The GitOps Promotions Operator watches Git Repositories (Environments) for changes, and promotes them to other Environments.
kubectl apply -k github.com/thomasstxyz/gitops-promotions-operator/config/default
apiVersion: promotions.gitopsprom.io/v1alpha1
kind: Environment
metadata:
name: dev
spec:
path: ./envs/dev
source:
url: https://github.com/thomasstxyz/example-kustomize-overlay-dev
ref:
branch: main
If it's a private repository, you must add
.spec.source.secretRef
and setup an ssh key pair explained at Creating an ssh key pair.
apiVersion: promotions.gitopsprom.io/v1alpha1
kind: Environment
metadata:
name: prod
spec:
path: ./envs/prod
source:
url: https://github.com/thomasstxyz/example-kustomize-overlay-prod
ref:
branch: main
secretRef:
name: prod-ssh
apiTokenSecretRef:
name: github-api-token
gitProvider: github
.spec.source.secretRef
references a secret which contains an ssh key pair,
follow Creating an ssh key pair to set it up.
.spec.apiTokenSecretRef
references a secret which contains an API Token for the git provider
(GitHub), with permissions to create Pull Requests. This secret can be created with the following command:
kubectl create secret generic github-api-token --from-literal=token="ghp_n139N..."
.spec.copy.source
and .spec.copy.target
are filesystem paths relative
to .spec.path
in the Environment
CR.
apiVersion: promotions.gitopsprom.io/v1alpha1
kind: Promotion
metadata:
name: from-dev-to-prod
spec:
sourceEnvironmentRef:
name: dev
targetEnvironmentRef:
name: prod
copy:
- name: "Application Version"
source: app-version
target: app-version
- name: "Kustomization File"
source: ./app-version/kustomization.yaml
target: ./app-version/
- name: "Application Settings"
source: settings
target: settings
strategy: pull-request
Now if there are changes in the source environment, which differ from the target environment, the operator will create a pull request.
kubectl delete -k github.com/thomasstxyz/gitops-promotions-operator/config/default
Generate an RSA key pair for SSH auth.
ssh-keygen -b 2048 -t rsa -f key -q -C gitopsprombot -N ""
GITOPSPROMBOT_PRIVATE_KEY=$(cat key)
GITOPSPROMBOT_PUBLIC_KEY=$(cat key.pub)
Create a Secret.
kubectl create secret generic prod-ssh \
--from-literal=private=${GITOPSPROMBOT_PRIVATE_KEY} \
--from-literal=public=${GITOPSPROMBOT_PUBLIC_KEY}
The public key needs to be configured as a "deploy key" in the Git Repository. If you want to promote to this environment, the deploy key needs write permissions!
cat key.pub
Docs about how to configure a deploy key:
When applied to the cluster, you should delete the key from your local machine.
rm key
rm key.pub
The GitOps Promotions Operator watches Git Repositories (Environments
) for changes,
and promotes them to other Environments.
This is done by defining Environment
and Promotion
custom resources,
as explained it the Getting Started (as a User).
You’ll need a Kubernetes cluster to run against. You can use KIND to get a local cluster for testing, or run against a remote cluster.
Note: Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster kubectl cluster-info
shows).
- Install Instances of Custom Resources:
kubectl apply -f config/samples/
- Build and push your image to the location specified by
IMG
:
make docker-build docker-push IMG=<some-registry>/gitops-promotions-operator:tag
- Deploy the controller to the cluster with the image specified by
IMG
:
make deploy IMG=<some-registry>/gitops-promotions-operator:tag
To delete the CRDs from the cluster:
make uninstall
UnDeploy the controller from the cluster:
make undeploy
// TODO(user): Add detailed information on how you would like others to contribute to this project
This project aims to follow the Kubernetes Operator pattern.
It uses Controllers, which provide a reconcile function responsible for synchronizing resources until the desired state is reached on the cluster.
- Install the CRDs into the cluster:
make install
- Run your controller (this will run in the foreground, so switch to a new terminal if you want to leave it running):
make run
NOTE: You can also run this in one step by running: make install run
If you are editing the API definitions, generate the manifests such as CRs or CRDs using:
make manifests
NOTE: Run make --help
for more information on all potential make
targets
More information can be found via the Kubebuilder Documentation
Copyright 2023 Thomas Stadler [email protected]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.