-tenancy environments in a Production setting. It assumes familiarity with the FluxCD framework and GitOps principles.
Prerequisites
Ensure that your production cluster meets the necessary criteria:
flux check --pre
Install the Flux CLI and configure your GitHub repository. Set your GitHub username and repository name as environment variables:
export GITHUB_USER=<your_github_username>
export GITHUB_REPO=<your_repository_name>
Bootstrapping Flux
Bootstrap Flux into your production cluster using the following command, making sure to specify the correct context:
flux bootstrap github \
--context=<your-production-context> \
--owner=${GITHUB_USER} \
--repository=${GITHUB_REPO} \
--branch=main \
--personal \
--path=clusters/production
During this step, you will need to provide your GITHUB_TOKEN for authorization to interact with your GitHub repository.
Repository Structure
Ensure the repository is structured as follows:
project-root
├── clusters
│ ├── production
│ │ ├── infrastructure.yaml
│ │ └── tenants.yaml
│ └── staging
├── infrastructure
│ ├── kyverno
│ └── kyverno-policies
├── tenants
│ ├── base
│ ├── production
│ └── staging
Creating Tenant Configurations
Base Kustomization for Tenant
Firstly, create the base kustomization.yaml for your tenant.
cd ./tenants/base/<tenant-name>/ && kustomize create --autodetect --namespace apps
Create the production overlay and set the path to the production directory inside the tenant repository:
# File: tenants/production/dev-team-patch.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: dev-team
namespace: apps
spec:
path: ./production
Set up Production Kustomization
In the tenants/production directory, create the kustomization.yaml file as follows:
# File: tenants/production/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: apps
resources:
- ../base/dev-team
patches:
- path: dev-team-patch.yaml
Define the Tenant Configuration
In the clusters/production directory, edit tenants.yaml to monitor the tenant’s Kustomization:
# File: clusters/production/tenants.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: tenants
namespace: flux-system
spec:
dependsOn:
- name: kyverno-policies
interval: 5m
serviceAccountName: kustomize-controller
sourceRef:
kind: GitRepository
name: flux-system
path: ./tenants/production
prune: true
Deploying Helm Releases
Ensure your Helm releases are properly configured in the base directory of your tenant:
# File: tenants/base/dev-team/podinfo-release.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: podinfo
namespace: apps
spec:
releaseName: podinfo
chart:
spec:
chart: podinfo
sourceRef:
kind: HelmRepository
name: podinfo
version: '5.0.3'
valuesFrom:
- kind: ConfigMap
name: podinfo
You can verify that the tenant Helm repository index has been downloaded with:
flux -n apps get sources helm
Wait for the application to be installed and check its status:
watch flux -n apps get helmreleases
Conclusion
After executing these steps, you will have successfully deployed FluxCD multi-tenancy into your production environment. Ensure that all changes to the Kubernetes manifests or repository structure are validated in CI to maintain integrity before merging into the main branch.
This documentation builds upon the structure outlined in the repository README, ensuring your production deployment aligns with best practices for leveraging FluxCD in a multi-tenant setup. The configuration files and structure are referenced directly from the provided information.
