Flux CD GitOps Hexagonal Architecture

Q: Flux CD คืออะไร

Flux CD เป็น GitOps Toolkit สำหรับ Kubernetes พัฒนาโดย Weaveworks ใช้ Git Repository เป็น Source of Truth Flux ตรวจจับ Changes ใน Git แล้ว Sync ไป Kubernetes อัตโนมัติ Components Source Controller ดึง Code จาก Git Helm OCI Kustomize Controller Apply Kustomize Overlays Helm Controller Deploy Helm Charts Notification Controller แจ้งเตือน Slack Teams Image Automation Controller ตรวจ Container Image ใหม่ อัพเดท Git อัตโนมัติ เปรียบเทียบกับ ArgoCD Flux เป็น CLI-first ไม่มี UI built-in (ใช้ Weave GitOps UI) ArgoCD มี Web UI สวย Flux ใช้ CRDs Native Kubernetes มากกว่า Flux เหมาะ Multi-tenancy Multi-cluster ทั้งคู่เป็น CNCF Graduated Project

Q: Hexagonal Architecture คืออะไร

Hexagonal Architecture (Ports and Adapters) เป็น Software Architecture Pattern แยก Business Logic ออกจาก External Dependencies Core Domain (Business Logic) อยู่ตรงกลาง ไม่ขึ้นกับ Framework Database API Ports เป็น Interface กำหนดว่า Core ต้องการอะไร Inbound Port (Driving) รับ Request จากภายนอก Outbound Port (Driven) เรียก Service ภายนอก Adapters เป็น Implementation ของ Port Inbound Adapter REST API CLI gRPC Event Consumer Outbound Adapter Database API Call Message Queue สำหรับ GitOps Infrastructure Core Domain Infrastructure Provisioning Logic Ports GitRepository HelmRelease Kustomization (Inbound) Cloud Provider API Container Registry (Outbound) Adapters Flux Controllers (Inbound) AWS Azure GCP Providers (Outbound) ข้อดี Testable ทดสอบ Core โดยไม่ต้อง External Dependencies Flexible เปลี่ยน Adapter ได้โดยไม่กระทบ Core Maintainable แก้ไขส่วนใดส่วนหนึ่งได้อิสระ

Q: GitOps Workflow ออกแบบอย่างไร

Repository Structure Mono-repo หรือ Multi-repo Mono-repo ทุกอย่างใน Repo เดียว ง่าย แต่ Scale ยาก Multi-repo แยก App Repo กับ Infra Repo ดีกว่าสำหรับทีมใหญ่ Directory Structure environments/production/ environments/staging/ base/ (shared configs) clusters/production/ clusters/staging/ Flux Workflow Developer Push Code → CI Build Image → Push Registry Flux Image Automation ตรวจ Image ใหม่ → อัพเดท Git Flux Source Controller ดึง Git Changes Flux Kustomize Controller Apply ไป Cluster Flux Notification Controller แจ้ง Slack Promotion Strategy Staging → Production ใช้ Git Branch หรือ Directory Promotion PR Review ก่อน Promote Automated Tests ก่อน Merge

Q: Multi-cluster ทำอย่างไร

Flux Multi-cluster Management Cluster สั่ง Flux ใน Management Cluster ดูแล Workload Clusters Flux Remote Cluster ใช้ Kubeconfig Secret เชื่อม Remote Cluster Flux Sync ไป Remote Cluster ได้ Multi-tenancy ใช้ Flux Tenant CRD แยก Namespace แยก Git Source ต่อ Team แต่ละ Team มี GitRepository ของตัวเอง RBAC จำกัด Permission ต่อ Namespace Environments Management Cluster → Production Cluster Staging Cluster Dev Cluster GitOps Bridge Flux ใน Management Cluster Sync Flux CRDs ไป Workload Clusters Workload Clusters Sync Application ตาม Flux CRDs Monitoring Flux Metrics → Prometheus Reconciliation Status Success/Failure Sync Duration Git Commit → Deploy Duration Alert Sync Failure Drift Detected Image Update Failed

Flux CD Hexagonal GitOps

Flux CD GitOps Hexagonal Architecture Kubernetes Git Source of Truth Kustomize Helm Multi-cluster Multi-tenancy Production

Component	Hexagonal Role	Flux Implementation	Purpose
Git Repository	Inbound Port	GitRepository CRD	Source of Truth
Kustomize	Core Logic	Kustomization CRD	Apply Overlays Patches
Helm	Core Logic	HelmRelease CRD	Deploy Charts
Container Registry	Outbound Port	ImageRepository CRD	Image Source
Kubernetes API	Outbound Adapter	Flux Controllers	Apply Resources
Notification	Outbound Adapter	Alert Provider CRD	Slack Teams Webhook

Flux Setup & Hexagonal Structure

# === Flux CD Bootstrap ===

# Install Flux CLI
# curl -s https://fluxcd.io/install.sh | sudo bash

# Bootstrap Flux with GitHub
# flux bootstrap github \
#   --owner=myorg \
#   --repository=fleet-infra \
#   --branch=main \
#   --path=clusters/production \
#   --personal

