Initialize a Kubernetes cluster
This guide shows how to initialize a Kubernetes cluster to work with Lizz.
Requirements
To initialize a cluster, you first need to have the following:
Export your credentials
- GitHub
- GitLab
Export your GitHub personal access token and username:
export GITHUB_TOKEN=<your-token>
export GITHUB_USER=<your-username>
Export your GitLab personal access token and username:
export GITLAB_TOKEN=<your-token>
export GITLAB_USER=<your-username>
Create the fleet repository
The following command creates the fleet repository with the correct structure and content for Lizz and Flux:
- GitHub
- GitLab
lizz init github \
--owner=$GITHUB_USER \
--destination=fleet \
--origin-url=https://github.com/openlizz/fleet \
--personal
lizz init gitlab \
--owner=$GITLAB_USER \
--destination=fleet \
--origin-url=https://gitlab.com/openlizz/fleet \
--personal
You should see the following output:
Initialize the cluster repository...
✓ Clone the cluster repository
✓ Create a new configuration for the cluster
✓ Create new repository
✓ Commit and push to the cluster repository
Install Flux in your cluster
For information about Flux and the bootstrap options, see the Flux documentation.
Run the bootstrap command:
- GitHub
- GitLab
flux bootstrap github \
--owner=$GITHUB_USER \
--repository=fleet \
--branch=main \
--path=cluster \
--personal
flux bootstrap gitlab \
--owner=$GITLAB_USER \
--repository=fleet \
--branch=main \
--path=cluster \
--personal
The output is similar to:
► connecting to github.com
► cloning branch "main" from Git repository
✔ cloned repository
► generating component manifests
✔ generated component manifests
✔ committed sync manifests to "main"
► pushing component manifests
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► determining if source secret "flux-system/flux-system" exists
► generating source secret
✔ public key: xxx
✔ configured deploy key "flux-system-main-flux-system-./cluster"
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main"
► pushing sync manifests
► applying sync manifests
✔ reconciled sync configuration
◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
✔ Kustomization reconciled successfully
► confirming components are healthy
✔ helm-controller: deployment ready
✔ kustomize-controller: deployment ready
✔ notification-controller: deployment ready
✔ source-controller: deployment ready
✔ all components are healthy
The bootstrap command above does following:
- Adds Flux component manifests to the repository
- Deploys Flux Components to your Kubernetes Cluster
- Configures Flux components to track the path /cluster/ in the repository
Configure Kubernetes secrets management
In order to store secrets safely in public or private Git repositories, Lizz uses Mozilla’s SOPS.
Run the following command to configure secret management:
- GitHub
- GitLab
lizz secret-management github --owner=$GITHUB_USER --fleet=fleet
lizz secret-management gitlab --owner=$GITLAB_USER --fleet=fleet
The output is similar to:
Configure secret management...
✓ Clone the cluster repository
✓ Open and read the cluster configuration file
✓ Configure the secret management
✓ Commit and push to the cluster repository
Run `kubectl apply -f secret.yaml` to apply the secret to the cluster
This command generates the secret.yaml file which contains the age private key used to decrypt secrets.
You need to store the private key in your Kubernetes cluster by running:
kubectl apply -f secret.yaml
Keep safe the private key or the secret.yaml file as this is the only way to decrypt the secrets stored in the Git repositories.
You will need this key in case of a disaster to restore your cluster.
Next
Your cluster is now initialized to work with Lizz 🥳
You can add an application to it.