Manage Helm Resources the GitOps Way with Flux

Helm controller:

The Helm Controller is a Kubernetes operator, allowing us to declaratively manage Helm chart releases with Kubernetes manifests.

• With Flux, we no longer change our k8s cluster state directly using the helm command.

• For managing Helm releases on the cluster, we use the helm-controller Flux operator.

• The controller watches for a custom resource called HelmRelease to determine which Helm chart to install.

• It can perform updates based on a new chart release.

• It will run helm test.

• It can check and correct drifting (configuration drift) between the desired state and the actual state of the cluster.

Step 1: Check the Flux Components

k get pods -n flux-system

The Helm Controller runs as a pod under the flux-system namespace. It was installed by default with flux.

k get crds -n flux-system | grep -i "helm"

We have our required custom resource definitions.

Step 2: Create a Flux Structured Directory in your Git Repo

Step 3: Create a Monitoring Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: monitoring

Now we will install the kube-prometheus-stack Helm chart using the Flux Custom Resources (HelmRepository, HelmRelease)

Step 4: Create Helm Repository Custom Resource

repository.yaml :

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: prometheus-community
  namespace: monitoring
spec:
  interval: 24h
  url: https://prometheus-community.github.io/helm-charts

Step 5: Create Helm Release Custom Resource

release.yaml :

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: prometheus-stack
  namespace: monitoring
spec:
  interval: 30m
  chart:
    spec:
      chart: kube-prometheus-stack
      version: "83.7.0"
      sourceRef:
        kind: HelmRepository
        name: prometheus-community
        namespace: monitoring
      interval: 12h
  releaseName: prometheus-stack
  install:
    crds: Create
  upgrade:
    crds: CreateReplace
  driftDetection:
    mode: enabled
    ignore:
      # Ignore "validated" annotation
      - paths: ["/metadata/annotations/prometheus-operator-validated"]
        target:
          kind: PrometheusRule
  values:
    grafana:
      # Administrator credentials when not using an existing secret
      adminPassword: trinaya
      ingress:
        # If true, Grafana Ingress will be created
        enabled: true
        ingressClassName: traefik
        hosts:
          - grafana.homelab.com
        path: /

Step 6: Add a monitoring kustomization for flux-system

Under the clusters/my-cluster directory create a new file for monitoring kustomization.

monitoring.yaml :

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: monitoring
  namespace: flux-system
spec:
  interval: 60s
  timeout: 10m
  sourceRef:
    kind: GitRepository
    name: flux-system
  path: ./monitoring/controllers/staging
  prune: true
  wait: true

Step 7: Verify the resources created by flux

## list helm repository
kubectl get helmrepository -n monitoring

## list helm release
kubectl get helmrelease -n monitoring

## list the pods created
kubectl get pods -n monitoring

kubectl get all -n monitoring 

Step 8: Access the Grafana Application

• Add a DNS record for a domain to forward request to the ingress.
  In Ubuntu, add 192.168.1.225 grafana.homelab.com to the /etc/hosts file.

• Access Grafana from an external browser at http://grafana.homelab.com

---

Resources:

https://fluxcd.io/flux/components/helm/

https://fluxcd.io/flux/components/helm/helmreleases/