Flux Multi-Cluster Multi-Tenant by Example (Continued)

Bootstrap Multi-Cluster Single-Tenant

$ terraform init
$ terraform apply

Deploy a Customized per Cluster Sample Application

$ kubectl exec -it -n sample sample -- /bin/cat /etc/podinfo/annotations
cluster-name="cluster-1"
[OMITTED]

Deploy a Sample Application from Another Repository

Enable Multi-Cluster Multi-Tenant

  • Creating application and Kustomization resources in the Fleet Repository
  • Creating GitRepository (referencing to what we will now call an App Repository) and Kustomization resources in the Fleet Repository
  • The Fleet Clusters block represents the Clusters, e.g., cluster-1 and cluster-2
  • Again, the Fleet Repository (managed by ops team) is what we previously referred to as the newly created Git Repository
  • The App Repositories (managed by dev teams), e.g., similar to hello-flux-sample2, contain the application resources
  • The newly introduced Tenant Repository (managed by dev teams) will be used to create the GitRepository and Kustomization resources to deploy applications
  • For each additional application, we would create a pair of GitRepository and Kustomization resource manifests and then add references to them to the third file above
  • It is unfortunate that the Flux Kustomization resource shares the same kind as the Kustomize resource (the third file above)
  • It is not entirely clear why the toolkit.fluxcd.io/tenant label is needed for each of the resources
  • The ServiceAccount and and associated RoleBinding will be used later when configuring the Kustomization resource; notice that this configuration gives the ServiceAccount access to manage any resources in the apps Namespace
  • It is not entirely clear what the gotk:apps:reconciler User is (or if it is even used)
  • Here we introduce the ServiceAccount which causes the Flux Components to impersonate it when managing resources; in this case limited to managing resources in the apps Namespace
flux create secret git tenant1 --url=ssh://git@github.com/larkintuckerllc/hello-flux-tenant1 --namespace=apps --export > tenant1-secret.yaml
$ kubectl apply -f tenant1-secret.yaml
$ flux get kustomizationsNAME        READY MESSAGE                                                         REVISION                                      SUSPENDEDflux-system True  Applied revision: main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 Falsesample      True  Applied revision: main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 Falsesample2     True  Applied revision: main/f7c86771db5ab5b1c7fe0e27ebeefb27c02dabcb main/f7c86771db5ab5b1c7fe0e27ebeefb27c02dabcb Falsetenant1     True  Applied revision: main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 main/6f6b9e80b8e9e37ad08c1b52aa255abc57414885 False
  • The flux command defaults to showing resources in the flux-system Namespace
  • The tenant1 Kustomization here links to the tenant1 directory in the Fleet Repository (hello-flux-repository)
  • The other Kustomizations are from the initial bootstrap and earlier examples
$ flux get kustomizations -n appsNAME    READY MESSAGE                                                         REVISION                                      SUSPENDEDapp1    True  Applied revision: main/24509ae948dd57bc58cd7514912cecc2dcb7cc43 main/24509ae948dd57bc58cd7514912cecc2dcb7cc43 Falsetenant1 True  Applied revision: main/ebde2d7a7200ffd9b77a3fa52d07d7ecc90ac2ba main/ebde2d7a7200ffd9b77a3fa52d07d7ecc90ac2ba False
  • The tenant1 Kustomization here links to the Tenant Repository (hello-flux-tenant1)
  • The app1 Kustomization (in the Tenant Repository) links to the App Repository (hello-flux-app1)

Wrap Up

--

--

--

Broad infrastructure, development, and soft-skill background

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Keep Our Code Flexible

D as Diagramming: From Sandwich to Containers

Scrum: Put Agile into practice

How to connect Flutter with Unity

The Weekly Pulse #3–01/09/2022

MY GOAL FOR THE 2021 HNG INTERNSHIP

LeetCode — Single Number

How to speed up the display of large TIN file in XPSWMM?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Tucker

John Tucker

Broad infrastructure, development, and soft-skill background

More from Medium

Push Button Security for Your GitHub Actions

Monitoring multiple OKE clusters with Prometheus, Thanos and Grafana — Part 1

An update on the Stock Trader cloud-native application

Kubernetes Zero Trust Networking with Calico Network Policies