The Tracker project uses Flux, to enable pull based Continuous Deployment.
The directory here is laid out to allow the patching of a basic flux install. It is based on the example in the documentation.
Config changes can be pretty high impact, so trying it out somewhere is pretty useful. To that end, we have a few ways to bring up a "non-prod" version of the app; basically, using a self signed cert and requesting its own IP address.
Containerized applications read their config from the environment, and that environment is largely populated via secrets. Consequently we create these secrets and the namespaces they live in before doing the deployment.
See the readme in the app folder for instructions on how to create those app credentials.
make secrets env=minikube
make deploy env=minikubemake secrets env=test
make deploy env=testmake secrets env=aks
make deploy env=aksDeploying to prod is a little anticlimactic. You'll want some read/write credentials for Flux so that it can update our config with new image tags, but everything else is the same.
Tracker uses SSH deploy keys to allow those updates, and uses kustomize to generate secrets. To create the keys, use the following commands.
ssh-keygen -q -N "" -C "flux-read-write" -f ./deploy/creds/readwrite/identity
ssh-keyscan github.com > ./deploy/creds/readwrite/known_hostsAdd the new deploy key to the Tracker repo, and select "Allow write access". After that it's basically the same:
make secrets env=gke
make deploy env=gkeUpdate Flux as you would normally, and then run make update-flux, to update the config.