feat: post no. 7 getting started with fluxcd (#4)

* feat: add post no.7

getting started with fluxcd

* allow for building drafts on previews e.g. PRs

* update the fluxcd post publish date

* set the description front matter for social plugin

* try with icon in meta

* change icon of the post to fontawesome

* add trivy add prerequisites to fluxcd post

* run trivy in parallel jobs

* fail trivy if vuln or error found

* ignore wildcard policy

* all the way until flux installation

* feat: add post no.7

getting started with fluxcd

* allow for building drafts on previews e.g. PRs

* update the fluxcd post publish date

* set the description front matter for social plugin

* try with icon in meta

* change icon of the post to fontawesome

* add trivy add prerequisites to fluxcd post

* run trivy in parallel jobs

* fail trivy if vuln or error found

* ignore wildcard policy

* all the way until flux installation

* feat: publish drafts on PR

* fix: remove authors from gitops post

it's a new age brother, we use insiders now

* chore: publish preview URL to github PR

* fix(ci): modify reference caller

* remove the extra stuff

* remove pr permission from deploy

* add the github token to build again

it's for git-committers plugin

.github/workflows/ci.yml

@@ -17,6 +17,7 @@ permissions:
 
 env:
   NETLIFY_SITE_ID: 6c071198-df44-4eee-8819-3b6a980a332b
+  NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
   PYTHON_VERSION: 3.x
 
 jobs:
@@ -48,15 +49,26 @@ jobs:
           pip install -U pip -r requirements.txt
           sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant
       - env:
+          DRAFT: ${{ github.event_name == 'pull_request' }}
           GA_PROPERTY: ${{ vars.GA_PROPERTY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # git-committers plugin
         name: Build the site
         run: mkdocs build
       - name: Upload Pages artifact
         uses: actions/upload-pages-artifact@v3
         with:
           name: build-pr${{ github.event.pull_request.number }}
           path: site
+      - name: Deploy to Netlify
+        uses: jsmrcaga/action-netlify-deploy@v2.1.0
+        with:
+          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+          NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }}
+          NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }}
+          build_command: echo Skipping building the web files
+          build_directory: site
+          install_command: echo Skipping installing the dependencies
+
   deploy:
     environment:
       name: github-pages
@@ -106,15 +118,17 @@ jobs:
       - id: deployment
         name: Deploy to GitHub Pages
         uses: actions/deploy-pages@v4
-      - name: Deploy to Netlify
+      - id: netlify
+        name: Deploy to Netlify
         uses: jsmrcaga/action-netlify-deploy@v2.1.0
         with:
           NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
-          NETLIFY_DEPLOY_TO_PROD: true
+          NETLIFY_DEPLOY_TO_PROD: ${{ env.NETLIFY_DEPLOY_TO_PROD }}
           NETLIFY_SITE_ID: ${{ env.NETLIFY_SITE_ID }}
           build_command: echo Skipping building the web files
           build_directory: site
           install_command: echo Skipping installing the dependencies
+
   lychee:
     runs-on: ubuntu-latest
     steps:
@@ -131,7 +145,7 @@ jobs:
         with:
           content-filepath: ./lychee/out.md
           labels: report, automated issue
-          title: Link Checker Report
+
   trivy:
     runs-on: ubuntu-latest
     strategy:

.gitignore

@@ -8,3 +8,4 @@ secrets
 
 # Local Netlify folder
 .netlify
+.envrc

.trivyignore

@@ -0,0 +1,2 @@
+# IAM policy document uses sensitive action 'ssm:GetParameter' on wildcarded resource '*'
+AVD-AWS-0057

docs/posts/0001-azure-shared-image-gallery.md

@@ -176,15 +176,15 @@ In no particular order, and in a non-exhaustive list, here are some horror stori
 - Creating a parent and a child resource, updating the parent which forces a
 replacement and then the provided complains not being able to delete the parent
 because the child is still referencing it. I mean, isn't the whole point of
-[IaC](/category/iac) to be able to create, update and delete resources and the
+[IaC](/category/iac/) to be able to create, update and delete resources and the
 underlying provider takes care of the ugly work for you!?
 - The Azure Kubernetes module creates a child resource group for you, and for
 any other node-pool you want to add to the cluster, you can't create a separate
 resource group, but rather, you gotta reference the same resource group to create
 the new node-pool. :exploding_head:
 
 Some of these would have been fine if we weren't promised that
-[IaC](/category/iac) tools such as OpenTofu are supposed to protect you from a
+[IaC](/category/iac/) tools such as OpenTofu are supposed to protect you from a
 need to get into the Azure portal and do the manual chores yourself, the same
 chore the provider should've done for you.
 

docs/posts/0005-install-k3s-on-ubuntu22.md

@@ -58,8 +58,8 @@ environments, and edge computing. It is a fully compliant Kubernetes distributio
 that is packaged in a single binary and requires minimal dependencies.
 
 In this post, I will show you how to install k3s on Ubuntu 22.04 using [Hetzner
-Cloud](/category/hetzner/), [OpenTofu](/category/opentofu),
-[Ansible](/category/ansible), and [Cilium](/category/cilium).
+Cloud](/category/hetzner/), [OpenTofu](/category/opentofu/),
+[Ansible](/category/ansible/), and [Cilium](/category/cilium/).
 Stay with me till the end cause we got some cool stuff to cover.
 
 ## Prerequisites

docs/posts/0006-gettings-started-with-gitops-and-fluxcd.md

@@ -0,0 +1,148 @@
+---
+date: 2024-03-24
+title: "GitOps Demystified: Introduction to FluxCD for Kubernetes"
+description: Explore the fundamentals of GitOps with FluxCD in our beginner-friendly guide. Learn how to automate Kubernetes deployments and enhance your delivery pipeline.
+icon: fontawesome/arrows-rotate
+draft: true
+categories:
+  - Kubernetes
+  - FluxCD
+  - GitOps
+---
+
+# Getting Started with GitOps and FluxCD
+
+Learn how to leverage your Git repository, the GitOps style, to manage your
+Kubernetes cluster with FluxCD. Enhance your delivery and reduce deployment
+frictions with GitOps.
+
+<!-- more -->
+
+## Introduction
+
+GitOps is a modern approach to managing infrastructure and applications. It
+leverages Git repositories as the source of truth for your infrastructure and
+application configurations. By using GitOps, you can automate your deployment
+processes, enhance your delivery pipeline, and reduce deployment frictions.
+
+In this guide, we will explore the fundamentals of GitOps and FluxCD. We will
+learn how to set up FluxCD in your Kubernetes cluster and automate your
+deployments.
+
+## Prerequisites
+
+Before we start, you need to have the following prerequisites:
+
+- [x] A Kubernetes cluster up and running
+
+    * If you feel nerdy and don't mind getting your hands dirty with a bit of
+       complexity, you shall find the [Kubernetes the Hard Way][k8s-the-hard-way]
+       very helpful.
+
+    * If you don't have the time or the mood to setup a full-fledged Kubernetes
+       cluster, you can either use a managed cluster on a cloud provider, spin up
+       any of the easy solutions e.g. [Minikube][minikube], [Kind][kind], or
+       follow our previous guide to [Setup a production-ready Kubernetes cluster
+       using K3s][k3s-setup].
+
+- [x] A Git repository to store your Kubernetes manifests
+- [x] FluxCD[^1] binary installed in your `PATH` (`v2.2.3` at the time of writing)
+- [ ] Optionally, the GitHub CLI (`gh`)[^2] for easier GitHub operations
+
+## What is GitOps?
+
+GitOps is a modern approach to managing infrastructure and applications. It
+leverages Git repositories as the source of truth for your infrastructure and
+application configurations. By using GitOps, you can automate your deployment
+processes, enhance your delivery pipeline, and reduce deployment frictions.
+
+## What is FluxCD?
+
+FluxCD is a popular GitOps operator for Kubernetes. It automates the deployment
+of your applications and infrastructure configurations by syncing them with your
+Git repository. FluxCD watches your Git repository for changes and applies them
+to your Kubernetes cluster.
+
+## Bootstrap FluxCD
+
+Bootstrap refers to the initial setup of FluxCD in your Kubernetes cluster.
+After which, FluxCD will continuously watch your Git repository for changes and
+apply them to your cluster.
+
+One of the benefits of using FluxCD itself for during the bootstrap phase is
+that you can even upgrade FluxCD itself using the same GitOps approach, as you
+would do for your applications.
+
+That means less manual intervention and more automation, especially if you opt
+for an automated FluxCD upgrade process[^3].
+
+???+ info "Automated FluxCD Upgrade"
+
+    Since this will not be the topic of today's post, it's worth mentioning
+    as a side note that you can automated the FluxCD upgrade process using the
+    power of your CI/CD pipelines.
+
+    For example, you can see a `step` of a GitHub Action workflow that upgrades
+    FluxCD to the latest version below (source[^4]):
+
+    ```yaml title=""
+    - name: Setup Flux CLI
+      uses: fluxcd/flux2/action@main
+      with:
+        # Flux CLI version e.g. 2.0.0.
+        # Defaults to latest stable release.
+        version: 'latest'
+
+        # Alternative download location for the Flux CLI binary.
+        # Defaults to path relative to $RUNNER_TOOL_CACHE.
+        bindir: ''
+    ```
+
+### Step 1: Install FluxCD
+
+The FluxCD official documentation recommends the usage of `bootstrap` subcommand.
+However, as easy as it may sound, it abstracts you away way too much in my
+opinion in that it will commit a couple of resources to your cluster, creates
+some Kubernetes CRD resources and returns back a successful message. You generally
+don't get to see what has really happened under the hood unless you investigate
+on your own.
+
+It even gets hectic when the target git repository is not empty and have other
+resources in it[^5].
+
+!!! quote ""
+
+    *If you want to use an existing repository, the Flux user must have **admin**
+    permissions for that repository.*
+
+Therefore, I generally prefer being explicit and knowing exactly what I'm deploying to
+my cluster(s). As such, my preferred method of bootstrapping FluxCD is to
+use `flux install` command.
+
+#### Creating the GitHub Repository
+
+You will need GitHub CLI[^2] installed for the following to work.
+
+```bash title="" linenums="0"
+gh repo create getting-started-with-fluxcd --clone --public
+cd getting-started-with-fluxcd
+```
+
+#### Installing FluxCD Components
+
+```bash title="" linenums="0"
+flux install \
+  --components-extra="image-reflector-controller,image-automation-controller" \
+  --export > flux-system/gotk-components.yml
+```
+
+[k8s-the-hard-way]: ./0003-kubernetes-the-hard-way.md
+[minikube]: https://minikube.sigs.k8s.io/docs/
+[kind]: https://kind.sigs.k8s.io/
+[k3s-setup]: ./0005-install-k3s-on-ubuntu22.md
+
+[^1]: https://github.com/fluxcd/flux2/releases/
+[^2]: https://cli.github.com/
+[^3]: https://fluxcd.io/flux/installation/upgrade/#upgrade-with-flux-cli
+[^4]: https://fluxcd.io/flux/flux-gh-action/
+[^5]: https://fluxcd.io/flux/installation/bootstrap/github/#github-organization

mkdocs.yml

@@ -101,6 +101,7 @@ plugins:
       debug: !ENV [DEBUG, false]
       debug_on_build: !ENV [DEBUG_BUILD, false]
   - blog:
+      draft: !ENV [DRAFT, false]
       blog_dir: .
       authors_profiles: !ENV [AUTHORS_PROFILE, false]
       post_readtime: true

trivy.yaml

@@ -6,6 +6,8 @@ insecure: false
 
 timeout: 1m
 
+exit-code: 1
+
 cache:
   dir: .pre-commit-trivy-cache