Flux – monthly-update

Blog: May 2023 Update

Tue, 06 Jun 2023 20:30:00 +0000

May was packed with exciting stories from Flux users, newly updated Flux adopters, contributors, contributions and a new GA release candidate! Also, don’t miss future Flux Bug Scrubs using ChatGPT.

Flux technology things to know

Three more Flux release candidates! Many improvements - Please test

On our path to GA, we released v2.0.0-rc5, the fifth release candidate for the 2.0.0 release. It includes many fixes, so you are very much encouraged to upgrade to this latest version - even though it carries “RC” in its version number, it is the most stable Flux release to date. Users are advised to upgrade from v0.41 and older versions to v2.0.0-rc.5 as soon as possible.

Fixes and improvements

Starting with this version, source-controller, kustomize-controller and helm-controller pods are marked as system-cluster-critical.
The Alert v1beta2 API has two new optional fields. .spec.inclusionList for fine-grained control over events filtering (notification-controller) and .spec.metadata that allows users to enrich the alerts with information about the cluster name, region, environment, etc.
New command flux reconcile source chart for pulling Helm OCI charts on-demand from container registries (CLI).
Support annotated Git tags with .spec.ref.name in GitRepository (source-controller).
The deprecated field .status.url was removed from the Receiver v1 API (notification-controller).
Add support for commit signing using OpenPGP keys with passphrases (image-automation-controller).
Fix bootstrap for BitBucket Server (CLI).
Fix secrets decryption when using Azure Key Vault (kustomize-controller).
Fix drift detection for renamed HelmReleases (helm-controller).
Improve performance when handling webhook receivers (notification-controller).
Improve the detection of values changes for HelmReleases by stable sorting them by key (helm-controller)
Update cosign to v2 (source-controller)
Support for Helm 3.12.0 and Kustomize v5.0.3.

To upgrade from v0.x to v2.0.0-rc.5, please see the procedure documented in RC.1.

⚠️ Note that Kubernetes 1.27.0 contains a regression bug that affects Flux, it is recommended to upgrade Kubernetes to 1.27.1 or newer. The upgrade to Kustomize v5 also contains breaking changes, please consult their CHANGELOG for more details.

Big thanks to all the Flux contributors that helped us with this release!

Security news

All components have been updated to patch vulnerabilities in Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842) and Sigstore (CVE-2023-30551, CVE-2023-33199).

Flagger 1.31.0

This release adds support for Linkerd 2.13. Furthermore, a bug which led the confirm-rollout webhook to be executed at every step of the Canary instead of only being executed before the canary deployment is scaled up, has been fixed.

⚠️ This release contains some breaking changes for the Linkerd integration. Please see the CHANGELOG on how to upgrade.

News from Flux users & the Community!

Newly posted Flux adopters!

Blablacar: a long distance carpooling platform that connects drivers with empty seats and passengers to share travel costs.
Nuvme: a consulting firm specializing in cloud application modernization.
TTMzero: a RegTech company that assists financial players with pre and post-trade digitization.

Thanks to Horacio Granillo ( @hgranillo), Peter König ( @konigpeter), and Julien Haumont ( @jhaumont) for taking the time to make these additions to the Flux adopters list!

If you have not already done so, use the instructions here or give us a ping and we will help to add you. Not only is it great for us to get to know and welcome you to our community, it also gives the team a big boost in morale to see Flux being used across the world.

Flux members, contributors, and maintainers!

Priyanka Ravi joins as Flux Project Member

We are very happy that Priyanka “Pinky” Ravi joined us as a Flux Project Member.

Over the past years, Pinky spoke at conferences, meetups and elsewhere, demoing Flux, discussing use-cases and discussing what’s new. If you want to have a look at some of her talks, check out our resources section.

Thanks a lot for everything you have done - we are happy to have you in our team!

Matheus Pimenta joins as a Flux Project Member

We are very happy to have Matheus Pimenta as a Flux Project Member. Matheus has been very active in the Flux community. He has been opening issues, participating in discussions and raising pull requests especially in the notification-controller.

Thanks a lot for everything you have done - we are happy to have you in our team!

Tamao Nakahara joins as Flux Project Member

Tamao has been actively assisting with managing the Flux community and organizing efforts around getting Flux represented at various conferences. She is the lead organizer of GitOps Days.

Tamao has done so much for the Flux project. We are happy to welcome her to the team.

Sanskar Jaiswal becomes a Core Maintainer

Sanskar has been making major code contributions to Flux for a while and is already a Flagger maintainer. He has been instrumental in getting the improving the git implementation in Flux and a host of other features.

Thanks for all your contributions to Flux! This is well-deserved.

Mehak Saeed selected for Flux’s Season of Docs

We are excited to welcome Mehak Saheed who would be working to improve Flux’s documentation during this year’s Google Season of Docs. Mehak is a technical writer with over six years of experience and has worked on documentation for projects such as cert-manager and Unfurl.

We look forward to the great work she’ll do!

If you wish to speak at KubCon NA, reach out to us to collaborate on proposals on a range of topics related to Kuberentes. We are happy to provide our writing expertise to your proposal and to collaborate on ideas. The CFP deadline is June 18, so kindly contact tamao@weave.works ASAP if you’re interested. The conference is from 6th-9th November in Chicago.

Use Cases from Flux users at GitOpsCon / Open Source Summit 2023 in May!

Flux users, contributors, and maintainers spoke at the 2-day co-located event, GitOpsCon-CDCon, as well as at the 3-day core conference, Open Source Summit NA 2023, during the week of May 8-12, 2023 in Vancouver, Canada. See below for more talks from the conference from contributors and maintainers. Here are highlighted talks from Flux users:

Keynote Session: GitOps as an Evolution of Kubernetes - Flux user and Kubernetes co-creator, Brendan Burns, Corporate Vice President
Multitenancy - Build Vs. “Buy”: Zcaler’s Journey - Flux users Neeta Rathi & Josh Carlisle, ZScaler
Managing Software Upgrades with a kpt, GitLab and Flux Workflow in a Telecom Context - Flux user, Peter Wörndle, Ericsson
Flux at the Point of Change - Using the K8s Golang SDK and the Flux Api to Automatically Fix and Deploy CVEs in Your Base Images - Flux user, Bryan Oliver, Thoughtworks, Inc.
Kubernetes Quick Wins and Migration Best Practices: RingCentral Example - Flux user, Ivan Anisimov, RingCentral
Deliver a Multicloud Application with Flux and Carvel - Flux ecosystem user, Peter Tran, VMware
High-Security, Zero-Connectivity & Air-Gapped Clouds: Delivering Complex Software with the Open Component Model & Flux - Flux user, Dan Small, SAP & Mohamed Ahmed, Weaveworks
Delivering Secure & Compliant Software Components with the Open Component Model & GitOps - Flux user, Dan Small, SAP SE
Extending Observability to the Application Lifecycle with ArgoCD, Flux and Keptn - Flux users Ana Margarita Medina, Lightstep & Adam Gardner, Dynatrace

DevOps Days Medellin, Colombia

David Caballero gave a talk this month on Flux and shared slides and other resources in the CNCF Flux slack. Check it out!

Talks on Flux+GitLab, Flux+ARM64, Flux+Terraform, Flux+VS Code, Flux+WASM and more from GitOpsCon-CDCon / Open Source Summit 2023

Here are additional talks from GitOpsCon-CDCon and Open Source Summit NA 2023, during the week of May 8-12, 2023 in Vancouver, Canada.

Talk summaries in The New Stack:

Kingdon’s talk on WASM
GitOps principles quoting Pinky’s GitOpsCon keynote panel

Talks by Flux contributors and maintainers include:

GitOpsCon Keynote panel featuring Flux contributor, Priyanka “Pinky” Ravi, Weaveworks
GitLab + Flux! - Priyanka “Pinky” Ravi, Weaveworks & Flux user, Viktor Nagy, GitLab
GitOps Sustainability with Flux and arm64 (full version)- Tamao Nakahara, Weaveworks & Liz Fong-Jones, Honeycomb
Microservices and WASM, Are We There Yet? - Flux user, Will Christensen, Defense Unicorns & Kingdon Barrett, Weaveworks
Automate with Terraform + Flux + EKS: Level Up Your Deployments - Flux contributor, Priyanka “Pinky” Ravi, Weaveworks
Exotic Runtime Targets: Ruby and Wasm on Kubernetes and GitOps Delivery Pipelines (15-min version) - Flux maintainer, Kingdon Barrett, Weaveworks
VS Code+Flux: Dev-Driven Automated Deployments Like a Cloud Native Pro (Even if You’re a Beginner) - Flux ecosystem contributor, Juozas Gaigalas, Weaveworks
Level Up Your Deployments: Automate with Terraform + Flux - Flux contributor, Priyanka “Pinky” Ravi, Weaveworks
Platform Engineering Done Right: Safe, Secure, & Scalable Multi-Tenant GitOps - Flux ecosystem contributor, Juozas Gaigalas, Weaveworks
Exotic Runtime Targets: Ruby and Wasm on Kubernetes and GitOps Delivery Pipelines (40-min version) - Flux maintainer, Kingdon Barrett, Weaveworks
Lightning Talk: GitOps Sustainability with Flux and arm64 (5-min version) - Flux contributor, Tamao Nakahara, Weaveworks
Community Diversity and Inclusion as Business Metric (and Not Just a Feel-Good Tactic) - Flux contributor, Tamao Nakahara, Weaveworks

Upcoming Events

Flux project meetings and Flux Bug Scrub+ChatGPT!

Our June 27 and 28 bug scrubs will involve using ChatGPT Experiment with us and we’ll learn together! Join the Weave Online User Group for updates.

The next dates are going to be:

2023-06-07 12:00 UTC, 19:00 CEST CNCF Flux Project Meeting (early)
2023-06-08 17:00 UTC, 19:00 CEST The Flux Bug Scrub
2023-06-13 22:00 UTC, 00:00 CEST The Flux Bug Scrub (AEST)
2023-06-14 12:00 UTC, 14:00 CEST The Flux Bug Scrub
2023-06-15 15:00 UTC, 17:00 CEST CNCF Flux Project Meeting (late)
2023-06-21 12:00 UTC, 19:00 CEST CNCF Flux Project Meeting (early)
2023-06-22 17:00 UTC, 19:00 CEST The Flux Bug Scrub
2023-06-27 22:00 UTC, 14:00 CEST The Flux Bug Scrub (AEST): playing with ChatGPT!
2023-06-28 12:00 UTC, 00:00 CEST The Flux Bug Scrub: playing with ChatGPT!
2023-06-29 15:00 UTC, 17:00 CEST CNCF Flux Project Meeting (late)

Our Flux Bug Scrubs still are happening on a weekly basis and remain one of the best ways to get involved in Flux. They are a friendly and welcoming way to learn more about contributing and how Flux is organised as a project.

We are flexible with subjects and often go with the interests of the group or of the presenter. If you want to come and join us in either capacity, just show up or if you have questions, reach out to Kingdon on Slack.

Flux Fun Fact!

Did you know … 🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers. GitLab also announced that Flux is their GitOps tool of choice, so you’ll see even more synergy this year!

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings.
Join the Flux mailing list and let us know what you’d like to see.
Talk to us in the #flux channel on CNCF Slack.
Join the planning discussions.
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback.
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.
We are looking forward to working with you.

❤️ Your Flux maintainer, Somtochi Onyekwere, and project member, Tamao Nakahara.

Blog: April 2023 Update

Tue, 02 May 2023 06:30:00 +0000

As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration, and where you can get involved. Read our last update here.

It’s the beginning of May 2023 - let’s recap together what happened in April - it has been a lot!

News in the Flux family

Flux v2.0.0 release candidate

This is the first release candidate of Flux v2.0 GA 🎉.

Users are encouraged to upgrade for the best experience. We also very much welcome feedback!

Flux v2.0.0-rc.1 comes with the promotion of the GitOps related APIs to v1 and adds horizontal scaling & sharding capabilities to Flux controllers.

In addition, RC.1 comes with support for auth with Azure Workload Identity when pulling OCI artifacts from ACR and when decrypting secret with Azure Vault. Also, Bootstrap for GitLab was extended with support for generating GitLab Deploy Tokens.

Big thanks to all the Flux contributors that helped us with this release!

And a special shoutout to the GitLab team for their first contribution to Flux!

This release brings API changes we want to highlight here:

GitRepository v1
Kustomization v1
Receiverv1

The GitRepository kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed. The v1 API is backwards compatible with v1beta2, except for the following:

the deprecated field .spec.gitImplementation was removed
the unused field .spec.accessFrom was removed
the deprecated field .status.contentConfigChecksum was removed
the deprecated field .status.artifact.checksum was removed
the .status.url was removed in favor of the absolute .status.artifact.url

The Kustomization kind was promoted from v1beta2 to v1 (GA) and deprecated fields were removed. A new optional field .spec.commonMetadata was added to the API for setting labels and/or annotations to all resources part of a Kustomization. The v1 API is backwards compatible with v1beta2, except for the following:

the deprecated field .spec.validation was removed
the deprecated field .spec.patchesStrategicMerge was removed (replaced by .spec.patches)
the deprecated field .spec.patchesJson6902was removed (replaced by.spec.patches`)

The Receiver kind was promoted from v1beta2 to v1 (GA). The v1 API now supports triggering the reconciliation of multiple resources using .spec.resources.matchLabels. The v1 API is backwards compatible with v1beta2, no fields were removed.

To upgrade Flux from v0.x to v2.0.0-rc-1 you can either rerun flux bootstrap or use the Flux GitHub Action.

To upgrade the APIs from v1beta2, after deploying the new CRDs and controllers, change the manifests in Git:

set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain GitRepository definitions and remove the deprecated fields if any
set apiVersion: kustomize.toolkit.fluxcd.io/v1 in the YAML files that contain Kustomization definitions and remove the deprecated fields if any
set apiVersion: notification.toolkit.fluxcd.io/v1 in the YAML files that contain Receiver definitions

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the beta versions will be removed after 6 months.

⚠️ Note that this release updates the major version of the Flux Go Module to v2. Please update your go.mod to require github.com/fluxcd/flux2/v2, see pkg.go.dev for the documentation of the module.

New Documentation

Flagger: Bug fix release 1.30.0 hits the streets

This release fixes a bug related to the lack of updates to the generated object’s metadata according to the metadata specified in spec.service.apex. Furthermore, a bug where labels were wrongfully copied over from the canary deployment to primary deployment when no value was provided for --include-label-prefix has been fixed. This release also makes Flagger compatible with Flux’s helm-controller drift detection.

Flux Ecosystem

Weave GitOps

Weave GitOps has recently released two new versions, v0.21.2 and v0.22.0, bringing various enhancements and bug fixes to the community.

In v0.21.2, the release includes client-side apply for better interactivity, removal of runs in non-session mode, custom SVGs for navigation icons, health checks in the UI, and more. Alongside these enhancements, bug fixes include resolving dashboard reconciliation issues and URL checking regex.

In v0.22.0, enhancements include group claim support for strings, OIDC prefix support for impersonation, additional health checks, and support for .sourceignore for GitOps Run. Bug fixes address concurrent ID token refreshing, clean-up process issues, and vulnerabilities in the YAML NPM package.

Weave GitOps Enterprise has introduced v0.21.2 and v0.22.0, offering new features and improvements. In v0.21.2, users can view GitOpsSets on leaf clusters in the UI, experience a fixed bug related to GitOpsSets not updating ConfigMaps, and utilize the “View Open Pull Requests” button to select any GitRepository. Enhancements include updating the GoToOpenPullRequest button and extending unwatch cluster logic for better resource management. The UI now has a sync external secret button on the secret details page.

In v0.22.0, the new Explorer backend has been introduced, providing better scalability for Weave GitOps Enterprise. The Explorer now supports Flux sources, and the Applications UI and Sources UI can be configured to use the Explorer backend for an improved user experience.

GitOpsSets offer enhanced templating for numbers and object chunks, and cluster bootstraps now sync secrets without waiting for ControlPlane readiness. The Explorer collector utilizes impersonation, and a feature flag has been added for replacing Applications and Sources with the query service backend. Bug fixes include addressing Git authentication checks, non-deterministic GitRepository template application, and improved support for “View Open PRs” in different URL formats.

Documentation updates include instructions for configuring Weave GitOps Enterprise to create PRs in Azure DevOps and user guides for raw templates and chart paths. In addition, updates cover secrets management, using private Helm repositories, and frontend development process improvements.

You might be interested in our recent blog post about how to use Weave GitOps as your Flux UI as well.

Terraform-controller

The team has recently released Terraform Controller v0.15.0-rc.1 which supports Flux v2.0.0-rc.1. This update brings significant improvements and moves us closer to the Flux GA.

⚠️Important Note:⚠️ With this release, there are breaking changes to be aware of:

Terraform Controller now uses API version v1alpha2, deprecating v1alpha1.
This version is not compatible with Flux v2 v0.41.x and earlier versions.

Flux Subsystem for Argo

The team has recently shared a sneak preview of the new version of Flamingo, a powerful drop-in extension for Argo CD that seamlessly integrates Flux as a GitOps engine in any Argo CD environments.

Now with the ability to switch between Argo CD UI and Weave GitOps (the UI for Flux), Flamingo aims to take DevOps and GitOps user experiences to the next level with this integration.

If the video is not displayed, view the video here.

You might be interested in this blog post on the Weaveworks blog about Flamingo.

New additions to the Flux Ecosystem

AWS Labs introduced their new project awslabs/aws-cloudformation-controller-for-flux. It is a Flux controller for managing AWS CloudFormation stacks and helps you to store CloudFormation templates in a git repository and automatically sync template changes to CloudFormation stacks in your AWS account with Flux.

Check out the demo and example.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

cdCon + GitOpsCon North America 2023

cdCon + GitOpsCon NA 2023 is only a few days away. It will happen May 8-9 in Vancouver, Canada. Of course Team Flux will be there to talk about all things GitOps!

Here’s what we put in our calendar:

OSS Summit North America 2023

Open Source Summit NA 2023 is coming up May 10-12 in Vancouver, Canada. It plays host great number of sub-conferences in many of which you will see Flux goodness happening.

Here are a few that we are looking forward to:

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In April here are a couple of talks we would like to highlight.

CloudNativeCon / KubeCon EU 2023

CloudNativeCon / KubeCon is the most important event for us, as it’s such a great venue to meet contributors, friends, end-users and folks who are generally interested. It was a very busy event and luckily Team Flux was there as a big group, so we were able to respond to all requests.

We kicked off the event with the Flux Project Meeting, which saw 4 hours of updates from the maintainers, lots of time for Q&A, story telling and a good opportunity to get to know each other.

Next up was the CNCF Graduated Projects Update, here is the link to the timestamp where we provided the Flux update.

Many folks were looking forward to hear how we envision Flux is used in an OCI world. Luckily Hidde and Stefan gave a talk about it:

At KubeCon EU, @hiddeco and myself, we’ve talked about @fluxcd beyond Git and how Flux OCI artifacts can streamline #Kubernetes continuous delivery.

Check out the recording on YouTubehttps://t.co/HhOJSpTmzq
— Stefan Prodan (@stefanprodan) May 2, 2023

We thank the Cloud Native Computing Foundation for setting up a Graduation Celebration for Argo and Flux, the two GitOps solutions which graduated around the same time! Cupcake time for everyone!

Last up was a great panel which featured Priyanka Ravi, Weaveworks; Christian Hernandez, Red Hat; Filip Jansson, Strålfors; Roberth Strand, Amesto Fortytwo; Leigh Capili, VMware.

They all talked about “How GitOps Changed Our Lives & Can Change Yours Too!”. Priyanka “Pinky”, Leigh and Roberth are long-time friends of Flux.

And thanks a lot to the Cloud Native Photo Crew, who took these pictures:

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in May - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Flux Bug Scrub

The next dates are going to be:

In other news

Michael Fornaro joins Flux as a Project Member

We are pleased to announce that Michael Fornaro has joined Flux as a project member. Michael has been heavily involved in the Flux community, offering valuable assistance and support through the Slack #flux channels and participating in Flux Bug Scrub sessions.

In collaboration with Kingdon, Michael is working to expand the Bug Scrub initiative, recently launching the first AEST session to accommodate members in Eastern Europe, India, Southeast Asia, and other regions including Australia.

Michael is the founder of Raspbernetes and co-founder in K8s@Home, both of which are organizations that focus on learning and supporting Kubernetes at home. The community has a strong presence on GitHub and Discord, where Michael has been a valuable contributor.

People writing/talking about Flux

We love it when you all write about Flux and share your experience, write how-tos on integrating Flux with other pieces of software or other things. Give us a shout-out and we will link it from this section! ✍

Grafana Operator Blog: Install Grafana-operator using Flux and Kustomize

The grafana-operator team have recently started to ship their Kustomize manifests using OCI with the help of Flux artifact. As a part of this, they have written a small blog on how to install grafana-operator using Flux and how to manage grafana dashboards as code.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Alluvial, Orange, Kiln, Tchibo.

If you have not already done so, use the instructions here or give us a ping and we will help to add you. Not only is it great for us to get to know and welcome you to our community. It also gives the team a big boost in morale to know where in the world Flux is used everywhere.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

Internal documentation which explains how to use certain parts of the website.
Updated our announcements for KubeCon EU 2023 and Google Season of Docs 2023 to support the events better!
Updates to the docs to move graduated APIs to v1.
New documentation: Sharding Cheatsheet.
New additions to our resources page.
Lots of fixes and improvements all over the place.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Max Jonas Werner, Daniel Favour, Hidde Beydals, Claire Liguori, David Blaisonneau, Eddie Zaneski, Jan Christoph Ebersbach, Mehdi Bechiri, Romain Guichard, Sanskar Jaiswal, Stacey Potter, Tim Rohwedder, harshitasao, lehnerj.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, fully integrates with OCI and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
✨ Dashboards love Flux: No matter if you use one of the Flux UIs or a hosted cloud offering from your cloud vendor, Flux has a thriving ecosystem of integrations and products built on top of it and all have great dashboards for you.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2023-05-04 or 2023-05-10.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: March 2023 Update

Mon, 03 Apr 2023 08:30:00 +0000

It’s the beginning of April 2023 - let’s recap together what happened in March - it has been a lot!

News in the Flux family

We have released Flux v0.41 with new features and improvements. As always, everyone is encouraged to upgrade for the best experience.

Here is a short-list of features and improvements in this release:

Experimental support of drift detection of Helm releases compared to cluster-state.
Improved handling of SIGTERM signals received by the helm-controller, which will now terminate running Helm install or upgrade actions, instead of potentially leaving them in a pending state.
Opt-in OOM watcher in helm-controller to handle graceful termination of the controller before it is forcefully killed by Kubernetes’ OOM killer.
Kubernetes client and Custom Resource Definition life-cycle improvements to reduce the memory consumption of the helm-controller, with observed reductions up to 50%.
Opt-in allowance of DNS lookups during the rendering of Helm templates in the helm-controller via feature gate.
Optional disabling of the cache of the status poller used to determine the health of the resources applied by the kustomize-controller. This may improve memory usage on large scale clusters at the cost of more direct API calls.
Changes to the logging of all controllers to ensure Kubernetes components like the discovery client use the configured logging format.
New flux events command to display Kubernetes events for Flux resources, including the events of a referenced resource.
Custom annotations can now be set with flux push using --annotations.

It’s important to us to document all the new features, so here goes a list of new articles and how-tos:

Cheatsheet: Enable Helm drift detection
Cheatsheet: Enable Helm near OOM detection
Cheatsheet: Allow Helm DNS lookups
Controller: New helm-controller feature gates and options
Controller: New kustomize-controller feature gate
Spec: HelmRelease drift detection

Big thanks to all the Flux contributors that helped us with this release!

Flux Ecosystem

Weave GitOps

Weave GitOps Enterprise v0.19.0 brings a host of new features to help the Flux community streamline their workflows and improve overall efficiency. The GitOpsSets GUI makes it easier to manage applications across a fleet of clusters, while additional generators like cluster, gitRepository, and apiClient offer enhanced functionality and customization. Weave GitOps Enterprise now supports raw templating for greater flexibility, and the Sandbox environments provide real-time visibility and testing capabilities for Kubernetes infrastructure.

New additions to the PolicyConfig UI simplify policy management, and the SOPS Secrets features enable seamless GPG and AGE key management, making it easier than ever to create encrypted secrets. Experience the benefits of adopting Weave GitOps by leveraging these powerful new features for Kubernetes environments.

Terraform-controller

The team has been working on the new release of Terraform controller. Bug fixes related to the GitOps dependency management have been landed in the main branch. So please feel free to try it out.

The team has also been working closely with the Flux team to ensure that Terraform controller will support everything in the coming Flux GA.

Flux Subsystem for Argo

Flamingo, the Flux Subsystem for Argo, for ArgoCD 2.6 and Flux v0.41, has been released. Flamingo is the only tool that combines the best two GitOps technologies together. Flux and ArgoCD are both CNCF graduate projects.

This new Flamingo version includes support for the following:

Flux v0.41 which comes with many features and enhancements,
Pack of new user interface features from ArgoCD 2.6

Chanwit Kaekwasi, the main developer of Flamingo, is looking for feedback. If you use Flamingo and want to chat about how you use it, where you would like it to go or just want to give some feedback, please find him on the #flux channel on CNCF Slack. Thanks a lot in advance!

VS Code GitOps Extension

Version 0.24.0 of the VS Code extension was released. This version introduces a new feature for the users of Weave GitOps Enterprise: Templates. Using Templates users can create complex GitOps configurations, workflows and pipelines with a simple UI. Templates must be enabled in the VS Code settings to be available. The README file includes further information.

The team is continuing to work on UI and performance improvements. In the 0.24 release, the Sources and Workloads views are now grouped by Namespaces and their details are presented in a consistent way.

New additions to the Flux Ecosystem

We are very happy to see Timoni joining the Flux Ecosystem.

Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm.

The Timoni project strives to improve the UX of authoring Kubernetes configs. Instead of mingling Go templates with YAML like Helm, or layering YAML on top of each-other like Kustomize, Timoni relies on cuelang’s type safety, code generation and data validation features to offer a better experience of creating, packaging and delivering apps to Kubernetes.

Timoni can be used together with Flux to create a GitOps delivery pipeline for Timoni’s module instances.

In my quest to write less #Kubernetes YAML this year, I've been hacking on a new tool called Timoni.

Timoni is a package manager for Kubernetes, powered by @cue_lang and inspired by @HelmPack, Homebrew and Docker compose.https://t.co/xrGCN5pZGY
— Stefan Prodan (@stefanprodan) March 31, 2023

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In March here are a couple of talks we would like to highlight.

Kubernetes co-founder Brendan Burns and Flux maintainer Stefan Prodan recently gave a CNCF talk on #ubernetes in 2023.

Monolith to Microservices with Bite-Sized Kubernetes.

Cloud Native Live: Automating Kubernetes Deployments.

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in April - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

CloudNativeCon / KubeCon EU 2023

We are very excited! From Tuesday, April 18 through Friday, April 21 it is CloudNativeCon / KubeCon EU 2023 in Amsterdam.

At the time of writing all the tickets have been sold out, so if you managed to get one, we look forward to seeing you there! Let’s dig into what’s happening over all of the days, because it is a lot.

Here is the link to our mini-website to keep you up to date at all times.

Tuesday, April 18

This is where CloudNativeCon starts and we are happy to have representation at a number of Day-0 events.

08:00: OpenGitOps Project Meeting in the Auditorium Center.
11:55: Cloud Native Telco Day Panel: Looking Ahead to the Future with Project Sylva, Energy Efficiency & Telco Cloud Platforms. Panelists are Niki Manoledaki (Weaveworks), Philippe Ensarguet (Orange Business Services), Gergely Csatári (Nokia), Tim Irnich (SUSE) in Hall 7, Room A.

In the afternoon, starting at 13:00 (1pm), we start our Flux Project Gathering in Room G108 of the Auditorium Center. A lot of Flux maintainers and contributors will be there to chat with and we have a nice programme prepared for you.

