Managing Flux V2 Packages with Kubeapps ¶
Table of Contents ¶
- Installing Flux in your Cluster
- Using Kubeapps for Managing Flux Packages
Historically, Kubeapps was initially developed to solely manage Helm Charts on your Kubernetes clusters. However, it has evolved to support multiple packaging formats, such as Carvel Packages and Helm chart releases via Fluxv2 .
Flux is a set of continuous and progressive delivery solutions for Kubernetes that are open and extensible. In particular, the Flux helm-controller allows you to manage Helm chart releases declaratively with Kubernetes manifests. Similarly, the Flux HelmRepository can be used to manage Helm repositories declaratively.
This guide walks you through the process of using Kubeapps for configuring and deploying Helm charts via Flux.
Installing the Flux controllers in your Cluster ¶
NOTE: This section can safely be skipped if you already have Flux installed in your cluster.
In order to manage Helm releases with Flux in Kubeapps, first of all, you need to install the Flux controllers in your cluster.
In most situations, people use Flux to declare all their resources in a Git branch which Flux then reconciles on the cluster, but Flux also supports
HelmRepository custom resources. Refer to the
Flux installation instructions
for general installation instructions. If you simply want to test the Kubeapps Flux support, you can install the flux components without any Git branch or even the Flux CLI with a
kubectl apply -f https://github.com/fluxcd/flux2/releases/latest/download/install.yaml
After running this command, you should have everything you need to try out Kubeapps’ Flux support. You can check on the progress of the Flux installation with:
kubectl --namespace flux-system get pod
Quick overview of the relevant Flux Custom Resources ¶
The two custom resources that are relevant for our Kubeapps integration are:
stores a reference to a traditional Helm repository and fetches the repository index on an interval, similar to Kubeapps’ built-in
- HelmRelease defines the intended state of a Helm release, supporting a multitude of features, the most important of which for our purposes is a semver version option, so that the Flux reconciliation process always ensure that the latest matching version is installed.
Using Kubeapps to manage Helm Charts with Flux ¶
Configuring Kubeapps to support Flux Helm releases ¶
As with any other packaging format, the support for Helm Charts with Flux is enabled in Kubeapps by means of a plugin.
To enable the declarative Helm Chart support with Flux, in the
file, edit the
packaging option as follows:
packaging: helm: enabled: false flux: enabled: true
TIP: Please refer to the getting started documentation for more information on how to install Kubeapps and pass custom configuration values.
NOTE: You cannot run Kubeapps currently with both the Helm (imperative) and Helm with Flux (declarative) packaging support, since they both operate on Helm releases.
Installing a Helm Repository ¶
Kubeapps allows you to install Helm Chart Repositories to be managed declaratively with Flux directly from the UI.
First, you need to find a Helm Chart Repository already published. This tutorial uses the Bitnami Application Catalog Helm Chart Repository.
To start with the installation, expand the right menu and click on the Package Repositories option.
Kubeapps navigates to the Package Repositories page displaying a list of installed repositories (both Global and Namespaced repositories).
Global repositories are available cluster-wide to deploy applications from those repositories to any namespace.
Namespace repositories are available only in specific namespaces (to be aligned with the Kubernetes RBAC model where an account can have roles in specific namespaces).
A Kubeapps Package Repository can be installed by anyone with the required RBAC for that namespace.
Click the Add Package Repository button that displays a pop-up (structured in collapsible sections) to configure the parameters for the new Package Repository.
The image above shows the parameters to configure the
Bitnami Application CatalogHelm Chart package repository to be managed declaratively with Flux as a Global repository in Kubeapps.
Additionally, there are two sections to provide authorization and advanced data to configure the Package Repository. Default values in these sections are enough to install the
Bitnami Application Catalogrepository.
Finally, click the Install Repository button to launch the installation process, adding the new repository to Kubeapps.
This creates the Flux
defaultnamespace that syncs the Bitnami chart index every ten minutes. Any user who can read
HelmRepositoryresources in the default namespace is able to create
HelmReleaseresources referring to charts in this repository in any namespace to which they have sufficient RBAC.
