What Flux CD GA Means For You & Your Organization
Flux CD, with its vast capabilities and extensions, is the GitOps platform of choice for many enterprise companies. Learn more about the latest GA release, Flux CD’s security features and capabilities, and discover what it means for you as Flux CD user.
Flux CD, a CNCF graduated project, provides extensive automation to CI/CD, security and audit trails, and increases reliability through canary deployments and rollback capabilities. Flux CD is the GitOps platform of choice for many enterprise companies such as SAP, Volvo Cars, Orange, Ring Central, and Axel Springer. Created and maintained by Weaveworks, it is embedded within AKS, Azure Arc, and EKS Anywhere.
Flux CD reached a new and important milestone in July of 2022 with the General Availability release of v2.0. In a recent webinar titled: “Capabilities, Confidence, and Community: What Flux GA Means for You,” we explored the extensive features of Flux CD and what sets it apart from other GitOps tools. Our hosts and guests were:
- 🎙️ Pinky Ravi - Developer Experience Engineer, Weaveworks
- 🎙️ Michael Bridgen - Principal Engineer, Weaveworks, and one of the visionary creators behind Flux CD
- 🎙️ Joe Dahlquist - VP of Product Marketing, Weaveworks
In this blog, we’ll share some of the key highlights of the webinar and notable takeaways from the General Availability release of Flux v2.0.
GitOps, Flux CD, and Controllers
Flux CD is a continuous delivery (CD) tool that adheres to the fundamental principles of GitOps which are: declarative, versioned and immutable, pulled automatically, and continuously reconciled. The GitOps framework offers numerous advantages, which Pinky briefly summarized in the webinar as "security, velocity, and reliability."
As a Git-centric tool for application management, Flux CD acts a package curator and orchestrates continuous and progressive delivery tailored to application developers and operators. It operates as a reconciliation agent, consistently monitoring your version control repository and seamlessly translating declarative configurations into tangible states. Pinky delves into Flux CD's attributes and advantages in the webinar, providing a comprehensive view of its operational prowess.
The focus then shifts to the Flux CD controllers – adept conductors -orchestrating and controlling Kubernetes objects' lifecycles. These controllers include the Source Controller, Kustomize Controller, Helm Controller, Notification Controller, and Image Reflector & Automation Controller.
To learn more about Flux CD controllers and what they do, visit our Flux CD Technology page.
From now on, instead of building our solution for GitOps, we will focus on supporting Flux and improving its user experience when it is used together with GitLab. Flux CD will become the recommended tool to do GitOps with GitLab.” - Viktor Nagy, Senior Product Manager, GitLab
Flux CD Security Capabilities
Not all GitOps solutions are equal; an important differentiator can be found in Flux CD's extensive security capabilities. Designed with security in mind, Flux CD’s microservice architecture allows teams to select only the necessary microservices, thus lowering the attack service. Some of Flux CD’s built-in security capabilities include, but are not limited to:
- OCI container signature verification: Flux CD will verify the signed OCI artifact before deployment, ensuring the source of the container. With the right policies applied, Flux can deny deployment based on other criteria your organization requires.
- Code execution: Flux CD v2 was built to prioritize integration with libraries instead of binaries. When executing commands for tools like Git and Kustomize, it uses their Go library alternatives, which reduces the likelihood of bugs that could otherwise allow attackers to inject commands for Flux to execute blindly.
- Sensitive information disclosure: Flux supports on-demand decryption of sensitive Information, which means that information is kept secret and only decrypted when needed, then soon discarded. No secrets or credentials are saved on disk at any time.
In the webinar, Michael demonstrates in detail how Flux CD ensures secure lifecycle operation and supply chain security. Watch the webinar in its entirety here.
What does Flux CD GA mean for you as a User?
For Flux users, GA means the software you’ve chosen to invest in, which underpins mission-critical systems and processes, is stable, safe, and scalable. GA represents a readiness and maturity level that should instill confidence to use it in production environments and for applications and services where your business has everything on the line.
Flux CD APIs offer backward compatibility, ensuring existing implementations will continue functioning as expected. In addition, Flux CD v2.0.0 adds horizontal scaling and sharding capabilities to Flux CD controllers. The Git bootstrap capabilities provided by the Flux CLI and by Flux Terraform Provider are now considered stable and production ready. Read the blog post on fluxcd.io to learn more.
The Flux CD v2.0 release culminates seven years of continued development efforts across an impressive and diverse community of users, contributors, and maintainers.
- [Watch Min: 00] Introductions: Speakers, Agenda, & Background Info
- [Watch Min: 3: 30] What is GitOps?
- [Watch Min: 6:30] What is Flux CD?
- [Watch Min: 9:38] Benefits of Flux CD
- [Watch Min: 10:05] Flux CD Controllers
- [Watch Min: 12:30] Secure Operation
- [Watch Min: 18:15] Secure Supply Chain
- [Watch Min: 23:25] Flux CD for Secure Deployment
- [Watch Min: 24:25] Terraform Controller
- [Watch Min: 25:50] GitOps Tools for VS Code Extension
- [Watch Min: 26:20] Demo
- [Watch Min: 35:25] Flux CD Available Solutions
- [Watch Min: 38:40] FAQs
Extending the Powers of Flux CD with Weave GitOps Assured
Brought to you by the creators of GitOps and Flux CD, Weave GitOps Assured is a collection of open-source software coupled with Weaveworks enterprise-grade support. With Assured, teams can easily automate continuous delivery and streamline Kubernetes cluster management. It includes best-in-class open source software components:
- Flux CD
- Observability UI
- Terraform Controller
- Flamingo: Flux Subsystem for Argo
- Weave Policy Agent
- VS Code Plugin