FluxCD
This page describes the deepdesk FluxCD setup: a tool running in GKE to deploy software based on changes in git using Helm and Kustomize. See the flux docs for a basic understanding: https://fluxcd.io/docs/
Release workflowβ
This flowchart describes what happens when a developer pushes a commit to one of the 'services' repo's (like engine, backend, etc.).
Some steps require a bit more explanation:
- The ImageReflector controller monitors GCR and get the latest tags for all images in the deepdesk-cloud repository. Image tags have to be 'sortable' for this to work, so we chose to go with the proposed format of flux
main-<commit id>-<unix timestamp>. The Reflector passes the list of images and tags to the ImageAutomation controller - The ImageAutomation controller checks out a copy of the deepdesk-config repo and looks for special tags in the comments of all the files
{"$imagepolicy": "flux-system:backend-staging:tag"}. It updates the tags with the version found in the container registry and pushes an update to Github. - The push to deepdesk-config causes the HelmController to re-package the helm chart, update the configuration values and deploy the chart to GKE.
Flux system installation / configuration (deepdesk-gcp)β
The FluxCD components are installed in the deepdesk-gcp repository in the 'flux' module. This module deploys a local helm chart, installing the flux CRD's and controllers and configuring the following cluster-wide flux resources:
| Resource | Purpose |
|---|---|
| GitRepository (deepdesk-helmcharts, deepdesk-config) | Source of helmcharts and Kustomize configuration for per-account deployments |
| ImageUpdateAutomation | Updates docker image tags in deepdesk-config and commits/pushed the updated tags. |
| ImagePolicy | Policies defining how docker image tags translate into a latest version tag. Matches regex patterns to the full list of image tags and sorts them to find that latests/newest image tags for every component/service. |
| PodMonitor | Directs prometheus to monitor the flux controllers. Provides data to the flux grafana dashboard |
| Receiver + Ingress | Configures and handles the receiving webhooks for GitHub webhook push requests. |
Per-account Kustomization (deepdesk-terraform)β
The final component is the 'Kustomization' resource created in deepdesk-terraform/services/flux.tf, the per-account terraform repository. The Kustomization point to the deepdesk-config repository, path ./k8s/flux/<environment>/<account>. This kustomization contains the following:
| Resource | Purpose |
|---|---|
| HelmRelease (one per service) | Component to deploy the deepdesk services into the account namespace. Requires the account specific values.yaml and secrets as input. |
| Alert | Sets up notifications for the HelmRelease components so we get messages in #deployments in slack when services are deployed. |
| Provider | Links the alert resources to the slack notification provider and configures the slack endpoint. |