Flux is a GitOps tool for Kubernetes that automatically synchronizes the desired state of applications with the actual state in a Kubernetes cluster. It uses a variety of concepts to manage and deploy applications. Here are some fundamental Flux concepts:
GitOps
GitOps is a way of deploying and managing applications using Git as the source of truth. With GitOps, changes to the application are made by pushing changes to a Git repository, and Flux automatically synchronizes those changes with the Kubernetes cluster. This approach ensures that the desired state of the application is always stored in Git, making it easy to track changes and roll back to previous versions if necessary.
HelmRelease
A HelmRelease is a Kubernetes custom resource that defines a Helm chart release. It specifies the chart to install, the version of the chart, and any values to override in the chart’s values.yaml file. Here is an example of a HelmRelease:
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: kyverno
namespace: flux-system
spec:
interval: 6h
releaseName: kyverno
targetNamespace: kyverno
install:
createNamespace: true
chart:
spec:
chart: kyverno
version: 2.6.0
interval: 6h
sourceRef:
kind: HelmRepository
name: kyverno
values:
networkPolicy:
enabled: true
In this example, the HelmRelease installs the kyverno chart from the kyverno HelmRepository with the version 2.6.0. It also enables networkPolicy in the chart’s values.yaml file.
Kustomization
A Kustomization is a Kubernetes custom resource that defines a set of Kubernetes manifests to deploy. It specifies the resources to deploy, any patches to apply to those resources, and any Helm charts to install. Here is an example of a Kustomization:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- repository.yaml
- release.yaml
In this example, the Kustomization deploys the resources in the namespace.yaml, repository.yaml, and release.yaml files in the cert-manager namespace.
HelmRepository
A HelmRepository is a Kubernetes custom resource that defines a Helm repository. It specifies the URL of the repository and the type of repository (e.g., Helm, OCI). Here is an example of a HelmRepository:
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: kyverno
namespace: flux-system
spec:
interval: 6h
url: oci://ghcr.io/kyverno/charts
type: oci
In this example, the HelmRepository defines the kyverno Helm repository located at oci://ghcr.io/kyverno/charts.
Working Together
Flux uses these concepts together to manage and deploy applications. For example, a HelmRelease can reference a HelmRepository to install a Helm chart from that repository. A Kustomization can include a HelmRelease to install a Helm chart as part of a set of manifests. Here is an example of how these concepts can be used together:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- repository.yaml
- release.yaml
helmCharts:
- name: cert-manager
valuesInline:
ingressShim:
defaultIssuerName: letsencrypt-prod
defaultIssuerKind: ClusterIssuer
releaseName: cert-manager
version: v1.5.4
repo: https://cert-manager.io/charts
