The Making of Flux: The Scale

Bart (Host): In the Kubernetes ecosystem, managing applications at scale isn't just about container orchestration. It's about operational excellence. Today, we're diving deep into how two global enterprises, Orange and Nomura Bank, transform their Kubernetes operations with Flux. From managing thousands of network functions to ensuring compliance and financial services, our guests have battle tested Flux in some of the most demanding environments imaginable. They'll share not just the what, but the how and why of GitOps with Flux in production. Let's start with Philippe and Sergio from Orange whose journey into building services on Flux began with a critical realization about Kubernetes at scale. Philippe Ensarguet (Orange CTO): The way I jumped into GitOps is quite simple. It was around 2018. So I was CTO of a big digital part of Orange running the enterprise business. And at that time basically what I was observing is that a lot of people are spending their time doing CI/CD. So we got perfect CI/CD chain and why was it so much pain when we were reaching the production and for me it was the syndrome of hitting the scaling wall. Hitting the scaling wall is you spend a lot of energy doing your integration in your deployment but perhaps you do not have invested enough to manage properly your operation and I was very curious at that time how to fix this because honestly it was really painful. Bart: His search for a solution led him to the CNCF ecosystem and a pivotal conversation with Alexis Richardson. Here's how that relationship shaped Orange's Kubernetes strategy. Philippe Ensarguet: At that moment in time, I was already implied into the cloud native computing foundation ecosystem and basically I started a conversation with a guy who at that time was running the TOC of the CNCF and it was Alexis Richardson. That's the way I discovered Alexis and I started exchanging with him and so he pointed out you should have a look on GitOps and so on. So we dig on this and it was extremely interesting. And around 2020 basically I was bringing support toward the Orange venture capital part and we were scouting for breakthrough or next generation of technology company and we had the opportunity as Orange to invest into the Weaveworks company. And I became at that time a board adviser for Weaveworks and I spent more than three years working close to Alexis and the Weaveworks team. And I certainly bring some advice or tips or I was one morning the good guy the other morning the bad guys just to be the right sparring partner like you do when you are board adviser. But you cannot imagine how much I learned. I think that Alexis is one of the most inspirational guys for me that I met in my whole professional life. Bart: While Philippe was collaborating with Weaveworks, he made a crucial discovery about who else was using Flux at massive scale and it validated everything. Philippe Ensarguet: At that time I was questioning myself who on earth is currently running Kubernetes at scale with things that are so complex that it's very close to what we got in the telco industry. So I look at AWS, Google and Azure because they were running Kubernetes at very impressive scale and under the hood I just realized that Azure and AWS were Flux houses. So I said to myself if it works for those guys with the level of scaling they are and the complexity they're managing it's certainly something that could really help us and it's how we started. Bart: Meanwhile at Nomura Bank, Arnab Chakrabarti was facing similar Kubernetes challenges. Let's hear his perspective on what GitOps with Flux actually means for Kubernetes operations. Arnab Chakrabarti (Nomura Bank): GitOps is a modern way of managing infrastructure and applications where Git repository or GitLab whatever you call serves as a single source of truth. Think of it like this, instead of manually tweaking configurations or applying updates, everything is declaratively defined in a Git repository and then a GitOps operator, be it a tool like Flux or ArgoCD, would continuously ensure that your actual system state matches what's stored in Git. Now the question is how and why GitOps is changing the game. There are a few pointers to it. I'll start with the deployments are getting faster, they're getting more reliable with GitOps. Deployment becomes as simple as a Git commit and a Git push. No more logging into servers or running kubectl apply manually. Instead of that, you have automated pipelines that apply the changes. It reduces human errors and makes rollbacks as easy as reverting a commit. Bart: Both organizations took Flux from concept to production, but their implementations reveal different aspects of Flux's power. Let's see how Orange built their network integration factory. Philippe Ensarguet: We implemented at Orange something that we call the network integration factory and it's basically a 100% GitOps implementation based on Flux CD to manage network function deployment and infrastructure deployment and the life cycle management and it's also up to the operation. So it's basically the way I discover and enter into the world of GitOps and and how Flux CD became the de facto implementation for GitOps