Creating a service account ¶
Since the Flux system reconciles a
HelmRelease in the background, you need to create a service account to use when creating a Helm release via Flux. This service account is created in the namespace where you intend to install the package (specifically, where the
HelmRelease resource will be created).
cat > kubeapps-user-service-account.yaml << EOF --- apiVersion: v1 kind: ServiceAccount metadata: name: flux-reconciler namespace: kubeapps-user-namespace automountServiceAccountToken: false --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: flux-reconciler namespace: default subjects: - kind: ServiceAccount name: flux-reconciler namespace: kubeapps-user-namespace roleRef: kind: ClusterRole name: admin apiGroup: rbac.authorization.k8s.io EOF kubectl apply -f kubeapps-user-service-account.yaml
Note that this service account has
admin access to the namespace only and so is able to read/write most resources in the namespace, including adding other roles and rolebindings. If your package includes cluster-wide resources such as CRDs or ClusterRoles, you need to update the above to use a ClusterRoleBinding with a different cluster role, such as cluster-admin. See
Kubernetes user-facing roles
for more info about the roles.
Installing a Package ¶
Installing a Helm Chart to be managed declaratively with Flux in Kubeapps is very similar to installing any other package (such as a traditional Helm Chart directly managed with Helm) in Kubeapps.
TIP: Please refer to the user documentation for more information on how to use Kubeapps as a user.
Assuming that a Flux
HelmRepository, such as the Bitnami repository above, is already installed in the cluster, you can simply go to the Catalog tab and select the package you want to install.
The following image depicts the catalog page with a set of packages from the above Bitnami
Next, select any package you want to install, for example,
Apache, then click Deploy to see the install form as depicted below:
A big difference with respect to other packaging formats is that you must select a
ServiceAccount to be used for installing the package. This is because Flux, similar to
, carries out the installation as well as upgrades in the background and so cannot rely on doing so as the user. See
Creating a service account
In Kubeapps, a dropdown allows you to select which
ServiceAccount you want to use, such as the
flux-reconciler service account created above.
NOTE: As a consequence, the user logged in Kubeapps needs RBAC permissions to perform a
TIP: For the Apache package, ensure that the ServiceType is set to an option supported by your cluster. For instance, for a local Kind cluster, you should choose
Finally, after clicking the Install button, the Flux
HelmRelease is installed in the cluster. At this moment, Flux performs the required actions to deploy the related Helm chart and its related resources. This process is known as reconciliation. You can check the CLI for more details about the reconciliation:
kubectl -n kubeapps-user-namespace get helmrelease NAME READY STATUS AGE test-apache Unknown Reconciliation in progress 8s
Viewing the Installed Packages ¶
Viewing the Helm Charts installed with Flux in Kubeapps is the same experience as viewing any other installed package (such as a Helm Chart installed with Helm) in Kubeapps.
TIP: Please refer to the user documentation for more information on how to use Kubeapps as a user.
Go to the Applications tab to see every Application that has been installed in the cluster. Click on show apps in all namespaces to view the ones currently installed in every namespace of the cluster.
The following example shows an example of the Applications page with Apache installed as a Helm Chart with Flux:
Since the reconciliation process can eventually fail for several reasons, this page shows the current reconciliation status of each application.
Next, click on the application you want to view, for example,
test-apache to go to the details page, as depicted in the following image:
As in any other packaging format, this page displays those Kubernetes resources that have been created as a result of the Package installation. Besides, the current values are shown at the end of the page.
Next, you can click on the Delete button to uninstall the application or the Upgrade button to edit the values of the application or update it to another version.
NOTE: as opposed to Helm Charts managed with Helm, Helm Charts managed with Flux cannot be rolled back, hence there is no Rollback button.
Finally, note that every Helm Chart installed through Kubeapps by using Flux, can also be managed by
kubectl or the
CLI using the
flux get helmrelease command (as well as every Helm Chart installed in the cluster directly from Flux can also be managed by Kubeapps). For example:
flux get -n kubeapps-user-namespace helmrelease test-apache NAME READY MESSAGE REVISION SUSPENDED test-apache True Release reconciliation succeeded 9.0.3 False
This guide covers how to manage Helm Charts with Flux in Kubeapps, starting from how to configure Kubeapps itself , then how to add Helm Package Repositories for Flux, next how to browse and install Helm Charts declaratively with Flux , and finally how to view the installed packages .
Some additional resources and references include: