Update structure for Flux 2.7

Signed-off-by: Stefan Prodan <[email protected]>

Author: stefanprodan

.github/workflows/e2e.yaml

@@ -11,15 +11,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup Flux
         uses: fluxcd/flux2/action@main
       - name: Setup Kubernetes
-        uses: helm/kind-action@v1.7.0
+        uses: helm/kind-action@v1.12.0
         with:
           cluster_name: flux
+          version: v0.30.0
+          node_image: kindest/node:v1.33.4
       - name: Install Flux in Kubernetes Kind
-        run: flux install
+        run: flux install --components-extra source-watcher
       - name: Setup cluster reconciliation
         run: |
           flux create source git flux-system \
@@ -38,6 +40,8 @@ jobs:
       - name: Verify helm reconciliation
         run: |
           kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
+      - name: List deployed resources
+        run: flux tree ks flux-system
       - name: Debug failure
         if: failure()
         run: |

.github/workflows/test.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5
       - name: Setup yq
         uses: fluxcd/pkg/actions/yq@main
       - name: Setup kubeconform

README.md

@@ -14,7 +14,7 @@ upgrade the Helm releases to their latest chart version based on semver ranges.
 
 ## Prerequisites
 
-You will need a Kubernetes cluster version 1.28 or newer.
+You will need a Kubernetes cluster version 1.33 or newer.
 For a quick local test, you can use [Kubernetes kind](https://kind.sigs.k8s.io/docs/user/quick-start/).
 Any other Kubernetes setup will work as well though.
 
@@ -122,7 +122,7 @@ spec:
         - host: podinfo.staging
 ```
 
-Note that with ` version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
+Note that with `version: ">=1.0.0-alpha"` we configure Flux to automatically upgrade
 the `HelmRelease` to the latest chart version including alpha, beta and pre-releases.
 
 In **apps/production/** dir we have a Kustomize patch with the production specific values:
@@ -164,31 +164,41 @@ The infrastructure is structured into:
     └── kustomization.yaml
 ```
 
-In **infrastructure/controllers/** dir we have the Flux `HelmRepository` and `HelmRelease` definitions such as:
+In **infrastructure/controllers/** dir we have the Flux definitions such as:
 
 ```yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: OCIRepository
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  url: oci://quay.io/jetstack/charts/cert-manager
+  layerSelector:
+    mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip"
+    operation: copy
+  ref:
+    semver: "1.x"
+---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: cert-manager
-      version: "1.x"
-      sourceRef:
-        kind: HelmRepository
-        name: cert-manager
-        namespace: cert-manager
-      interval: 12h
+  interval: 12h
+  chartRef:
+    kind: OCIRepository
+    name: cert-manager
   values:
-    installCRDs: true
+    crds:
+      enabled: true
+      keep: false
 ```
 
-Note that with ` interval: 12h` we configure Flux to pull the Helm repository index every twelfth hours to check for updates.
-If the new chart version that matches the `1.x` semver range is found, Flux will upgrade the release.
+Note that in the `OCIRepository` we configure Flux to check for new chart versions every 24 hours.
+If a newer chart is found that matches the `semver: 1.x` constraint, Flux will upgrade the release accordingly.
 
 In **infrastructure/configs/** dir we have Kubernetes custom resources, such as the Let's Encrypt issuer:
 
@@ -235,17 +245,23 @@ spec:
 Note that with `dependsOn` we tell Flux to first install or upgrade the controllers and only then the configs.
 This ensures that the Kubernetes CRDs are registered on the cluster, before Flux applies any custom resources.
 
-## Bootstrap staging and production
+### Clusters
 
-The clusters dir contains the Flux configuration:
+A cluster is configured inside its own directory under **clusters/** dir, containing:
+
+- **artifacts.yaml** contains an `ArtifactGenerator` that splits the monorepo into infrastructure and apps artifacts
+- **infrastructure.yaml** contains the Flux `Kustomization` definitions for reconciling the infrastructure controllers and configs
+- **apps.yaml** contains the Flux `Kustomization` definition for reconciling the apps Kustomize overlay for the specific cluster
 
 ```
 ./clusters/
 ├── production
 │   ├── apps.yaml
+│   ├── artifacts.yaml
 │   └── infrastructure.yaml
 └── staging
     ├── apps.yaml
+    ├── artifacts.yaml
     └── infrastructure.yaml
 ```
 
@@ -258,19 +274,27 @@ metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/staging
+    kind: ExternalArtifact
+    name: apps
+  path: ./staging
   prune: true
   wait: true
 ```
 
-Note that with `path: ./apps/staging` we configure Flux to sync the staging Kustomize overlay and 
-with `dependsOn` we tell Flux to create the infrastructure items before deploying the apps.
+With `path: ./staging` we configure Flux to sync the apps staging Kustomize overlay and 
+with `dependsOn` we tell Flux to wait for the infrastructure configs to be installed before applying the apps.
+
+Note that the `ExternalArtifact` source is generated by the `ArtifactGenerator` from the contents of the **apps/** directory.
+The `ArtifactGenerator` allows us to split the monorepo into smaller artifacts that can be synced independently.
+Changes to files outside the **apps/** dir will not trigger a reconciliation of the apps Kustomization.
+
+## Bootstrap
 
 Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name:
 
@@ -290,6 +314,7 @@ Set the kubectl context to your staging cluster and bootstrap Flux:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=staging \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -307,9 +332,9 @@ Watch for the Helm releases being installed on staging:
 $ watch flux get helmreleases --all-namespaces
 
 NAMESPACE    	NAME         	REVISION	SUSPENDED	READY	MESSAGE 
-cert-manager 	cert-manager 	v1.11.0 	False    	True 	Release reconciliation succeeded
-ingress-nginx	ingress-nginx	4.4.2   	False    	True 	Release reconciliation succeeded
-podinfo      	podinfo      	6.3.0   	False    	True 	Release reconciliation succeeded
+cert-manager 	cert-manager 	1.19.1   	False    	True 	Helm install succeeded
+ingress-nginx	ingress-nginx	4.13.4   	False    	True 	Helm install succeeded
+podinfo      	podinfo      	6.9.2   	False    	True 	Helm install succeeded
 ```
 
 Verify that the demo app can be accessed via ingress:
@@ -320,14 +345,15 @@ $ kubectl -n ingress-nginx port-forward svc/ingress-nginx-controller 8080:80 &
 $ curl -H "Host: podinfo.staging" http://localhost:8080
 {
   "hostname": "podinfo-59489db7b5-lmwpn",
-  "version": "6.2.3"
+  "version": "6.9.2"
 }
 ```
 
 Bootstrap Flux on production by setting the context and path to your production cluster:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=production \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -341,14 +367,14 @@ Watch the production reconciliation:
 ```console
 $ flux get kustomizations --watch
 
-NAME             	REVISION     	SUSPENDED	READY	MESSAGE                         
-apps             	main/696182e	False    	True 	Applied revision: main/696182e	
-flux-system      	main/696182e	False    	True 	Applied revision: main/696182e	
-infra-configs    	main/696182e	False    	True 	Applied revision: main/696182e	
-infra-controllers	main/696182e	False    	True 	Applied revision: main/696182e	
+NAME                    REVISION                    READY   MESSAGE
+flux-system             main@sha1:a7be7dff          True    Applied revision: main@sha1:a7be7dff
+infra-controllers       latest@sha256:c0ac3648      True    Applied revision: latest@sha256:c0ac3648
+infra-configs           latest@sha256:c0ac3648      True    Applied revision: latest@sha256:c0ac3648
+apps                    latest@sha256:26785ee4      True    Applied revision: latest@sha256:26785ee4
 ```
 
-## Add clusters
+### Add clusters
 
 If you want to add a cluster to your fleet, first clone your repo locally:
 
@@ -366,6 +392,7 @@ mkdir -p clusters/dev
 Copy the sync manifests from staging:
 
 ```sh
+cp clusters/staging/artifacts.yaml clusters/dev
 cp clusters/staging/infrastructure.yaml clusters/dev
 cp clusters/staging/apps.yaml clusters/dev
 ```
@@ -383,6 +410,7 @@ Set the kubectl context and path to your dev cluster and bootstrap Flux:
 
 ```sh
 flux bootstrap github \
+    --components-extra=source-watcher \
     --context=dev \
     --owner=${GITHUB_USER} \
     --repository=${GITHUB_REPO} \
@@ -391,57 +419,6 @@ flux bootstrap github \
     --path=clusters/dev
 ```
 
-## Identical environments
-
-If you want to spin up an identical environment, you can bootstrap a cluster
-e.g. `production-clone` and reuse the `production` definitions.
-
-Bootstrap the `production-clone` cluster:
-
-```sh
-flux bootstrap github \
-    --context=production-clone \
-    --owner=${GITHUB_USER} \
-    --repository=${GITHUB_REPO} \
-    --branch=main \
-    --personal \
-    --path=clusters/production-clone
-```
-
-Pull the changes locally:
-
-```sh
-git pull origin main
-```
-
-Create a `kustomization.yaml` inside the `clusters/production-clone` dir:
-
-```yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - flux-system
-  - ../production/infrastructure.yaml
-  - ../production/apps.yaml
-```
-
-Note that besides the `flux-system` kustomize overlay, we also include
-the `infrastructure` and `apps` manifests from the production dir.
-
-Push the changes to the main branch:
-
-```sh
-git add -A && git commit -m "add production clone" && git push
-```
-
-Tell Flux to deploy the production workloads on the `production-clone` cluster:
-
-```sh
-flux reconcile kustomization flux-system \
-    --context=production-clone \
-    --with-source 
-```
-
 ## Testing
 
 Any change to the Kubernetes manifests or to the repository structure should be validated in CI before

clusters/production/apps.yaml

@@ -5,13 +5,14 @@ metadata:
   name: apps
   namespace: flux-system
 spec:
-  interval: 10m0s
   dependsOn:
     - name: infra-configs
+  interval: 1h
+  retryInterval: 2m
+  timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps/production
+    kind: ExternalArtifact
+    name: apps
+  path: ./production
   prune: true
   wait: true
-  timeout: 5m0s

clusters/production/artifacts.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: source.extensions.fluxcd.io/v1beta1
+kind: ArtifactGenerator
+metadata:
+  name: flux-system
+  namespace: flux-system
+spec:
+  sources:
+    - alias: monorepo
+      kind: GitRepository
+      name: flux-system
+  artifacts:
+    - name: infrastructure
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/infrastructure/**"
+          to: "@artifact/"
+    - name: apps
+      originRevision: "@monorepo"
+      copy:
+        - from: "@monorepo/apps/**"
+          to: "@artifact/"

clusters/production/infrastructure.yaml

@@ -6,12 +6,12 @@ metadata:
   namespace: flux-system
 spec:
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/controllers
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./controllers
   prune: true
   wait: true
 ---
@@ -24,12 +24,12 @@ spec:
   dependsOn:
     - name: infra-controllers
   interval: 1h
-  retryInterval: 1m
+  retryInterval: 2m
   timeout: 5m
   sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./infrastructure/configs
+    kind: ExternalArtifact
+    name: infrastructure
+  path: ./configs
   prune: true
   patches:
     - patch: |