runtime. Bart: Orange's implementation extends beyond their own infrastructure. Philippe leads Project Silva, transforming the entire telecom industry's approach to Kubernetes. Philippe Ensarguet: Project Silva is a Linux Foundation Europe hosted project aiming at implementing an industrial grade cloud native telco stack to run core and edge services and network function. The initial story behind Silva is super interesting. We are really as I would say between operator peers and network function vendors using open source as a true catalyst. So here we want to bring the commons, share the resources to take time on what makes us unique. And you know what, when we are talking between peers in Europe initially honestly the need and the requirement for having an in the cloud native infrastructure were very similar. So instead of implementing I don't know five that are average, why not implement all together one but very good and it's how the Silva project has started. So it has been launched in November 2023 during the One Summit in Seattle. And in the background we were working between peers and network function vendors to do the preparation. Project Silva is freethink. Bart: The power of Flux becomes even clearer when we look at specific Kubernetes features. Arnab walks us through how Flux handles everything from drift detection to automated rollbacks. Arnab Chakrabarti: You have security and compliance getting bolstered. Since Git acts as a single source of truth, you get a clear audit friendly record of every change. No more guessing who modified a configuration file or when. Everything is version controlled and it does make compliance really easy. Coming to next, infrastructure is now self-healing. How? It's because GitOps doesn't just deploy applications. It ensures that they stay in the desired state. If someone accidentally changes a config directly on a running system, GitOps would detect the drift and automatically correct it, restoring the system to its intended state. Also, it improves collaboration and developer productivity. Now with GitOps, infrastructure is managed using the same Git-based workflow developers already love. This means that the dev teams can easily propose changes via pull requests, get approvals and apply updates without needing any specific operational dependency or knowledge. This is the future of GitOps. GitOps is gaining massive traction especially in cloud native environments like Kubernetes. We are on the cusp of KubeCon, the good time to bring it in as automation and DevOps becomes a standard. Expect GitOps to play even a bigger role in how companies deploy, scale and secure applications. Bart: But Flux isn't just about deployment. It's about comprehensive Kubernetes governance. Here's how it transforms cluster management. Arnab Chakrabarti: It's a very powerful GitOps tool designed to manage application deployment and infrastructure automation within the Kubernetes environment. It enhances governance and traceability in CI/CD workflows by ensuring that all the changes are auditable, compliant and automatically imported. Now if I list out the kind of things, the gamut of things that Flux carries out, it's massive. So I'll just get started with a few. For example, Flux ensures that every infrastructure and application change is coded in Git, providing a complete immutable history of modification. What does this do? This guarantees auditability and version control which is critical for compliance frameworks like SOC 2, GDPR, etc. Now teams can implement further branch protection rules, pull request approvals and code reviews to enforce governance before changes reach production. Coming on to policy enforcement and security control, we spoke about RBAC. So Flux integrates with Kubernetes RBAC to restrict any unauthorized changes. Only approved Git commits trigger deployments. Talking about policy as code, Flux would work alongside things like OPA Gatekeeper to ensure compliance policies before applying changes. Talk about automated secret management. It integrates with Sealed Secrets, HashiCorp Vault, everything. Sensitive data remains encrypted and is never exposed in Git repository. So the fundamental elements that I spoke in the last answer are all taken care by Flux. Bart: In regulated industries, Kubernetes security isn't optional. Both financial services and telecom have strict compliance requirements. Let's explore how Flux ensures security at every level. Arnab Chakrabarti: In highly regulated industries such as finance, healthcare, government sector, compliance and security are two aspects that are non-negotiable. GitOps provides a structured automated approach to manage infrastructure and applications while ensuring that regulatory requirements are met. And here are the few things that it does. The immutable audit trail for compliance. Now regulated industries require a very clear documentation of every change to infrastructure and applications. There is no getting off it since GitOps uses Git as a single source of truth. Every configuration is version controlled which means it's tracked with all the commit histories. It's auditable which means that you would know who changed what and when. They're also reproducible because rollbacks and recreations are absolutely seamless. This helps organization to meet several compliance frameworks, be it SOC, HIPAA, GDPR, etc. The second is enforcing policy and access control with GitOps. How it takes care is you've got RBAC. Instead of granting direct access to production environment, GitOps enforces changes via Git workflows, ensuring that only authorized personnel can propose or approve updates. Bring in policy as code. So we have got Kubernetes ecosystem governing tools such as OPA or Kyverno that acts as policy engines. They enforce security policies before the changes are even merged. This prevents a lot of misconfiguration. Then you come to automated security and drift detection. GitOps continuously monitors the actual state of the system against the desired state as stored in Git. If any unauthorized changes occur, whether it's due to a human error or a malicious activity, GitOps tools such as Argo or Flux would automatically revert to the compliant state. Bart: Philippe approaches this from the perspective of declarative intent-based systems, a fundamental shift in how we think about Kubernetes operations. Philippe Ensarguet: The imperative way where oral culture is heavily important and present. So for me the very interesting topic with GitOps is the declarative and the intent. When you are working on an intent, it means that we got this immutability firewall. Once you get the deployment stage, all that is happening after the deployment, basically we should have no human intervention on the production. So it means that the magic of GitOps and Flux CD is happening is that is keeping the synchronization of what it really deployed and what we got into our source of truth. And so it means that if you want to push things in production, an update, security patches or whatever you need, you change the source of truth and then you have a reconciliation that is happening and the deployment of the new artifact or the new things that need to be updated. So it means that everything is traceable, readable. So for me when you are working in a very highly regulated environment, using GitOps and Flux CD as GitOps runtime is bringing naturally confidence for the team because everything is traceable, readable, can be reproducible. Bart: For developers working with Kubernetes, Flux fundamentally changes the experience. No more kubectl nightmares, no more direct cluster access. Here's what that means in practice. Arnab Chakrabarti: Flux significantly enhances the developer experience in GitOps by streamlining deployments, increasing automation and most importantly it improves the visibility into the application and infrastructure state. And I'll just list out a few key ways it improves developer experience. The first is it simplifies the deployment process. Flux eliminates the need for manual deployment steps by ensuring that all changes are managed through Git. So now the developers can deploy application by simply pushing changes to their code repository. They avoid any direct integration with Kubernetes which means the whole complexity, as we call, you know it's working with Kubernetes, deploying things into Kubernetes was looked upon as a rabbit hole, that goes away. Maintain consistency across environment without additional manual configuration. So this reduces deployment friction and ensures a reliable repeatable process. Developer does its own job. He goes, checks his code, gets deployed on its own. Second point is it improves visibility and observability. Flux integrates with most of the monitoring and logging tools like Prometheus, Loki, Grafana and it provides real-time insights into the deployment status which means so what is running in the cluster, health monitoring, alerts for misconfiguration or failures, change tracking, a complete history of who made what changes and when. So what this does, it increases transparency and allows developer to quickly diagnose and resolve the various issues. It also enhances automation and efficiency. Flux automates reconciliation and drift detection, ensuring that the live cluster state always matches the desired state in Git. Key automation features include automated rollbacks. So if an issue is detected, Flux can revert to the last stable version. Continuous synchronization, any unauthorized or accidental changes are automatically corrected. And image update automation. It keeps deployment up to date with the latest tested version. So by reducing manual intervention, Flux allows developer to focus on coding rather than managing the infrastructure. That is the biggest win. Bart: The developer experience extends to advanced deployment strategies. Arnab shares how Flux enables sophisticated Kubernetes patterns. Arnab Chakrabarti: Flux supports, this is a very interesting feature of Flux. You know, it supports progressive delivery strategies. You talk about canary deployments where you gradually roll out changes to a subset of users instead of the entire shebang. And again, blue-green deployment where you have to switch between two different production environment to minimize the risk. These capabilities allow developer to deploy new feature with greater confidence while minimizing any kind of disruption. So it's more of a developer-centric GitOps approach where Flux enhances the GitOps workflow by making deployments faster, more secure and easy to manage by automating reconciliation, improving observability and enforcing consistency. It enables developers to focus on the application development rather than operational complexity. Bart: Beyond individual features, Flux provides comprehensive observability for Kubernetes operations. Here's how teams actually monitor and manage their Flux powered clusters. Arnab Chakrabarti: Every change you make is tracked. Deviations are automatically fixed. And if you take a wrong turn, it smoothly reroutes you back to the right path. No more getting lost in deployment chaos. Just a smooth, reliable journey from commit to production. Bart: Flux's reconciliation model is particularly powerful for maintaining cluster state. Here's Arnab's brilliant analogy. Arnab Chakrabarti: Managing CI/CD without Flux is like wrestling an octopus. Every time you think you've got things under control, a tentacle, from a tentacle I mean an untracked change. Flux here acts as an expert handler, keeping every deployment in check, tracking every move, and ensuring nothing drifts out of place. Bart: Adopting Flux in enterprise Kubernetes environments requires organizational change. Both guests learned valuable lessons about the transformation journey. Arnab Chakrabarti: I think it's very important to be open to change. From my experience what I've seen is GitOps is a paradigm shift from people who worked with a mindset where you have a development team, an operations team, a deployment team. It is a paradigm shift and it is a very opinionated framework. Kubernetes itself runs on an opinionated framework. So it's a shift of approach of adapting to new things. So there will be an important initial learning curve with that. But I'll tell you, once that initial curve is gone, once you've adapted to the changes, it's very smooth sailing. So my one request to everybody that we go is don't give up on it. If there is good amount of investment, be it people investment, be it monetary investment, go for it. It's a one-time investment. Once you are on the train, it flies. So don't give up early. Take out time. Make sure that you're on to it. Focus on it and slowly move your brownfield to greenfield. Bart: For organizations evaluating open source Kubernetes tools, Arnab shares insights on how regulated industries approach CNCF projects like Flux. Arnab Chakrabarti: I think CNCF has a very managed strategy of tagging every particular CNCF project that it goes ahead. Be it the state of being in incubation or be it stand in a sandbox state or being in production ready state. In any company that is regulated industry, most of them actually go ahead and adopt CNCF based projects. Bart: Looking ahead, both organizations see Flux as fundamental to their Kubernetes strategy. Philippe shares how the patterns they've developed are shaping the future of cloud native telecom. Philippe Ensarguet: Why GitOps and Flux are critical for the Silva project? The answer is quite simple. The project Silva is a 100% intent-based GitOps process. So it means that we are heavily using Cluster API to bootstrap on bare metal or in virtual machine environment the cluster and and the nodes we need to scale basically our infrastructure. So everything is declarative, intent-based and I would say that the control tower that is making the deployment possible and being the global orchestrator in the background is Flux CD. So Flux CD is at the very core foundation of Silva and it's the control tower that allow to manage the deployment. So it's about the setup but it's also about the upgrade that we can have on the lifetime of the infrastructure we are implementing. Bart: The impact extends beyond technology. Here's Arnab's perspective on how Flux transforms not just Kubernetes operations but entire organizations. Arnab Chakrabarti: Developing with Flux is like using a GPS with autocorrecting navigation. So every change you make is tracked. Deviations are automatically fixed and if you take a wrong turn, it smoothly reroutes you back to the right path. No more getting lost in deployment chaos. Just a smooth reliable journey from commit to production. Bart: From Orange's network integration factory to Nomura's governance framework, from Project Silva to progressive delivery patterns, we've seen how Flux isn't just managing Kubernetes clusters. It's revolutionizing how enterprises operate at scale. The message from both Philippe and Arnab is clear. In the world of Kubernetes, GitOps with Flux isn't just a nice to have. It's the foundation of reliable, compliant, and developer friendly operations. Whether you're managing five clusters or 5,000, the patterns and practices we've explored today provide a roadmap for Kubernetes excellence. Remember Arnab's advice, there's a learning curve, but don't give up. The investment in Flux pays dividends in operational excellence. In our next and final episode, we'll hear from Mirantis, GitLab, and Microsoft about how they're integrating Flux into their platforms and services. From Kubernetes lifecycle management to continuous delivery and managed GitOps in the cloud.