Amazing! Very well explained in few minutes! I would see the entire pipeline with flax, like: 1. the dev which push new code on git 2. Travis tests it on another cluster (maybe flax is listening all non-master branches too and deploy on same cluster but another workspace?) 3. a git owner accept the PR 4. flax deploy the changes made only on master Hope this is not just a unnecessary repetition. Thank a lot for this video!
Currently I'm maintaining my configurations via ansible playbooks. The issue I can see with Flux is with credentials or other similar items that need to be secure. We have connect strings to databases (for example) which has a password. We also have some configurations with SSL certificates including the private key. Right now I have such things in an Ansible Vault and when I need to update that yaml, I run the ansible playbook which creates the necessary yaml to be applied. For a git pull, how would that be addressed using flux?
hi Marcel , can you make detailed videos on flux working with helm, rancher and other things like add your own key in github and flux. how to maintain different repository source of truth with flux. Heart-full thanks for sharing your knowledge.
great video Marcel. Flux is a great tool to help in a very specific situation, but as far as i can see does not fit well in a large scale K8s clusters with large teams working on several components to be deployed. Currently we are using tekton btw.
Thanks for this explanatory video. I have some doubts: - does Flux CD validate your manifests to find missing items? - does it allow to reuse manifests with templates with parameters? - Also, let's say we share a NLB id within Service annotations among hundreds of applications, does it mean we will have to run the pipeline in all of them? With Helm you can update all your Ingresses and objects in your cluster in a single shot and sort previous questions, as well as handling all the objects as a single versioned package
I'll most certainly try this later however I have one concern: Why does the flux auth-key need write permissions to the Repo it's suppose to be pulling from? EDIT: Should have waited till the end. Sorry.
Awesome Videos! So much good information in such a short time, it's excellent! I have a beginner question. What does the daily work of a devops look like? I feel like it takes months to learn how to master all these tools (AWS, K8S, FLUX, Jenkins, Argo, Promotheus, Grafana, ...) and once that was done, we quickly set up a cluster, the CD / CI, etc (well, it seems fast for you). But when done, it more or less works on its own. Once we have set up the clusters, CI/CD of the different projects that a company is working on, what is the job of the devops guy?
Thank you 💪🏽🤓 The idea is that the platform works on its own and does not require constant daily tasks. Kubernetes helps with the tedious tasks, such as setting up load balancing, hooking up logging\monitoring, health checks, auto restarts etc, so a devops engineer can focus on more important tasks. As a DevOps engineer you should strive to automate yourself out of a job. Build systems and platforms that do things for you and others so you can do more important work. There will always be more important things to do. Don't become a gatekeeper for developers. Help developers become self sufficient. Help build tools that empower developers to code, build, test and run applications in production in minutes, rather than days. Give them tools to deploy 100s of deployments per day. You can build tools and services that give developers and team freedom to work fast within boundaries. Give them capability to log, monitor and observe their systems in production with a click of a button. Do all the above with security and best practises in mind. Although these systems will work and function on their own, you will always have things going on and have room for improvement. For example: How do you upgrade your platforms with 0 downtime and 0 disturbance to CI/CD and team operations? How do you keep monitoring and ingress controllers up to date? How do you improve container image security and provide up to date patching? ..the list never ends :)
Hi Marcel, nice video on Flux, great job! Just wondering how I can solve this issue I am having right now: flux pod is crashing, due to this reason: cannot patch resource \"secrets\" in API group \"\" in the namespace \"flux\"" Any hint on this? Just researching to apply it in my current project, please help me as we want to make it more modern :) Thanks in advance!
Hi You said we can update the git branch flux is keeping watching into for testing purposes before we merge it back to master. How can that be done with fluxctl? What are the commands? Thank you for your videos. They are very informative!
Thank you! 💪🏽 The fluxctl install command takes in a branch name for a git repository docs.fluxcd.io/en/1.18.0/references/fluxctl.html#using-fluxctl-install
You could run a pod, perhaps as a job and have it run once off. The pod can run any arbitrary OS and place your bash in a configmap, mount it to the pod, and execute it at start up using the entrypoint.
@@MarcelDempers So like you said I created a another pod which is of kind:job and included the script.sh. So now I have two pods 1. mongodb pod 2. job pod which has (script.sh) In the script.sh file, I run "kubectl exec" to the main pod (mongodb pod) to run few commands The script gets executed, but I get the error "cannot create resource "pods/exec in API group" So I created a clusterrole with resources: ["pods/exec"] and bind it to the default service account using ClusterRoleBinding ``` kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pod-reader rules: - apiGroups: [""] resources: ["pods", "pods/log"] verbs: ["get", "list"] - apiGroups: [""] resources: ["pods/exec"] verbs: ["create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: service-account-role-binding namespace: default subjects: - kind: ServiceAccount name: default namespace: default roleRef: kind: ClusterRole name: pod-reader apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: default In the pod which is of kind:job, I include the service account like shown below restartPolicy: Never serviceAccountName: default but I still get the same error. What am I doing wrong here ?
![Hunxho - Ball Forever [Official Video]](http://i.ytimg.com/vi/nki9ZTF9Uls/mqdefault.jpg)
My Series on CI/CD 👉🏽ruclips.net/p/PLHq1uqvAteVsSsrnZimHEf7NJ1MlRhQUj
This is the first channel that has a car-review style tech videos. Awesome!!
Like the narrator style. Finally different accent rather than majority RUclips IT channels
You are one of my favorite instructor and every time you deliver new technology with 100%.
😘❤💯👏
Amazing! Very well explained in few minutes! I would see the entire pipeline with flax, like:
1. the dev which push new code on git
2. Travis tests it on another cluster (maybe flax is listening all non-master branches too and deploy on same cluster but another workspace?)
3. a git owner accept the PR
4. flax deploy the changes made only on master
Hope this is not just a unnecessary repetition.
Thank a lot for this video!
Flux
Short and explained mostly used features of Flux. Nicely Done!! 👏👏
Lekker channel boet. Good to see a saffa making great tech content
Epic quality. Concise. Informational. Thanks. Keep them coming!
Currently I'm maintaining my configurations via ansible playbooks. The issue I can see with Flux is with credentials or other similar items that need to be secure. We have connect strings to databases (for example) which has a password. We also have some configurations with SSL certificates including the private key. Right now I have such things in an Ansible Vault and when I need to update that yaml, I run the ansible playbook which creates the necessary yaml to be applied. For a git pull, how would that be addressed using flux?
if possible make a video on HELM OPERATOR AND FLAGGER and about custom resource definition (helmrelease) please
Helm charts all the way... You can lint it, dry run and even automatically rollback with the atomic flag
Nicely explained Flux in short time.. Very much useful. Thanks...
another great video from Marcel , thanks a lot !
hi Marcel , can you make detailed videos on flux working with helm, rancher and other things like add your own key in github and flux. how to maintain different repository source of truth with flux. Heart-full thanks for sharing your knowledge.
dude thank you for doing this.
Very well explained. Since your video is 2 years old, can you do another video and demo the most recent capabilities of Flux? Thank you!
are "Automations, locks and annotations" still available with the newest version of Flux? Thanks for your videos.
Good Work! cleary explained at a good pase with no BS
A big thank you for your video and your teaching skills. Always so enlightening.
Hey boss, on Windows, use Rapid Environment Editor rather than control panel for environment variable editing. Be sure to run as administrator.
Great video Marcel!
I don't comment on videos often but damn this was good! Thanks a lot for the detailed explanation!
Exactly the kind of video I was looking for!
thank you, very nice, how would you manage secrets like DB connections with Flux?
great video Marcel. Flux is a great tool to help in a very specific situation, but as far as i can see does not fit well in a large scale K8s clusters with large teams working on several components to be deployed. Currently we are using tekton btw.
Thanks for this explanatory video. I have some doubts:
- does Flux CD validate your manifests to find missing items?
- does it allow to reuse manifests with templates with parameters?
- Also, let's say we share a NLB id within Service annotations among hundreds of applications, does it mean we will have to run the pipeline in all of them?
With Helm you can update all your Ingresses and objects in your cluster in a single shot and sort previous questions, as well as handling all the objects as a single versioned package
Marcel what do you like most feature/technology wise? Flux or Argo?
I'll most certainly try this later however I have one concern:
Why does the flux auth-key need write permissions to the Repo it's suppose to be pulling from?
EDIT: Should have waited till the end. Sorry.
Can you do a video about flux2? Use simple helm release. Thanks!
Great video helped me a lot, Thanks.
That's great! Does Flux support pulling images depending on tags like -dev or -release/ -stable ? Thanks
nice, it was a great getting started video for flux !
Great demo. I loved it
Good job mate! Just wondering if you could cover a flux tutorial for a multi-tenancy cluster? Thanks
Suppose I am having 5 Microservice and in the git-path do I need to mention 5 repo name explicitly??
Thank you for the video bro !
please make a video on flux helmoperator and flagger component
Which namespace will the sync-ed workloads be deployed in?
Awesome Videos! So much good information in such a short time, it's excellent!
I have a beginner question. What does the daily work of a devops look like?
I feel like it takes months to learn how to master all these tools (AWS, K8S, FLUX, Jenkins, Argo, Promotheus, Grafana, ...) and once that was done, we quickly set up a cluster, the CD / CI, etc (well, it seems fast for you). But when done, it more or less works on its own.
Once we have set up the clusters, CI/CD of the different projects that a company is working on, what is the job of the devops guy?
Thank you 💪🏽🤓
The idea is that the platform works on its own and does not require constant daily tasks.
Kubernetes helps with the tedious tasks, such as setting up load balancing, hooking up logging\monitoring, health checks, auto restarts etc, so a devops engineer can focus on more important tasks.
As a DevOps engineer you should strive to automate yourself out of a job. Build systems and platforms that do things for you and others so you can do more important work. There will always be more important things to do.
Don't become a gatekeeper for developers.
Help developers become self sufficient. Help build tools that empower developers to code, build, test and run applications in production in minutes, rather than days. Give them tools to deploy 100s of deployments per day. You can build tools and services that give developers and team freedom to work fast within boundaries.
Give them capability to log, monitor and observe their systems in production with a click of a button.
Do all the above with security and best practises in mind.
Although these systems will work and function on their own, you will always have things going on and have room for improvement.
For example:
How do you upgrade your platforms with 0 downtime and 0 disturbance to CI/CD and team operations? How do you keep monitoring and ingress controllers up to date? How do you improve container image security and provide up to date patching? ..the list never ends :)
@@MarcelDempers Thank you for taking the time to respond and for this good explanation!
this was an awesome clip
Question,
If I want to use flux with ansible or Chef, is it possible for non k8s workloads?
Hi Marcel. You are fantastic teacher. I really request you to make a video for flux V2. Is it possible to follow this video with flux V2 ??
Hi Marcel, nice video on Flux, great job! Just wondering how I can solve this issue I am having right now: flux pod is crashing, due to this reason:
cannot patch resource \"secrets\" in API group \"\" in the namespace \"flux\""
Any hint on this? Just researching to apply it in my current project, please help me as we want to make it more modern :)
Thanks in advance!
I prefer ArgoCD :)
Thanks ! Great video!! Well explained!
Hi You said we can update the git branch flux is keeping watching into for testing purposes before we merge it back to master. How can that be done with fluxctl? What are the commands?
Thank you for your videos. They are very informative!
Thank you! 💪🏽
The fluxctl install command takes in a branch name for a git repository docs.fluxcd.io/en/1.18.0/references/fluxctl.html#using-fluxctl-install
Thank you!
Thank you kind sir!
Thanks!
Thanks so much for the support 💪🏽🍻
Nice video and a channel! Thanks
Yeah I need this flux please Argo CI for more knowledge of workflows
Why does Flux require write permissions to read code?
Flux will update the tag of image when new images are pushed to image registry
Fantastic, thanks a lot!!
Is there any option to run bash script in Flux CD? I have got a few *.yaml files and a bash script which has be executed as well.
You could run a pod, perhaps as a job and have it run once off. The pod can run any arbitrary OS and place your bash in a configmap, mount it to the pod, and execute it at start up using the entrypoint.
@@MarcelDempers So like you said I created a another pod which is of kind:job and included the script.sh. So now I have two pods
1. mongodb pod
2. job pod which has (script.sh)
In the script.sh file, I run "kubectl exec" to the main pod (mongodb pod) to run few commands
The script gets executed, but I get the error "cannot create resource "pods/exec in API group"
So I created a clusterrole with resources: ["pods/exec"] and bind it to the default service account using ClusterRoleBinding
```
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: service-account-role-binding
namespace: default
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: pod-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: default
namespace: default
In the pod which is of kind:job, I include the service account like shown below
restartPolicy: Never
serviceAccountName: default
but I still get the same error. What am I doing wrong here ?
Thanks..I got it working..
Great Video !!!
Great Job
i love flux
Awesome
very good
Hi
Nice video.
How to contact you? Do you have a slack channel or anything else?
Really nice tutorials but please don't play music in the background. I have no idea where comes such a strange idea.
*Молодец!*