1:00 pm Meet and Greet
1:15 pm Welcome and Overview of Flux activities at KubeCon
1:30 pm Intro to GitOps and Flux + Q&A (Priyanka “Pinky” Ravi)
2:00 pm What’s New with Flux! Overview (Flux team)
- Flux GA Release is coming up! What does that mean for you?
- Graduation and other updates!
- Contributing to Flux
3:00 pm Q&A time
3:15 pm Break
3:30 pm Flux & Other Tools
- Terraform (Pinky)
- Vault (Pinky)
- Helm (Hidde Beydals)
- VS Code (Juozas Gaigalas)
- Secrets & Sops (Hidde)
- Cosign (Stefan)
- Plus lots of time for Q&A!
4:45 pm Closing: Thanks and final questions

Wednesday, April 19

10:30 - 21:00 (9pm): Meet the Flux team at our booth at the Project Pavilion
at Project Pavilion, Kiosk 3
11:00 - 11:35: A CI/CD Platform in the Palm of Your Hand
Claudia Beresford, Weaveworks at Elicium Building, D201-202
11:55 - 12:30: Flux Beyond Git: Harnessing the Power of OCI
Stefan Prodan & Hidde Beydals, Weaveworks at Forum Center, E103-E104
18:00 (6pm) - 20:00 (8pm): Meet the Flux team at our booth for the Booth Crawl
at Project Pavilion, Kiosk 3

Update: previously the OCI talk was scheduled to happen at 17:25. 11:55 is correct.

Thursday, April 20

10:30 - 17:30 (5.30pm): Meet the Flux team at our booth at the Project Pavilion
at Project Pavilion, Kiosk 3
16:00 - 16:30 (4.30pm): Flux Project Graduation Celebration
in Hall 5

Friday, April 21

10:30 - 14:30 (2.30pm): Meet the Flux team at our booth at the Project Pavilion
at Project Pavilion, Kiosk 3
14:55 (2.55pm) - 15:30 (5.30pm): How GitOps Changed Our Lives & Can Change Yours Too! at Auditorium Center, G104-105
Priyanka Ravi, Weaveworks
Christian Hernandez, Red Hat
Filip Jansson, Strålfors
Roberth Strand, Amesto Fortytwo
Leigh Capili, VMware
16:00 (4pm) - 16:35 (4.35 pm): Self-Service GitOps at a Regulated Enterprise
Erick Bourgeois (Freelance) at Auditorium Center, G104-105
16:00 (4pm) - 16:35 (4.35 pm): A Look Under the Hood of CNCF Security Audits
Adam Korczynski & David Korczynski, Ada Logics at Auditorium Center, Auditorium + Balcony

Update: previously the time for the panel was 16:55, it has been moved to 14:55.

Flux Bug Scrub

The Flux Bug Scrub has undertaken a slightly new format, where we’ll be spending more time working on our own code, and even building some new software under the aegis of the “flux-community” organization! We’ll still have our familiar spreadsheet every week, but we will be conversely spending less time per-meeting on curating the list of issues across the FluxCD org than we have been.

The Bug Scrub community is small but growing; we need your feedback to make this effort a blockbuster hit (which you can provide asynchronously, please remember to @ KingdonB if you are interested, whether you can or cannot make the meeting time!)

Since we’ll be spending more time on code at the meeting, we are also evaluating the possibility of a new, more inclusive “Late Late” Bug Scrub, which would aim to be more accessible to people in the Asia/Pacific time zones, Australia, as well as those in Eastern Europe, Middle East, and Africa. We hope that there are some folks who might not have been able to make the earlier times, who could benefit from this new addition. If you are in these time zones which are not covered now, it’ll actually be “Early Work Hours” for you if we’ve calibrated this correctly. (Good morning, Internet…)

The addition of another meeting at a new time of day, is intended to provide a little extra time for the curation of issues to go along with our new format change, and also to balance the scales somewhat better across all regions. Now, we just need your feedback and RSVP to decide exactly what time this new meeting should be! Please check out the FluxCD calendar for an indication of when it has been scheduled, or ping KingdonB in the Flux channel on CNCF slack if you have a strong opinion on the matter!

The next dates are going to be:

In other news

People writing/talking about Flux

blakyaks.com: AKS & Flux via Terraform

Flux Adopters BlakYaks wrote this nice article in which they explain how to bring Flux to AKS via Terraform. In closing they say:

Hopefully by now you’ve got an idea of why we’re big advocates of GitOps workflows and, in particular, Flux.

The convention-based approach allows us to build complex application deployments with ease, and by leveraging source control best practices such as pull requests and branch policy we can quickly integrate deployments into our existing CI/CD toolchains in a secure and scalable manner.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: BlakYaks, Enliven Systems, Kratix, MyTaxi, ScaleAq, Szerzi and TrueLayer

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

Update of fluxcd.io landing page: we removed the terminal as it had been outdated and slowed down the loading time. We also simplified our messaging about Flux features and mission so it’s easier to understand at a glance.
We restructured our use of shortblocks, so the code structure is more straight-forward.
We applied for Google Season of Docs 2023. If you are interested in the initiative, go and check out the link.
We added information about to enable Helm drift detection and how to allow Helm DNS lookups.

And on top of that countless fixes, small improvements and updates as always. Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Hidde Beydals, Arhell, Max Jonas Werner, Andreas Olsen Gulla, Craig Hurt, Gangstead, Jake, KwongTN, Matteo Martellini, Metin OSMAN, Sanskar Jaiswal, Timo Furrer and zoltan.zvara.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, fully integrates with OCI and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
✨ Dashboards love Flux: No matter if you use one of the Flux UIs or a hosted cloud offering from your cloud vendor, Flux has a thriving ecosystem of integrations and products built on top of it and all have great dashboards for you.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2023-04-06 or 2023-04-12.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: February 2023 Update

Wed, 01 Mar 2023 07:30:00 +0000

It’s the beginning of March 2023 - let’s recap together what happened in February - it has been a lot!

News in the Flux family

Two Flux minor releases hit the streets

Last month gave us two minor releases of Flux. Here’s what you can look forward to on your next upgrade. As always: Users are encouraged to upgrade for the best experience.

v0.40: ImageRepository and ImagePolicy promote to v1beta2

Flux v0.40 brings a number of features and improvements:

The GitRepository API has a new optional field .spec.ref.name for specifying a Git Reference. This allows Flux to reconcile resources from GitHub Pull Requests (refs/pull/<id>/head) and GitLab Merge Requests (refs/merge-requests/<id>/head).
RFC-0005 (source revision format) and RFC-0003 (custom OCI media types) have been fully rolled out.
The ImageRepository and ImagePolicy APIs have been promoted to v1beta2.
The image-reflector-controller autologin flags have been deprecated, please see the migration instructions to v1beta2.
Allow specifying the cloud provider contextual login for container registries with ImageRepository.spec.provider.
Improve observability of ImageRepository by showing the latest scanned tags under .status.lastScanResult.latestTags.
Improve observability of ImagePolicy by reporting the current and previous image tag in status and events.
The Kubernetes builtin cluster roles: view, edit and admin have been extended to allow access to Flux custom resources.
Print a report of Flux custom resources and the amount of cumulative storage used for each source type with flux stats -A.

To read up on the details of the above, you might want to check out these pieces of documentation:

v0.39: better security support, improved performance and observability

Flux v0.39 includes these highlights:

Starting with this version, the Flux controllers come with SBOMs and SLSA Provenance Attestations embedded in their container images.
The Flux Terraform Provider has a new resource for bootstrapping Flux, without depending on third-party Terraform providers, that allows customising the controllers at install time. Users are encouraged to migrate to this new resource and provide feedback.
The Flux CLI is now included in Wolfi OS, the Linux (Un)distro designed for securing the software supply chain. The Chainguard team and Wolfi maintainers are shipping updates for the Flux package on a regular basis.

Features and improvements include:

Recreate immutable resources (e.g. Kubernetes Jobs) by annotating or labeling them with kustomize.toolkit.fluxcd.io/force: enabled.
Support for HTTPS bearer token authentication for Git repositories.
Improve memory usage by disabling the caching of Secret and ConfigMap resources in all controllers.
Better observability with progressive status updates for Sources (Git, OCI, Helm, S3 Buckets).
Allow extracting the OCI artifact SHA256 digest for Cosign with flux push artifact -o json.
Track CRDs managed by Flux, flux trace and flux tree will show which HelmRelease deployed which CRDs.
Allow the Flux GitHub Action to use a GitHub token when checking for updates to avoid rate limiting.

Documentation

Big thanks to all the Flux contributors that helped us with this release!

Security news

We extended our Security Docs to show more examples for verifying SBOMs. Now the newly introduced SLSA Provenance Attestation feature is documented as well.

Flagger 1.29.0 brings support for template variables for analysis metrics

A canary analysis metric can reference a set of custom variables with .spec.analysis.metrics[].templateVariables. For more info see the docs. Furthermore, a bug related to Canary releases with session affinity has been fixed.

Improvements & Fixes

Allow custom affinities for flagger deployment in helm chart
Add namespace to namespaced resources in helm chart
modify release workflow to publish rc images
build: Enable SBOM and SLSA Provenance
Add support for custom variables in metric templates
docs(readme.md): add additional tutorial
use regex to match against headers in istio

Flux Ecosystem

Weave GitOps

The latest release includes enhancements, improvements, bug fixes, and documentation updates to enhance Weave GitOps’ overall functionality and user experience.

Enhancements in this version include improved detection of the OSS dashboard and the addition of imagePolicy details. The get-session logs feature has also been enhanced to support pod logs, filters, and return logging sources. A new optional tooltip has been added to the Timestamp component, and the formatting of log message timestamps in the log UI has been improved.

UI enhancements in this version aim to improve the overall user experience of Weave GitOps. Access properties on undefined ImageAutomation objects can now be handled, and an issue where graph nodes hopped around has been fixed. A text search has been added to table URLs, and undefined icon types can now be handled.

The Helm reloading strategy has been fixed, and the chart spec has been updated with values.yaml to address reloading issues.

Terraform-controller

The latest release of TF-Controller, version v0.14.0, introduces several new features and many bug fixes. Notably, the release offers first-class support for Terraform Cloud with the spec.cloud field. This enhancement allows Weave GitOps Enterprise users to leverage GitOps Templates with Terraform Cloud as a backend for their Terraform resources, opening up a world of possibilities for GitOps workflows.

In addition to Terraform Cloud support, the update upgrades Flux to v0.40.0 and Terraform to v1.3.9, with bug fixes including improved AWS package documentation, and missing inventory entries.

The new release also offers multi-arch image support, customizable controller log encoding, and the option to configure Kube API QPS and Burst. The Terraform apply stage now features a parallelism option for even more customization.

Users are highly recommended to upgrade to TF-Controller v0.14.0 to take advantage of these improvements. For any feedback or questions, please reach out to the team on the GitHub repository.

Flux Subsystem for Argo

The team has recently updated Flamingo by rebasing it onto the upstream ArgoCD versions v2.3.17, v2.4.23, and 2.5.11. This update has been made in response to the recent vulnerability CVE-2023-23947, and the team strongly recommends that all users update their systems as soon as possible.

Updated Flamingo images are:

v2.3.17-fl.3-main-bc5b4abb
v2.4.23-fl.3-main-bc5b4abb
v2.5.11-fl.3-main-bc5b4abb

VS Code GitOps Extension

Version 0.23.0 of the vscode-gitops-tools extension was released. This version introduces a new webview for configuring GitRepository, HelmRepository, OCIRepository, Bucket and Kustomization resources. Extension context (right-click) file and folder actions now work with multiple open repositories in the expected way.

Pulumi Kubernetes Operator

Michel Bridgen wrote a blog post about how to combine Pulumi with Flux using the Pulumi Kubernetes Operator, which extends the reach of both Flux and Pulumi.

What you can look forward to in the next release of the operator is that - based on Paolo’s work on git-go - the operator (and Pulumi itself) will be able work with Azure DevOps.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In February here are a couple of talks we would like to highlight.

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in March - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

2nd March: GitOps Testing in Kubernetes with Flux & Testkube
7th March: GitOps: Automatic Deployments and Updates with Flux w/ Julian Hennig
9th March: CNCF On Demand- Microservices and Kubernetes
15th March: CNCF Live Stream - Automating Kubernetes Deployments
16th March: CNCF On Demand- Kubernetes in 2023 w/ Stefan Prodan & Brendan Burns
23rd March: Microsoft Live Stream: Automating Kubernetes Deployments

Flux Bug Scrub

The next dates are going to be:

In other news

Gitlab adopts Flux for GitOps

Have some great news about @fluxcd and @gitlab. In todays dev meeting, @nagyviktor shared with us that GitLab has chosen Flux to offer #GitOps to their users. The Flux team is super excited about collaborating with GitLab 🎉 https://t.co/3f9tHJbhnX
— Stefan Prodan (@stefanprodan) January 26, 2023

We are incredibly pleased that GitLab chose to move forward with Flux for the GitOps capabilities in their project. In the past weeks, members of the GitLab team joined our Dev meetings where it became clearer what needs to happen next. This is another great recognition of the versatility and great feature set of Flux and we very much look forward to the collaboration.

Please check out the announcement on the GitLab blog, which links to all the individual discussions and development epics where you can track the progress of the integration.

People writing/talking about Flux

TrueLayer: Flux2 migration: how we dropped our CPU usage by nearly 40x

We love hearing end-user success stories, particularly to learn how a migration went well. Surya Pandian wrote up the entire experience in the blog post and comes to this conclusion:

With our original Flux setup, we were running one pod per GitOps, and with 40 teams, that required a lot of cash and CPU. But with this setup, we run just one flux GitOps agent for an entire cluster. In total, one flux GitOps agent manages over 40 GitRepoCRDResources and 240 FluxKustomizeCRDResources.

Our migration to Flux2 has paved the way for a config-managed setup. Not only did this drastically reduce costs, but it also made Flux reconciliations faster and reduced CPU usage by almost 40x.

As the sun sets on Flux1, migrating to Flux2 may sound like a daunting task. But with the right migration plan, engineering teams can reap the benefits.

Flux + Testkube: GitOps Testing is here

Abdallah Abedraba describes how to set up Flux with Testkube in the blog post in an easy to follow step-by-step fashion. The takeaway is:

Once fully realized - using GitOps for testing of Kubernetes applications as described above provides a powerful alternative to a more traditional approach where orchestration is tied to your current CI/CD tooling and not closely aligned with the lifecycle of Kubernetes applications.

This tutorial uses Postman collections for testing an API, but you can bring your a whole suite of tests with you to Testkube.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: B1 Systems GmbH and Wildlife Studios.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

Bootstrapping: here’s how to disable Kubernetes cluster role aggregations
Update image-updates guide to reflect the new API version and recent use of flags, extend examples.
We updated the docs to reflect current Flux version and fixed typos and readability pieces in many many places.
We updated our Security Docs.

Thanks a lot to these folks who contributed to docs and website: Ben Bodenmiller, Stefan Prodan, Stefan Bodenmiller, Michael Bridgen, Hidde Beydals, Sunny, Kingdon Barrett, Mac Chaffee, Ronan, Sanskar Jaiswal, zipizapclouds.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, fully integrates with OCI and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
✨ Dashboards love Flux: No matter if you use one of the Flux UIs or a hosted cloud offering from your cloud vendor, Flux has a thriving ecosystem of integrations and products built on top of it and all have great dashboards for you.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2023-03-09 or 2023-03-15.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: January 2023 Update

Wed, 01 Feb 2023 08:30:00 +0000

Now it’s the beginning of February 2023 - let’s recap together what happened in December and January - it has been a lot!

News in the Flux family

Flux 0.38 brings performance improvements and new features

We have released Flux v0.38. Users are encouraged to upgrade for the best experience. Here is a short summary of its features and improvements:

Graduation of Notification APIs to v1beta2, to upgrade please see the release notes.
Support for defining Kustomize components with Kustomization.spec.components.
Support for piping multi-doc YAMLs when publishing OCI artifacts with kustomize build . | flux push artifact --path=-.
Support for Gitea commit status updates with Provider.spec.type set to gitea.
Improve the memory usage of helm-controller by disabling the caching of Secret and ConfigMap resources.
Update the Helm SDK to v3.10.3 (fix for Helm CVEs).
All code references to libgit2 were removed, and the GitRepository.spec.gitImplementation field is no longer being honored.

The official example repository was refactored. The new version comes with the following improvements:

Make the example compatible with ARM64 Kubernetes clusters.
Add Weave GitOps Helm release to showcase the Flux UI.
Replace the ingress-nginx Bitnami chart with the official one that contains multi-arch container images.
Add cert-manager Helm release to showcase how to install CRDs and custom resources using dependsOn.
Add Let’s Encrypt ClusterIssuer to showcase how to patch resources in production with Flux Kustomization.
Add the flux-system overlay to showcase how to configure Flux at bootstrap time.

♥ Big thanks to all the Flux contributors that helped us with this release!

Security news

Flux 0.39, the upcoming release, will come with SBOMs and SLSA Provenance attached to all the controllers container images. In addition, all controller images will be updated to Alpine 3.17 (which contains CVE fixes for OS packages).

Starting with 0.39, the Flux controllers should consume less memory on busy clusters due to the disabling of Secret and ConfigMap caching.

Flagger 1.27 and 1.28 add support for APISIX and different autoscaling configs

1.28 comes with support for setting a different autoscaling configuration for the primary workload. The .spec.autoscalerRef.primaryScalerReplicas is useful in the situation where the user does not want to scale the canary workload to the exact same size as the primary, especially when opting for a canary deployment pattern where only a small portion of traffic is routed to the canary workload pods.

1.27 comes with support for Apache APISIX. For more details see the tutorial.

Flux Ecosystem

Flux Subsystem for Argo

Flamingo is a tool that combines Flux and Argo CD to provide the best of both worlds for implementing GitOps on Kubernetes clusters. With Flamingo, you can:

Automate the deployment of your applications to Kubernetes clusters and benefit from the improved collaboration and deployment speed and reliability that GitOps offers.
Enjoy a seamless and integrated experience for managing deployments, with the automation capabilities of Flux embedded inside the user-friendly interface of Argo CD.
Take advantage of additional features and capabilities that are not available in either Flux or Argo CD individually, such as the robust Helm support from Flux, Flux OCI Repository, Weave GitOps Terraform Controller for Infrastructure as Code, Weave Policy Engine, or Argo CD ApplicationSet for Flux-managed resources.

In recent releases, the team updated Flamingo to support Flux v0.38 and Argo CD v2.5.7, v2.4.19 and v2.3.13. Please note that Argo CD v2.2 will not be supported and updated by Flamingo anymore.

Flux	Argo CD	Image
v0.38	v2.5	v2.5.9-fl.3-main-14aff24e
v0.38	v2.4	v2.4.21-fl.3-main-14aff24e
v0.38	v2.3	v2.3.15-fl.3-main-14aff24e
v0.37	v2.2	v2.2.16-fl.3-main-2bba0ae6

Terraform-controller

The tf-controller team is currently working on getting the new release v0.14 out. They are updating the Terraform binary to version 1.3.7 and the Flux tool to version 0.38. Additionally, they are fixing the Helm chart and enabling the parallelism option for the apply stage. They are currently at release candidate v0.14.0-rc.2 with the new Helm chart version 0.10.0. Please stay tuned for further updates.

Weave GitOps

Besides a huge amount of general small improvements, the team has fixed two security vulnerabilities ( 1, 2) and made GitOps Run much more secure along the way. If you’re using a version older than 0.12.0 you are highly encouraged to upgrade.

Also with GitOps Run you can now open the deployed application’s Web UI by simply hitting a key on your keyboard. GitOps Run sets up the port-forwarding and opens up a browser window for you.

As always lots of improvements went into Weave GitOps’ Web UI so make sure to take a look.

On the Weave GitOps Enterprise side you can now automatically create Pipelines from GitOpsTemplates, the Terraform UI has been improved to allow for a more detailed view into a Terraform inventory and support for observing and managing Secrets has landed in its initial incarnation.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In December and January here are a couple of talks we would like to highlight.

HashiCorp User Group Luxembourg: GitOps your Terraform Configurations

Flux Terraform Controller is a controller for Flux to reconcile Terraform configurations in the GitOps way with the power of Flux and Terraform, Terraform Controller allows you to GitOps-ify your infrastructure, and your application resources, in the Kubernetes and Terraform universe.

Flux Terraform Controller ensures what you’ve defined in your Terraform configurations is what’s always running and available. Flux continuously looks for changes and reconciles with the desired state. Take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development!

Flux’s Security & Scalability with OCI & Helm (Part 2) with Kingdon Barrett

With Flux, you can distribute and reconcile Kubernetes configuration packaged as OCI artifacts. Instead of connecting Flux to a Git repository where the application desired state is defined, you can connect Flux to a container registry where you’ll push the application deploy manifests, right next to the application container images.

During this session Kingdon Barrett, OSS Engineer at Weaveworks & Flux Maintainer, shows you how to quickly create scalable and Cosign-verified GitOps configurations with Flux using the same process with two demo environments: one will be a Kustomize Environment and the other a Helm-based environment.

Flux Security & Scalability using VS Code GitOps Extension

Recently Flux has released two new features (OCI and Cosign) for scalable and secure GitOps. Juozas Gaigalas, a Developer Experience Engineer at Weaveworks, will demonstrate how developers and platform engineers can quickly create scalable and Cosign-verified GitOps configurations using VS Code GitOps Tools extension. New and experienced Flux users can learn about Flux’s OCI and Cosign support through this demo. Join us!

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in February - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Flux Bug Scrub

The next dates are going to be:

In other news

Conference Call For Papers

Conferences are all about the people. It’s also more fun to present together. You get to share collective experience and be more entertaining as a duo!

Two upcoming call for paper deadlines are the following

CFP until 2023-02-05, SustainabilityCon

May 10 – 12, 2023 | Vancouver, Canada Join the community of developers, technologists, sustainability leaders and anyone working on technological solutions to decarbonize the global economy, mitigate and address the impacts of climate change, and build a more sustainable future. SustainabilityCon provides a forum to drive open source innovation in energy efficiency and interoperability and clean development practices within industries ranging from manufacturing to agriculture and beyond through collaboration and learning within the community.
CFP until 2023-02-10, GitOpsCon

May 8 – 9, 2023 | Vancouver, Canada

cdCon + GitOpsCon is designed to foster collaboration, discussion, and knowledge sharing by bringing two communities together. It’s the best place for vendors and end users to collaborate in shaping the future of GitOps and Continuous Delivery (CD).

Talk to Niki Manoledaki for SustainabilityCon and in general to Vanessa Abankwah and Stacey Potter if you want to present anything Flagger, Flux, GitOps related at any of the events with us!

Soulé Ba joins Flux Core Maintainers

Soulé Ba has been working on Flux for a long while. Already a maintainer of Flux’s go-git-providers, he didn’t stop there but was involved in a lot of the RFC planning process of many features and contributed code and fixes for a long long time.

The Flux community is grateful to have you. Well deserved becoming a Core maintainer now, Soulé!

Your Community Team

We have been working on filling up the speakers calendar for the next weeks and organising proposals for the upcoming CFP deadlines for the next conferences. If you are interested in speaking about Flux and GitOps, please reach out to us!

Next up we are going to look into making our Community page more interesting and useful. We are also going to apply for Google Season of Docs. If you have input or ideas and would like to get involved, talk to us on Slack!

People writing/talking about Flux

Bill Doerrfeld: Introduction to Flux (containerjournal.com)

Read more in this article about Flux, where Bill interviewed Priyanka “Pinky” Ravi about what’s new in Flux. It’s a nice introduction to Flux.

GitOps has become a chosen strategy for releasing and deploying cloud-native microservices. The goal of GitOps, a term coined by Alexis Richardson, CEO of Weaveworks, in 2017, is to “make operations automatic for the whole system based on a model of the system which was living outside the system.” And propelling the GitOps practice is Flux, an open source tool that provides GitOps for apps and infrastructure.

In late 2022, Flux became the 18th project to reach graduation status with the Cloud Native Computing Foundation (CNCF). Earlier this year, downloads of the Flux container image surpassed a staggering one billion.

Max Strübing: Automatic deployment updates with Flux (D2iQ Engineering Blog)

We were very pleased to see this blog post from our friends at D2iQ. Do go check it out, particularly if you are new to Flux. Max takes a how-to approach to explaining automatic deployment updates with Flux and explains why this is generally a good idea:

You can deploy fast, easily and often by simply pushing to a repository

You can run a git revert if you messed up your environment and everything is like it was before

This means you can easily roll back to every state of your application or infrastructure

Not everyone needs access to the actual infrastructure environment, access to the git repository is enough to manage the infrastructure

Self-documenting infrastructure: you do not need to ssh into a server and look around running services or explore all resources on a Kubernetes cluster

Easy to create a demo environment by replicating the repository or creating a second deploy target

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: DoneOps and Riley.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

The Flux landing page is shorter and less overwhelming now. This was achieved by moving the adopters logos into a horizontal scroll band, dropping some old content and there will be more to come here.
Flagger docs were update to the latest.
Flux Bootstrap: cheatsheet for how to Persistent storage for Flux internal artifacts
Our FAQ now has entries about how to safely rename a Flux Kustomization and how to set local overrides to a Helm chart. As it’s one of the very common FAQs: We also mention the different Flux UIs a lot more prominently now!
Flux GCP docs were updated.
We improved the Flux Support page to be even clearer about how to get Support for Flux, no matter if it’s professionally or for community support.
We renived a lot of unnecessary website build code; now a lot of the dynamic content is generated straight from YAML through Hugo Data Templates. This makes the website build process a lot more stable and we have less build scripts to maintain!
Update to latest hugo plus docsy and gallery themes.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Arhell, Aurel Canciu, Hidde Beydals, Sanskar Jaiswal, h20220026, Paulo Gomes, Stacey Potter, Johannes Wienke, Jonathan Meyers, Kingdon Barrett, Lassi Pölönen, Max Jonas Werner, Nate, Scott Rigby, Sunny, Tarunbot, h20220025, surya.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2023-02-09 or 2023-02-15.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: November 2022 Update

Mon, 05 Dec 2022 12:30:00 +0000

It’s the beginning of December 2022 - let’s recap together what happened in November - it has been a lot!

News in the Flux family

Flux has graduated

It’s been quite the journey, and it wouldn’t have been possible without everybody’s help in our community. We made it! Flux is now officially a CNCF Graduated project. Here are some news pieces you might want to check out:

Please help us share the good news - it’s the moment of recognition and endorsement many have still been waiting for!

Also please join us for our celebratory Flux Graduation AMA sessions:

December 7, 12:00 UTC with Flux maintainers: Daniel, Max, Philip, Sanskar, Stefan, Somtochi
December 8, 18:00 UTC with Flux maintainers: Kingdon, Paulo, Somtochi, Soulé

Next Flux release brings consolidated Git implementation

The Flux development team keeps on innovating. The latest release is Flux v0.37 and as always we encourage you all to upgrade for the best experience.

The biggest change is that the gitImplementation field of GitRepository by source-controller and image-automation-controller is now deprecated. Flux will effectively always use go-git. This now supports all Git servers, including Azure DevOps and AWS CodeCommit, which previously were only supported by libgit2. This is a big improvement and will help us focus on making Flux work great with just one git implementation.

Here is our shortlist of features and improvements in the release:

Support for bootstrapping Azure DevOps and AWS CodeCommit repositories using flux bootstrap git.
Support cloning of Git v2 protocol (Azure DevOps and AWS CodeCommit) for go-git Git provider.
Support force-pushing ImageUpdateAutomation repositories.
Allow a dry-run of flux build kustomization with --dry-run and --kustomization-file ./path/to/local/my-app.yaml. Using these flags, variable substitutions from Secrets and ConfigMaps are skipped, and no connection to the cluster is made.
Use signed OCI Helm chart for kube-prometheus-stack.

Check out these new pieces of documentation:

Guide: AWS CodeCommit bootstrap
Guide: Azure DevOps bootstrap

💖 Big thanks to all the Flux contributors that helped us with this release!

Flux Roadmap Updates

Here’s an update from the Flux roadmap - we are rushing forward towards GA!

Starting with release v0.37, we started solidifying all required changes for the Bootstrap GA milestone targeted to Q1 2023. That release should include all major changes from a Git perspective that we want to ship for GA. Please make sure you upgrade as soon as possible and provide us with feedback, so we can work on it before the GA release.

Upcoming in the next release is a new feature for Image Automation Controller: GitShallowClones. You can already check it out in the recently published release candidate. If you are interested, you can reach out via the PR or on Slack: https://github.com/fluxcd/image-automation-controller/pull/463

Security news

To benefit from our strong OCI integration, you might want to take a look at our latest blog post about how to verify the integrity of Helm charts stored as OCI artifacts.

To help you tighten security, the Kubernetes community has released the security-profiles-operator project. We are very pleased that it now comes with an AppArmor profile for Flux.

Flagger 1.25 and 1.26 update to newest Gateway API

Flagger 1.26.0 comes with support Kubernetes Gateway API v1beta1. For more details see the Gateway API Progressive Delivery tutorial. Please note that starting with this version, the Gateway API v1alpha2 is considered deprecated and will be removed from Flagger after 6 months.

Flagger 1.25.0 introduces a new deployment strategy combining Canary releases with session affinity for Istio. Check out the tutorial here. Furthermore, it contains a regression fix regarding metadata in alerts introduced in #1275.

Flux Ecosystem

Flux Subsystem for Argo

The team upgraded Flux Subsystem for Argo aka Flamingo to support Flux v0.37 and Argo CD v2.5.3, v2.4.17, v2.3.11 and v2.2.16.

Terraform-controller

The team has released Weave TF-controller v0.13.1 and recently updated its Helm chart to v0.9.3. In this version, the team started shipping the AWS Package for TF-controller. The AWS Package is an OCI Image which contains a set of Terraform primitive modules that you can use out-of-the-box to provision your Terraform resources by describing them as YAML.Please visit the package repository for more information: https://github.com/tf-controller/aws-primitive-modules.

Weave GitOps

GitOps Run continues to be enhanced as an easy way to get started with Flux and GitOps, and now includes yaml validation for both Flux and core Kubernetes resources. The Weave GitOps UI for Flux is now able to support multiple instances of Flux on the same cluster, for when resource isolation strategies are in place, so you can see the health of all controllers in the Flux Runtime view.

Then in the Enterprise edition of Weave GitOps, the Pipelines feature is now enabled by default to help you automatically promote applications through a series of environments, and GitOpsTemplates continue to be enhanced as a generic self-service capability for building out an Internal Developer Platform.

VS Code GitOps Extension

In its latest pre-release of the extension a “Configure GitOps” workflow was introduced. It features a new unified user interface for creating Source and Workload and for attaching Workloads to Sources. It supports both Generic Flux and Azure Flux (Arc/AKS) cluster modes. In Azure mode, FluxConfig resources are created automatically (this can be disabled if the user wants Generic mode compatibility). Currently this feature is in the Extension Marketplace pre-release channel and supports GitRepository and Kustomization resources.

If you want a user-friendly UI for working with every type of Source and Workflow please check out this pre-release and give the team feedback!

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In November here are a couple of talks we would like to highlight.

Playlist: Flux at Prometheus Day, GitOpsCon, & KubeCon North America 2022

This playlist is a curated compilation of all Flux related talks from KubeCon / CloudNativeCon NA 2022 (Detroit) as well as the respective co-located events, Prometheus Day and GitOpsCon. We’ve also included a list of the individual videos below.

Prometheus Day North America 2022

Automate Your SLO Validation with Prometheus & Flagger - Sanskar Jaiswal & Kingdon Patrick Barrett

GitOpsCon North America 2022

KubeCon North America 2022

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in December- tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Dec 13: Implementing Flux for Scale with Soft Multi-tenancy

The Flux project continues in active development with the addition of OCI configuration planned in the GA roadmap. Another Flux advancement has been the creation of the new VSCode Extension which provides a convenient interface to Flux that can help reduce friction moving between editor and terminal, alleviating the headache of context switching overloading developer focus.

Flux maintainer Kingdon Barrett will demonstrate the pre-release of Flux’s new OCI features and a convenient way to access them while they remain in pre-release so you can provide the feedback that is needed by Flux maintainers to make this feature a success!

Flux Bug Scrub

The next dates are going to be:

In other news

Your Community Team

The Flux Community Team has been busy this month. We wrapped-up everything related to KubeCon, prepared the announcement of Flux Graduation and wrote this summary.

We would love your help, so if you are interested in joining a small team which handles Community and Communications of Flux, please join our meetings and introduce yourself!

People writing/talking about Flux

Josh Carlisle wrote this blog post as a decision making help for people who are new to Cloud Native. He says

I came away with Flux offering some easier onboarding and bootstrapping

and

I found Flux to better align with things that were important to me

Thanks for the shout-out!

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Amesto Fortytwo, DataGalaxy, Divistant, DKB Deutsche Kreditbank AG, Housing Anywhere, synyx.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

Following the deprecation of Flux Legacy, we have removed the Flux Legacy docs and highlighted migration videos and other helpful content
To make it easier to participate, we now show the upcoming event on the landing page
Show adopters logos in horizontal scroll band
Updated Flagger docs to 1.25.0
Updated AWS CodeCommit docs
Updated Azure docs
Added GitOpsCon talk videos
Many other improvements and fixes

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Arhell, Vanessa Abankwah, David Harris, Sanskar Jaiswal, Batuhan Apaydın, Max Jonas Werner, André Kesser, Marko Petrovic, Matthieu Dufourneaud, Paul Lockaby, Paulo Gomes, Piotr Sobieszczański, Roberth Strand, Tarun Rajpurohit, husni6, surya.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Graduated project and was categorised as “Adopt” on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-12-07 or 2022-12-15.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: October 2022 Update

Tue, 01 Nov 2022 15:30:00 +0000

It’s the beginning of November 2022 - let’s recap together what happened in October - it has been a lot!

News in the Flux family

Flux v0.36 adds support for verifying Helm charts with Cosign

Team Flux has released Flux 0.36 which continues the integration of OCI features further into Flux. Here is a list of features and improvements that were added in the last release:

Verify OCI Helm charts signed by Cosign (including keyless) with HelmChart.spec.verify.
Allow publishing a single YAML file to OCI with flux push artifact <URL> --path=deploy/install.yaml.
Detect changes to local files before pushing to OCI with flux diff artifact <URL> --path=<local files>.
New Alert Provider type named generic-hmac for authenticating the webhook requests coming from notification-controller.
The Kustomization.status.conditions have been aligned with Kubernetes standard conditions and kstatus.
The kustomize-controller memory usage was reduced by 90% when performing artifact operations.

For this release we also added new documentation to our site:

Please upgrade for the best experience.

Security news

Keeping the Flux Community up to date on new Security features and ways to keep their organisations and clusters secure is important to us. We are very happy that Flux project member Batuhan Apaydın took the time to write this blog post about proving the authenticity of OCI artifacts. Please take a look at to get practical advice on how to make use of this.

What’s more? CLOMonitor is a service which checks open source project repositories to verify they meet project health best practices. With the last Flux release, we have hit 100% compliance with Linux Foundation security best practices.

We would also like to high five Alexander Block, a member of our community and maintainer of kluctl: he reported the last Flux CVE (CVE-2022-39272) Improper use of metav1.Duration allows for Denial of Service. Thanks a lot for helping out with this!

Flagger v1.24 comes with signed releases & OCI Helm charts

Starting with Flagger 1.24.0, the Flagger release artifacts are published to GitHub Container Registry, and they are signed with Cosign and GitHub ODIC.

OCI artifacts:

ghcr.io/fluxcd/flagger:<version>: multi-arch container images
ghcr.io/fluxcd/flagger-manifest:<version>: Kubernetes manifests
ghcr.io/fluxcd/charts/flagger:<version>: Helm charts

To verify an OCI artifact with Cosign:

export COSIGN_EXPERIMENTAL=1
cosign verify ghcr.io/fluxcd/flagger:1.24.0
cosign verify ghcr.io/fluxcd/flagger-manifests:1.24.0
cosign verify ghcr.io/fluxcd/charts/flagger:1.24.0

To deploy Flagger from its OCI artifacts the GitOps way, please see the Flux installation guide.

The previous release, Flagger 1.23.0 added support for Slack bot token authentication.

Flux Legacy reaches End-Of-Life

As discussed in the last monthly update for the Flux project, we retired Flux v1 and Helm Operator on November 1st. The projects will no longer be supported and were archived on GitHub.

Please look into migrating to Flux v2 as soon as possible.

If you still need migration help, there are still free migration workshops, or reach out for paid support to one of the companies listed here.

Flux Ecosystem

Weave GitOps

The Weave GitOps team continues to iterate and just released v0.10.1 of Weave GitOps.

With the release of v0.10.0 they are excited to announce the beta launch of a new tool called GitOps Run. GitOps can be challenging for the everyday developer to work with and it can create some friction, especially for developers who are less familiar with Kubernetes or Flux. The purpose of GitOps Run is to remove the complexity for developers so that platform operators can create developer environments easily, and application developers can benefit from GitOps and focus on writing code. Basically, they set up a live reconciliation loop between your cluster and local working directory of choice. Any changes made to your local working directory will automatically be pulled onto the cluster so you can iterate quickly. When you are done you can turn off GitOps Run and your cluster will go back to the previous state. This tool is incredibly useful with the VSCode GitOps extension.

You can either toggle GitOps Run to allow changes directly on the cluster or choose a sandbox option as well. The team is definitely looking for feedback on this exciting new feature so please don’t hesitate to engage and submit feature requests. Check out an overview and quick getting started video here.

The team continues to make improvements to the GitOps Dashboard as well. You are now able to inspect the YAML of all objects within the application as well as being able to navigate to objects via the various graph views. We have also added support for alerts and providers.

Terraform Controller

The Weave GitOps team has been hard at work on the next version of the tf-controller and just released Weave TF-controller v0.13.0 this week.

First-class YAML Support (tech preview)

A notable feature in this version is the first-class YAML support for Terraform. A Terraform object in v0.13.0+ allows you to better configure your Terraform resources via YAMLs, without introducing any extra CRDs to your cluster. Together with a new generator, Tofu-Jet will now be able to ship pre-generated primitive Terraform modules for all major cloud providers. The team shipped the alpha version of AWS package in this release. Tofu-Jet generator will be open-sourced later by the end of this year.

A primitive Terraform module is a module that only contains a single primitive resource like, aws_iam_role or aws_iam_policy. With this concept, we would be able to use Terraform without writing Terraform codes and make it more GitOps-friendly at the same time.

New Features and Bug Fixing

Implement webhooks for Terraform stages
Add use case examples
Add .spec.workspace field
Add the default value to workspace
Implement spec.values and map it to Terraform HCL
Add docs for preflight checks
Implement Helm-like template for Terraform files
Add runner Dockerfile for Azure
Upgrade Golang to v1.19
Bundle an alpha version AWS Package
Fix e2e
Implement init containers support on the runner pod
Implement spec.dependsOn and watch for the output secret changes
Implement templating for input references
Fix the check of dependencies by taking the output secret into account
Add tests for the spec.dependsOn feature
Change templating delimiter to ${{ }}
Add labels to tfstate via the K8s backend so that we can group them by the labels
Fix dependency in the finalizer
Add an ability to Helm chart for creating service accounts in each namespace
Parameterize AWS package in chart
Add trace logging
Fix runner service account template not returning multiple docs
Implement replan to avoid double planning
Add SHA and version information to the binaries

Weave GitOps Enterprise

Weave GitOps Enterprise continues to improve with numerous features including all of those mentioned in the OSS version above. They have released v0.10.1. First, you can now view terraform resources from the UI, plus sync and suspend resources like Kustomizations, HelmReleases, and Sources.

The team has also launched their pipeline feature which will enable you to set up environments for helm charts and track the chart versions across dev, staging, and production (or however you decide to define your environment stages).

Policy sets have been added as well so you can now state whether policies should just be treated as non-blocking (audit) or blocking (admission). This means you can easily configure your various policies to request the team to fix their code, either to future-proof it, or for the fix to be included before changes can actually be applied to the clusters.

Finally, the team has been working hard to open up templates to all types of objects within the platform. In the past, templates were isolated to only CAPI providers so you could easily self service clusters. From Weave GitOps Enterprise you are now able to create templates for any yaml objects so you can self-serve anything from new microservices to cloud infrastructure all driven by GitOps and the power of Flux.

Flux Subsystem for Argo

Flux Subsystem for Argo (aka Flamingo) is the safe migration path for Argo CD to Flux and Weave GitOps. A Flamingo image is the drop-in replacement of the equivalent version of Argo CD. You can safely run workloads reconciled by Flux and Argo CD on the same clusters.

The team has upgraded Flamingo to support Flux v0.36 and Argo CD v2.5. Not only the v2.5 support, this train of releases also include Flamingo for v2.2 - v2.4 too.

Here’s the updated support matrix

Flux	Argo CD	Flamingo Image
v0.36	v2.5	v2.5.0-fl.3-main-2bba0ae6
v0.36	v2.4	v2.4.15-fl.3-main-2bba0ae6
v0.36	v2.3	v2.3.10-fl.3-main-2bba0ae6
v0.36	v2.2	v2.2.15-fl.3-main-2bba0ae6

VS Code GitOps Extension

A new “Configure GitOps” workflow is available in the pre-release of the extension. The workflow introduces a new unified user interface for creating Source and Workload and for attaching Workloads to Sources. It supports both Generic Flux and Azure Flux (Arc/AKS) cluster modes. In Azure mode, FluxConfig resources are created automatically (this can be disabled if the user wants Generic mode compatibility). Currently this feature is in the Extension Marketplace pre-release channel and supports GitRepository and Kustomization resources. Final release will be available early in November and will provide an user-friendly UI for working with every type of Source and Workflow.

New additions to the Flux Ecosystem

We are very pleased to announce the following new members of the Flux Ecosystem. We feel blessed to have a lively and active community like this!

First up is the Datadog Agent for Flux: it runs on your hosts and collects events and metrics from hosts and sends them to Datadog, where you can analyze your monitoring and performance data.

KubeVela is next on the list, which now integrates Flux as well for Helm Chart delivery and GitOps, and provides multi-cluster capabilities.

We could have some kind of Halloween reference here, but GitOps zombies is actually a tool for finding Kubernetes resources which are not managed via GitOps. Go check it out.

And last but not least, here is the Pulumi Kubernetes Operator, which runs Pulumi programs, and can fetch them via Flux sources.

Really nice to see Pulumi adopting @fluxcd for source management. Pulumi programs can now be packaged as OCI artifacts with the Flux CLI and signed with Cosign. Before the Pulumi operator runs them, Flux pulls the artifacts in-cluster and verifies their signatures 🔐🚀 https://t.co/Z9KGipWij4
— Stefan Prodan (@stefanprodan) October 24, 2022

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

Thanks to all the Flux community members who are happy to talk about their experiences. In October there was obviously KubeCon (which we will have a separate blog post about), here is one talk already which we would like to highlight.

GitOps with Flux and OCI Registries - Soulé Ba & Scott Rigby, Weaveworks

Please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in November - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

ATO 2022 Get Started with Kubernetes & GitOps Workshop (Nov 1)

For those that are new to Kubernetes, don’t fret! Justin will give a brief overview of Kubernetes core concepts, features, architecture, and key components to ensure you have a necessary understanding of the Kubernetes ecosystem so that you can follow along with the rest of this hands-on workshop.

HashiCorp User Group Luxembourg (virtual) (Nov 30)

Flux Terraform Controller is a controller for Flux to reconcile Terraform configurations in the GitOps way with the power of Flux and Terraform, Terraform Controller allows you to GitOps-ify your infrastructure, and your application resources, in the Kubernetes and Terraform universe.

Flux Bug Scrub

The next dates are going to be:

2022-11-02 12:00 UTC, 14:00 CEST
2022-11-10 18:00 UTC
2022-11-16 13:00 UTC

In other news

Your Community Team

The Flux Community Team started its own set of meetings as an experiment for the next 3 months. Here we want to discuss everything that’s important for the Flux community, such as organisation of events, advocacy, getting more people involved in the community and more.

This month we had our first two meetings. Check out the meeting notes which include the meeting recordings to see what was discussed in detail.

A few themes we are looking into as a group are:

Document and refine processes and tools to make it a lot easier to be involved
Highlight events and meetings to our community better
Make things like our social and editorial calendars public so people can feed into it more easily and it becomes more of a team effort

Please join us for the next meeting - instructions and agenda can be found here.

People writing/talking about Flux

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Cyera, Syneki and University of Bordeaux.

More docs and website news

We are constantly improving our documentation and website - here are a couple of things we landed recently:

Update themes and move to using them as Hugo modules. This simplified our setup quite a bit.
Generate resources section from YAML.
Deemphasise Legacy Flux in our docs.
Updates to the frontpage to make events easier to find.
Update Flagger docs to 1.24. New guide to set up Flagger on a Kubernetes cluster the GitOps way.
And lots of other updates and improvements.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Batuhan Apaydın, Mohamed F. Ahmed, Arhell, FG, Hidde Beydals, Michael Bridgen, Santosh Kaluskar, Jasmin Müller, Kingdon Barrett, Martin PAUCOT, Raffael Sahli, Shalom Yerushalmy, Steve Wilkerson and ebCrypto.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-11-03 or 2022-11-11.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: September 2022 Update

Tue, 04 Oct 2022 11:30:00 +0000

It’s the beginning of October 2022 - let’s recap together what happened in September - it has been a lot!

News in the Flux family

Flux v0.34.0 and 0.35.0 bring OCI improvements

Flux v0.35 and Flux v0.34 landed in September. They bring tons of improvements, especially in the area of OCI. We encourage everyone to upgrade for the best experience.

Please note: there are breaking changes: The Flux controller logs have been aligned with the Kubernetes structured logging. For more details on the new logging structure please see: fluxcd/flux2#3051.

Here is a quick summary of what you can look forward to in terms of features and improvements:

Verify OCI artifacts signed by Cosign (including keyless - currently still experimental and only supporting GCP and GHCR) with OCIRepository.spec.verify. Note this supports contextual login, but not insecure registries.
Allow pulling Helm charts dependencies from HTTPS repositories with mixed self-signed TLS and public CAs.
Allow pulling Helm charts from OCI artifacts stored at the root of AWS ECR.
Allow running bootstrap for insecure HTTP Git servers with flux bootstrap git --allow-insecure-http --token-auth.
Improve health checking for global objects such as ClusterClass, GatewayClass, StorageClass, etc.
The controllers and the Flux CLI are now built with Go 1.19.
Allow pulling artifacts from an in-cluster Docker Registry over plain HTTP with OCIRepository.spec.insecure.
Allow defining OCI sources for non-TLS container registries with flux create source oci --insecure.
Enable contextual login when publishing OCI artifacts from a Cloud VM using flux push artifact --provider=aws|azure|gcp.
Prioritise static credentials over OIDC providers when pulling OCI artifacts from container registries on multi-tenant cluster.
Reconcile Kubernetes Class types (ClusterClass, GatewayClass, StorageClass, etc) in a dedicated stage before any other custom resources like Clusters, Gateways, Volumes, etc.
When multiple SOPS providers are available, run the offline decryption methods first to avoid failures due to KMS unavailability.
Add finalizers to the notification API to properly record the reconciliation metrics for deleted resources.
Publish the Flux install manifests as OCI artifacts on GitHub and DockerHub container registries under fluxcd/flux-manifests.

For more information on OCI and Cosign support please see the Flux documentation.

It took us six months to debate, design and implement OCI support in Flux. Big thanks to all the Flux contributors that helped us reach this milestone!

Flux Legacy (v1) Retirement Plan

Thanks to so many of you who have been migrating to the latest Flux version, often in conversation with us. We appreciate your enthusiasm for the increased capabilities of Flux. In October 2020 we put Flux Legacy and Helm operator into maintenance mode (cf flux#3320 and helm-operator#546). Back then we promised to continue to support them for 6 months once we reached feature-parity across all former feature sets, and instead we have offered extended support for over a year.

We reached parity in March 2021 and announced stable APIs in July 2021. Since then we added OCI support and many other modern features to Flux v2. Thanks to you not only for migrating, but also for adding yourselves to the latest Flux adopters page! We really appreciate it. Your work has brought down the number of support requests for legacy Flux to 5% of all volume in the past year.

We will archive Flux Legacy in November this year. If you still need migration help, there are still free migration workshops, or reach out for paid support to one of the companies listed here.

Some recent prompts for this include:

Some of the Flux v1 dependencies are pinned to EOL versions, which cannot be upgraded without causing regressions or a cascading amount of changes to the codebase.
All Kubernetes dependencies are pinned within version v1.21. That version already reached end-of-life support upstream.

Thanks for joining us on this journey of building Flux. Please give Flux a star!

Flux Ecosystem

Flux Subsystem for Argo

The team is happy to announce that Flux Subsystem for Argo (FSA) is now on-par with ArgoCD regarding supported versions. FSA now provides all versions supported by ArgoCD. The project will provide security updates based on ArgoCD v2.2 and v2.3, and for the active ArgoCD version (currently v2.4), FSA will support them, starting from v2.4.12.

For Flux compatibility, FSA will be tested against every release of future Flux versions.

Weave GitOps

Weaveworks just released version v0.9.6 for Weave GitOps. There are a lot of great new features that have been released in the last month. First, it is continuing the trend of being a feature rich Flux UI by adding support for Flux Providers and Alerts. When you click on the user icon you are then taken to a screen that contains those objects. As a platform operator, you can easily understand where events are being sent.

On the kustomization and helm release detail pages there is now a tab to check your dependencies for those objects. The dependsOn is a powerful feature in Flux and now you can easily see these visualised within the application. We’re also making it easy to navigate from these graphs to relevant objects in a near future release.

In addition, the team added numerous improvements to gitops run our live coding environment. Now you can run the command against an empty folder and it will generate a kustomization.yaml file and give you a live connection between that working directory and the cluster you are connected to. The team is full steam ahead on the next set of features for the run experience.

Terraform Controller

The Weave GitOps team is continuing to improve our ecosystem of controllers with the latest release of the tf-controller v0.12.0.

The notable features in this release are: custom backend support, interop with Notification controller, and support human readable plan output in ConfigMap. This is all new:

Enable custom backends for Terraform
Support backendConfigsFrom for specifying backend configuration from Secrets
Add a parameter for specifying max gRPC message size, default to 4MB
Implement force-unlock for tfstate management
Fix the initialization status
Recording events to support Flux notification controller
Support specifying targets for plan and apply
Add node selector, affinity and tolerations for the runner pod
Add volume and volumeMounts for the runner pod
Add file mapping to map files from Secrets to home or workspace directory
Fix Plan prompt being overridden by the progressing message
Support storing human-readable plan output in a ConfigMap

Learn more at the following blog post “How to GitOps Your Terraform”, by Priyanka Ravi & Daniel Holbach.

Weave GitOps Enterprise

The Weave GitOps Enterprise continues to build on top of the OSS feature set with its latest v0.9.5 release. First, the team has added a new add application button with support for both Kustomizations and Helm Releases. This makes it super easy to add the relevant Flux primitives to get your applications loaded onto the cluster(s) of your choice.

Workspaces were added as well. This makes it super easy to manage multi-tenancy on Weave GitOps Enterprise. It is built on top of Flux’s tenancy model with a lot of extra flexibility and power. For example, all of your workspaces can be defined in one or more files. We then have a simple CLI command that will generate all of the necessary YAML for you. This includes advanced features such as policies to ensure full compliance within the tenant. You can define which repositories your users can use as well as which clusters applications can be deployed to. To learn more about this feature check out the documentation.

You can also now define pipelines and environments for Helm Charts. This will allow your application teams to see how things are rolled out across dev, staging, and production environments; or however you choose to define your environments. There will be a lot of continued efforts in this area so stay tuned.

Your engineering teams are able to see policy violations for applications across clusters. Policy sets can be used by platform operators to define in one place whether policies are for auditing purposes or should be blocked by the admission controller. The team built out a profile for making it easy to set up policy dashboards using the ELK stack. Platform operators now have greater flexibility when configuring the same policy with different values for different clusters.

VS Code GitOps Extension

A lot of great features have been added to the extension, most notably support for OCI and Azure. Please see the recent blog post in our ecosystem category for more details.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In September here are a couple of talks we would like to highlight.

CNCF On-Demand Webinar (Sep 15): Flux increased security & scalability with OCI
Flux is trusted for its high levels of security, and new OCI support brings even greater GitOps security and scalability. Max Jonas Werner covers the benefits like more streamlined repo structure options and better ways to manage breaking changes in your app.
CNCF On-Demand Webinar (Sep 29) How to GitOps Your Terraform
Priyanka “Pinky” Ravi walks you through step-by-step how to manage Terraform resources the GitOps way, from provisioning to enforcement. Bring GitOps to infrastructure and application resources for hybrid automation, state enforcement, drift detection and more.

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

KubeCon

We are happy to announce that we will be at GitOpsCon and KubeCon in October! Visit our booth in-person at the Project Pavilion during KubeCon and the full schedule is below (and on our Flux @ KubeCon mini site. See you soon!

Monday, October 24 (Flux Project Meeting at KubeCon)

13:00 - 17:00 Flux Project Meeting Room 335, Level 300

We’ll have talks/demos from beginner to advanced, including but not limited to: Flux basics, what’s new with Flux including OCI support, VS Code, Terraform Controller, Cosign, Helm, & Flagger, and of course you can ask Maintainers all your questions.

Tuesday, October 25 (GitOpsCon)

9:45 - 10:15 GitOpsCon: How to Achieve (Actual) GitOps with Terraform and Flux

Priyanka "Pinky" Ravi (Weaveworks) and Roberth Stand (Crayon Group)

9:45 - 10:15 GitOpsCon: Toward Full Adoption of GitOps and Best Practices at RingCentral

Tamao Nakahara (Weaveworks) and Ivan Anisimov (RingCentral)

11:10 - 11:40 GitOpsCon: Simplifying Edge Deployments Using EMCO and GitOps

Igor DC & Adarsh Vincent Chittilappilly (Intel)

11:40 - 12:10 Prometheus Days: Automate your SLO validation with Prometheus & Flagger

Sanskar Jaiswal & Kingdon Barrett (Weaveworks)

12:00 - 12:10 GitOpsCon: Why Do We Do This? The Heart of GitOps

Leigh Capili (VMware)

13:10 - 13:20 GitOpsCon: Green(ing) CI/CD: A Sustainability Journey with GitOps

Niki Manoledaki (Weaveworks)

13:40 - 14:10 GitOpsCon: Complete DR of Workloads, PVs and CSI Snapshots via Flux and Vault OSS

Kingdon Barrett (Weaveworks)

14:15 - 14:45 GitOpsCon: GitOps with Flux and OCI Registries

Soulé Ba & Scott Rigby (Weaveworks)

14:15 - 14:45 GitOpsCon: Pixie + Flux, VSCode, GitOps Observability from Top to Bottom

Somtochi Onyekwere (Weaveworks)

Wednesday, October 26 (KubeCon)

14:30 - 16:00 KubeCon: Tutorial: So You Want To Develop a Cluster API Provider

Anusha Hegde & Winnie Kwon & Sedef Savas (VMware), Richard Case (Weaveworks),

Avishay Traeger (Red Hat)

15:25 - 16:00 KubeCon: Flagger, Linkerd, And Gateway API: Oh My!

Jason Morgan (Linkerd) & Sanskar Jaiswal (Weaveworks)

15:25 - 16:00 KubeCon: Tutorial: How To Write a Reconciler Using K8s Controller-Runtime!

Scott Rigby, Somtochi Onyekwere, Niki Manoledaki & Soulé Ba (Weaveworks),

Amine Hilaly (Amazon Web Services)

Thursday, October 27 (KubeCon)

11:00 - 11:35 KubeCon: Learn About Helm And Its Ecosystem

Andrew Block & Karena Angell (Red Hat), Matt Farina (SUSE) Scott Rigby (Weaveworks)

Friday, October 28 (KubeCon)

11:00 - 12:30 KubeCon: Flux ContribFest

Room 410 B

16:55 - 17:30 KubeCon: Flux Maturity, Feature, and Contrib Update

Somtochi Onyekwere & Kingdon Barrett (Weaveworks)

Flux Bug Scrub

The next dates are going to be:

In other news

New Flux Project Members: Batuhan Apaydın and Rashed Kamal

We are very excited to be able to announce two new Flux project members this month.

Batuhan Apaydın, Senior Software Engineer at Trendyol, has been helping out quite a bit in the OCI discussions and wrote a blog post explaining how to manage Kyverno policies as OCI artifacts recently. We are very glad to have him in our community and there’s more OCI awesomeness and blog posts planned.

Rashed Kamal, Staff Engineer at VMware, joined us in September as well. His interests include OCI, where he contributed to the RFC too. On top of that he fixed a number of issues in Flux. Thanks for all of that and for being part of the team!

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: NovaID.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

We simplified the build process of the website. We are on a very recent version of the Docsy theme again!
Our Bootstrap Cheatsheet now contains instructions on how to enable notifications for third party controllers.
Flux End-To-End documentation was updated to reflect recent changes.
We added a lot of new videos to the Flux Resources page.
Many small improvements and fixes across the entire site and docs.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Kingdon Barrett, Arhell, Paulo Gomes, Max Jonas Werner, Vanessa Abankwah, Santosh Kaluskar, Batuhan Apaydın, Stacey Potter, Bang Nguyen, Sven Nebel, Aurel Canciu, David Harris, Gustaf Lindstedt, Simo Aleksandrov and annaken.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-10-06 or 2022-10-12.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: August 2022 Update

Mon, 05 Sep 2022 11:30:00 +0000

It’s the beginning of September 2022 - let’s recap together what happened in August - it has been a lot!

News in the Flux family

New Flux releases add OCI support and better integration with cloud services

August saw two big releases of Flux: v0.33 and v0.32. Let’s go through the major changes one by one.

Enable contextual login to container registries when pulling Helm charts from Amazon Elastic Container Registry, Azure Container Registry and Google Artifact Registry using HelmRepository.spec.provider.
Select which layer contains the Kubernetes configs by specifying a matching OCI media type using OCIRepository.spec.layerSelector.
Authenticate to Azure Blob storage with SAS tokens using Bucket.spec.secretRef.
Allow filtering OCI artifacts by semver and regex when listing artifact with flux list artifacts.
Allow excluding local files and directories when building and publishing artifacts with flux push artifact.
New Flux CLI commands flux push|pull|tag artifact for publishing OCI Artifacts to container registries.
New source type OCIRepository for fetching OCI artifacts from container registries.
Resolve Helm dependencies from OCI for charts defined in Git.

The big news was of course that we added support for distributing Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts. For more information on OCI support please see the Flux documentation.

Big thanks to the Flux contributors that helped us along the way. It took us almost 4 months, from the first RFC version to shipping OCI support today. And a special thanks to Rashed and the whole VMware Tanzu team for the excellent collaboration!

No more pesky secrets to authenticate against Azure, AWS and GCP container registries when deploying Helm charts with @fluxcd. Starting with v0.33, Flux leverages #Kubernetes workload identity and IAM when pulling OCI artifacts from managed registries. https://t.co/V9dbT6orrP pic.twitter.com/N7EB4D0Is8
— Stefan Prodan (@stefanprodan) August 31, 2022

I'm super excited to announce that @fluxcd support for distributing #Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts has finally shipped in v0.32. https://t.co/144HY6LUTy
— Stefan Prodan (@stefanprodan) August 11, 2022

Security news

We are continuously putting effort into the security story of Flux. One cornerstone of this is fuzzing of all code. As promised, we started transitioning our fuzz tests to the native Go implementation.

We are happy to say that we managed to contribute back to Google’s oss-fuzz improving Go Native Fuzz implementation as well during this effort ( patch 1, patch 2).

Flagger 1.22.2

Flagger 1.22.2 received a patch release as well during August. It fixes a bug related to scaling up the canary deployment when a reference to an auto-scaler is specified.

Furthermore, it contains updates to packages used by the project, including updates to Helm and grpc-health-probe used in the load-tester.

A number of CVEs originating from its dependencies were fixed as well.

Flux Ecosystem

Flux Subsystem for Argo

Flux added OCIRepository as a new kind of Source in its recent release. The new version of Flux Subsystem for Argo (FSA) brings these good bits of Flux to Argo CD. The team has also recently upgraded FSA to Argo CD v2.2.12 to contain recent security bug fixes again. This version of Flux Subsystem for Argo requires Flux v0.32.0 to install.

Terraform-controller

The team has released TF-controller v0.11 which now supports Flux OCIRepository. To use Flux OCIRepository with TF-controller, you’re required to upgrade Flux to v0.32+.

In addition to the new OCIRepository support, the TF-controller team is glad to announce that the performance of TF-controller has been improved significantly. Now the controller is greatly scalable to reconcile and provision high volumes of Terraform modules concurrently. The team has recently tested the controller with 1,500 Terraform modules.

Weave GitOps

The team at Weaveworks is continuing to invest in Applications first! They’ve focused this quarter on building and improving the primitives that make up Weave GitOps. Their aim is to make it easy for platform operators to simplify adoption of Kubernetes and Cloud Native in general across their engineering organization. An easy to use platform that is extensible and safe for organizations to meet their needs.

The OSS team released v0.9.4. There are a lot of iterative improvements in the app such as the ability to pause and resume multiple sources or automation objects from the UI. In addition, there are a bunch of tiny UI and visual improvements. Getting started is now simpler due to a new gitops create dashboard command for producing the HelmRelease and HelmRepository objects. Plus, some foundational improvements for gitops run.

On the enterprise side they are wrapping up workspaces including the GUI, that gives you a single pane of glass what applications and policies belong to which tenant! That makes governance for Platform teams easy and enables Application teams to operate efficiently in safe boundaries. In addition, they have a new add application experience that makes it easy to use Kustomizations and Helm Charts via their UI. Now you have a single simple flow to add your workloads/applications independently if it’s k8s manifest in a Git Repository or Helm Charts. Look for an upcoming release (v0.9.4) in the next week for these two items.

VS Code GitOps Extension

Anyone who loves the GitOps Extension for VS Code should update to the latest version. Among other things it just received a number of security fixes. Find the relevant details on its advisories page.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In August here are a couple of talks we would like to highlight.

CNCF Livestream with Kingdon Barrett: VSCode and Flux: Testing the new OCI Repository feature

The Flux project continues in active development with the addition of OCI configuration planned in the GA roadmap. Another Flux advancement has been the creation of the new VSCode Extension which provides a convenient interface to Flux that can help reduce friction moving between editor and terminal, alleviating the headache of context switching overloading developer focus. Flux maintainer Kingdon Barrett demonstrates Flux’s new OCI features and a convenient way to access them.

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in September - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Sep 15 CNCF on-demand webinar: Flux Increased Security & Scalability with OCI

Flux is trusted for its high levels of security, and new OCI support brings even greater GitOps security and scalability. Max will cover the benefits like more streamlined repo structure options and better ways to manage breaking changes in your app.
Sep 29 CNCF on-demand webinar: How to GitOps Your Terraform

Pinky will walk you through step-by-step how to manage Terraform resources the GitOps way, from provisioning to enforcement. Bring GitOps to infrastructure and application resources for hybrid automation, state enforcement, drift detection and more.

Flux Bug Scrub

The next dates are going to be:

In other news

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Embark Studios and NexHealth.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

New security docs on Secrets Management and Contextual Authorization.
New blog post: Managing Kyverno Policies as OCI Artifacts with OCIRepository Sources
Cheatsheet news
- OCI Artifacts
- Bootstrap: Git repository access via SOCKS5 ssh proxy
- Bootstrap: Enable notifications for third party controllers
Flux’s Work Well With section: find out how to make Flux work with your favourite other OSS software
Lots of new videos from GitOpsCon / KubeCon on our resources page
Various updates to the Flux Roadmap to indicate what needs to be done for the Flux GA release
Move to a fluxcd.io/<project> kind of structure. Add a project picker in the main navbar. Updates of Flux Legacy docs to 1.4.4, Flagger docs to 1.22.2.
Updates of Docsy theme and dependencies. Prevent click-jacking of the site.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Paulo Gomes, Arhell, Kingdon Barrett, Max Jonas Werner, Santosh Kaluskar, David Harris, Sunny, Aurel Canciu, Benny and annaken.

New Flux Project Member: Leigh Capili

We are proud to announce a new project member in the Flux project. Leigh Capili, Staff Developer Advocate at VMware, has been contributing to Flux for a long time already. If you check out his application, he has left a trail of fixes and improvements across almost all of our projects.

What we would like to specifically call out as well, is the countless talks he has done about Flux and GitOps. Take a look at the Flux Resources page to learn more. Three of our current favourites are:

Be like Leigh: If you have contributed to Flux and are interested in joining the Flux project as a member, please take a look at our governance documentation for this.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-09-08 or 2022-09-14.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: July 2022 Update

Tue, 02 Aug 2022 11:30:00 +0000

It’s the beginning of August 2022 - let’s recap together what happened in July - it has been a lot!

News in the Flux family

Next Flux release: OCI Helm improvements and consolidated Git implementations

The whole Flux team is busy working on the v0.32.x Flux release that’s planned for early August. A lot of our planned changes have already landed and what you can look forward to is: OCI for Kubernetes manifests and further enhancements to the OCI for Helm support that shipped already are also included. Support for Cosign will not be included in this release just yet, but will come later.

It’s not too late to provide early feedback for the OCI support, we still need more user engagement/feedback to guarantee this feature is ready for release.

We have planned on this release finally decommissioning our libgit2 Unmanaged Transport and replacing it with the new Managed Transport (it will no longer be experimental, now default!)

The upgrade to managed transport should be opaque and seamless for the end user. Hopefully Flux users will notice things are more stable, but no changes are needed in order to take advantage of this upgrade, other than simply upgrading.

Security news

When we started writing about Security in Flux, folks started asking us more questions about how to ensure their Flux deployments were secure. We are happy to announce that we documented Flux’s Security Best Practices on our website. It comes with a simple checklist that you can follow to ensure you implemented it. You can also go deeper and expand the text blocks to understand the rationale and backgrounds better.

Please let us know if you have any questions or feedback - we are happy to add to this section.

Flagger 1.22 brings KEDA Support

This Flagger release is a big one. It comes with support for KEDA ScaledObjects as an alternative to HPAs. KEDA is a CNCF Incubation project and is supported in e.g. Azure. Check out our tutorial to understand how to use it with Flagger.

Other improvements in the release are:

The .spec.service.appProtocol field can now be used to specify the appProtocol of the services that Flagger generates.
A bug related to the Contour prometheus query for when service name is overwritten along with a bug related to Contour HTTPProxy annotations have been fixed.
The installation guide for Alibaba ServiceMesh has been updated.

Read the full list of improvements and fixes in the 1.22.0 and 1.22.1 changelog entries.

Flux Ecosystem

Flux Subsystem for Argo

The team released Flux Subsystem for Argo by rebasing it to Argo CD v2.2.11, which contains many serious security fixes. They verified that this version of FSA worked with recent versions of Flux, including Flux v2 0.31.4.

Terraform-controller

The authors had been identifying performance bottlenecks in the TF controller. Now with the bottlenecks identified, they have been able to start rewriting the certification rotation component to improve the performance of the controller. The performance improvement is expected to land by the mid of August.

Their most recent release 0.10.0 contains the following improvements:

Add support for Terraform Enterprise
Implement resource inventory
Improve security to make the images work with Weave GitOps Enterprise
Re-implement certificate rotator
Correct IRSA docs
Update Kubernetes libraries to v0.24.3, go-restful to fix CVE-2022-1996
Add pprof to the /debug/pprof endpoint
Fix race condition to make sure that gRPC client and the runner use the same TLS

VS Code GitOps Extension

In our last monthly updates we talked about the GitOps Extension for VS Code that is based on top of Flux. If you always wanted to see it in action to be able to understand what it can do for you, check out our recent blog post which contains the VSCode Extension Demo from GitOps Days.

Weave GitOps

The team is working towards a new release of Weave GitOps OSS. They’ve made some quality of life improvements in our latest release v0.9.1. I'm so glad you asked. This is a CLI command in Weave GitOps OSS that will make it simpler to get started with Flux and GitOps. In addition, it enables live feedback while configuring your cluster. They are aiming for simplicity for those that are new to Kubernetes and GitOps. They are looking for beta testers so if you know anyone that might be interested then please have them sign up here.

On the Enterprise side they are getting close to enhance and extend the flux tenant model, providing the user with capabilities to create tenants from a declarative yaml that can be versioned. Enabling platform teams to create isolated tenants with boundaries. Define allowed sources, targets. RBAC and policy with a single tool.

Azure GitOps

Azure GitOps now supports Flux v2 in Azure Kubernetes Service (AKS) and Azure Arc-enabled Kubernetes (Arc K8s) clusters ( blog post). Azure lets customers use the same managed Flux service for their cluster configuration and application deployment across all their clusters – Azure, on-premises, multi-cloud. The Azure team works closely with Weaveworks to improve upstream Flux (e.g., multi-tenancy) and continues the partnership.

New additions to the Flux Ecosystem

We redesigned our Ecosystem page! Up until recently we simply listed tools, extensions and integrations that either simplified using Flux in various contexts or extended its functionality.

What was missing was the great work a lot of companies have done to bring GitOps to their users in the form of products and services. We now show a list of these and logos for those who approved the use of logos. If you are in the market for a complete GitOps solution, go check it out!

Another big topic in our user community is the one of UIs. We now added a section with screenshots to give you a good idea of what your options are and how they can simplify your workflow.

We realise that some ecosystem entries might be missing - if you find one, please send a PR, we want this page to grow!

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In July here are a couple of talks we would like to highlight.

Check out the recent CNCF livestream with Kingdon Barrett and Priyanka Ravi, Enhance your GitOps Experience with Flux Tools & Extensions.

In addition to that we recently started discussing a number of great talks from last month’s GitOps Days in blog posts. Check out these posts - they contain a summary of the talks and show the videos as well:

Weaveworks Blog: GitOps Days 2022 recap: major clouds & vendors offering GitOps with Flux
CNCF Blog: How to apply GitOps to everything with Crossplane and Flux
CNCF Blog: Keep calm and trust A/B testing with Flux, Flagger, and Linkerd
CNCF Blog: GitOps with Flux at Safaricom

Please let us know if we missed anything of interest and we will make sure to mention it in the next post!

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in August - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

CNCF Livestream (Aug 17) with Kingdon Barrett

The Flux project continues in active development with the addition of OCI configuration planned in the GA roadmap. Another Flux advancement has been the creation of the new VSCode Extension which provides a convenient interface to Flux that can help reduce friction moving between editor and terminal, alleviating the headache of context switching overloading developer focus.

Flux maintainer Kingdon Barrett will demonstrate the pre-release of Flux's new OCI features and a convenient way to access them while they remain in pre-release so you can provide the feedback that is needed by Flux maintainers to make this feature a success!

Flux Bug Scrub

The next dates are going to be:

In other news

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Mintmesh and SenseLabs.

More docs and website news

We added a Troubleshooting cheatsheet! This has been a request from our community for a long time and we would love to hear your feedback! What do you and your team use for incidents? Is it playbooks? What would you expect in Flux docs for managing incidents and troubleshooting?

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

New use-case: GitHub Actions Basic App Builder:
This guide shows how to configure GitHub Actions to build an image for each new commit pushed on a branch, for PRs, or for tags in the most basic way that Flux’s automation can work with and making some considerations for both dev and production.
A single GitHub Actions workflow is presented with a few variations but one simple theme: Flux’s only firm requirement for integrating with CI is for the CI to build and push an image. So this document shows how to do just that.
We expanded our documentation on Azure to include Using Helm OCI with Azure Container Registry.
Flagger news! We updated the docs on our website to match the newest version of Flagger (1.22). This adds a tutorial for how to do Canary analysis with KEDA SealedObjects. In addition to that the install guides were updated, in particular the instructions for setting up Flagger on Alibaba ServiceMesh was simplified quite a bit.
We updated the resources section on the fluxcd.io landing page to show updated content with more breadth across the Flux space.
We updated to a more recent version of the Docsy theme, which allowed us to drop some of our own customisations. With this we also updated to the new version of the Algolia API - this should give you better search results as well.
And lots of other small improvements.

Thanks a lot to these folks who contributed to docs and website: Paulo Gomes, Kingdon Barrett, Ihor Sychevskyi, Max Jonas Werner, Santosh Kaluskar, Stefan Prodan, Hidde Beydals, Jonathan Innis, Soulé Ba, Stacey Potter, @chengleqi and @kirankldevops.

Archival of Flux Web UI

The fluxcd/webui project was archived. It was in active development from November 2020 to June 2021, but unfortunately it could not be kept alive. This is why we felt the need to point users to the following alternatives for UIs for Flux instead.

Weaveworks offers a free and open source GUI for Flux under the weave-gitops project.

You can install the Weave GitOps UI using a Flux HelmRelease, please see the Weave GitOps documentation for more details.
The Flux community maintains a series of Grafana dashboards for monitoring Flux.

See the monitoring section of the Flux documentation for how to install Flux's Grafana dashboards.

New Flux Project Member: Ihor Sychevskyi

We are very pleased to welcome Ihor Sychevskyi as a project member into the Flux family. Over the past months Ihor has been busy improving our website in many many places. A lot of small UI glitches all over the place fell into this category and if you view fluxcd.io on mobile the site is getting better all the time!

Be like Ihor: If you have contributed to Flux and are interested in joining the Flux project as a member, please take a look at our governance documentation for this.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-08-03 or 2022-08-11.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: June 2022 Update

Mon, 04 Jul 2022 13:30:00 +0000

It’s the beginning of July 2022 - let’s recap together what happened in June - it has been a lot!

News in the Flux family

A lot of work culminated in the 0.31 release series, where we landed at Flux v0.31.3. You can look forward to the the following set of important fixes and documentation improvements:

✨ Flux releases v0.31

We’ve released Flux v0.31. This release comes with new features and improvements.

🚀 New features

Pull Helm charts from container registries by configuring Helm repositories with type: oci.
For more information please see the Helm OCI documentation
Trigger GitHub Actions workflows from Flux by configuring alerting providers with type: githubdispatch.
For more information please see the GitHub dispatch provider documentation.

📔 New guides

🤖 New improvements and fixes

Starting with this version, all Flux controllers conform to the Kubernetes API Priority and Fairness.
Add support for configuring the authentication to AWS KMS, Azure Key Vault and Google Cloud KMS on multi-tenant clusters.
The Git reconciliation has been made more efficient by adding support for no-op clones that should reduce the outbound traffic substantially.
The libgit2 managed transport feature has been enabled by default to improve the Azure DevOps and AWS CodeCommit Git operations.
Fix an issue where the token used for Helm operations would go stale if it was provided using a Bound Service Account Token Volume.
Update the controllers and CLI dependencies to Kubernetes v1.24, Kustomize v4.5.5 and Helm v3.9.0.
Fix caching issue in registry client (source-controller)
Fix repository url error for Helm OCI (source-controller)
Fix semver sorting for Helm OCI charts (source-controller)
Fix service account impersonation when using target namespace (helm-controller)
Validate that the image name does not contain tags (image-reflector-controller)
Fix libgit2 SSH host key verification (source-controller & image-automation-controller)
Fix authentication when using Gitlab via HTTP/S (source-controller & image-automation-controller)

Thanks to everyone who contributed to this release. 🤗

Flux Ecosystem

Since the rewrite of Flux as a set of targeted controllers, we believe it has become a lot easier to extend Flux to whatever you need it to do. If you check out the Flux Ecosystem page you can see a lot of very useful extensions, products and tools you might find useful.

In this section of our monthly update, let’s go through what happened in the ecosystem.

Terraform-controller

The team around terraform-controlle started the new development cycle towards v0.10.0. They introduced a new feature that supports resource inventory inside a Terraform object so that other controllers like an external drift detector, or a cost estimator would be able to leverage it.

For the coming v0.10.0 release, they will focus on performance improvements so that the controller will handle large numbers of objects better.

Weave GitOps

The GitOps Dashboard is continuing to evolve and we have added a bunch of new features with the release of v0.9.0. You can now pause and resume automations and sources within the UI. The team also added a new yaml tab to each object page so you can see the full detail of the object on the cluster.

They have also added support for displaying custom metadata. It is super easy to use and enables you to put relevant information such as a description of the object or hyperlinks to metrics dashboards.

They have also improved the detail and graph views in the application. They were only able to show a subset of kubernetes objects that were created by Kustomizations and Helm Releases. You can now get a full view of all of the objects that were created.

The team is turning their attention to a new feature at the moment and are looking for people willing to participate as early beta users. They are building a new feature in Weave GitOps that will change the way you can interact with Kubernetes as you build out your system. The idea is to reduce friction as much as possible and get live feedback. Once you are done then you will be able to easily transition the workload management over to GitOps via Flux.

They are excited about this feature and would appreciate people that are willing to test early versions so they build the best possible solution that solves problems. If you are interested please sign up here and they will reach out to you via email when they are ready to start the beta test.

New additions to the Flux Ecosystem

We are very pleased to recognise KubeVela as part of the Flux Ecosystem: it integrates Flux well for Helm Chart delivery and GitOps, and provides multi-cluster capabilities.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Upcoming Events

Flux maintainer Somtochi Onyekwere at KCD Africa 2022 - Virtual

Somtochi Onyekwere has been contributing to Kubernetes and Flux for a long while already. We are very grateful to have her as part of the Flux maintainers team.

At the keynote at Kubernetes Community Days Africa 2022 - Virtual, she will be speaking about her experience going from contributor to project maintainer.

Join her and all the other speakers on July 7 & 8. Register here.

Recent Events (ICYMI) 📺

GitOps Days 2022

GitOps Days was a big celebration of everything we achieved as the Flux community in the past years. It was a big get-together of its maintainers, GitOps practitioners, cloud service vendors and our big community to talk about everything that’s possible today.

If you check out the schedule on its website you get a good idea of the high quality talks and workshops that happened there.

If you should have missed it, don’t despair - the GitOps Days team is working on publishing separate videos and dedicated videos very soon. In the meantime you can still hit the “Register” button on the website to get a link to the recordings of the two days!

Thanks to everyone who attended and organised the event - we had a fabulous time!

Flux Bug Scrub

The next dates are going to be:

We really enjoyed this demo of the k3d git server recently. It’s a local Git server that runs outside of Kubernetes, to support offline dev in a realistic but also simple way that does not depend on GitHub or other hosted services. If folks have other Flux-related topics and want a friendly audience to present for interest and feedback, we are always open to ideas and will host, come pitch us with your Flux talks while we iterate weekly issue queue hygiene!

In other news

People writing/talking about Flux

Alexander Block: Multiple Environments with Flux and Kluctl

Alexander Block is not only the author of Kluctl, but has joined us as a Flux contributor as well. If you are new to Kluctl, it says on its website that

Kluctl is the missing glue to put together large Kubernetes deployments.

It allows you to declare and manage small, large, simple and/or complex multi-env and multi-cluster deployments.

Kluctl does not have cluster-side dependencies and works out of the box.

Check out the new blog post to get an idea how Kluctl helps you wire up multiple environments.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Autops, MediaMarktSaturn, J.B. Hunt, QuickTable, SenseLabs and TraefikLabs.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

Add section for OCI Helm repositories
Add documentation for how to run jobs with Flux.
Add post-deployment jobs and repo structure.
Add "Karmada + Flux" user guide.
Add --ssh-hostkey-algos to image-automation-controller docs.
helm gh actions guide: Exclude events related to dependencies check.
Add guide: Promote Flux Helm Releases with GitHub Actions.
Monitoring: Add Loki and Flux logs to guide.
Update azure docs on mozilla sops.
Migration: Add links for flux v1 uninstall.
Roadmap: Add OCI items for GA.
Ecosystem page: We finally got around to adding Weave GitOps.
Build: Update docsy and hugo. Make builds more robust.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Ihor Sychevskyi, Ed Briggler, Max Jonas Werner, Paulo Gomes, xiexiong, Chrliey Haley, Hidde Beydals, Jianbo Sun, Kevin Fritz, LXM, Philip Laine, Poor12, Somtochi Onyekwere, Soulé Ba, Vincent Palmer, Vincent Van der Kussen, Wiliam Brode, netthier.

In particular we would like to thank Ihor Sychevskyi again who took on fixing small UI glitches all over the place - especially on mobile the site should work a lot better now!

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-07-06 or 2022-07-14.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: May 2022 Update

Wed, 01 Jun 2022 12:30:00 +0000

It’s the beginning of June 2022 - let’s recap together what happened in May - it has been a lot!

News in the Flux family

Flux v0.30 release

The latest Flux release is the v0.30 release series. It comes with new features and improvements. Users are encouraged to upgrade for the best experience. Note: v0.29.0 included breaking changes.

🚀 Features and improvements

Support for disabling remote bases in Kustomize overlays: this release adds support to the kustomize-controller for disallowing remote bases in Kustomize overlays using --no-remote-bases=true (default: false). When this flag is enabled on the controller, all resources must refer to local files included in the Source Artifact, meaning only the Flux Sources can affect the cluster-state. Users are advised to enable it on production systems for security and performance reasons.
Support for defining a KubeConfig Secret data key: both Kustomization and HelmRelease resources do now accept a .spec.kubeConfig.SecretRef.key definition. When the value is specified, the KubeConfig JSON is retrieved from this data key in the referred Secret, instead of the defaults (value or value.yaml).
Support for defining a ServiceAccountName in ImageRepository objects: the ImageRepository object does now accept a .spec.serviceAccountName definition. When specified, the image pull secrets attached to the ServiceAccount are used to authenticate towards the registry.

🎁 Link to release page

🔒 Flux Security announcement

We published three CVEs today which affect Flux versions earlier than v0.29.0. We recommend updating your Flux system at your earliest convenience.

More information on the advisories can be found in our security policy page.

To get some additional background on the advisories and what steps we are taking to make Flux more secure, check out our blog post about the advisories as well.

Upcoming Flux Release

The next Flux release is just a few days out. Here is in a nutshell what you can look forward to - but there’ll be more!

OCI Helm chart support as described in RFC-0002 will become available. But at time of writing, has two caveats:
- Chart dependencies from OCI repositories are not supported. #722
- Custom CA certificates are not supported. #723
GitRepository reconciliation will be more efficient when checking out repositories using branches or tags by added support for no-op clones.
The libgit2 managed transport will be moved out of experimental mode, and is the new default.

Make sure you watch our Slack and Twitter to get the update. Give us a star and watch for releases maybe as well.

Flagger 1.21.0 brings lots of improvements

This release comes with an option to disable cross-namespace references to Kubernetes custom resources such as AlertProviders and MetricProviders. When running Flagger on multi-tenant environments it is advised to set the -no-cross-namespace-refs=true flag.

In addition, this version enables Flagger to target Istio and Kuma multi-cluster setups. When installing Flagger with Helm, the service mesh control plane kubeconfig secret can be specified using --set controlplane.kubeconfig.secretName.

Flux Ecosystem

We have a lot of updates from the Flux Ecosystem and love how everything keeps on growing! If you are interested in more news from Flux integration, make sure you register for GitOps Days at 8-9 June - a lot of engineers and companies will be talking about their work and how you can benefit from it.

Flux Subsystem for Argo

Flux Subsystem for Argo was upgraded to support Argo CD v2.2.9, and welcomed Kingdon Barrett as a new maintainer for the project.

Terraform-controller

terraform-controller v0.9.5 was released which contains new features such as support for Runner Pod’s metadata, support environment variables for Runner Pod so that you can set proxy for Terraform binary with HTTPS_PROXY for example. This release also included many bug fixes.

Weave GitOps

The Weave GitOps team released v0.8.1 for Weave GitOps. This release is an iteration on top of our prior release. We have fixed a lot of bugs and made UI enhancements based on feedback from the community. For example, you are able to reconcile Flux objects directly from the UI. We have a lot of great features planned over the next couple months. Please do not hesitate to drop in some feature requests.

New additions to the Flux Ecosystem

We are thrilled to see the Flux Ecosystem growing on a continuous basis. The most recent additions to our Flux Ecosystem page are flux-kluctl-controller and gardener-extension-shoot-flux.

kluctl/flux-kluctl-controller is a Flux controller for managing Kluctl deployments. Its website explains kluctl as follows

Kluctl is the missing glue to put together large Kubernetes deployments.

It allows you to declare and manage small, large, simple and/or complex multi-env and multi-cluster deployments.

Kluctl does not have cluster-side dependencies and works out of the box.

23technologies/gardener-extension-shoot-flux is a new integration with Flux. Gardener implements the automated management and operation of Kubernetes clusters as a service. With this extension fresh clusters will be reconciled to the state defined in the Git repository by the Flux controller.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

We feel blessed to have such a big community of users, contributors and integrators and so many are happy to talk about their experiences. In May here are a couple of talks we would like to highlight.

Last month was all about KubeCon and there were lots of great sessions we enjoyed and recommend watching. It might be best if you just head to our KubeCon Re-Cap blog post and take it from there!

Here is a list of additional videos and topics we really enjoyed - please let us know if we missed anything of interest and we will make sure to mention it in the next post!

📺 GitOps with Flux on AKS @AzureKubernetesService (Amsterdam) Meetup - Kingdon Barrett (Weaveworks) & Jonathan Innis (Microsoft)

📺 GitOps: Core Concepts & How to Structure Your Repos - Scott Rigby & Priyanka Ravi (Weaveworks)

📺 DevOpsDays Birmingham AL: GitOps and Flux scaled to 100s of Developers - Bryan Oliver & Kingdon Barrett (Weaveworks)

📺 DOK (Data On Kubernetes) #127: Flux for Helm Users! With Scott Rigby (Weaveworks)

📺 Community Office Hours: Injecting Secrets from HashiCorp Vault into Flux - Priyanka Ravi (Weaveworks) & Rosemary Wang (Hashicorp)

📺 Reconcile Terraform Resources the GitOps Way - Priyanka Ravi (Weaveworks)

📺 GitOps (Flux) Extension for VS Code - Kingdon Barrett (Weaveworks)

#flexyourflux

The #flexyourflux campaign we started for KubeCon is still ongoing. Until GitOps Days (see below) you can still win a 1h-long 1-on-1 meeting with Flux Core Maintainer Stefan Prodan.

Get your limited edition @fluxcd T-shirts at @KubeCon_ EU only! In person at Valencia only!#flexyourflux with our quiz at pick up your shirt at the Flux booth! https://t.co/BHxJxeYhRq @kubernetesio #GitOps pic.twitter.com/HWD2Uru0PX
— Tamao Nakahara - DevRelCon July 18-19🎉 (@mewzherder) May 17, 2022

We will draw the lucky winners live at the GitOps Days event (8-9 June).

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in June - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Flux Bug Scrub

The next dates are going to be:

GitOps Days 2022

GitOps Days 2022 is a free 2-day online event on June 8-9, 2022 with Flux center stage!

This is THE event for your GitOps journey! Getting started? Taking GitOps to the next level? We’ll cover all of the steps for your success!

The event will run from ~9:00 am PT to ~3:00 pm PT each day as a free online event.

✨✨ Register now to reserve your spot to receive updates to the schedule and speakers. Join the conversation! Chat with the speakers and other attendees! Invite yourself at https://slack.weave.works and hang out with us at #gitopsdays

Talks and tutorials on how to get started with Kubernetes and GitOps
Talks from Flux users about their use cases
How to do GitOps securely
Platforms that offer GitOps: Microsoft Arc Kubernetes, AWS Anywhere, Weave GitOps, D2iQ Kubernetes Platform, and more! all using Flux!
Flux in the CNCF and the GitOps Ecosystem
Flux support and Integrations: Flux + Helm, Terraform, HashiCorp Vault, Jenkins, OpenShift, Visual Studio Code, and much much more!
Technical deep dives with Flux maintainers
Speakers from Orange, RingCentral, and more just added

In other news

People writing/talking about Flux

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Tietoevry, Grafana Labs, Aily Labs, SisID, FHE3, Qualifio, Axel Springer SE, Cookpad.

If you are like us, you really enjoy hearing adopter use case stories. At Gitops Days, there will be loads of those, so join us 8-9 June.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently:

By updating to the latest hugo and docsy, we were able to drop some of our custom code to show e.g. tabs in our documentation.
We added a gallery shortcode to be able to show a collection of pictures nicely.
New docs for
- Enable Helm repositories caching
- Locking down multi-tenant clusters by disabling Kustomize remote bases
- Deploy key rotation
- How to disable cross namespace references
- How to bootstrap Flux on GCP GKE with Cloud Source repositories
New videos added to our Flux Resources page.

Thanks a lot to these folks who contributed to docs and website: Stefan Prodan, Ihor Sychevskyi, Matt J WIlliams, Paulo Gomes, Alexander Block, Andreas Loholt, Axel Fontana, Cosmin Banciu, Christian Berendt, Jiri Tyr, Julien Duchesne, Martin Weber, Max Jonas Werner, Steven Koeberich, as09.

In particular we would like to thank Ihor Sychevskyi who recently took on fixing small UI glitches all over the place - especially on mobile the site should work a lot better now!

New Project Member: Stacey Potter

Stacey Potter

We are very happy to announce that Stacey Potter joined us as a Flux Project Member.

Stacey has helped the Flux team out a great deal by organising a lot of Flux-related events like GitOps Days, Weave Online User Groups, adding videos to the Flux Resources page and our YouTube playlist, and coordinating with the team on our Project presence for KubeCon events. She’s such a pleasure to work with and we owe quite a bit of Flux’s success to the stages she created for our speakers.

As a side-note: we updated the Flux Governance recently to make it even clearer that we love all kinds of contributions, be they code or not. We hope that many more of you will follow this path.

@FluxCD welcomes contributors of all kinds, for realz!

🥳Today I joined as an official Project Member - without a single line of code written.🤩 Thx to all the Flux Fam, esp @dholbach @makkes for sponsoring me.

If I can do it, you can too! Join us!https://t.co/RO6CbSKiBK
— Stacey Potter (@stacey_potter) May 25, 2022

New Flagger Maintainer: Sanskar Jaiswal

Sanskar Jaiswal

Sanskar Jaiswal has been working on Flux and Flagger for quite a while now. One of his major contributions was to add Gateway API support to Flagger. We are very pleased to let you know that he joined the ranks of Flagger maintainers now.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-06-02 or 2022-06-08.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: April 2022 update

Tue, 03 May 2022 08:30:00 +0000

It’s the beginning of May 2022 - let’s recap together what happened in April - it has been a lot!

Update: Earlier versions of this post referred to the pre-KubeCon Bug Bash. Unfortunately we had to cancel our participation.

News in the Flux family

Latest Flux release series is 0.29

This is the latest and greatest, but before we get into the list of great features and improvements, let’s take a look at the breaking changes beforehand:

From this release on, the RUNTIME_NAMESPACE environment variable is no longer taken into account to configure the advertised HTTP/S address of the storage. Instead, variable substitution must be used, as described in the changelog entry for v0.5.2.
Use of file-based KubeConfig options are now permanently disabled (e.g. TLSClientConfig.CAFile, TLSClientConfig.KeyFile, TLSClientConfig.CertFile and BearerTokenFile). The drive behind the change was to discourage insecure practices of mounting Kubernetes tokens inside the controller’s container file system.
Use of TLSClientConfig.Insecure in KubeConfig file is disabled by default, but can be enabled at controller level with the flag --insecure-kubeconfig-tls.
Use of ExecProvider in KubeConfig file is now disabled by default, but can be enabled at controller level with the flag --insecure-kubeconfig-exec.

With that out of the way, here are the highlights of the release:

Notification Improvements

A new notification is now emitted to identify recovery from failures. It is triggered when a failed reconciliation is followed by a successful one.

In-memory cache for HelmRepository

An opt-in in-memory cache for HelmRepository that addresses issues where the index file is loaded and unmarshalled in concurrent reconciliation resulting in a heavy memory footprint. It can be configured using the flags: --helm-cache-max-size, --helm-cache-ttl, --helm-cache-purge-interval.

Configurable retention of Source Artifacts

Garbage Collection is enabled by default, and now its retention options are configurable with the flags: --artifact-retention-ttl (default: 60s) and --artifact-retention-records (default: 2). They define the minimum time to live and the maximum amount of artifacts to survive a collection.

Configurable Key Exchange Algorithms for SSH connections

Using the flag --ssh-kex-algos. Note this applies to the go-git gitImplementation or the libgit2 gitImplementation but only when Managed Transport is being used.

Configurable Exponential Back-off retry settings

With the new flags: --min-retry-delay (default: 750ms) and --max-retry-delay (default: 15min). Previously the defaults were set to 5ms and 1000s, which in some cases impaired the controller’s ability to self-heal (e.g. retrying failing SSH connections).

Experimental managed transport for libgit2 Git implementation

Now has self-healing capabilities, to recover from failure when long-running connections become stale.

SOPS refactored and optimized

Including various improvements and extended code coverage. Age identities are now imported once and reused multiple times, optimizing CPU and memory usage between decryption operations.

Helm chart directory loader improvements

Introduction of a secure directory loader which improves the handling of Helm charts paths.

For a more detailed list of changes in the series, please refer to the change logs of 0.29.0, 0.29.1, 0.29.2, 0.29.3, 0.29.4, and 0.29.5.

Flagger 1.20.0

This release comes with improvements to the AppMesh, Contour and Istio integrations.

Improvements

AppMesh: Add annotation to enable Envoy access logs #1156
Contour: Update the httproxy API and enable RetryOn #1164
Istio: Add destination port when port discovery and delegation are true #1145
Metrics: Add canary analysis result as Prometheus metrics #1148

Fixes

Fix canary rollback behaviour #1171
Shorten the metric analysis cycle after confirm promotion gate is open #1139
Fix unit of time in the Istio Grafana dashboard #1162
Fix the service toggle condition in the podinfo helm chart #1146

Flux Ecosystem

Flux Subsystem for Argo

In the latest release, we have added checkboxes to enable Flux Subsystem in the Argo CD UI. We also have a tutorial to use TF-controller with Flux Subsystem for Argo. With this you have an alternative option to Crossplane to manage infrastructure.

Terraform-controller

We have released TF-controller v0.9.4 which is a bug-fix release. We also added cloud cost estimation to our road map. Please feel free to give us feedback on how you would like this feature to be:

Issues here: https://github.com/weaveworks/tf-controller/issues, and
Discussions here: https://github.com/weaveworks/tf-controller/discussions

Weave GitOps

Weave GitOps is a powerful, open source extension to Flux, which provides insights into your deployments, and makes continuous delivery with GitOps easier to adopt and scale across your teams. You can easily install alongside an existing Flux setup, adding (or removing) Weave GitOps as a standard Helm resource.

The v0.8.0 release brings multi-namespace querying so you can see objects from across your cluster in the Web UI, several UI enhancements and bug fixes, as well as supporting the Source v1beta2 API - this breaking change means we now require Flux v0.29.0 or later.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

Managing Thousands of Clusters and Their Workloads with Max Jonas Werner D2iQ uses Flux to automatically enable this experience in its products. Join Max for this hands-on session on multi-cluster management using GitOps.

CNCF on-demand webinar: Flux for Helm Users with Scott Rigby Scott Rigby, Flux & Helm Maintainer, takes you on a tour of Flux’s Helm Controller, shares the additional benefits Flux adds to Helm and then walks through a live demo of how to manage helm releases using Flux.

Women In GitOps Panel We celebrated international women’s day, GitOps Style. This event gathered female role models who innovate, challenge and embrace the world of GitOps. Inspirational women who have achieved great success within the sector and will share stories of their journey and explore the question why is it important to “Get on GitOps.”

Securing GitOps Debug Access with Flux, Pinniped, Dex, & GitHub with Leigh Capili In this live demo, Leigh will show how the incredibly flexible, open-source combo of Flux, Pinniped, and Dex can empower a team to leave a traceable solution during a production incident. He explores effective team debugging habits with Kubernetes and git.

Security: The Value of SBOMs with Dan Luhring (Anchore) During this session, Dan Luhring, OSS Engineering Manager at Anchore, dives into SBOMs - what they are, why you need them, some common use cases and how to get your pipeline ready for SBOM generation and verification using the Flux SBOM as an example.

OpenSource 101: WTF is GitOps & Why Should You Care? with Priyanka Ravi Pinky shares from personal experience why GitOps has been an essential part of achieving a best-in-class delivery and platform team, gives a brief overview of definitions, CNCF-based principles, and Flux’s capabilities: multi-tenancy, multi-cluster, (multi-everything!), for apps and infra, and more.

From Zero to GitOps Heroes with Mae Large, Russ Parmer, & Priyanka Ravi During this session Mae, Pinky, & Riss share key learnings from their early days of assessing GitOps as an idea and methodology to how it evolved into the de facto automated software change process in less than 1 year.

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in May - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

Flux Bug Scrub

The next dates are going to be:

KubeCon / CloudNativeCon Europe 2022 coming up

As every other project in the Cloud Natice space, we are very busy preparing everything for KubeCon / CloudNativeCon Europe 2022, which is going to be 16-20 May 2022 in Valencia, Spain (and virtual of course!).

We will post a separate announcement as soon as everything is confirmed, but we already want to inform you about what’s likely to happen, so you can plan accordingly or collaborate with us!

The Bug Bash

Unfortunately we will not be participating in the Bug Bash this KubeCon!

Despite earlier announcements claiming we would do this, we felt we could not do this well enough. If you were looking forward to this, we are sorry - but you know what: we still have the weekly Bug Scrub! Your weekly one-on-one mentoring to learn the ropes of working on Flux!

Monday, 16 May

13:00 - 17:00 (Room 2H - Event Center): Flux Project Meeting: We will kick off the Flux get-togethers and festivities with an in-person meeting for all Flux users, contributors, maintainers and generally interested folks. This will be an opportunity to get to know each other, have a chat, see what people’s interests are and to potentially start contributing. ( Sign up here.) Contact people on the ground are: Scott Rigby, Somtochi Onyekwere and Stefan Prodan.

Join Flux Maintainers Stefan Prodan, Somtochi Onyekwere & Scott Rigby for this Flux Project Meeting in-person at KubeCon EU on Monday, May 16 from 1pm - 5pm CEST

Click here to register ( here) for the Flux Project Meeting. Please note that you must be a KubeCon + CloudNativeCon Europe ( here) registrant in order to attend this meeting.

Details Flux Project Meeting Monday, May 16, 13:00 - 17:00 CEST Room 2H | Event Center

Space is limited Please note: we will not have any live streaming, recordings, or any virtual component available for this meeting.

Tuesday 17 May - GitOpsCon

Lots and lots of talks about GitOps in general and Flux in particular, here’s a short selection of what to look forward to:

What is GitOps and How to Get It Right - Dan Garfield (Codefresh); Chris Short (AWS) & Scott Rigby (Weaveworks) (9:00 - 9:35)
Hiding in Plain Sight - How Flux Decrypts Secrets - Somtochi Onyekwere (Weaveworks) (11:05 - 11:15)
Taming the Thundering Gitops Herd with Update Policies - Joaquim Rocha & Iago López Galeiras (Microsoft) (11:35 - 11:45)
GitOps and Progressive Delivery with Flagger, Istio and Flux - Marco Amador (Anova) (13:20-13:30)
Creating A Landlord for Multi-tenant K8s Using Flux, Gatekeeper, Helm, and Friends - Michael Irwin (Docker) (13:35-14:05)
GitOps, A Slightly Realistic Situation on Kubernetes with Flux - Laurent Grangeau (Google) & Ludovic Piot (theGarageBandOfIT) (14:10 - 14:40)
Solving Environment Promotion with Flux - Sam Tavakoli & Adelina Simion (Form3) (14:10 - 14:40)
Managing Thousands of Clusters and Their Workloads with Flux - Max Jonas Werner (D2iQ) (14:55 - 15:25)
Crossing the Divide: How GitOps Brought AppDev & Platform Teams Together! - Russ Palmer (State Farm) & Priyanka ‘Pinky’ Ravi (Weaveworks) (15.30 - 16:00)
GitOps Everything!? We Sure Can!, AppsFlyer (15:30 - 16:00)
Lightning Talk: Addressing Log4Shell with Software Supply Chains - Duane DeCapite (VMware) (18:04 - 18:09)

Wednesday 18 May - Friday May 20 - KubeCon

Over these three days we are going to be at the Flux booth (both virtually and on the ground), so come over for a chat. We are planning loads of talks, demos and ample time to have a chat, get to know everyone, ask questions and have great new ideas together!

On top of that, here is a list of talks, workshops and sessions during those days:

Wed 18: Flux Security Deep Dive - Stefan Prodan (Weaveworks) (11:55 - 12:30)
Wed 18: Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Johee Chung (Microsoft) & Tiffany Wang (Weaveworks) (11:00 - 12:30)
Wed 18: Flux Bug Scrub - Kingdon Barrett (13:00 - 14:00)
Wed 18: A New Generation of Trusted GitOps for Mixed K8s and Non-K8s End Users - Alexis & Vasu Chandrasekhara (SAP) (15:25 - 16:00)
Thu 19: GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger (DigitalOcean) (11:00 - 12:30)
Thu 19: Flux Project Office Hour - Paulo Gomes (Weaveworks) (13:30 - 14:15)
Fri 20: Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, (Fastly) (11:00 - 11:35)
Fri 20: Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors (Google) & Stefan Prodan (Weaveworks) (14:55 - 15:30)

Please note: all of the above might be subject to change. Please double-check the schedule beforehand. Please reach out to Vanessa Abankwah or Daniel Holbach on Slack if you have questions or would like to participate in any of the above.

We very much look forward to seeing you there!

GitOps Days 2022

GitOps Days 2022 is a free 2-day online event on June 8-9, 2022.

This is THE event for your GitOps journey! Getting started? Taking GitOps to the next level? We’ll cover all of the steps for your success!

The event will run from 9:00 am PT to ~3:00 pm PT each day as a free online event.

✨✨ Register now to reserve your spot to receive updates to the schedule and speakers. ✨✨

Join the conversation! Chat with the speakers and other attendees! Invite yourself at https://slack.weave.works and hang out with us at #gitopsdays

What to expect?

Talks and tutorials on how to get started with Kubernetes and GitOps
Talks from Flux users about their use cases
How to do GitOps securely
Platforms that offer GitOps: Microsoft Arc Kubernetes, AWS Anywhere, Weave GitOps, D2iQ Kubernetes Platform, and more! all using Flux!
Flux in the CNCF and the GitOps Ecosystem
Flux support and Integrations: Flux + Helm, Terraform, HashiCorp Vault, Jenkins, OpenShift, Visual Studio Code, and much much more!
Technical deep dives with Flux maintainers
Music from DJ Desired State 🎶

In other news

People writing/talking about Flux

Manage Kubernetes Secrets for Flux with HashiCorp Vault

Rosemary Wang from HashiCorp wrote a great blog post about how to manage Kubernetes Secrets for Flux with HashiCorp Vault. The how-to is nicely written with a lot of detail and will take you through the steps to configure the Secrets Store CSI driver with HashiCorp Vault to securely inject secrets into Flux or other GitOps tools on Kubernetes.

We are looking forward to more collaboration together!

Full GitOps Tutorial: Getting started with Flux

This video is great for everyone who gets started, but also everyone who enjoys a story well-told.

In this video, Anais Urlichs covers

What is GitOps and how does Flux work
Flux installation
Managing Helm Charts with Flux
Managing Kubernetes Manifests with Flux
Setting up alerts with Flux

Anais also sat down wrote this all up in blog-post from.

How To Apply GitOps To Everything Using Crossplane And Flux

Viktor Farcic has done it again - check out this great video where he shows how to leverage the extensibility of Crossplane and Flux features to apply GitOps not only to applications running in Kubernetes but to everything (infrastructure, services, applications running anywhere, etc.)

Encrypted gitops secrets with flux and age

Major Hayden wrote a nice article about how to get encrypted gitops secrets with flux and age right.

Here you will learn how to store encrypted kubernetes secrets safely in your GitOps repository with easy-to-use age encryption. 🔐

Basic authentication with Traefik on kubernetes

Another post from Major Hayden! This time about Basic authentication with Traefik on kubernetes.

It’s nicely detailed and will take you through all the steps to keep prying eyes away from your sites behind Traefik with basic authentication. 🛃

Automated Canary Deployments with Rancher Fleet and Flagger

In this video, Lukonde Mwila will demonstrate how to execute automated canary deployments with Rancher Fleet and Flagger.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Stackspin, Maersk and Rungway.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently.

If you always wanted to join Team Flux and weren’t quite sure how, please read our blog post Contributing to Flux and say Hi on Slack!
Many mobile UI fixes!
Add flux-subsystem-argo/flamingo and weaveworks/vscode-gitops-tools to the Flux Ecosystem page.
New videos under Flux Resources! 😍
Various docs fixes.
And here is a big one: we moved all docs from https://flagger.app into https://fluxcd.io/flagger - this is part of a bigger move to subsume all of our documentation and web-presence into one place, so we won’t have to maintain too many pieces of infrastructure.
This has been on our to-do list since Flux became a CNCF Incubating project. Now that we are going for Graduation, we finally got around to doing it.

Thanks a lot to these folks who contributed to docs and website: Ihor Sychevskyi, Kingdon Barrett, Stefan Prodan, Endre Czirbesz, Maarten de Waard and Patrick Rodies.

In particular we would like to thank Ihor Sychevskyi who recently took on fixing small UI glitches all over the place - especially on mobile the site should work a lot better now!

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-05-05 or 2022-05-11.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: March 2022 Update

Mon, 04 Apr 2022 14:30:00 +0000

It’s the beginning of April 2022 - let’s recap together what happened in March - it has been a lot!

Update: Earlier versions of this post referred to the pre-KubeCon Bug Bash. Unfortunately we had to cancel our participation.

News in the Flux family

Source API getting more mature in Flux 0.28

The latest release of Flux is 0.28. One big focus was to graduate its Source API to v1beta2.

🤖 To upgrade and fully benefit from this, please follow the upgrade instructions.

This work had been a long time in the making, partly because of a larger refactoring effort, which we had reported about previously. The idea was to abstract reusable components and functionality into the fluxcd/pkg repository. While this is an ongoing effort, we are very happy with what we have learned so far and are convinced that we will get better test coverage this way and are providing external projects with a solid foundation to build on as well.

In this release we added new features and improvements across the board, here’s a quick list of our highlights:

Add the Git commit message (first 50 characters) to the events and alerts issued by GitRepository sources.
Improve performance for Helm repository index and chart download operations.
Improve observability for the Git, Helm and Bucket resources by providing explicit status conditions which conform to the Kubernetes kstatus conventions.
A new annotation ( kustomize.toolkit.fluxcd.io/ssa: merge) is available for allowing Flux to patch cluster addons such as CoreDNS.
Add Azure Blob Storage native support to Flux Bucket sources.
Add support for decrypting secrets with SOPS and Azure Key Vault on multi-tenant clusters.
Retry the Git operations on conflict errors to allow running bootstrap in-parallel for multiple clusters that target the same repository.
Add a new transport for libgit2 for improved reliability (experimental). We wrote about this in our last blog post as well.

Latest Flagger release comes with Gateway API support

We blogged about this separately already as it is such a big achievement for Team Flagger. With its recent 1.19 release, Flagger brings Gateway API support. This means native Progressive Delivery for all providers supported by the Gateway API project within Kubernetes. Be sure to check out the blog post to find out how to integrate this into your setups.

The Flux community is happy and proud that Flagger is part of our effort to bring GitOps solutions to the world.

Flux “Maintainers’ Focus” Project Board

Being clear about our priorities in Flux development was always important to us as a project. Discussing this regularly in weekly meetings to be able to get everyone’s input was one measure to do this. Updating our roadmap regularly was another. Monthly updates posted on all of Flux channels yet another.

As the development team around Flux grew and we had more work to be coordinated across Flux controllers with e.g. teams at cloud providers, bigger pieces of code refactoring, etc, we are now pleased to use GitHub’s new project boards for having a “Maintainer’s Focus” page which shows what’s bookmarked for the upcoming Flux releases - this might also be a good resource to check if you would like to get involved with Flux development and help out with one of the next releases.

On our way to Flux GA

A particular focus in our project management is GA, the big target we have been following ever since we started the rewrite of Flux. As you can see on the Flux Roadmap, we closed out the vast majority of items and last year we already announced that the Flux APIs will be stable from now on. So what’s left is to finish the refactoring for the remaining controllers, complete some parts of the documentation and some general tidying up. If you want more detail, or would like to help us to achieve this big milestone, you can follow the work here.

Security news

The latest addition to our blog series about Flux Security was a post called «Using Pod Security Standard "restricted"». Go check it out, as it you will learn more about Kubernetes’ pod security standard, seccomp and how we apply this in Flux to keep you safe.

The already mentioned blog post about our tight integration with Git APIs could also be of interest, as we discuss upcoming plans for integrating sha256 hash support.

Flux Ecosystem

What makes Flux great is its ecosystem. Tools and services which integrate seamlessly because that’s how the Cloud Native ecosystem works. We are celebrating all of this on the Flux Ecosystem page. (Please add yourself if your tool or integration isn’t listed yet.)

Renovate

Here are a couple of newcomers. Firstly, there’s Renovate, which is an Open Source tool to automate:

Detecting dependencies in a repository (Open Source and private/closed source)
Checking if there are dependency updates
Creating commits and Merge/Pull Requests to update dependencies
Showing the release notes

We are very pleased that the team at Renovate added a manager to integrate with Flux.

GitOps Visual Studio Code Extension

The Weaveworks GitOps Extension provides an intuitive way to manage, troubleshoot and operate your Kubernetes environment following the GitOps operating model, accelerating your development lifecycle and simplifying your continuous delivery pipelines.

Weaveworks GitOps Extension integrates with Kubernetes Tools, kubectl and flux for a consolidated and tightly integrated user experience.

And also this one about the Flux Gitops extension for VS Code: https://t.co/7VlRRyelOl #azure #gitops #flux #vscode
— Geert Baeke (@GeertBaeke) March 18, 2022

🚧 This extension is under active development and currently available as an alpha product.

Flux Subsystem for Argo

FSA (aka Flamingo) is the Flux Subsystem for Argo. Its container image can be used as a drop-in replacement for the equivalent ArgoCD version to visualise, and manage Flux workloads, alongside ArgoCD.

How does it work?

🚧 This project is currently available as a technology preview.

Terraform-controller

In some of our last issues we already reported about the terraform-controller hitting the streets. It’s a Flux controller which reconciles Terraform resources in the GitOps way. We received a short report from the team regarding their achievements of the first quarter of the year:

TF-controller v0.9.3 is considered the most stable release to date.
We reached 200 stars on GitHub, now at 211.
It's been 45 releases so far.
We re-factored it to the Controller/Runner architecture.
Standing on the shoulders of our giants (Flux), we successfully implemented the multi-tenancy feature in 2 months.
We cleared all Q1 roadmap with 68.2% test coverage.
We started seeing its adoption in public, from a Helm Controller user, for example.
We got its first promo video.
Chanwit Kaewkasi, Piaras Hoban and Tom Huang are the core team around it now!

Weave GitOps Core

The team around Weave GitOps has been busy and would love to hear your feedback. If you haven’t heard about it just yet, its GitHub says:

Weave GitOps enables an effective GitOps workflow for continuous delivery of applications into Kubernetes clusters. It is based on CNCF Flux, a leading GitOps engine.

The Flux community particularly loved the last sentence.

Getting started with it is very straight-forward. Please take up the offer of them and give feedback, they are building a very nice tool based on Flux!

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Recent Events (ICYMI) 📺

Flux Maintainer Stefan Prodan at our friends of Tanzu Tuesday: Mar 15: Tanzu Tuesdays #89: GitOps with Flux on Kubernetes with Stefan Prodan
Flux contributor and VMware Tanzu Advocate Leigh Capili talking about a subject close to the heart of many - security and debugging 💖: Mar 16: Securing GitOps Debug Access with Flux, Pinniped, Dex, & GitHub - Leigh Capili
Weaveworks’ DX Engineer Priyanka Pinky and Anchore’s OSS Lead Dan Luhring dive deeper into security subjects here: Mar 24: Security: The Value of SBOMs with Dan Luhring & Priyanka Ravi
Want to hear from professionals who brought GitOps to 7000 devs in a heavily regulated industry? Mae Large, Pinky & Russ Palmer reflect on their work together: Mar 30: From Zero to GitOps Heros with Mae Large, Russ Parmer, Priyanka Ravi

Upcoming Events 📆

We are happy to announce that we have a number of events coming up in April - tune in to learn more about Flux and GitOps best practices, get to know the team and join our community.

April 7: GitOps with Flux on AKS with Kingdon Barrett & Jonathan Innis

Introduction to GitOps & Flux
You may have heard the term GitOps - it has become a bit of a buzzword, but it’s so much more! The benefits of GitOps are real - bringing better security, reliability, velocity and more! And the project that started it all was Flux - a CNCF Incubating project developed and later donated by Weaveworks (the GitOps company who coined the term).

GitOps in Microsoft Azure with Flux
To provide Kubernetes admins and app developers with the latest tooling for managing configuration and application deployment, Azure enables GitOps with Flux. In this session Jonathan Innis, Software Engineer II at Microsoft, will live demo how CNCF Flux is enabled in Azure Arc enabled Kubernetes and Azure Kubernetes Services and also give a sneak peek at implementation of Flux.

April 13: GitOps: Core Concepts & Ways of Structuring Your Repos

Whether you’re new to GitOps or a seasoned pro, this talk is for you! We'll start with the basics of how/where to get started, and then dive into one of the most asked GitOps questions: how to structure your repository!

During this talk, Scott & Pinky will review the Core Concepts of Flux including Git Sources, Reconciliation, Helm Releases, Kustomization, and Bootstrapping, to get you ramped up with how to think with a GitOps mindset! Then they’ll dive into and discuss considerations for and demo ways of structuring your repositories: monorepo, repo per environment, repo per team, or repo per app.

April 20: DoK Talks #131: Flux for Helm Users by Scott Rigby

Welcome Helm users! CNCF Flux has a best-in-class way to use Helm according to GitOps principles. For you, that means improved security, reliability, and velocity - no more being on the pager on the weekends or having painful troubleshooting or rollback when things go wrong.

Built on Kubernetes controller-runtime, Flux’s Helm Controller is an example of a mature software agent that uses Helm’s SDK to full effect.

Flux’s biggest addition to Helm is a structured declaration layer for your releases that automatically gets reconciled to your cluster based on your configured rules:

⭐️ The Helm client commands let you imperatively do things
⭐️ Flux Helm Custom Resources let you declare what you want the Helm SDK to do automatically.

In addition, Scott will show how to use Helm Charts to run reliable stateful workloads.

April 27: Reconcile Terraform Resources the GitOps Way with Jose Talavera

Some organisations depend heavily on their Terraform scripts because they are using multiple providers, have built wrappers around those providers, and might even be deploying their application code along with Terraform. Additionally, GitOps is in every IT roadmap, but unfortunately Terraform doesn’t have an easy way to reconcile its resources. This means that teams won't notice a sudden change in the running environment often with critical consequences.

What if teams could ensure that what they defined in the Terraform HCL code is what is always running and available? Flux can continuously look for changes on your Terraform resources and do reconciliation with the desired state. You can rest easy knowing that your deployments are always up to date with your desired state. This enables you to take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development!

Jose provides an in-depth look at TF-controller, a Flux-based controller to reconcile your Terraform resources the GitOps Way. Jose will share insights on the many benefits of TF-Controller, then demo a common use case implementation.

Flux Bug Scrub

The next dates are going to be:

KubeCon / CloudNativeCon Europe 2022 coming up

As every other project in the Cloud Native space, we are very busy preparing everything for KubeCon / CloudNativeCon Europe 2022, which is going to be 16-20 May 2022 in Valencia, Spain (and virtual of course!).

We will post a separate announcement as soon as everything is confirmed, but we already want to inform you about what’s likely to happen, so you can plan accordingly or collaborate with us!

The Bug Bash

Unfortunately we will not be participating in the Bug Bash this KubeCon!

Monday, 16 May

Tuesday 17 May - GitOpsCon

Lots and lots of talks about GitOps in general and Flux in particular, here’s a short selection of what to look forward to:

What is GitOps and How to Get It Right - Dan Garfield (Codefresh); Chris Short (AWS) & Scott Rigby (Weaveworks) (9:00 - 9:35)
Hiding in Plain Sight - How Flux Decrypts Secrets - Somtochi Onyekwere (Weaveworks) (11:05 - 11:15)
Taming the Thundering Gitops Herd with Update Policies - Joaquim Rocha & Iago López Galeiras (Microsoft) (11:35 - 11:45)
GitOps and Progressive Delivery with Flagger, Istio and Flux - Marco Amador (Anova) (13:20-13:30)
Creating A Landlord for Multi-tenant K8s Using Flux, Gatekeeper, Helm, and Friends - Michael Irwin (Docker) (13:35-14:05)
GitOps, A Slightly Realistic Situation on Kubernetes with Flux - Laurent Grangeau (Google) & Ludovic Piot (theGarageBandOfIT) (14:10 - 14:40)
Solving Environment Promotion with Flux - Sam Tavakoli & Adelina Simion (Form3) (14:10 - 14:40)
Managing Thousands of Clusters and Their Workloads with Flux - Max Jonas Werner (D2iQ) (14:55 - 15:25)
Crossing the Divide: How GitOps Brought AppDev & Platform Teams Together! - Russ Palmer (State Farm) & Priyanka ‘Pinky’ Ravi (Weaveworks) (15.30 - 16:00)
GitOps Everything!? We Sure Can!, AppsFlyer (15:30 - 16:00)
Lightning Talk: Addressing Log4Shell with Software Supply Chains - Duane DeCapite (VMware) (18:04 - 18:09)

Wednesday 18 May - Friday May 20 - KubeCon

On top of that, here is a list of talks, workshops and sessions during those days:

Wed 18: Flux Security Deep Dive - Stefan Prodan (Weaveworks) (11:55 - 12:30)
Wed 18: Intro to Kubernetes, GitOps, and Observability Hands-On Tutorial - Johee Chung (Microsoft) & Tiffany Wang (Weaveworks) (11:00 - 12:30)
Wed 18: A New Generation of Trusted GitOps for Mixed K8s and Non-K8s End Users - Alexis & Vasu Chandrasekhara (SAP) (15:25 - 16:00)
Thu 19: GitOps to Automate the Setup, Management and Extension a K8s Cluster - Kim Schlesinger (DigitalOcean) (11:00 - 12:30)
Thu 19: Flux Project Office Hour - Paulo Gomes (Weaveworks) (13:30 - 14:15)
Fri 20: Observing Fastly’s Network at Scale Thanks to K8s and the Strimzi Operator - Fernando Crespo & Daniel Caballero, (Fastly) (11:00 - 11:35)
Fri 20: Simplifying Service Mesh Operations with Flux and Flagger - Mitch Connors (Google) & Stefan Prodan (Weaveworks) (14:55 - 15:30)

We very much look forward to seeing you there!

In other news

People writing/talking about Flux

Stefan Prodan on Flux, Flagger, and the Operator Pattern Applied to Non-Clustered Resources

In this podcast, Wesley Reisz talks to Stefan Prodan about Flux and Flagger–two tools built on top of Flux’s GitOps Toolkit. After discussing some of the architectural differences between Flux v1 and v2 and discussing some of the GitOps toolkit use cases, the two discuss the operator pattern on Kubernetes. They specifically spend time talking about the operator pattern, why developers may opt to build API’s on top of Kubernetes, and how the pattern can be used on non-clusters resources. The podcast wraps with a discussion on the work being down towards Flux v2’s push to GA.

A deep dive to Canary Deployments with Flagger, NGINX and Linkerd on Kubernetes

Chen wrote up a nice tutorial on using Flagger and has this to say about Flagger itself:

*Flagger is a progressive delivery tool that automates the release process for apps on Kubernetes. It can gradually shift traffic to the new version while measuring metrics and running conformance tests.

I prefer flagger because of two main points:

It integrates natively: it watches Deployment resources, while Argo uses its own CRD Rollout

It is highly extensible and comes with batteries included: it provides a load-tester to run basic, or complex scenarios*

GitOpsify Cloud Infrastructure with Crossplane and Flux

Check out this article by Piotr who dives into how to automate the provisioning of cloud resources via Crossplane and combine it with GitOps practices. At the end of it, you will have stopped using kubectl to manage resources, but rather delegate this to Flux using Git. GitOps for the win!

CNCF Live Webinar: From Pipelines to Supply Chains: Level up with Supply Chain Choreography

Cora Iberkleid and David Espejo at VMware talk about Cartographer. They say: The Kubernetes ecosystem has a rich set of solutions for various stages of CI/CD. Tools like Flux, Tekton, kpack, Knative, ArgoCD, and more each enable big steps forward in establishing a modern path to production. And yet, the teams and organizations that adopt these tools still struggle with complex, DIY snowflake pipelines. The challenge can be creating and maintaining imperative scripts; orchestrating the flow of information between tools; driving reusability; adopting GitOps practices; and enabling proper separation of concerns.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Netrics, Syntasso, EmploymentHero, Anchore and Giant Swarm.

More docs and website news

We are constantly improving our documentation and website - here are a couple of small things we landed recently.

Documentation:

This was a big effort: The Source API documentation has been refactored to be more user-friendly. See the v1beta2 specification for: Git Repositories, Buckets and Helm Repositories.
Flux from End-to-End: This was a big part of work as well. It describes the flow of data through Flux, from End to End.
Cheatsheets: Various configurations of Flux controllers at install time are now available as a bootstrap cheatsheet.
We added new FAQ entries.
We added new resources to the site.

In terms of documentation, we are working on a bigger piece of navigation and information architecture refactoring. This was pointed out to us as piece of feedback from the CNCF TechDocs team. As the Flux project has grown over time, we appreciate this opportunity to restructure our docs to make them as easy to find as possible. Your feedback matters here, so if you could leave us a note with your impression on this PR, we would love to hear from you.

And finally on our blog, we added a tag cloud and a note to blog posts that are older than a year - we also typed up how to blog.

Thanks a lot to these folks who contributed to docs and website: Kingdon Barrett, Stefan Prodan, Stacey Potter, Hidde Beydals, Sebastian Bernheim, Ihor Sychevskyi, Colin Humphreys, Filip Sequeira, Jan Lauber, Marcus Noble, Morgan Christiansson, Satish Kumar Kardarkarai Mani, Tom Huang and Nguyen Duc Toan.

Flux Project Facts

We are very proud of what we have put together. We want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-04-07 or 2022-04-13.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We look forward to working with you.

Blog: February 2022 Update

Tue, 01 Mar 2022 14:30:00 +0000

It’s the beginning of March 2022 - let’s recap together what happened in February - it has been a lot!

News in the Flux family

Latest Flux is 0.27

We have released Flux v0.27. This release comes with new features and improvements.

First of all, before you start the upgrade there are breaking changes to be aware of:

Flux custom resources require their names to follow the DNS label standard as defined in RFC 1123. The metadata.name can only contain lowercase alphanumeric characters or - and must contain at most 63 characters.
This version introduces a breaking change to the Helm uninstall behavior, as the --wait flag is now enabled by default. Resulting in helm-controller to wait for resources to be deleted while uninstalling a release. Disabling this behavior is possible by setting spec.uninstall.disableWait: true in HelmRelease manifests.

We have been hard at work and are proud to bring you these new features and improvements

Add support to notification-controller for sending events to Grafana annotations API.
Allow selecting event sources based on labels using the Alert API spec.eventSources[].matchLabels field.
Add support to kustomize-controller for making the Kubernetes Secrets and ConfigMaps referenced in postBuild.substituteFrom optional.
Allow dot-prefixed paths to be used for bootstrap e.g. flux bootstrap --path=".flux/clusters/my-cluster".
All Flux controllers and libraries are now tested by Google’s continuous fuzzing for open source software.

Latest Flagger release is 1.18

This release comes with a new API field called canaryReadyThreshold that allows setting the percentage of pods that need to be available to consider the canary deployment as ready.

Starting with version, the canary deployment labels, annotations and replicas fields are copied to the primary deployment at promotion time.

Security news

Security Audit Feedback has been addressed

Back when we announced that the Flux Security Audit had concluded, we already shared that we had created a project board where we tracked all the concrete and immediately actionable feedback. Weighing in at fifty tasks of differing sizes, it took us about 2-3 months (depending if you count people’s holidays over New Years) to address all of them. It was a big team effort across teams, projects and disciplines. A big thank you again to everyone who contributed!

Some of these tasks are obviously an ongoing piece of work, for example ever expanding the scope of fuzzing, improving our security documentation and using our RFC process for defining the future of Flux together.

A big push has been made though and Flux is more secure since we all came together for this project.

Welcome to the Flux Security blog post series

If you read the release notes for the last Flux releases, you will notice that a big focus for us has been to make Flux more secure every time. As we believe it is equally important to explain in more detail what we have done and how you can benefit from these changes, we started a blog post series about Flux Security.

The value of SBOMs: Since the last releases we are also releasing “Software Bill of Materials” information, which can be easily parsed programmatically and be used in decision making processes about the software in use. Read the post to understand how SBOMs are constructed and the different scenarios in which they are useful and make you more secure.

Image Provenance: If you have been following news and discussions in the Cloud Native space, you will have noticed that this was a hot topic lately. In our post we explain why we sign all relevant release artifacts of ours, how you can verify the signatures and how to start integrating checks into policy engines such as Kyverno.

More confidence through Fuzzing: Since our first conversations with ADA Logics who performed the security audit on Flux, we knew we wanted to integrate Fuzzing into Flux at some stage. PRs with an initial implementation came together during the audit. When we got back from the holidays at the end of the year, we were able to start looking into this. First a number of changes needed to be made to our build infrastructure. After that we extended the scope of the Fuzzing implementation somewhat, so we knew that more code paths were covered. We are happy with what we landed in Flux. Check out the post to understand more of the thinking behind it and how to help out if you want to help us take this even further.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Mar 2: Managing Thousands of Clusters & Their Workloads with Flux - Max Jonas Werner

One of the main goals of DevOps is to automate operations as much as possible. By automating most operations, DevOps can provide business agility and allow Developers to focus more on business applications. This allows operations to be more efficient by being less error-prone and repeatable, improving the overall developer experience. D2iQ uses Flux to automatically enable this experience in its products. Join us for a hands-on session on multi-cluster management using GitOps.

Mar 3: Flux for Helm Users with Scott Rigby

Scott Rigby, Flux & Helm Maintainer, takes you on a tour of Flux’s Helm Controller, shares the additional benefits Flux adds to Helm and then walks through a live demo of how to manage helm releases using Flux.

Mar 16: Securing GitOps Debug Access with Pinniped, Dex, GitHub, & Flux - Leigh Capili

In this live demo, Leigh will show how the incredibly flexible, open-source combo of Flux, Pinniped, and Dex can empower a team to leave a traceable solution during a production incident. Let’s explore effective team debugging habits with Kubernetes and git.

Flux Bug Scrub

Since July 2021 Kingdon Barrett has been running Flux Bug Scrub events. The idea is essentially that every week Kingdon leads you on a one hour long guided journey through Flux issue gardening. If you can’t imagine what this should look like, take a look at the Flux Bug Scrub YouTube playlist and see for yourself.

The focus has always been on introducing new members of our community to the organisation of Flux projects, but also to start with simple issues, respond to users and start fixing the first issues on their own.

Last month continued to see weekly Bug Scrubs, always with pre-prepared bug lists to make it easier to track progress. For the next time, Kingdon is looking for co-hosts, so if you would like people to get involved in your area of Flux, please join the Bug Scrub crew! If you would like to be Kingdon’s shadow for some time - please join as well!

Upcoming Bug Scrubs:

In other news

Paulo Gomes joins the Flux maintainers

We are happy to have Paulo Gomes on board. He is Senior Software Engineer at Weaveworks and has been contributing to the Flux code for quite a while. Check out his membership application to get a sense of what he has contributed so far. Particularly in the areas of build, security and documentation we have a lot to be thankful for. He is a maintainer for source-controller and image-automation-controller now.

News from the Website and our Docs

Flux Adopters shout-out

We are very pleased to announce that the following adopters of Flux have come forward and added themselves to our website: Anova, automotiveMastermind, Divid, Evrone, FACEIT, orchit GmbH, RingCentral and Volvo Cars.

Flux Ecosystem page

We pride ourselves as a project that can very easily be adapted and integrated into a wide variety of use-cases. The Flux Ecosystem page is testament to that.

New joiners in the past month have been

weaveworks/tf-controller - a Flux controller for managing Terraform resources
jgz/s3-auth-proxy - which creates a simple basic-auth proxy for an s3 bucket
tarioch/flux-check-hook - a pre-commit that validates values of HelmRelease using helm lint

If you are part of the Flux Ecosystem, we want you on that page as well!

Flux Data Flow diagrams

We are still in the process of tying this into our documentation nicely, but here is a sneak peak into diagrams which explain the data flow within Flux.

This was part of the work which came out of the Flux Security Audit, where one of the first requests was to make it easier to understand the information flow (and thus part of the architecture) at a first glance.

Please let us know how you like it!

More docs and website news

First of all: if you like what you are seeing on the website or in our docs - and maybe if you don’t like it either: if you would like to help us out, have feedback and ideas, please reach out to us. We really want to make our docs and website shine and are happy to receive any help or feedback!

Because we talked about writing regarding Flux a lot already, here is just a quick summary of everything that landed in the past month:

We are introducing Flux Cheatsheets! The first one is all about Flux Bootstrap. If you have more to add, ideas or requests, hit us up on Slack or GitHub!
We started addressing the first bits of feedback we received during our CNCF TechDocs Assessment. There is more to be done here, as we reported before, but we are on the ball and getting things moving.
Many small fixes and improvements were landed including FAQ entries and more. We are especially pleased that many first-time contributors to Flux chose to contribute here and we know we have so many eyeballs on our documentation.
Some docs which received particular attention this time around were

Thanks a lot to these folks who contributed to docs and website: Adam Dickinson, akirillow, Chanwit Kaewkasi, Davi Garcia, Emanuele Massara, Emil Dabrowski, Filipe Sequeira, Hidde Beydals, Ivan Anisimov, Jonathan Mourtada, Jørn Fauske, Keith Petersen, Oliver Wiebeck, Patrick Cornelißen, Patrick Ruckstuhl, Ricardo Castro, Satyam Kapoor, Somtochi Onyekwere, Stacey Potter, Stefan Prodan, Sunny Gogoi and Tamao Nakahara.

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
🔒 Flux is designed with security in mind: Pull vs. Push, least amount of privileges, adherence to Kubernetes security policies and tight integration with security tools and best-practices. Read more about our security considerations.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-03-02 or 2022-03-10.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: January 2022 Update

Mon, 31 Jan 2022 09:30:00 +0000

It’s the beginning of February 2022 and you have been waiting for a long time - let’s recap together what happened in January and December- there has been so much happening!

News in the Flux family

Flux v0.26: more secure by default

We released Flux v0.26.0. This release comes with new features and improvements.

First of all, please note that the minimum supported version of Kubernetes is now v1.20.6. Flux may work on Kubernetes 1.19, but we don’t recommend running EOL versions in production.

On multi-tenant clusters, Flux controllers are now using the native Kubernetes impersonation feature. When both spec.kubeConfig and spec.ServiceAccountName are specified in Flux custom resources, the controllers will impersonate the service account on the target cluster, previously the controllers ignored the service account.

🔒 Security enhancements

Platform admins have the option to lock down Flux on multi-tenant clusters and enforce tenant isolation at namespace level without having to use a 3rd party admission controller.
The Flux installation conforms to the Kubernetes restricted pod security standard and the Seccomp runtime default security profile was enabled for all controllers.
The container images of all Flux’s components are signed with Cosign and GitHub OIDC.
Flux releases include a Software Bill of Materials (SBOM) that is available for download on the GitHub release page.

🚀 New features and improvements

New feature in action: flux diff kustomization

Preview local changes against live clusters with the flux diff kustomization command.
Undo changes made directly on clusters (with kubectl server-side apply) to Flux managed objects.
Native support for Hashicorp Vault token-based authentication when decrypting SOPS encrypted secrets.
Auto-login to AWS ECR, Azure ACR and Google Cloud GCR for image update automation on EKS, AKS or GKE.
On single-tenant clusters, image automation can now refer to Git repositories in other namespaces than the ImageImageUpdateAutomation object.

Flux v0.25 the last to officially support Kubernetes 1.19

The Flux community has been hard at work and released Flux 0.25. We encourage you to upgrade for the best experience!

This version aligns Flux and its components with the Kubernetes 1.23 release and Helm 3.7.
The Flux CLI and the GitOps Toolkit controllers are now built with Go 1.17 and Alpine 3.15.
In addition, various Go and OS packages were updated to fix known CVEs.

⚠️ Note that Kubernetes 1.19 has reached end-of-life in November 2021. This is the last Flux release where Kubernetes 1.19 is supported.

Flagger 1.17 has landed

This release comes with support for Kuma Service Mesh. For more details see the Kuma Progressive Delivery tutorial.

Kuma Progressive Delivery with Flagger

To differentiate alerts based on the cluster name, you can configure Flagger with the -cluster-name=my-cluster command flag, or with Helm --set clusterName=my-cluster.

In addition to that, Flagger now publishes a Software Bill of Materials (SBOM) for every release and we added the cluster name to flagger comment arguments for altering.

Security news

Security was a big focus for us in the past weeks. If you take a look at the “Follow-Up” project after the CNCF-funded audit, you will notice that almost all the tasks have been done (or are indeed very close). It’s largely the fuzzing work which is close to land and some additional documentation. 2.5 months after the audit concluded we are quite happy with where we have arrived - having the analysis of the auditors in front of us gave us a solid focus.

In the 0.26 release of Flux, we applied the restricted pod security standard to all controllers. In practice this means:

all Linux capabilities were dropped
the root filesystem was set to read-only
the seccomp profile was set to the runtime default
run as non-root was enabled
the filesystem group was set to 1337
the user and group ID was set to 65534

Flux also enables the Seccomp runtime default across all controllers. Why is this important? Well, the default seccomp profile blocks key system calls that can be used maliciously, for example to break out of the container isolation. The recently disclosed kernel vulnerability CVE-2022-0185 is a good example of that.

Big news are also that we

One bit we are still working on and will be part of the next release is upgrading our dependency libgit2 to 1.3.0, which will add support for ed25519 for both client authentication and hostKey verification.

A word on RFCs

After reviews from all maintainers, RFC-0001 Authorization is merged. This RFC describes in detail, for Flux version 0.24, how Flux determines which operations are allowed to proceed, and how this interacts with Kubernetes' access control.

To this point, the Flux project has provided examples of how to make a multi-tenant system, but not explained exactly how they relate to Flux's authorization model; nor has the authorization model itself been documented. Further work on support for multi-tenancy, among other things, requires a full account of Flux's authorization model as a baseline.

Goals: Give a comprehensive account of Flux's authorization model

Non-Goals: Justify the model as it stands; this RFC simply records the state as at v0.24.

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

January 27: GitOps & Flux: A Refresher - Priyanka Ravi

View the video here.

Priyanka “Pinky” Ravi is an end user of GitOps and Flux, and now is advocating for others like you to enjoy the benefits of GitOps today!

🎉 Benefits of GitOps and Flux! How GitOps and Flux bring you security, reliability, velocity and more - no more pagers on Saturdays! no more breaches to the cluster that you can't roll back. no more worrying about how you'll fare in the next security audit.

Pinky shares from personal experience why GitOps has been an essential part of achieving a best-in-class delivery and platform team.

🎉 What is GitOps and Flux? For beginners and advanced users alike, Pinky gives a brief overview of definitions, CNCF-based principles, and Flux's capabilities: multi-tenancy, multi-cluster, (multi-everything!), for apps and infra, and more.

🎉 How Flux delivers these benefits Pinky covers a little of Flux's microservices architecture and how the various components deliver this robust, secure, and trusted open source solution. Through the components of the Flux project, users today are enjoying compatibility with Helm, Jenkins, Terraform, Prometheus, and more as well as with cloud providers such as AWS, Azure, Google Cloud, and more.

February 2: Get Started with Flux - Priyanka Ravi

Is your team stuck working weekends during an upgrade? Dealing with long deployment windows due to manual processes? Are you tired of dealing with too many vendor tools, or not having an audit trail for compliance?

There's got to be a better way!

There is, and during this session Priyanka "Pinky" Ravi will give you an overview of how to get better security, velocity, and reliability with GitOps, and then how to get GitOps going on your own machine!

By the end of this talk, you'll see two easy paths to getting GitOps up and running using Flux on Kubernetes. You'll see GitOps in action with a sample app that you deploy and then customize using configs. And then you'll hear ways that delivery and platform teams today are benefitting from GitOps, saving them from headaches, boredom, fires, and saving them time and money. Join us!

February 16: GitOps with Amazon EKS Anywhere + Flux - Dan Budris

Amazon EKS Anywhere is an open-source tool which helps you create and manage Kubernetes clusters on-premises. EKS Anywhere allows you to manage your Kubernetes clusters in a scalable and declarative manner with the help of GitOps, powered under-the-hood with CNCF Flux. In this session, Dan will share how EKS Anywhere integrates with Flux and uses GitOps workflows to manage the cluster lifecycle.

Dan is a Software Engineer on the AWS EKS Anywhere team, working on tools to help developers easily build and manage Kubernetes clusters on premises. In the past, Dan has worked as a System Administrator, DevOps Engineer, SRE, gardener, cook and professional door-knocker. When he’s not helping to build EKS Anywhere you can find him weeding the garden or in the kitchen working his way through another cookbook.

March 2: Managing Thousands of Clusters & Their Workloads with Flux - Max Jonas Werner

One of the main goals of DevOps is to automate operations as much as possible. By automating most operations, DevOps can provide business agility and allow Developers to focus more on business applications. This allows operations to be more efficient by being less error-prone and repeatable, improving the overall developer experience. D2iQ uses Flux to automatically enable this experience in its products. Join us for a hands-on session on multi-cluster management using GitOps.

Max is a Senior Software Engineer at D2iQ (formerly Mesosphere) and is based out of Hamburg. He is one of the lead developers of D2iQ's multi-cluster management offering that is based on Flux.

Flux Bug Scrub

If you’ve never joined a Flux Bug Scrub before, (or even if you have) we welcome you to join this weekly meeting with Flux developers which is an open “office hour” where we visit issues and discussions in the Flux org, and have open discussion about it. We also try to make sure that nobody is left blocked on an important question, waiting for a response.

This is a great venue for beginners to meet the Flux team and find “good first issues” as we triage new issues together; you can get an issue assigned to you here, a great help for folks as they are learning and getting involved with the Flux Open Source project.

In the coming weeks, we also plan to make some additional changes to the Bug Scrub format, opening up the possibility that we will have planned presentations or predetermined discussion topics, so that these meetings are less random and we can attract more interest. Look to the schedule for information about how to join at https://fluxcd.io/#calendar or add the Flux events to your own calendar if you want to participate, and be sure you don’t miss out on the new Flux Bug Scrub, Special Edition!

In other news

A big shout-out to our friends at the Cloud Native Computing Foundation (CNCF)! As part of being an Incubating project, we have access to resources which help us build and deliver Flux to a significant degree.

This time around, we were granted some Equinix ARM machines to help us with builds and running end-to-end tests on ARM64. A big thanks from our community… :smiling_face_with_hearts:

Community project: Terraform Controller for Flux

Chanwit Kaewkasi and others have been hard at work. They created a Flux controller which reconciles Terraform resources in the GitOps way.

It’s important to understand that this is different from fluxcd/terraform-provider-flux, which is for bootstrapping Flux from Terraform (by a Terraform user).

The TF-controller is a Kubernetes controller that allows a Flux / Kubernetes user to reconcile Terraform resources, e.g. deploying PostgreSQL on AWS, enforcing Security Groups, and preparing IAM Role Policies. So it considerably extends the scope of what is being GitOps’ed.

It comes with GitOps models to support reconciling Terraform resources within GitOps pipelines. For example,

Full GitOps Automation
GitOps for Existing Terraform resources
GitOps model for plan and manually apply Terraform
Drift Detection of Terraform resources

Its README goes into quite a bit of detail on how to make use of it. Its latest version 0.8.0 supports Flux v0.25.x and Terraform 1.1.4. The Helma chart for TF-controller is also available.

Please note that TF-controller isn’t supporting multi-tenancy yet. And we're actively working on a model of it: https://github.com/chanwit/tf-controller/issues/59

We very much appreciate Chanwit and friends working on this and want to extend their request for testing and feedback - take it for a spin and let them know how it’s working!

People writing/talking about Flux

Deutsche Telekom preps Kubernetes 5G core with GitOps 📃

Beth Pariseau recently wrote about how “GitOps will help the German mobile carrier manage IT automation for its 5G SA app on a large internal Kubernetes platform with minimal staff needed to do hands-on administration.” Deutsche Telekom uses Flux in its Das Schiff project, you can also find this listed as an Integration on our website.

Flux Multi-Cluster Multi-Tenant by Example (Continued) 📃

John Tucker walks through this continuation of a previous article for using Flux to deliver applications in a multi-cluster multi-tenant Kubernetes environment.

Flux - Kubernetes GitOps (CNCFMinutes 20) 📺

Want to know what Flux is and does in ~8 minutes? CNCF Ambassador Saiyam Pathak gave a brief overview of Flux on his CNCFMinutes YouTube Series

Dan Wessels, Field Engineer at Solo.io has a couple of articles and a talk to share on Flux:

The External Secrets Operator project describes itself as

a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

The team around it also wrote a guide on how to use it with Flux - check it out.

There is also Introduction to GitOps with Flux v2 by Joshua Zenn 📃.

News from the Website and our Docs

How we present ourselves to users on our website and how we talk about Flux and explain it in our documentation is important to us.

So since the last Flux update blog we got a lot done:

We added instructions on how to encrypt secrets using HashiCorp Vault
We explain how to bootstrap Flux on AWS EKS with CodeCommit Git repositories
Docs updates for Flux v0.26.0, including a "Multi-tenancy lockdown" section in the install docs
References in the Helm Operator (legacy) section were updated to 1.4.2.
Updated Flux endorsements and Resources - so many resources
Many docs improvements and internal bug fixes
Again we updated our internal dependencies like Hugo and Docsy to the latest to benefit from upstream fixes and new features

Thanks a lot to these contributors: Stefan Prodan, Lloyd Chang, Kingdon Barrett, Andri Muhyidin, Luke Mallon, Somtochi Oneykwere, Stacey Potter, Christian Berendt, Daniel Quackenbush, Hidde Beydals, Iñigo Iglesias, Jens Fosgerau, Moritz, Phil Fenstermacher, Sam Cook, Scott Rigby, Soulé Ba and vasu1124.

We are proud to announce new Flux adopters who officially joined our community since last time: SAP SE, Alea, William & Mary, 23 Technologies GmbH, DKB Codefactory, 99 Group, Trendhim.

If you would like to add your organisation to the Flux Adopters page, here’s how.

CNCF TechDocs Team assess Flux Docs and Website

Alison Dowdney talked to the CNCF TechDocs team and asked for an assessment of our docs and website to help us understand how we can further improve. We are very grateful for the hard work Celeste Horgan put into assessing our docs and compiling a report.

We are very pleased with the outcome: our site consistently scores 4 or 5 (out of 5) on all criteria. There are a couple of very wise recommendations we will discuss in our next dev meetings to figure out a way forward. If you want to know more, either read the report, or have a look at the project board we set up to track this effort.

If you would like to work with us on the website and documentation, please reach out to us on Slack. 💖

Thanks again CNCF and TechDocs team - we very much appreciate being part of this community and receiving so much support in growing our project!

Flux Project Facts!

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2022-02-02 or 2022-02-10.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: December 2021 Update

Tue, 30 Nov 2021 09:30:00 +0000

Let’s recap what happened in November - there has been so much happening!

News in the Flux family

A flurry of Flux releases

The Flux Development team has been busy. In November they released Flux 0.21, 0.22, 0.23, and 0.24. Let’s review these one by one, so you can get the most out of Flux when you are doing the upgrade, migration or fresh installation.

0.21 brought ECDSA as the default SSH key algorithm used by flux bootstrap and all the other commands that generate SSH keys. This change was imposed by GitHub that is no longer accepting RSA SHA-1 SSH keys.

To rotate your SSH deploy keys for the repositories bootstrapped with Flux:

download the Flux CLI v0.21.0 binary
delete the deploy key secret from your cluster
```
kubectl -n flux-system delete secret flux-system
```
using the Flux CLI v0.21.0.
rerun flux bootstrap github with the same arguments as before

Flux will generate a ecdsa-sha2-nistp384 SSH key and will update the deploy key on GitHub.

0.22 introduced no breaking changes, but included these highlights:

Storing secrets in environment variables is no longer required, the flux bootstrap command will prompt for the GitHub/GitLab PAT when not found in env.
Flux adds support for ignoring manual changes made to the cluster state by disabling the server-side apply for certain resources using an annotation.
Improve the image automation alerting by emitting events only when changes are pushed upstream.
Include the updated containers URIs in the image automation alerts and events.

0.23 came with artifact integrity verification based on SHA-2 and fixes for image automation. The highlights are:

The format of the artifact checksum computed by source-controller changed from SHA1 to SHA256 to mitigate chosen-prefix and length extension attacks.
During the acquisition of an artifact, kustomize-controller and helm-controller compute its checksum and verify that it matches the checksum advertised in the Status of the Source.

And finally 0.24 comes with security updates for Alpine CVEs. We are also happy to bring you

New bootstrap command for Bitbucket Server and Data Center repositories (CLI).
Add support for self-signed certificates when bootstrapping Flux with on-prem GitHub, GitLab and BitBucket servers (CLI).
Improved performance when building Helm charts and introduced limits for Helm index and chart files. (source-controller).
Add support for Slack Apps bot alerting provider (notification-controller).

Please note that this version comes with breaking changes to Helm users. The Helm repository index.yaml max size is set to 50MiB and the chart max size is 10MiB, to change these limits see the source-controller changelog.

Support for Bitbucket Server and Data Center repositories

Big shout-out to Soulé Ba for adding Bitbucket support to Flux. This will make lots of Flux users happy. Thank you very much!

To find out how to bootstrap Flux on Bitbucket Server, please review our documentation. We love feedback, so please reach out if you have any questions or are missing anything. We are also working on support for BitBucket Cloud, for which we might need some help testing, documentation or wherever else you would like to contribute - we’d love to have you participate!

Flagger 1.16 is out

Progressive Delivery fans will be happy to hear that Flagger 1.16 comes with a new API field called primaryReadyThreshold that allows setting the percentage of pods that need to be available to consider the primary deployment as ready.

Security news

You might have heard about Flux’s security audit which was performed by ADA Logics in the last months. As discussed in the announcement, we set up a project board to track our work and have now completed over half of the identified requests with many more in flight.

Let’s talk documentation

One piece of feedback in the report was that while our Flux documentation serves its users well by e.g. showcasing many useful configuration examples, we could do an even better job by creating a more general, architectural overview of Flux and discussing the security features, assumptions and considerations users should take into account.

After talking to many people, we filed a number of issues to track this work and Scott Rigby created the landing page for Security Documentation. We already brought together quite a few notes to populate these pages more. If you want to help, please talk to Scott and the rest of us - we look forward to your questions, ideas, input and edits!

Flux’s future - we need your input

Speaking of input: we started a formal RFC process for some of the bigger improvements in Flux. This was in part due to feedback from the audit as well, but more generally something we were missing in Flux governance. So far, our process of using GitHub discussions, Slack and our weekly Dev meetings was good enough to find consensus on the bigger questions. With more integrators building on top of Flux and more diverse ways Flux is being used, we want to get the end-user experience and general assumptions right, so here is our first set of RFCs for you to consider:

RFC process was started: [RFC-0000] Introduce the Flux RFC template
Proposals related to Flux Multi-tenancy:

We really would love your feedback on any of them!

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Taming Multiple Traefik Deployments with a GitOps (Flux) Strategy

December 9, 2021 at 8am PT / 5pm CET our very own Kingdon Barrett will be presenting with Jakub Hajek from TraefikLabs. This hands-on session will include a demo on deploying Traefik on multiple clusters using Flux! Sign up here.

GitOps WG and OpenGitOps project update at KubeCon China

December 9, 2021 12:10 - 12:45 CST Scott Rigby will give an update of the GitOps Working Group and OpenGitOps project as part of the Introduction and Deep-Dive into TAG App Delivery for KubeCon/CloudNativeCon/Open Source Summit China. We are very pleased to be collaborating with these groups within the CNCF.

KubeCon/CloudNativeCon Europe 2022 CFP deadline coming up

As you all know, there’s always a KubeCon just over and the CFP deadline for the next KubeCon just coming up! That’s why we are looking for contributors, community members, organisations or integrators who would like to 1) represent Flux and 2) present on Flux, GitOps delivery and more. If you want to talk things through, have any questions or want to collaborate with us, please reach out! Deadline to submit is December 17, 2021.

More Flux Resources

We recently added a number of new resources to our Resources page. They were all from the last GitOps One-Stop Shop Event where vendors show-cased their GitOps consumer products, which were all based on top of the most recent versions of Flux.

Flux Bug Scrub

The Flux Bug Scrub in the last week of November (25th) coincided with the US Thanksgiving holiday, so it was not held. Each weekly Bug Scrub can be found (and linked Zoom details) on the fluxcd.io/#calendar calendar widget, which has now been adjusted for the end of Daylight Savings Time. Please check in on #flux or #flux-contributors for more information!

Bug Scrub is a great opportunity to talk with Flux maintainers and also a place where you can gently nudge to get our eyes on a particular bug if there is something that warrants a higher priority. There are hundreds of bugs open across Flux projects at any given time, so not all bugs can receive attention from only a dozen or so maintainers while making progress to General Availability. We rely on user feedback, including visitors at our public meetings like Bug Scrub to decide which issues are worth prioritizing.

Also a great place for volunteers to gain added context of issues and receive assignments or even a maintainer’s eye or blessings to proceed, with guidance from our GitHub triage team.

Join us for this recurring virtual meetup at 8am Eastern on Wednesday (December 1 and 15th), or at 1pm Eastern on Thursday (December 9 and January 6) – note: there will be no meeting on December 23rd due to a company-wide holiday shutdown. Find the Zoom link on the CNCF Flux Dev calendar, (subscribe), or locate the link directly on the Flux main page.

In other news

People writing about Flux

We noticed a number of new articles about Flux which we would like to share.

Joshua Zenn - Introduction to GitOps with Flux v2

This article joins the ranks of more and more upcoming news bits which firstly, explain GitOps in simple to understand terms, and secondly, walk the reader through setting up Flux. A second article to complete the series will be written soon.

Ross Fairbank - GitOps with Flux

Ross is a Platform Engineer at GiantSwarm and in his article goes into quite a bit of detail regarding the history, aims and architecture of the Flux project, particularly in its newest version.

The article is very nicely written - go check it out.

Michael Irwin - Compose with K8s and Flux

We are happy to see this article from a friend in our community. Michael Irwin has presented at our booth at KubeCon and is a regular on Slack and elsewhere. To set the context he starts off with

The Compose specification has slowly been used in contexts beyond running containers directly with Docker. We have ACI, ECS, and an experimental Kubernetes backend. The idea is to define your application in one spec and deploy it in a variety of manners.

The article comes with all the required steps, beautiful diagrams and a video demo. Be sure to have a look!

News from the Website and our Docs

We updated the docsy theme and hugo version in use: now we are benefiting from styling fixes, draw.io integration and many more upstream changes.

The Flux Blog overview was a bit dull. We made it more visually appealing by adding featured images for blog posts and letting the entries “breathe” more.

Many docs additions and fixes as well. New adopters that were added are Identinet, Omaze and Virginia Tech added.

Thanks Dennis Staiger, Gregory Vander Schueren, Jan Christoph Ebersbach, Jim Van Fleet, Kingdon Barrett, Lloyd Chang, Michael Irwin, Scott Rigby, Stefan Prodan, Valér Orlovský, Zephirin Broussard for your help!

A combined list of all Flux project maintainers is now live both in the Flux community repo, and on maintainers.cncf.io. It’s another step into the direction of GitOps-ifying our governance.

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-12-02 or 2021-12-08.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: November 2021 update

Fri, 29 Oct 2021 20:30:00 +0000

Let’s recap what happened in October - there has been so much happening!

News in the Flux family

Server side apply has landed

We gave you a heads-up on our blog a few weeks ago. Since then, it has happened: Server-Side Apply has landed in Flux for real. This makes Flux more performant, your cluster will get more observable and this opens up the gates for new features. It also makes Flux more easily maintainable in the future.

Please refer to the announcement blog post to learn how to update your cluster to work well with it!

Flux 0.20 is out

Since the last monthly update a flurry of Flux releases saw the light of day, so let’s go through them one by one to see which new features, fixes and improvements came our way.

0.20 adds a new command called flux tree. Here is what it can look like in action:

$ flux tree kustomization flux-system --compact
Kustomization/flux-system/flux-system
├── Kustomization/flux-system/infrastructure
│ ├── HelmRepository/cert-manager/cert-manager
│ └── HelmRelease/cert-manager/cert-manager
├── Alert/flux-system/slack
├── Provider/flux-system/slack
└── GitRepository/flux-system/flux-system

On top of that we improved end-to-end tests and Git implementations (more efficient shallow clones and performance fixes). Also note the new support for Sprig functions.

0.19 brought a bunch of new features: support for SOPS encrypted .env files. We updated to Helm 3.7.1, added support for Prometheus Alertmanager and experimental support for automatically getting credentials from AWS when scanning images in ECR. On top of that authentication enhancements for GCP and lots and lots of other improvements and fixes.

0.18 brought Server Side Apply and more.

It’s really really worth updating, but do note: If you are upgrading from 0.17 or older versions, please see the Upgrade Flux to the v1beta2 API guide.

Flagger 1.15 is out

We are blessed and fortunate to have our own progressive delivery solution within the Flux project. Its 1.15 release brings support for NGINX ingress canary metrics (you will need nginx-ingress v1.0.2 at least).

Starting with this version, Flagger will use the spec.service.apex.annotations to annotate the generated apex VirtualService, TrafficSplit or HTTPProxy.

Apart from that we updated the load tester binaries and added podLabels to the load tester Helm chart.

Flux on OpenShift progress

If you have been watching the OpenShift GitOps space, you will have seen quite a bit of movement lately. We talked about this in some of our last posts, we got OpenShift docs up for Flux, the Flux Operator has landed in the OperatorHub and RedHat were key presenters at the the last GitOps One-Stop Shop Event (see below).

Flux contributor and Developer Experience engineer at Weaveworks Chanwit Kaewkasi has been hard at work and put together these proof-of-concept repositories:

Multi-tenant demo for Flux on OpenShift: It is a Flux multi-tenancy demo for OpenShift. What’s nice about the demo is that it will use only the Web UI of OpenShift to install Flux and bootstrap the demo. Yes - as a Cluster-Admin user, you can run a GitOps system by just clicking. You click to install Flux via OperatorHub, then you click to import one of the following snippets into your cluster, and your multi-tenant GitOps system will be ready to use in minutes.
An example of how to write Flux policies for Gatekeeper: this is a Rego-based OPA policy to support Flux multi-tenancy enforcement. Tested on OpenShift 4.8.

We are very pleased to see this relationship thriving - stay tuned for more news!

New maintainers on board the Flux project

We as the Flux community are blessed to have new contributors who step up to become maintainers eventually. In the past month we had three(!) new maintainers come on board.

Max Jonas Werner from D2IQ

Having been part of the Flux journey for a long while already, we knew Max from the Flux Dev meetings already. When we learned that D2IQ was basing their product on top of Flux, we were obviously thrilled. Now he is maintainer of Flux - what’s more: Max has contributed patches, review time and community gardening time since then - and spoke at the GitOps One-Stop Shop Event as well. Thanks for everything you do! 💖

“I'm very happy to be joining a lively community and an extremely exciting project as a maintainer. Thank you for the warm welcome.”

Max Jonas Werner

Sunny and Soulé Ba from Weaveworks

Sunny has been maintaining (among many other things) tools like Weave Ignite for a while already, and joined the Flux effort a few months back and since then made a big number of improvements to almost all the Flux controllers. We are glad to have him around - big parts of the recently started refactoring effort will happen a lot faster!

Soulé Ba, who also works for Weaveworks, has been working on one big feature recently which was to add Bitbucket Server (a.k.a Stash) support to Flux (via go-git-providers). We are very pleased to have a solid team of people working on go-git-providers and to be able to offer more providers. Thanks in any case, Soulé for stepping up!

Recent & Upcoming Events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Flux at GitOpsCon and KubeCon

GitOpsCon

We are proud and happy to have Flux Maintainer Scott Rigby co-host GitOpsCon again, and see and hear all the great talks that featured Flux! If you missed any of the talks, you can see the schedule here and be on the lookout for the videos as they should be posted soon.

KubeCon

This was our first time hosting a hybrid booth - we were in-person and online at KubeCon NA 2021 and were super happy to chat with all the booth visitors and hear great talks from the community. Our online booth schedule is still up - we’ll update with video links as soon as they're available - stay tuned! 📺🍿

Special shoutout to our Flux Maintainers Michael Bridgen and Hidde Beydals for presenting Flux’s Roadmap to GA, as well as Stefan Prodan, Philip Laine, and Kingdon Barrett for more presentations at the Flux Project Office Hours sessions! These will be part of the forthcoming videos!

GitOps One-Stop Shop Event

This was a half day event on October 20, 2021 to celebrate a major milestone for our project! Speakers from top cloud and GitOps vendors - Amazon Web Services, D2iQ, Microsoft, VMware, Red Hat, and Weaveworks showcased their enterprise-grade GitOps offerings which are all using Flux to provide the very best GitOps to their customers!

If you missed it, no worries! You can still sign up at the website (www.gitopsdays.com) to watch the recording!

There were other Flux related talks this past month too – keep an eye out for these on the Flux website resources page!

Flux Bug Scrub

Here is an update from Kingdon and the rest of the Flux team:

We’ve had a great many special events in the past month or so, and our team has been busy coordinating, planning, participating, and promoting those, so meanwhile the Bug Scrub activity has been mostly on hiatus for the month of October! But we’ll be starting up again in earnest, in the first week of November, and should begin holding Bug Scrub activities again regularly over the next few weeks, until the holiday season is upon us.

If you are interested in making contributions to Flux but maybe aren’t sure where to start, or just want to spend some time mulling over issues with the team, Bug Scrub is a great place to get acquainted with the issues that are being raised by community members and find out more about how you can play a part and help move the Flux project closer to graduation!

You can find a link to the Bug Scrub on our calendar, which has the Zoom link and is in UTC time, or get reminded in your own time zone by subscribing to the flux-dev calendar.

Hope to see you there!

One more thing

We had quite a bit of OpenShift related news, check out this interview between Stefan Prodan, one of our Flux maintainers and Chris Wright, the Red Hat CTO. They cover GitOps from various interesting angles. It’s certainly worth your time.

Infrastructure as code? #GitOps or go home? Do we even need #Kubernetes? Join @Kernelcdub and @StefanProdan for a new episode of Technically Speaking and skip the clickbait: https://t.co/V0JISPrYbn pic.twitter.com/xsN4y2JhLM
— Red Hat (@RedHat) October 27, 2021

In other news

News from the Website and our Docs

In the Flux team we are very happy we are able to put effort and time into our documentation and website. This month we improved some of the maintenance bits of the site, we updated to a new version of the Docsy theme - which gives us more options for expressing ourselves in documentation. A couple new adopters added themselves - welcome to our community! Also thanks Juozas Gaigalas for the many fixes regarding styling, beautification and bringing in a nicer 404 page! 🤩

On top of that: more frequently asked questions and many more updates to the docs, particularly around the new world order involving Server-Side Apply! We updated our Contributor docs as well! Hope to see you on the other side!

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-11-04 or 2021-11-10.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

Blog: October 2021 update

Fri, 01 Oct 2021 08:30:00 +0000

Let’s recap what happened in September - there has been so much happening!

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
👍 Users trust Flux: Flux is a CNCF Incubating project and was categorised as "Adopt" on the CNCF CI/CD Tech Radar (alongside Helm).
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

This section has made it onto the landing page of https://fluxcd.io now - let us know how you like it!

News in the Flux family

Server-side reconciliation is coming

We are going to land a big feature with lots of improvements for everyone very soon. Server-side reconciliation will make Flux more performant, improve overall observability and going forward will allow us to add new capabilities, like being able to preview local changes to manifests without pushing to upstream.

⚠ Changes required: Due to a Kubernetes issue, we require a certain set of Kubernetes releases (starting 1.6.11 - more on this below) as a minimum. The logs, events and alerts that report Kubernetes namespaced object changes are now using the Kind/Namespace/Name format instead of Kind/Name.

Read our detailed release announcement with instructions on how to prepare for this change.

Better transport and crypto support for libgit2

The next release of Flux is coming soon and will include an improvement to the libgit2 Git implementation. The source-controller and image-automation-controller both use this library (in combination with others like go-git) to perform cloning and/or push operations on remote Git repositories.

Unfortunately, due to libgit2 depending on various other C libraries for transport and crypto, using the OS packages has proven to not always provide a reliable setup, especially not one that supports a wide range of key formats. As we want our users to be able to use modern private and/or host key formats like ECDSA* and ED25519, we now build the library ourselves while linking against the correct libraries (OpenSSL and LibSSH2) which should solve most issues around private keys. Support for a wider range of host keys is still pending, but will eventually become available as well, once libgit >=1.2 can properly be used in Go.

This will also prepare us for changing the build to static, which will allow us to enable fuzzing for more controllers.

Check out the in-flight PR for more information if you are curious. Thanks a lot Chanwit Kaekwasi, Hidde Beydals and Sunny for your work on this!

Flagger 1.14 has landed

We have released Flagger v1.14.0. This release comes with bug fixes to Istio load balancer settings and in-line PromQL. Starting with this version, the canary analysis can be extended with metrics targeting InfluxDB, Dynatrace, and Google Cloud Monitoring (Stackdriver).

Thanks to Somtochi Onyekwere for integrating Flagger with InfluxDB & Stackdriver and for all the bug fixes.

Upcoming events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Flux at GitOpsCon and KubeCon

One of the really big themes at KubeCon this time is GitOps. Because of this, KubeCon organisers have put together GitOpsCon as well, as a dedicated Day 0 event. Below we are going to list our favourites Flux related sessions - for an up-to-date list of everything take a look at the “schedule” of our Flux KubeCon mini-site. (All times are Pacific Time.)

Meet the Maintainer

There will be three Flux Project Office Hours where you can meet our maintainers:

GitOpsCon

Our friends from the GitOps working group have put together a fantastic event - here are some talks you should watch out for on October 12:

9:20am: Ricardo Rocha, CERN: A Multi-Cluster, Multi-Cloud Infrastructure with GitOps at CERN
9:50am: Ayush Ghosh & Sergey Sergeev, Cisto Sytems: GitOpsify Cellular Architecture
12:45pm: Adrian Vacaru, Fidelity Investments: Managing Apps Dependencies and Kubernetes Versions with Kraan and Flux
1:15pm: Uma Mukkara, Chaos Native: Using GitOps for Kubernetes Reliability at Scale
2:55pm: Mae Large & Priyanka Ravi, State Farm: A Day in the Life of the GitOps Platform Team
4:20pm: Leigh Capili, VMware: Building Flux’s Multi-Tenant API with K8s User Impersonation

KubeCon talks on the main event and our booth

Take a look at our Flux KubeCon mini-site. This is where you can connect with us for all the Flux related talks at the event. During KubeCon hours we will be at our virtual and in-person booth in the CNCF Project Pavillion - drop by for a chat, for short talks from engineers and users. It’ll be a great way to get involved with our community and have all your questions answered.

GitOps One-Stop Shop Event

So KubeCon will be lots of fun and give you lots of great Flux content, but only a week afterwards we have a real treat coming up for you.

If you want to learn more about how big vendors have built their GitOps offerings on top of Flux, sign up at https://gitopsdays.com and learn from Amazon, D2IQ, Microsoft, VMware and Weaveworks why they chose Flux and which cool services and products they have got to offer. See you there on October 20th!

Flux Bug Scrub

During KubeCon, Flux’s weekly Bug Scrub will be postponed unless another volunteer wants to run one! Kingdon, who hosts Bug Scrub each week, is going in person to Los Angeles to present: how to deploy Jenkins declaratively with Helm Controller, and other fun things.

Throughout KubeCon, look for Flux maintainers at media events and giving talks in the Flux booth, (TBD: or at least, virtually talking in the booth! Maybe due to social distancing rules.)

As for Bug Scrub, I foresee that cancellation or postponement of the weekly event is likely while KubeCon is going on in person, … but if there are volunteers at the usual time, and enough interested people who want to perform the bug scrub activity get together, they will be put to work! There will always be plenty of bugs to scrub for the foreseeable future.

This week, and every other week, find Bug Scrub with a link to the Zoom invite beneath the fold alongside other scheduled Flux developer team events.

One more thing

Martin Hickey (Helm maintainer), and Scott Rigby (Helm and Flux maintainer) present a feature showcase and demos of both Helm and Flux, reasons for the overwhelming community use of Helm for application packaging and deployment on k8s, and how Helm is extended by Flux for teams moving to GitOps.

🔹 Helm - https://helm.sh/ helps you manage Kubernetes applications — Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application.

🔹 The GitOps Toolkit is the set of APIs and controllers that make up the runtime for Flux. The APIs comprise Kubernetes custom resources, which can be created and updated by a cluster user, or by other automation tooling.

🔹 The Helm Controller built on Kubernetes controller runtime and is part of the GitOps Toolkit – allows one to declaratively manage Helm chart releases with Kubernetes manifests.

📍 Date: Tuesday, October 5th @ 10 am PST to 11 am PST (1:00 pm EST - 2:00 pm EST)

In other news

News from the Website and our Docs

Our website https://fluxcd.io is the central place for news and docs regarding Flux and we put quite some effort into making it ever more useful and interesting. If you have feedback or would like to help out, reach out alisondy, dholbach or scottrigby on Slack.

In the past month we made large parts of the site more easily maintainable. Juozas Gaigalas simplified the styling and beautified the looks of the site in many places as well - thanks for your work on it!

We are pleased to see that the number of contributors to the docs is slowly growing. Many small improvements to make the content more readable and correct. Go team!

Apart from that we were able to add more adopters and integrations. Please add yourself if you haven’t already.

What to watch out next for: Alison Dowdney is working on restructuring the documentation to make it even easier to find things. Reach out to her, if you want to help out or have observations you would like to share.

People writing about Flux

We have two sets of articles we would like to share. (Please reach out to us if you find others show-casing Flux projects.)

Manage your Kubernetes clusters with Flux 2

Cyril Becker wrote a very nice introductory article over at https://medium.com/alterway/manage-your-kubernetes-clusters-with-flux2-82dd1cfe2a6a. If you are entirely new to the concept of GitOps and want to learn more and follow a how-to, check the article out.

GitOps - Part 1+2

Girish Goudar, Cloud & DevOps Architect at EY wrote a set of two articles to explain GitOps using Flux.

In the first article https://www.linkedin.com/pulse/gitops-part-1-girish-goudar-1c/ you will learn how to deploy apps using Helm and Kustomizations.

The second article https://www.linkedin.com/pulse/gitops-part-2-girish-goudar/ focuses on securing apps using Mozilla SOPS.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-10-07 15:00 UTC, or 2021-10-21, 15:00 UTC.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group

We are looking forward to working with you.

Blog: September 2021 update

Mon, 30 Aug 2021 13:30:00 +0000

Let’s recap what happened in August - there has been so much happening!

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning and patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

This section has made it onto the landing page of https://fluxcd.io now - let us know how you like it!

News in the Flux family

Flux 0.17.0

We have released Flux v0.17.0. You will be pleased to learn that this version has no breaking changes. We encourage all users to upgrade ASAP.

Some of the highlights in this release are:

Flux garbage collector has been improved to work nicely with other controllers such as Strimzi Kafka Operator, Redis Operator, Prometheus Operator and others.
The Notification controller can now send alerts to Telegram, Lark and Matrix in addition to many others.
Kustomize controller has been updated to on a par with the latest Kustomize release v4.3.0.

