diff --git a/README.md b/README.md index ffc637724..51d2ff6b1 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,6 @@ We will configure Flux to install, test and upgrade a demo app using Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. -![flux-ui-apps.png](.github/screens/flux-ui-apps.png) - -On each cluster, we'll install [Weave GitOps](https://docs.gitops.weave.works/) (an OSS UI for Flux) -to visualise and monitor the workloads managed by Flux. - ## Prerequisites You will need a Kubernetes cluster version 1.21 or newer. @@ -27,7 +22,7 @@ In order to follow the guide you'll need a GitHub account and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) that can create repositories (check all permissions under `repo`). -Install the Flux CLI on MacOS or Linux using Homebrew: +Install the Flux CLI on macOS or Linux using Homebrew: ```sh brew install fluxcd/tap/flux @@ -162,12 +157,10 @@ The infrastructure is structured into: ./infrastructure/ ├── configs │   ├── cluster-issuers.yaml -│   ├── network-policies.yaml │   └── kustomization.yaml └── controllers ├── cert-manager.yaml ├── ingress-nginx.yaml - ├── weave-gitops.yaml └── kustomization.yaml ``` @@ -315,7 +308,6 @@ $ watch flux get helmreleases --all-namespaces NAMESPACE NAME REVISION SUSPENDED READY MESSAGE cert-manager cert-manager v1.11.0 False True Release reconciliation succeeded -flux-system weave-gitops 4.0.12 False True Release reconciliation succeeded ingress-nginx ingress-nginx 4.4.2 False True Release reconciliation succeeded podinfo podinfo 6.3.0 False True Release reconciliation succeeded ``` @@ -356,48 +348,6 @@ infra-configs main/696182e False True Applied revision: main/696182e infra-controllers main/696182e False True Applied revision: main/696182e ``` -### Access the Flux UI - -To access the Flux UI on a cluster, first start port forwarding with: - -```sh -kubectl -n flux-system port-forward svc/weave-gitops 9001:9001 -``` - -Navigate to http://localhost:9001 and login using the username `admin` and the password `flux`. - -[Weave GitOps](https://docs.gitops.weave.works/) provides insights into your application deployments, -and makes continuous delivery with Flux easier to adopt and scale across your teams. -The GUI provides a guided experience to build understanding and simplify getting started for new users; -they can easily discover the relationship between Flux objects and navigate to deeper levels of information as required. - -![flux-ui-depends-on](.github/screens/flux-ui-depends-on.png) - -You can change the admin password bcrypt hash in **infrastructure/controllers/weave-gitops.yaml**: - -```yaml -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: weave-gitops - namespace: flux-system -spec: - # ...omitted for brevity - values: - adminUser: - create: true - username: admin - # bcrypt hash for password "flux" - passwordHash: "$2a$10$P/tHQ1DNFXdvX0zRGA8LPeSOyb0JXq9rP3fZ4W8HGTpLV7qHDlWhe" -``` - -To generate a bcrypt hash please see Weave GitOps -[documentation](https://docs.gitops.weave.works/docs/configuration/securing-access-to-the-dashboard/#login-via-a-cluster-user-account). - -Note that on production systems it is recommended to expose Weave GitOps over TLS with an ingress controller and -to enable OIDC authentication for your organisation members. -To configure OIDC with Dex and GitHub please see this [guide](https://docs.gitops.weave.works/docs/guides/setting-up-dex/). - ## Add clusters If you want to add a cluster to your fleet, first clone your repo locally: diff --git a/infrastructure/configs/kustomization.yaml b/infrastructure/configs/kustomization.yaml index 1ff9d11aa..de1ebfad0 100644 --- a/infrastructure/configs/kustomization.yaml +++ b/infrastructure/configs/kustomization.yaml @@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - cluster-issuers.yaml - - network-policies.yaml diff --git a/infrastructure/configs/network-policies.yaml b/infrastructure/configs/network-policies.yaml deleted file mode 100644 index 108d1a91b..000000000 --- a/infrastructure/configs/network-policies.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: weave-gitops-ingress - namespace: flux-system -spec: - policyTypes: - - Ingress - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app.kubernetes.io/name: weave-gitops diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml index 4fca1fd98..ef2de1951 100644 --- a/infrastructure/controllers/kustomization.yaml +++ b/infrastructure/controllers/kustomization.yaml @@ -3,4 +3,3 @@ kind: Kustomization resources: - cert-manager.yaml - ingress-nginx.yaml - - weave-gitops.yaml diff --git a/infrastructure/controllers/weave-gitops.yaml b/infrastructure/controllers/weave-gitops.yaml deleted file mode 100644 index d6b210df0..000000000 --- a/infrastructure/controllers/weave-gitops.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: weave-gitops - namespace: flux-system -spec: - type: oci - interval: 60m0s - url: oci://ghcr.io/weaveworks/charts ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: weave-gitops - namespace: flux-system -spec: - interval: 60m - chart: - spec: - chart: weave-gitops - version: "*" - sourceRef: - kind: HelmRepository - name: weave-gitops - interval: 12h - # https://github.com/weaveworks/weave-gitops/blob/main/charts/gitops-server/values.yaml - values: - resources: - requests: - cpu: 100m - memory: 64Mi - limits: - cpu: 1 - memory: 512Mi - securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - adminUser: - create: true - username: admin - # Change password by generating a new hash with: - # https://docs.gitops.weave.works/docs/configuration/securing-access-to-the-dashboard/#login-via-a-cluster-user-account - # bcrypt hash for password "flux" - passwordHash: "$2a$10$P/tHQ1DNFXdvX0zRGA8LPeSOyb0JXq9rP3fZ4W8HGTpLV7qHDlWhe"