GitOps Made Easy with the AKS Flux Extension

Microsoft has recently made GA the Flux extension for Azure Kubernetes Services. Now, you can deploy Flux and Flux configurations directly with AKS as part of your IaC deployment (you are using IaC, right?).

What does all this even mean? If you’ve looked in the portal lately, you might have seen this new GitOps tab.

GitOps pane in Azure

From here you can configure a Flux configuration sourcing from a Git repository(s) and/or a Helm repository(s). You can mix and match how you deploy your applications.

When you create your AKS instance, you can create a fluxConfigurations resource. I’ll use Bicep here, but the same can be done with Terraform, az cli, or if you’re a masochist, ARM templates.

// this is your AKS cluster
resource aks 'Microsoft.ContainerService/managedClusters@2022-05-02-preview' existing = {
  name: 'akscluster'
}

resource fluxConfiguration 'Microsoft.KubernetesConfiguration/fluxConfigurations@2022-03-01' = {
  name: 'bootstrap'
  scope: aks   // scope it to your AKS cluster
  properties: {
    sourceKind: 'GitRepository'   // this is using the Git repository as a source (vs a Helm chart)
    scope: 'cluster'
    namespace: 'flux-system'
    gitRepository: {
      url: gitops_repository_url
      localAuthRef: 'bootstrap-protected-parameters'
    }
    kustomizations: {
      unified: {
        path: './clusters/environment'   // the path to your kustomizations in your Git repo
      }
    }
    configurationProtectedSettings: {
      username: base64('gitops')
      password: base64(gitops_repository_pat)
    }
  }
}

When you deploy a fluxConfigurations resource, the Flux extension if automatically installed for you. If you’d like to tweak what controllers Flux installs, you can explicitly state the extension resource and specify the controllers you want to deploy:

resource fluxExtension 'Microsoft.KubernetesConfiguration/extensions@2022-03-01' = {
  name: 'flux'
  scope: aks
  properties: {
    extensionType: 'Microsoft.Flux'
    autoUpgradeMinorVersion: true
    releaseTrain: 'Stable'
    scope: {
      cluster: {
        releaseNamespace: 'flux-system'
      }
    }
    configurationSettings: {
      'helm-controller.enabled': 'true'
      'source-controller.enabled': 'true'
      'kustomize-controller.enabled': 'true'
      'notification-controller.enabled': 'true'
      'image-automation-controller.enabled': 'true'
      'image-reflector-controller.enabled': 'false'
    }
  }
}

More about the different Flux controllers here: https://fluxcd.io/docs/components/

This gets you Flux pre-bootstrapped into your AKS cluster as well as a defined configuration. With this setup, your application can automatically deploy as soon as the infrastructure is up and ready. This makes it easy to spin up new environments and keep things automated.