28.9 C
New York

Implementing GitOps with FluxCD on Azure DevOps: A Complete Guide

Azure
GitOps with FluxCD on Azure DevOps
GitOps with FluxCD on Azure DevOps

Published:

Reading time: 4 min.

Introduction

GitOps is a modern approach to continuous delivery that uses Git as the single source of truth for infrastructure and application deployments. FluxCD is a leading GitOps operator for Kubernetes, automating deployments by syncing your cluster with a Git repository.

This guide provides a step-by-step, professional walkthrough for integrating FluxCD with Azure DevOps, covering:

  1. GitOps Principles & FluxCD Architecture
  2. Setting Up FluxCD on AKS (Azure Kubernetes Service)
  3. Configuring Azure DevOps for GitOps Workflows
  4. Advanced FluxCD Features (Kustomize, Helm, Notifications)

By the end, you’ll have a fully automated GitOps pipeline that syncs AKS with your Azure Repos/GitHub repository.

1. Understanding GitOps & FluxCD

1.1 What is GitOps?

Declarative Infrastructure (Define everything in Git: manifests, Helm charts)
Automated Synchronization (FluxCD continuously reconciles cluster state with Git)
Audit & Rollback (Git history tracks all changes)

1.2 How FluxCD Works

  • Watches a Git repo for changes (YAML/Helm/Kustomize).
  • Detects drift between Git and cluster, auto-reconciles.
  • Supports multi-tenancy (Multiple teams, namespaces).

2. Setting Up FluxCD on AKS

2.1 Prerequisites

  • AKS Cluster (Running Kubernetes 1.20+)
  • kubectl & Helm installed
  • Azure DevOps/GitHub Repo (For manifests)

2.2 Installing FluxCD via Helm

  1. Add the FluxCD Helm repo:
   helm repo add fluxcd https://fluxcd-community.github.io/helm-charts
  1. Install FluxCD:
   helm upgrade --install flux fluxcd/flux2 \
     --namespace flux-system \
     --create-namespace \
     --set watchAllNamespaces=true
  1. Verify installation:
   kubectl get pods -n flux-system

3. Connecting FluxCD to Azure DevOps/GitHub

3.1 Configuring Git Repository Sync

  1. Create a Git Repo (e.g., azure-devops/flux-config) with:
   ├── clusters/
   │   └── prod-aks/
   │       ├── flux-system/
   │       │   └── gotk-components.yaml
   │       └── apps/
   │           ├── namespace.yaml
   │           └── kustomization.yaml
  1. Apply FluxCD manifests:
   kubectl apply -f clusters/prod-aks/flux-system/gotk-components.yaml

3.2 Setting Up Git Authentication

Option 1: SSH Key (Recommended)

  1. Generate an SSH key:
   flux create secret git flux-ssh-auth \
     --url=ssh://git@ssh.dev.azure.com/v3/yourorg/yourrepo \
     --namespace=flux-system
  1. Apply the GitRepository manifest:
   apiVersion: source.toolkit.fluxcd.io/v1beta2
   kind: GitRepository
   metadata:
     name: flux-config
     namespace: flux-system
   spec:
     interval: 1m
     url: ssh://git@ssh.dev.azure.com/v3/yourorg/yourrepo
     secretRef:
       name: flux-ssh-auth

Option 2: Azure DevOps PAT (Personal Access Token)

flux create secret git flux-pat-auth \
  --url=https://dev.azure.com/yourorg/yourrepo \
  --username=git \
  --password=<PAT_TOKEN>

4. Configuring Azure DevOps CI/CD for GitOps

4.1 CI Pipeline (Build & Push Manifests)

  1. Trigger on Git changes (YAML example):
   trigger:
     branches:
       include: [ main ]
     paths:
       include: [ 'manifests/*' ]
  1. Validate & Push Changes:
   jobs:
     - job: ValidateManifests
       steps:
         - script: kubectl apply --dry-run=server -f manifests/
     - job: CommitAndPush
       steps:
         - script: |
             git config --global user.email "fluxcd@azuredevops.com"
             git add .
             git commit -m "Update manifests"
             git push origin main

4.2 CD via FluxCD (Auto-Sync)

  • FluxCD watches the repo and applies changes automatically.
  • Rollback: Revert a Git commit → FluxCD rolls back the cluster.

5. Advanced FluxCD Features

5.1 Kustomize & Helm Support

  • Kustomize Overlays:
  apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
  kind: Kustomization
  metadata:
    name: app-deployment
    namespace: flux-system
  spec:
    interval: 5m
    path: ./clusters/prod-aks/apps
    sourceRef:
      kind: GitRepository
      name: flux-config
  • Helm Releases:
  apiVersion: helm.toolkit.fluxcd.io/v2beta1
  kind: HelmRelease
  metadata:
    name: nginx
    namespace: default
  spec:
    chart:
      spec:
        chart: nginx
        sourceRef:
          kind: HelmRepository
          name: bitnami
    interval: 5m

5.2 Notifications (Slack, Teams, Azure DevOps)

  1. Configure Alert Providers:
   flux create alert-provider azuredevops \
     --type=azuredevops \
     --username=flux-bot \
     --webhook=https://dev.azure.com/yourorg/_apis/distributedtask/hooks/webhook
  1. Define Alerts:
   apiVersion: notification.toolkit.fluxcd.io/v1beta1
   kind: Alert
   metadata:
     name: deployment-alerts
     namespace: flux-system
   spec:
     providerRef:
       name: azuredevops
     eventSeverity: info

6. Best Practices for GitOps with FluxCD

Use Separate Repos for Dev/Prod (Or branches with Kustomize overlays)
Immutable Releases (Tag Helm charts, avoid latest)
RBAC for FluxCD (Limit cluster access)
Monitor Sync Status (flux get kustomizations --watch)
Automated Testing (Pre-commit validation with conftest)

Conclusion

By combining FluxCD with Azure DevOps, you achieve:
🚀 True GitOps (Git as the single source of truth)
🔒 Security & Compliance (Audit trails via Git history)
Zero-Downtime Deployments (Automated sync + rollback)

Next Steps

  • Explore FluxCD + Helm Secure Supply Chain (Cosign, OCI registries).
  • Implement Multi-Cluster GitOps (Fleet Management).
  • Set up Drift Detection Alerts.
Abdelhaleem Ali
Abdelhaleem Alihttps://cupsdeeps.com

Related articles

Recent articles

Premium Content

© CupsDeeps