FluxCD GitOps
This guide walks you through setting up FluxCD on your Kubernetes cluster to enable GitOps workflows. FluxCD automatically synchronizes your cluster state with your Git repository, providing declarative configuration management and automated deployments.
What is GitOps?
GitOps is a operational framework that takes DevOps best practices used for application development and applies them to infrastructure automation. With GitOps:
- Git as single source of truth: All configuration and infrastructure is declared in Git
- Declarative configuration: Desired state is described declaratively
- Automated reconciliation: Controllers ensure actual state matches desired state
- Version control: All changes are tracked, auditable, and reversible
Prerequisites
- Running Kubernetes cluster (see High Availability K3s Setup)
- GitHub account with repository access
- Local workstation with admin access to install tools
Architecture Overview
FluxCD consists of several controllers working together:
- Source Controller: Manages Git repositories, Helm repositories, and OCI artifacts
- Kustomize Controller: Handles Kustomize overlays and patches
- Helm Controller: Manages Helm chart deployments
- Notification Controller: Sends alerts and notifications
- Image Automation Controllers: Automates image updates
Installation Steps
-
Install required tools
Install FluxCD CLI and GitHub CLI on your workstation:
Terminal window # Install FluxCD CLIwinget install fluxcd.flux# Install GitHub CLIwinget install github.cliVerify installations:
Terminal window flux --versiongh --version -
Authenticate with GitHub
Authenticate GitHub CLI with your account:
Terminal window gh auth loginFollow the interactive prompts to:
- Select GitHub.com
- Choose authentication method (web browser recommended)
- Complete authentication in browser
-
Pre-flight checks
Verify your Kubernetes cluster is ready for FluxCD:
Terminal window flux check --preThis checks:
- Kubernetes API connectivity
- Required Kubernetes version (1.20+)
- Network policies compatibility
-
Bootstrap FluxCD with GitHub
Bootstrap FluxCD to your cluster and GitHub repository:
Terminal window # Basic bootstrap with HTTPS (recommended)flux bootstrap github \--token-auth \--owner=YOUR_GITHUB_USERNAME \--repository=YOUR_REPO_NAME \--branch=main \--path=clusters/CLUSTER_NAME \--personalAlternative with SSH (optional):
Terminal window # Bootstrap with SSH keysflux bootstrap github \--owner=YOUR_GITHUB_USERNAME \--repository=YOUR_REPO_NAME \--branch=main \--path=clusters/CLUSTER_NAME \--personal \--ssh-key-algorithm=ecdsaWhen prompted, provide your GitHub Personal Access Token with:
- repo scope (full repository access)
- workflow scope (for GitHub Actions integration)
-
Verify installation
Check that FluxCD is running correctly:
Terminal window # Check FluxCD statusflux check# View FluxCD podskubectl get pods -n flux-system# Check FluxCD logsflux logs --followExpected output should show all controllers as ready and healthy.
Post-Installation Configuration
Repository Structure
FluxCD creates the following structure in your repository:
clusters/CLUSTER_NAME/├── flux-system/│ ├── gotk-components.yaml # FluxCD controllers│ ├── gotk-sync.yaml # Git repository sync config│ └── kustomization.yaml # Kustomize configuration└── README.md # Auto-generated documentationAdding Applications
Create application manifests in your repository:
# Create apps directorymkdir clusters/CLUSTER_NAME/apps
# Add your application manifests# Example: demo-app deploymentExample application structure:
clusters/CLUSTER_NAME/├── apps/│ ├── demo-app/│ │ ├── deployment.yaml│ │ ├── service.yaml│ │ └── kustomization.yaml│ └── kustomization.yaml└── flux-system/ └── ...Security Best Practices
Secret Management
- Use
SealedSecretsorExternal Secrets Operator - Encrypt sensitive data before committing
- Implement proper RBAC policies
- Regular secret rotation