Skip to main content
Version: 0.34.0

Managing Clusters Without Cluster API Enterprise

You do not need Cluster API to add your Kubernetes cluster to Weave GitOps Enterprise. The only thing you need is a secret containing a valid kubeconfig.

Adding kubeconfig to Your Management Cluster

If you already have a kubeconfig stored in a secret in your management cluster, continue with the "Create a GitopsCluster" step below.

If you have a kubeconfig, but it is not yet stored in your management cluster, load it into the cluster using this command:

kubectl create secret generic demo-01-kubeconfig \
--from-file=value=./demo-01-kubeconfig

Add a Cluster Bootstrap Config

This step ensures that Flux gets installed into your cluster. Create a cluster bootstrap config as follows:

 kubectl create secret generic my-pat --from-literal GITHUB_TOKEN=$GITHUB_TOKEN

Download the config with:

Then update the GITHUB_USER variable to point to your repository

Expand to see full yaml
clusters/management/capi/boostrap/capi-gitops-cluster-bootstrap-config.yaml
apiVersion: capi.weave.works/v1alpha1
kind: ClusterBootstrapConfig
metadata:
name: capi-gitops
namespace: default
spec:
clusterSelector:
matchLabels:
weave.works/capi: bootstrap
jobTemplate:
generateName: "run-gitops-{{ .ObjectMeta.Name }}"
spec:
containers:
- image: ghcr.io/fluxcd/flux-cli:v0.41.0
name: flux-bootstrap
resources: {}
volumeMounts:
- name: kubeconfig
mountPath: "/etc/gitops"
readOnly: true
args:
[
"bootstrap",
"github",
"--kubeconfig=/etc/gitops/value",
"--owner=$GITHUB_USER",
"--repository=fleet-infra",
"--path=./clusters/{{ .ObjectMeta.Namespace }}/{{ .ObjectMeta.Name }}",
]
envFrom:
- secretRef:
name: my-pat
restartPolicy: Never
volumes:
- name: kubeconfig
secret:
secretName: "{{ .ObjectMeta.Name }}-kubeconfig"

Connect a Cluster

To connect your cluster, you need to add some common RBAC rules into the clusters/bases folder. When a cluster is provisioned, by default it will reconcile all the manifests in ./clusters/<cluster-namespace>/<cluster-name> and ./clusters/bases.

To display Applications and Sources in the UI, we need to give the logged-in user the permission to inspect the new cluster. Adding common RBAC rules to ./clusters/bases/rbac is an easy way to configure this.

Expand to see full template yaml
clusters/bases/rbac/wego-admin.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: wego-admin-cluster-role-binding
subjects:
- kind: User
name: wego-admin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: wego-admin-cluster-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: wego-admin-cluster-role
rules:
- apiGroups: [""]
resources: ["secrets", "pods"]
verbs: ["get", "list"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list"]
- apiGroups: ["kustomize.toolkit.fluxcd.io"]
resources: ["kustomizations"]
verbs: ["get", "list", "patch"]
- apiGroups: ["helm.toolkit.fluxcd.io"]
resources: ["helmreleases"]
verbs: ["get", "list", "patch"]
- apiGroups: ["source.toolkit.fluxcd.io"]
resources: [ "buckets", "helmcharts", "gitrepositories", "helmrepositories", "ocirepositories" ]
verbs: ["get", "list", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "watch", "list"]
- apiGroups: ["pac.weave.works"]
resources: ["policies"]
verbs: ["get", "list"]

Create a GitopsCluster

When a GitopsCluster appears in the cluster, the Cluster Bootstrap Controller will install Flux on it and by default start reconciling the ./clusters/demo-01 path in your management cluster's Git repository:

./clusters/management/clusters/demo-01.yaml
apiVersion: gitops.weave.works/v1alpha1
kind: GitopsCluster
metadata:
name: demo-01
namespace: default
# Signals that this cluster should be bootstrapped.
labels:
weave.works/capi: bootstrap
spec:
secretRef:
name: demo-01-kubeconfig

To use the Weave GitOps Enterprise user interface (UI) to inspect the Applications and Sources running on the new cluster, you'll need permissions. We took care of this above when we stored your RBAC rules in ./clusters/bases. In the following step, we'll create a kustomization to add these common resources onto our new cluster:

./clusters/demo-01/clusters-bases-kustomization.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
creationTimestamp: null
name: clusters-bases-kustomization
namespace: flux-system
spec:
interval: 10m0s
path: clusters/bases
prune: true
sourceRef:
kind: GitRepository
name: flux-system

Save these two files in your Git repository, then commit and push.

Once Flux has reconciled the cluster, you can inspect your Flux resources via the UI!

Debugging Tip: Checking that Your kubeconfig Secret Is in Your Cluster

To test that your kubeconfig secret is correctly set up, apply the following manifest and check the logs after the job completes:

Expand to see manifest
---
apiVersion: batch/v1
kind: Job
metadata:
name: kubectl
spec:
ttlSecondsAfterFinished: 30
template:
spec:
containers:
- name: kubectl
image: bitnami/kubectl
args:
[
"get",
"pods",
"-n",
"kube-system",
"--kubeconfig",
"/etc/kubeconfig/value",
]
volumeMounts:
- name: kubeconfig
mountPath: "/etc/kubeconfig"
readOnly: true
restartPolicy: Never
volumes:
- name: kubeconfig
secret:
secretName: demo-01-kubeconfig
optional: false

In the manifest above, demo-01-kubeconfig is the name of the secret that contains the kubeconfig for the remote cluster.


Additional Resources

Other documentation that you might find useful: