Flux Controllers Configuration
The Flux Operator comes with a Kubernetes CRD called FluxInstance. A single custom resource of this kind can exist in a Kubernetes cluster with the name flux that must be created in the same namespace where the operator is deployed.
The FluxInstance resource is used to install and configure the automated update
of the Flux distribution.
Default configuration
Example of a minimal FluxInstance resource:
apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
name: flux
namespace: flux-system
spec:
distribution:
version: "2.8.x"
registry: "ghcr.io/fluxcd"
cluster:
type: kubernetes
size: mediumSave the above manifest to a file and apply it with kubectl:
kubectl apply -f flux-instance.yamlThe operator will reconcile the FluxInstance resource and install
the latest upstream Flux version in the 2.8 range with the default components.
After a Flux Operator update, if there is a newer patch version of Flux, the operator
will automatically upgrade the Flux controllers to the latest patch release within the
configured 2.8 semver range, without requiring any changes to the FluxInstance resource.
To uninstall the Flux instance:
kubectl -n flux-system delete fluxinstance fluxEnterprise Distribution configuration
To deploy the enterprise distribution of Flux, point the operator to the ControlPlane registry:
apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
name: flux
namespace: flux-system
spec:
distribution:
version: "2.8.x"
registry: "ghcr.io/controlplaneio-fluxcd/distroless"
imagePullSecret: "flux-enterprise-auth"
artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests"The operator will check for updates to the ControlPlane distribution by pulling
the OCI artifact from ghcr.io/controlplaneio-fluxcd registry every hour.
If a new patch version is available, the operator will update the Flux components by pinning the
container images to the latest digest published in the ControlPlane registry.
To access the ControlPlane registry, the flux-enterprise-auth Kubernetes secret must be
created in the flux-system namespace and should contain the credentials to pull the enterprise images:
echo $ENTERPRISE_TOKEN | flux-operator create secret registry flux-enterprise-auth \
--namespace=flux-system \
--server=ghcr.io \
--username=flux \
--password-stdinCustom configuration
The Flux distribution can be customized by specifying the components to install, the cluster type, multitenancy, network policy, storage class and size, and kustomize patches.
For example, to install the latest Flux version with the multi-tenancy lockdown enabled and persistent storage for the source-controller:
apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
name: flux
namespace: flux-system
annotations:
fluxcd.controlplane.io/reconcileEvery: "1h"
fluxcd.controlplane.io/reconcileTimeout: "5m"
spec:
distribution:
version: "2.8.x"
registry: "ghcr.io/fluxcd"
artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests"
components:
- source-controller
- kustomize-controller
- helm-controller
- notification-controller
- image-reflector-controller
- image-automation-controller
- source-watcher
cluster:
type: kubernetes
size: large
multitenant: true
tenantDefaultServiceAccount: flux
networkPolicy: true
domain: "cluster.local"
storage:
class: "standard"
size: "10Gi"
kustomize:
patches:
- target:
kind: Deployment
patch: |
- op: replace
path: /spec/template/spec/nodeSelector
value:
kubernetes.io/os: linux
- op: add
path: /spec/template/spec/tolerations
value:
- key: "CriticalAddonsOnly"
operator: "Exists"To find out more about the available configuration options, refer to the FluxInstance API reference.