Flux CD GitOps Hexagonal Architecture — จัดการ
Flux CD Hexagonal GitOps
Flux CD GitOps Hexagonal Architecture Kubernetes Git Source of Truth Kustomize Helm Multi-cluster Multi-tenancy Production
| Component | Hexagonal Role | Flux Implementation | Purpose |
|---|---|---|---|
| Git Repository | Inbound Port | GitRepository CRD | Source of Truth |
| Kustomize | Core Logic | Kustomization CRD | Apply Overlays Patches |
| Helm | Core Logic | HelmRelease CRD | Deploy Charts |
| Container Registry | Outbound Port | ImageRepository CRD | Image Source |
| Kubernetes API | Outbound Adapter | Flux Controllers | Apply Resources |
| Notification | Outbound Adapter | Alert Provider CRD | Slack Teams Webhook |
Flux Setup & Hexagonal Structure
# === Flux CD Bootstrap ===
# Install Flux CLI
# curl -s https://fluxcd.io/install.sh | sudo bash
# Bootstrap Flux with GitHub
# flux bootstrap github \
# --owner=myorg \
# --repository=fleet-infra \
# --branch=main \
# --path=clusters/production \
# --personal
# Repository Structure (Hexagonal)
# fleet-infra/
# ├── clusters/ # Inbound Adapters (per cluster)
# │ ├── production/
# │ │ ├── flux-system/ (Flux components)
# │ │ └── apps.yaml (Kustomization pointing to apps/)
# │ └── staging/
# ├── apps/ # Core Domain (Application configs)
# │ ├── base/ (shared base configs)
# │ ├── production/ (production overlays)
# │ └── staging/ (staging overlays)
# └── infrastructure/ # Outbound Adapters (infra components)
# ├── base/ (shared: ingress, cert-manager, monitoring)
# ├── production/
# └── staging/
from dataclasses import dataclass
@dataclass
class HexLayer:
layer: str
directory: str
contents: str
hex_role: str
structure = [
HexLayer("Cluster Entry",
"clusters/{env}/",
"Flux System + Kustomization pointers",
"Inbound Adapter (รับ Git Changes)"),
HexLayer("Application Core",
"apps/base/ + apps/{env}/",
"Deployments Services ConfigMaps Kustomize Overlays",
"Core Domain (Business Logic)"),
HexLayer("Infrastructure",
"infrastructure/base/ + infrastructure/{env}/",
"Ingress Cert-manager Monitoring Logging",
"Outbound Adapter (Platform Services)"),
HexLayer("Helm Releases",
"apps/{env}/helm-releases/",
"HelmRelease CRDs pointing to Helm Charts",
"Port (Interface to Helm Ecosystem)"),
HexLayer("Image Automation",
"clusters/{env}/image-automation/",
"ImageRepository ImagePolicy ImageUpdateAutomation",
"Inbound Adapter (Container Registry)"),
]
print("=== Hexagonal Repository Structure ===")
for h in structure:
print(f" [{h.layer}] Dir: {h.directory}")
print(f" Contents: {h.contents}")
print(f" Hex Role: {h.hex_role}")Multi-cluster Management
# === Multi-cluster with Flux ===
# Management Cluster controls Workload Clusters
# flux create secret git workload-cluster-01 \
# --url=ssh://git@github.com/myorg/fleet-infra \
# --namespace=flux-system
# Remote Cluster Kustomization
# apiVersion: kustomize.toolkit.fluxcd.io/v1
# kind: Kustomization
# metadata:
# name: workload-cluster-01
# namespace: flux-system
# spec:
# kubeConfig:
# secretRef:
# name: workload-cluster-01-kubeconfig
# sourceRef:
# kind: GitRepository
# name: fleet-infra
# path: ./clusters/workload-01
# interval: 5m
@dataclass
class ClusterConfig:
cluster: str
role: str
flux_config: str
apps: str
clusters = [
ClusterConfig("Management Cluster",
"Flux Controllers + Multi-cluster Management",
"Bootstrap Flux + Remote Cluster Secrets",
"Flux System Only (ไม่รัน App)"),
ClusterConfig("Production Cluster",
"Production Workloads",
"Managed by Management Cluster Flux",
"All Production Apps + Monitoring"),
ClusterConfig("Staging Cluster",
"Staging/QA Workloads",
"Managed by Management Cluster Flux",
"All Apps (Staging Config) + Test"),
ClusterConfig("Dev Cluster",
"Development Workloads",
"Self-managed Flux (Developer Bootstrap)",
"Feature Branch Apps + Experiments"),
]
print("=== Multi-cluster Setup ===")
for c in clusters:
print(f" [{c.cluster}] Role: {c.role}")
print(f" Flux: {c.flux_config}")
print(f" Apps: {c.apps}")Monitoring & Promotion
# === GitOps Metrics & Promotion ===
@dataclass
class GitOpsMetric:
metric: str
source: str
target: str
alert: str
metrics = [
GitOpsMetric("Reconciliation Success Rate",
"flux_reconcile_condition{type='Ready', status='True'}",
"> 99%",
"< 95% → P1 Alert Check Flux Logs"),
GitOpsMetric("Sync Duration",
"flux_reconcile_duration_seconds",
"P99 < 60 seconds",
"> 120s → P2 Warning Check Git/Cluster"),
GitOpsMetric("Git Commit to Deploy",
"Custom metric: commit_time → deploy_time",
"< 5 minutes (Staging) < 15 min (Prod)",
"> 30 min → P2 Check Pipeline"),
GitOpsMetric("Image Update Lag",
"flux_image_automation_update_duration",
"< 2 minutes after push",
"> 5 min → P3 Check Image Automation"),
GitOpsMetric("Drift Detection",
"flux_reconcile_condition{type='Ready', status='False'}",
"0 (No drift)",
"Any drift → P1 Alert Investigate"),
]
print("=== GitOps Metrics ===")
for m in metrics:
print(f" [{m.metric}]")
print(f" Source: {m.source}")
print(f" Target: {m.target}")
print(f" Alert: {m.alert}")เคล็ดลับ
- Multi-repo: แยก App Repo กับ Infra Repo สำหรับทีมใหญ่
- Kustomize: ใช้ Kustomize Overlays แยก Environment Config
- Image Automation: เปิด Image Automation ลด Manual Update
- SOPS: ใช้ SOPS Encrypt Secrets ใน Git Repository
- Weave UI: ติดตั้ง Weave GitOps UI ดู Flux Status ง่าย
Flux CD คืออะไร
GitOps Toolkit Kubernetes Git Source of Truth Source Kustomize Helm Notification Image Controllers CNCF Graduated Weaveworks CLI