# Repository Structure (Hexagonal)
# fleet-infra/
# ├── clusters/           # Inbound Adapters (per cluster)
# │   ├── production/
# │   │   ├── flux-system/ (Flux components)
# │   │   └── apps.yaml   (Kustomization pointing to apps/)
# │   └── staging/
# ├── apps/               # Core Domain (Application configs)
# │   ├── base/           (shared base configs)
# │   ├── production/     (production overlays)
# │   └── staging/        (staging overlays)
# └── infrastructure/     # Outbound Adapters (infra components)
#     ├── base/           (shared: ingress, cert-manager, monitoring)
#     ├── production/
#     └── staging/

from dataclasses import dataclass

@dataclass
class HexLayer:
    layer: str
    directory: str
    contents: str
    hex_role: str

structure = [
    HexLayer("Cluster Entry",
        "clusters/{env}/",
        "Flux System + Kustomization pointers",
        "Inbound Adapter (รับ Git Changes)"),
    HexLayer("Application Core",
        "apps/base/ + apps/{env}/",
        "Deployments Services ConfigMaps Kustomize Overlays",
        "Core Domain (Business Logic)"),
    HexLayer("Infrastructure",
        "infrastructure/base/ + infrastructure/{env}/",
        "Ingress Cert-manager Monitoring Logging",
        "Outbound Adapter (Platform Services)"),
    HexLayer("Helm Releases",
        "apps/{env}/helm-releases/",
        "HelmRelease CRDs pointing to Helm Charts",
        "Port (Interface to Helm Ecosystem)"),
    HexLayer("Image Automation",
        "clusters/{env}/image-automation/",
        "ImageRepository ImagePolicy ImageUpdateAutomation",
        "Inbound Adapter (Container Registry)"),
]

print("=== Hexagonal Repository Structure ===")
for h in structure:
    print(f"  [{h.layer}] Dir: {h.directory}")
    print(f"    Contents: {h.contents}")
    print(f"    Hex Role: {h.hex_role}")

Multi-cluster Management

# === Multi-cluster with Flux ===

# Management Cluster controls Workload Clusters
# flux create secret git workload-cluster-01 \
#   --url=ssh://git@github.com/myorg/fleet-infra \
#   --namespace=flux-system

# Remote Cluster Kustomization
# apiVersion: kustomize.toolkit.fluxcd.io/v1
# kind: Kustomization
# metadata:
#   name: workload-cluster-01
#   namespace: flux-system
# spec:
#   kubeConfig:
#     secretRef:
#       name: workload-cluster-01-kubeconfig
#   sourceRef:
#     kind: GitRepository
#     name: fleet-infra
#   path: ./clusters/workload-01
#   interval: 5m

@dataclass
class ClusterConfig:
    cluster: str
    role: str
    flux_config: str
    apps: str

clusters = [
    ClusterConfig("Management Cluster",
        "Flux Controllers + Multi-cluster Management",
        "Bootstrap Flux + Remote Cluster Secrets",
        "Flux System Only (ไม่รัน App)"),
    ClusterConfig("Production Cluster",
        "Production Workloads",
        "Managed by Management Cluster Flux",
        "All Production Apps + Monitoring"),
    ClusterConfig("Staging Cluster",
        "Staging/QA Workloads",
        "Managed by Management Cluster Flux",
        "All Apps (Staging Config) + Test"),
    ClusterConfig("Dev Cluster",
        "Development Workloads",
        "Self-managed Flux (Developer Bootstrap)",
        "Feature Branch Apps + Experiments"),
]

print("=== Multi-cluster Setup ===")
for c in clusters:
    print(f"  [{c.cluster}] Role: {c.role}")
    print(f"    Flux: {c.flux_config}")
    print(f"    Apps: {c.apps}")

Monitoring & Promotion

# === GitOps Metrics & Promotion ===

@dataclass
class GitOpsMetric:
    metric: str
    source: str
    target: str
    alert: str

metrics = [
    GitOpsMetric("Reconciliation Success Rate",
        "flux_reconcile_condition{type='Ready', status='True'}",
        "> 99%",
        "< 95% → P1 Alert Check Flux Logs"),
    GitOpsMetric("Sync Duration",
        "flux_reconcile_duration_seconds",
        "P99 < 60 seconds",
        "> 120s → P2 Warning Check Git/Cluster"),
    GitOpsMetric("Git Commit to Deploy",
        "Custom metric: commit_time → deploy_time",
        "< 5 minutes (Staging) < 15 min (Prod)",
        "> 30 min → P2 Check Pipeline"),
    GitOpsMetric("Image Update Lag",
        "flux_image_automation_update_duration",
        "< 2 minutes after push",
        "> 5 min → P3 Check Image Automation"),
    GitOpsMetric("Drift Detection",
        "flux_reconcile_condition{type='Ready', status='False'}",
        "0 (No drift)",
        "Any drift → P1 Alert Investigate"),
]

print("=== GitOps Metrics ===")
for m in metrics:
    print(f"  [{m.metric}]")
    print(f"    Source: {m.source}")
    print(f"    Target: {m.target}")
    print(f"    Alert: {m.alert}")

เคล็ดลับ

Multi-repo: แยก App Repo กับ Infra Repo สำหรับทีมใหญ่
Kustomize: ใช้ Kustomize Overlays แยก Environment Config
Image Automation: เปิด Image Automation ลด Manual Update
SOPS: ใช้ SOPS Encrypt Secrets ใน Git Repository
Weave UI: ติดตั้ง Weave GitOps UI ดู Flux Status ง่าย

Flux CD คืออะไร

GitOps Toolkit Kubernetes Git Source of Truth Source Kustomize Helm Notification Image Controllers CNCF Graduated Weaveworks CLI

Hexagonal Architecture คืออะไร

Ports Adapters Core Domain Inbound Outbound Interface Implementation Testable Flexible Maintainable Framework Independent

GitOps Workflow ออกแบบอย่างไร

Multi-repo Directory Structure environments base clusters CI Build Image Flux Sync Kustomize Overlay Promotion PR Review Automated Test

Multi-cluster ทำอย่างไร

Management Cluster Remote Kubeconfig Kustomization Multi-tenancy RBAC Namespace Prometheus Metrics Reconciliation Drift Alert

สรุป

Flux CD GitOps Hexagonal Architecture Kubernetes Kustomize Helm Multi-cluster Multi-tenancy Image Automation Prometheus Monitoring Production