/flux-operator

Flux Operator is a Kubernetes controller for managing the lifecycle of Flux CD

Primary LanguageGoGNU Affero General Public License v3.0AGPL-3.0

flux-operator

release Artifact Hub Operator Hub e2e license SLSA 3

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution.

Features

Autopilot for Flux CD - The operator offers an alternative to the Flux Bootstrap procedure, it removes the operational burden of managing Flux across fleets of clusters by fully automating the installation, configuration, and upgrade of the Flux controllers based on a declarative API.

Advanced Configuration - The operator simplifies the configuration of Flux multi-tenancy lockdown, sharding, horizontal and vertical scaling, persistent storage, and allows fine-tuning the Flux controllers with Kustomize patches. The operator streamlines the transition from Git as the delivery mechanism for the cluster desired state to OCI artifacts and S3-compatible storage.

Deep Insights - The operator provides deep insights into the delivery pipelines managed by Flux, including detailed reports and Prometheus metrics about the Flux controllers readiness status, reconcilers statistics, and cluster state synchronization.

Enterprise Support - The operator is a key component of the ControlPlane Enterprise offering, and is designed to automate the rollout of new Flux versions, CVE patches and hotfixes to production environments in a secure and reliable way. The operator is end-to-end tested along with the ControlPlane Flux distribution on Red Hat OpenShift, Amazon EKS, Azure AKS and Google GKE.

Quickstart Guide

Install the Flux Operator

Install the Flux Operator in the flux-system namespace, for example using Helm:

helm install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \
  --namespace flux-system

Note

The Flux Operator can be installed using Helm, Terraform, OperatorHub, kubectl and other methods. For more information, refer to the installation guide.

Install the Flux Controllers

Create a FluxInstance resource named flux in the flux-system namespace to install the latest Flux stable version:

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
  name: flux
  namespace: flux-system
  annotations:
    fluxcd.controlplane.io/reconcileEvery: "1h"
    fluxcd.controlplane.io/reconcileTimeout: "5m"
spec:
  distribution:
    version: "2.x"
    registry: "ghcr.io/fluxcd"
    artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests"
  components:
    - source-controller
    - kustomize-controller
    - helm-controller
    - notification-controller
    - image-reflector-controller
    - image-automation-controller
  cluster:
    type: kubernetes
    multitenant: false
    networkPolicy: true
    domain: "cluster.local"
  kustomize:
    patches:
      - target:
          kind: Deployment
          name: "(kustomize-controller|helm-controller)"
        patch: |
          - op: add
            path: /spec/template/spec/containers/0/args/-
            value: --concurrent=10
          - op: add
            path: /spec/template/spec/containers/0/args/-
            value: --requeue-dependency=5s

Note

The Flux instance can be customized in various ways. For more information, refer to the configuration guide.

Sync from a Git Repository

To sync the cluster state from a Git repository, add the following configuration to the FluxInstance:

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
  name: flux
  namespace: flux-system
spec:
  sync:
    kind: GitRepository
    url: "https://github.com/my-org/my-fleet.git"
    ref: "refs/heads/main"
    path: "clusters/my-cluster"
    pullSecret: "flux-system"
  # distribution omitted for brevity

If the source repository is private, the Kubernetes secret must be created in the flux-system namespace and should contain the credentials to clone the repository:

flux create secret git flux-system \
  --url=https://github.com/my-org/my-fleet.git \
  --username=git \
  --password=$GITHUB_TOKEN

Note

For more information on how to configure syncing from Git repositories, container registries and S3-compatible storage, refer to the cluster sync guide.

Monitor the Flux Installation

To monitor the Flux deployment status, check the FluxReport resource in the flux-system namespace:

kubectl get fluxreport/flux -n flux-system -o yaml

The report is update at regular intervals and contains information about the deployment readiness status, the distribution details, reconcilers statistics, Flux CRDs versions, the cluster sync status and more.

Documentation

License

The Flux Operator is an open-source project licensed under the AGPL-3.0 license.

The project is developed by CNCF Flux core maintainers part of the ControlPlane team.