Some of our community members have stepped up their level of contributions recently and particularly in this release. On that we would like to congratulate Somtochi Onyekwere for becoming a maintainer of the Flux notification controller (more below)! Thanks Somtochi for all your contributions to the Flux project.

Also a big shout-out to Allen Porter and Chanwit Kaewkasi for helping us with the Flux CLI testing framework!

Flagger 1.13.0

This Flagger release comes with support for Open Service Mesh. For more details see the OSM Progressive Delivery tutorial.

Starting with this version, Flagger container images are signed with sigstore/cosign, for more details see the Flagger cosign docs.

Flux is in the Operator Hub

We are excited to tell you that Flux Operator is now on the Operator Hub, and it supports Red Hat OpenShift version 4.6, 4.7, and 4.8. Flux Operator for OpenShift could be installed directly via the OpenShift web console on the Operators tab. It also works on OKD, the Community Distribution that powers OpenShift.

Flux on OpenShift Features

One-click installation
Automatically Upgrade
UI for Flux Resources

The Flux Operator for OpenShift provides a UI for all Flux Resources.

In the following example, you see the UI of GitRepository, which could create a new GitRepository object as a source for other objects.

Please consult the Flux OpenShift documentation for the installation steps.

If you have any questions or feedback, please reach out to Chanwit or Kingdon on Slack.

Upcoming events

It’s important to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Flux Bug Scrub

Many Flux users and contributors have found the Bug Scrub a helpful meet-up, including some maintainers and repeat visitors. The Bug Scrub event is a weekly Zoom call where we discuss open issues from the Flux org on GitHub, with a narrow focus on what we can do to help advance each issue in the shortest amount of time. We aim to get more exposure to the greatest possible number of open issues and set some time aside for story telling. As Flux development moves very fast there is always plenty to talk about.

The Bug Scrub format was designed to spread more Flux knowledge to more people who are interested in finding their own way toward contributing to Flux each week. We spend a few minutes talking about issues with minimal structure meant only to prevent back-tracking or repeating any of the discussions from one week to the next. You do not have to be a programmer to participate; any Flux users at any knowledge level, issue reporters, or potential contributors should feel welcome to attend. Take your opportunity to participate and help build our community. The time commitment is minimal!

Find our calendar on the Flux website where, thanks to some updates, finding the date and time of the next Bug Scrub meeting is now more accessible than ever before.

The Zoom link is broadcast via Slack a few minutes before the meeting start time. For more event details, subscribe to the CNCF Flux Dev calendar. Attendees all are asked to RSVP in advance, which can be done by posting on the Slack thread for Bug Scrub, and introducing yourself briefly in case you are new to the Flux contributor team.

Please consider joining #flux on the CNCF Slack and meeting us for Bug Scrub. Hope to see you there!

In other news

News from the Website and our Docs

📹 Resources and videos: As a community we are not only very proud that the Flux projects keep innovating and improving, but also that community members go out there and talk about how they are using the tools and what they achieved.

The list of talks and resources formerly was quite buried on the site - they now have their own page and can shine there: https://fluxcd.io/resources/

If you prefer learning about Flux through videos, you might enjoy this!

📆 Our calendar: From now on all upcoming Flux-related events, meetings, workshops and sessions will be mentioned in our new calendar section - directly on the home page: https://fluxcd.io/#calendar

For this we re-use Flux’s calendar that is provided by CNCF infrastructure, so if you subscribed to it in the past, you will continue to receive all the information there.

🤝 Thanks everyone! In the last month, 15 people contributed to the website and docs - we are very pleased with all the attention to detail and help from everyone. Thanks a lot - let us know if there’s anything you would like to see improve or help out with!

Somtochi Onyekwere joins Flux maintainers

We are very pleased to see Somtochi Onyekwere join the list of maintainers of Flux projects. Since she started working on Flux projects, she has by now contributed to almost all repositories. Most recently she worked on notification-controller and got it to talk to various other notification providers.

Before Flux she worked within the Cluster Addons projects in the Kubernetes SIG Cluster Lifecycle. Check out her write-up about the Google Summer of Code project 2020.

Thanks a lot for all your hard work Somtochi - we are very happy to have you on the team!

People writing about Flux

A new instalment of the Falcosidekick series has been written by Batuhan Apaydın. This series is all about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. Guest star this time around is Flux!

The article takes a step-by-step approach and is nicely written. We are very pleased to continue the collaboration with the Falco project. Check out the full article here: https://falco.org/blog/falcosidekick-response-engine-part-8-fluxv2/

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-09-01 12:00 UTC, or 2021-09-09, 15:00 UTC.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: August 2021 update

Fri, 30 Jul 2021 15:30:00 +0000

As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration and where you can get involved. Read last month’s update here.

Let’s recap what happened in July - even though a lot of us took some much needed holidays, a lot has been happening!

Flux Project Facts

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

🤝 Flux provides GitOps for both apps or infrastructure. Flux and Flagger deploy apps with canaries, feature flags, and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and (with the help of Flagger) progressive delivery (PD) through automatic reconciliation. Flux can even push back to Git for you with automated container image updates to Git (image scanning an patching).
🔩 Flux works with your existing tools: Flux works with your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

This section has made it onto the landing page of https://fluxcd.io now - let us know how you like it!

News in the Flux family

Controller refactoring coming up

If you have been following the repositories under the fluxcd organisation on Github, you will have noticed that its actually the *-controller projects which provide the functionality of Flux. Their names should be fairly self-explanatory: “source”, “helm”, “kustomize”, “notifications” and so on.

We had many contributors jump in and help since we started the big Flux rewrite, but we noticed that the learning curve was a little steep and everybody spent a little too much time learning how the controllers interacted, and similar concepts.

Hidde Beydals recently sat down and implemented helper functions which will aid in unifying codebases and settings standards across all Flux Controllers. The bulk of this work has landed under pkg/runtime. Its README does a pretty good job explaining the helper functions and important considerations.

Here we want to give a big shout-out to the Cluster API project, as for example the conditions and patch packages were heavily inspired by the project’s work!

The idea behind this was to

Reduce duplication of code
Reduce a certain subset of race condition related bugs in Flux controllers
Make writing e2e tests much easier and uniform
Make maintaining Flux controllers easier for others to help with
Make writing new controllers much clearer process (help widen ecosystem of controllers built on the GitOps Toolkit)
Make us feel more comfortable in the code

Check out the most recent version of Go reference documentation here: https://pkg.go.dev/github.com/fluxcd/pkg/runtime@v0.13.0-rc.2.

The overall plan is:

If you are proficient in Go and have some experience with controller-runtime this might be straight up your alley. If you are interested in learning more about it, you might want to get started with this Kubebuilder tutorial.
Review the pkg/runtime reference docs.
Review how these new helper functions are used to standardize Source Controller in this Pull Request.
Based on those patterns, work together on a per-pattern, per controller Pull Request.

Track the wider effort by subscribing to these issues:

If you would like to help out in the refactoring work, please reach out to Scott Rigby on Slack.

Flux migration news

In last month’s update we discussed how Flux’s APIs are now stable. To clarify what this means for the Flux project as a whole, we added the following section to our migration timetable:

Flux 1: Superseded
- All existing projects encouraged to migrate to Flux 2, and report any bugs
- Flux 1 Helm Operator code freeze – no further updates except CVEs
Flux 2 CLI: Needs further testing, may get breaking changes
- CLI needs further user testing during this migration period
GitOps Toolkit APIs and Controllers
- All Beta, Production Ready
  The GOTK Custom Resource Definitions which are at v1beta1 and v2beta1 and their controllers are considered stable and production ready. Going forward, breaking changes to the beta CRDs will be accompanied by a conversion mechanism.
- All Flux 1 features stable and supported in Flux 2
- Promoting Alpha versions to Beta makes this Production Ready

Reach out to us if you have any questions about this!

Upcoming events

It’s important to us to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

Flux Bug Scrub

Our Flux Bug Scrub event is now a regular feature, with the current scheduling information available on the CNCF Flux Dev Calendar, usually scheduled opposite the CNCF Flux Project Meeting. You can subscribe to the calendar to receive notifications about upcoming events and schedule changes. The Bug Scrub is an opportunity to meet with other Flux contributors in another setting besides the Dev meeting, where we try to identify “Good First Issues” and spend an hour working on issue triage as a group. These meetings are open to the general public, so individuals of any skill level are welcome.

The theme and focus of the Bug Scrub can vary from week to week; we are floating the idea of doing an FAQ scrub or Docs scrub, where instead of reviewing issues and doing triage on PRs, we comb through recent Slack history and try to find new Frequently Asked Questions that we can add to the docs, in order to save the Flux team from writing out the same replies longhand every time a question is asked again. Many folks are coming to the Bug Scrub just to learn more about Flux and for a window into Flux current events.

One goal of this event is to convert Flux users into Flux contributors, so we will try to make sure that all attendees who are interested in making a contribution get an issue assignment before the end of the event. We hope that you will join us for a Bug Scrub some time soon.

For details and more information about the Flux Bug Scrub, how it works, and what you need to do in order to participate: please read and review the Bug Scrub Process/Protocol doc, or revisit the blog post that announced our First Bug Scrub. Remember to find current scheduling information on the CNCF Flux Dev Calendar, and stay tuned for more info!

GitOpsCon North America

Still a little further down the line, GitOpsCon North America is happening October 12, 2021 as a Day-0 Event leading up to CloudNativeCon/KubeCon in Los Angeles, California + Virtually of course.

GitOpsCon North America (#GitOpsCon) is designed to foster collaboration, discussion and knowledge sharing on GitOps. This event is aimed at audiences that are new to GitOps as well as those currently using GitOps within their organization. Get connected with others that are passionate about GitOps. Learn from practitioners about pitfalls to avoid, hurdles to jump, and how to adopt GitOps in your cloud native environment.

The event is vendor-neutral and is being organized by the CNCF GitOps Working Group. Topics include getting started with GitOps, scaling and managing GitOps, lessons learned from production deployments, technical sessions, and thought leadership.

The schedule is not yet available, but will be soon. Now is a good time though to register.

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

Flux User Interviews

As a community we want to share our success stories more, so Scott Rigby and Daniel Holbach will soon start reaching out to folks who use Flux, who built solutions on top of Flux or do advocacy for Flux. If you were involved in any of these things, or know of an interesting story we should be telling to inspire, celebrate and teach others, please let us know. We want to reach far and wide and paint Flux’s community as colourful and diverse as it is!

News from the Website and our Docs

We updated to a new version of the docsy theme, which gives us more short-codes we can use to express ourselves in our documentation. Alison also improved the ways tabs look as you can see here:

Alison also put quite a bit of work into writing up how we want our documents to look and which short-codes are most useful. This should make it much easier if you want to start contributing documentation for Flux.

In the FAQ section, Hendrik Ferber explained how to patch CoreDNS and other pre-installed addons.

Additionally, to give some of the success stories Flux users have shared more room, we added this section to the landing page of https://fluxcd.io - if you have more, we are all ears!

Many others helped us improve the site and docs in other ways - thanks to everyone!

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-08-04 12:00 UTC, or 2021-08-12, 15:00 UTC.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: July 2021 update

Fri, 02 Jul 2021 11:30:00 +0000

As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration and where you can get involved. Read last month’s update here.

Let’s recap what happened in June - there has been so much happening!

From now on Flux APIs will be stable

We moved our APIs to v1beta1, which means that all Flux APIs are stable from now on. To us this means that Flux is production ready. You can make use of all these APIs, we’ll support them from now on. Going forward, breaking changes to the beta CRDs will be accompanied by a conversion mechanism.

Incidentally this also marks the 100th release in the fluxcd/flux2 repo. 🎆

How about you give us a ⭐ if you like it?

We are very proud of what we put together, here we want to reiterate some Flux facts - they are sort of our mission statement with Flux.

Flux Project Facts

🤼 Flux provides GitOps for both apps or infrastructure. With help from Flagger, Flux can automate the release process of apps using strategies like canaries and A/B rollouts. Flux can also manage any Kubernetes resource. Infrastructure and workload dependency management is built-in.
🤖 Just push to Git and Flux does the rest. Flux enables application deployment (CD) and progressive delivery (PD) through automatic reconciliation. Flux can update container image declarations in your YAML and push them automatically back to Git for you (based on new image tags discovered via scanning).
🔩 Flux plays nice with your existing tools: your Git providers (GitHub, GitLab, Bitbucket, can even use s3-compatible buckets as a source), all major container registries, and all CI workflow providers.
☸️ Flux works with any Kubernetes and all common Kubernetes tooling: Kustomize, Helm, RBAC, and policy-driven validation (OPA, Kyverno, admission controllers) so it simply falls into place.
🤹 Flux does Multi-Tenancy (and “Multi-everything”): Flux uses true Kubernetes RBAC via impersonation and supports multiple Git repositories. Multi-cluster infrastructure and apps work out of the box with Cluster API: Flux can use one Kubernetes cluster to manage apps in either the same or other clusters, spin up additional clusters themselves, and manage clusters including lifecycle and fleets.
📞 Flux alerts and notifies: Flux provides health assessments, alerting to external systems and external events handling. Just “git push”, and get notified on Slack and other chat systems.
💖 Flux has a lovely community that is very easy to work with! We welcome contributors of any kind. The components of Flux are on Kubernetes core controller-runtime, so anyone can contribute and its functionality can be extended very easily.

New releases in the Flux family

Flux 0.16 hits the streets

We've released flux2 v0.16.0. Starting with this version, all Flux APIs are considered stable and ready for production use. ✨

The highlights are:

🚀 The image automation APIs have been promoted from v1alpha2 to v1beta1. There are no breaking changes; to upgrade from image.toolkit.fluxcd.io/v1alpha2, simply change the API version to v1beta1 for all the image manifests in Git.
🦾 Flux has full support for mixed-arch Kubernetes clusters. We now run the conformance test suite for Flux pre-releases on both AMD64 and ARM64.

🔎 New flux trace command that allows Flux users to point the CLI to a Kubernetes object in-cluster and get a detailed report about the GitOps pipeline that manages that particular object.

$ flux trace podinfo-5dcdc87bc5-9pcrh --kind=pod \
--api-version=v1 --namespace=podinfo
Object: pod/podinfo-5dcdc87bc5-9pcrh
Namespace: podinfo
Status: Managed by Flux
---
HelmRelease: podinfo
Namespace: podinfo
Revision: 6.0.0
Status: Last reconciled at 2021-06-24 08:37:55 +0300 EEST
Message: Release reconciliation succeeded
---
HelmChart: podinfo-podinfo
Namespace: flux-system
Chart: podinfo
Version: >=1.0.0-alpha
Revision: 6.0.0
Status: Last reconciled at 2021-06-24 08:31:40 +0300 EEST
Message: Fetched revision: 6.0.0
---
HelmRepository: podinfo
Namespace: flux-system
URL: https://stefanprodan.github.io/podinfo
Revision: 8411f23d07d3701f0e96e7d9e503b7936d7e1d56
Status: Last reconciled at 2021-06-24 07:57:22 +0300 EEST
Message: Fetched revision: 8411f23d07d3701f0e96e7d9e503b7936d7e1d56

📔 Check out the Flux roadmap updates.

⚠ Breaking Changes in 0.15

In this version, Flux and its controllers have been upgraded to Kustomize v4. While Kustomize v4 comes with many improvements and bug fixes, it introduces a couple of breaking changes:

YAML anchors are no longer supported in Kustomize v4, see kustomize/issues/3675 for more details.
Due to the removal of hashicorp/go-getter from Kustomize v4, the set of URLs accepted by Kustomize in the resources filed is reduced to file system paths, URLs to plain YAMLs and values compatible with git clone. This means you can no longer use resources from archives (zip, tgz, etc).
Due to a bug in Kustomize v4, if you have non-string keys in your manifests, the controller will fail with json: unsupported type error.

More details on breaking changes can be found at #1522

Flagger 1.12 got released

1.12.1: This release comes with a fix to Flagger when used with Flux v2.

Improvements: Update Go to v1.16 and Kubernetes packages to v1.21.1 #940
Fixes: Remove the GitOps Toolkit metadata from generated objects #939

1.12.0: This release comes with support for disabling the SSL certificate verification for the Prometheus and Graphite metric providers.

Improvements:
- Add insecureSkipVerify option for Prometheus and Graphite #935
- Copy labels from Gloo upstreams #932
- Improve language and correct typos in FAQs docs #925
- Remove Flux GC markers from generated objects #936
Fixes: Require SMI TrafficSplit Service and Weight #878

Upcoming events

It’s important to us to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

The Bug Scrub

Kingdon Barrett organised our first ever Bug Scrub. To quote from the announcement:

For us, a great way to get started, is to learn more about Flux through direct experience, when e.g. trying to reproduce issues reported by other Flux users, and the general business of chopping wood and carrying water. The Flux Bug Scrub is born.

The inaugural first Bug Scrub event commenced and concluded on June 30. It was a great success where we collectively as a team visited 53 issues in about 60 minutes. This was a terrific opportunity which we will be repeating on a regular weekly basis for the time being.

Kingdon will continue hosting these hour-long gatherings on a staggered weekly basis, in the empty time slot which is opposite the existing “CNCF Flux Project Meeting” community meeting; the next Bug Scrub is on July 8 at 8:00 Pacific / 11:00 Eastern Time / 15:00 UTC, (and from now on you can find them on the CNCF Flux calendar.) Volunteers at any skill level are welcome to attend, come spend an hour levelling up your Flux knowledge by reviewing open issues with the team.

Watch this space and our social channels for news and more details about these events as they happen. Also reach out to Kingdon if you want to get involved in any bug scrubbing.

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

People writing about Flux

(Typical) journey towards full GitOps

This is a new section where we want to highlight people who talk and write about Flux. If you have an article you would like us to refer to, hit us up on Slack or Twitter or Email. We’re looking forward to giving you a shout-out!

Alexander Holbreich wrote a very nice article called “ (Typical) journey towards full GitOps”.

It’s well-written, easy to read and goes into enough detail for newcomers to understand it. Thanks Alexander for this write-up!

Flux at the Okteto Community Call

https://okteto.com/blog/june-2021-community-call-recap/

One of the Flux maintainers, @kingdonb, was invited on the Okteto community call for show-and-tell about how Flux and Okteto integration works; the video link is in the blog post which is featured on the Okteto blog at the link above. See how the Okteto CLI can be used to invoke a debugger inside a pod running on your dev cluster, which together with VS Code shortens the inner loop of development, providing a unique developer experience with Flux.

Website and Docs news

Our web and docs team has been busy as well.

🤹 First of all we would like to congratulate everyone who added themselves to the Flux Adopters page. It’s beautiful for all of us who work on the Flux to see how our projects are used in the wild.

📔 We moved our legacy documentation (Flux Legacy and Helm Operator) from docs.fluxcd.io to fluxcd.io/legacy and replaced all old docs with redirects. This was done because our docs were hosted on two different pieces of infrastructure and came from different repositories. They were hard to update and some of our users got confused about which docs they were looking at. If you have any feedback about this, let us know.

🔋 We also just added a Flux Integrations page. If your extension or integration is not listed yet, please add yourself. We will make this page shine more in the future - we are also happy to work on joint blog posts, etc. Just come and talk to us!

💖 Our landing page received a number of style updates and now shows Flux contributors! It’s great to be able to see everyone who is making this happen.

Many docs have received updates and more information and we are pleased that many new docs PRs have been coming in from new contributors! We now check links automatically as well.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-07-01 15:00 UTC, or 2021-07-07, 12:00 UTC.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: June 2021 update

Mon, 31 May 2021 08:30:00 +0000

As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities which are available for integration and where you can get involved. Read last month’s update here.

Let’s recap what happened in May - there has been so much happening!

Newest Flux release

With the 0.14 release of Flux we added a number of big features to Flux.

The highlights are:

We replaced the Flux monitoring stack with Prometheus Operator and kube-prometheus-stack.
Support for a wider range of SSH key formats (CLI)
Send Flux events to Azure Event Hub (notification-controller)
Support for a wider range of OpenPGP key formats (source-controller)
Reduce the memory usage when cloning repositories with large files (source-controller)
Support for including the content of app repos into the main config one (better alternative to git submodules and kustomize remote bases) (source-controller)

Docs:

📔 GitRepository include documentation
🎁 Checkout the new guide on ways of structuring your repositories

If you are entirely new to Flux, check out our get started guide. If you are on an older version of Flux, check out our migration documentation.

Flagger 1.11 is here

Over in the Flagger project, since our last blog the versions 1.9, 1.10 and 1.11 were released and they bring a number of nice new features and improvements.

1.9.0 came with improvements to the Gloo Edge integration:

Starting with this version, Flagger no longer requires Gloo discovery to be enabled. Flagger generated the Gloo upstream objects on its own and optionally it can use an existing upstream (specified with .spec.upstreamRef) as a template.
Also: Adjusted Nginx ingress canary headers on init and promotion

1.10.0 comes with support for Graphite metric templates, additionally:

ConfigTracker: Scan envFrom in init-containers
e2e: Update Istio to v1.10 and Contour to v1.15

⚠️ Flagger 1.11.0 comes with a breaking change: the minimum supported version of Kubernetes is v1.19.0.

This release comes with support for Kubernetes Ingress networking.k8s.io/v1. The Ingress from networking.k8s.io/v1beta1 is no longer supported, affected integrations: NGINX and Skipper ingress controllers.

KubeCon round-up

KubeCon 2021 Europe happened in early May and the Flux team was happy to represent. If you entirely missed the event, here are a couple of links we’d like to share:

05 May 2021 - Keynote: CNCF Project Update: Flux - Stefan Prodan at KubeCon 2021 Europe
05 May 2021 - Helm Users! What Flux Can Do For You - Scott Rigby & Kingdon Barrett at KubeCon 2021 Europe
06 May 2021 - Flux: Multi-tenancy Deep Dive - Philip Laine at KubeCon 2021 Europe
04 - 07 May 2021 - Flux Pavilion at KubeCon EU! Talks and demos every 30 minutes! Say hello!

These are recordings of talks which were given by Flux maintainers.

We were also present at the Flux booth at the CNCF Project Pavillion. This was new for us and we really enjoyed being part of this. A number of Flux maintainers and community members were at the virtual booth to meet and greet, answer questions and do impromptu lightning talks - we watched some of the keynotes together and shared feedback.

We had a fantastic time, laughed a lot and were pleased to learn more about how everyone uses Flux in production and how folks can start getting more involved in our community. Thanks everyone for supporting us at KubeCon!

The CNCF Flux Store is up

As one of the perks of reaching Incubation status within the CNCF, there is now a Flux section in the CNCF Store. If you are looking for a new hoodie, new socks, a birthday present or anything else, please sure to check out https://store.cncf.io/collections/flux.

If you have fully re-clothed yourself in Flux things, be sure to share a pic on our Slack channel!

(Learn more about the store and where its proceeds go here.)

Our community is growing

We finally built a nicer home to show off who all is part of our community: https://fluxcd.io/adopters.

From start-ups to Fortune 500 companies many have accompanied us for a couple of years already, quite a few migrated to the latest of Flux and quite a few use Flagger.

If you use any of the Flux projects in your organisation, please consider adding yourself as well: instructions can be found here.

Thanks a lot everyone who already added themselves - your support means a lot to us! 💖

Upcoming events

It’s important to us to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers.

We are very happy to be part of a big event that will definitely be worth your time: an entire two-day conference about the newest developments in the GitOps world with Keynotes from Justin Cormack (CTO, Docker), Katie Gamanji (Ecosystem Advocate, CNCF), and Lei “Harry” Zhang (Staff Engineer at Alibaba Cloud).

09-10 Jun 2021 - GitOps Days 2021

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

Reviewing Flux Governance

More than half a year ago we established our Flux Governance document. The idea behind it was to formalise our values around community, the roles and responsibilities and processes; many of which had been transparent and with our full integrity, but still quite ad-hoc up until that point.

For us it’s time to review this together with our Community and Contributors docs. So we are turning to you for feedback: please let us know what you think. What was your experience up until now? Do you feel things are clear enough?

We are striving for a great contributor experience, so your feedback on all of the above is going to make a difference.

Representing Flux and Flagger at CNCF

The CNCF does a great job of informing the world of its member projects and we just made sure to update all relevant information, branding and logos. If you ever need to borrow our logos, colours or any other info for a presentation or something, check out the CNCF CI/CD Landscape, the Flux and Flagger branding or our entry on the list of CNCF projects.

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-06-03 15:00 UTC, or 2021-06-09, 12:00 UTC.
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: May 2021 update

Thu, 29 Apr 2021 06:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out some general resources. We like “What is GitOps?” or “The Official GitOps FAQ” written by folks at Weaveworks.

The Road to Flux v2

The Flux community has set itself very ambitious goals for version 2 and as it’s a multi-month project, we strive to inform you each month about what has already landed, new possibilities which are available for integration and where you can get involved. Read last month’s update here.

Let’s recap what happened in April - there has been so much happening!

It’s the one-year anniversary of Flux v2

Incredible, but true. The first experimentation around Flux v2 started about a year ago. It was only meant to be a proof of concept to illustrate that a set of small and targeted controllers could replace all of Flux eventually. We celebrate how far we have come: Flux v2 is closer to GA, and already solves more problems than v1. It’s far more flexible, ships more features and is easier to navigate and debug. What’s even more important is that our community has grown considerably since then. We have more maintainers from more organisations on board, more documentation and are looking forward to having you on the team as well!

Thanks a lot to everyone who contributed so Flux v2 so far!

We added many long-requested features

0.12 had the following highlights:

New bootstrap git command for pairing Flux with any Git platform (CLI)
Improvements to GitHub and GitLab bootstrap including self-signed certs (CLI)
Support for Git submodules (source-controller)
GPG signing of image update commits (image-automation-controller)
Fixes to commit templates and new branch push (image-automation-controller)
Extend SOPS with support for age encryption format (kustomize-controller)
Support for sending alerts to Sentry and Webex (notification-controller)
Alerts deduplication and events rate limiting (notification-controller)
A container image with kubectl and flux is available on DockerHub and GitHub

The Flux v2 CLI and the GitOps Toolkit controllers are now CII Best Practices certified.

Checkout the new bootstrap procedure.

0.13 comes with breaking changes to image automation and has the following highlights:

The image automation APIs have been promoted to v1alpha2. Users are encouraged to test this image automation beta candidate, and give feedback before we move these APIs to beta (after which there will be no further breaking API changes)
Allow pre-bootstrap customisation of Flux components (CLI)
Improved efficiency of Bucket downloads by including .sourceignore rules during bucket item downloads (source-controller)
New command to list all Flux resources flux get all --all-namespaces (CLI)
Support for CRDs upgrade policies (helm-controller)
Support for SSH keys with a passphrase (source-controller)
Send alerts to HTTPS servers with self-signed certs (notification-controller)
The HelmChart ValueFile field has been deprecated in favour of ValuesFiles (source-controller)
Support for decrypting Kubernetes Secrets generated with SOPS and Kustomize secretGenerator (kustomize-controller)

Please follow the upgrade procedure for image automation.

Checkout the new bootstrap customisation feature.

The Image automation guide has been updated to the new APIs, and also includes a reference to a new GitHub Actions use case guide, for automatic pull request creation with Flux and GitHub Actions. This guide is for you, if you want Flux updates to go to a staging branch, where they can be reviewed and approved before going to production.

Flagger v1.8.0

Until now Flagger was compatible with Linkerd which implements the Service Mesh Interface (SMI) v1alpha1. Starting with v1.8.0, Flagger extends the SMI support for the v1alpha2 and v1alpha3 APIs. This means Flagger can be used to automate canary releases with progressive traffic shifting for Open Service Mesh, NGINX Service Mesh, Consul Connect, and any other service mesh conforming to SMI.

More features have been included in v1.8.0 release, please see the changelog.

If you want to get hands-on experience with GitOps (Flux v2) and Progressive Delivery (Flagger), check out Stefan’s blog post: A GitOps recipe for Progressive Delivery with Istio.

Upcoming events

It’s important to us to keep you up to date with new features and developments in Flux and provide simple ways to see our work in action and chat with our engineers. In the next days we have these events coming up for you:

It’s KubeCon EU 2021 and because we are now an incubating project Flux will have a booth at the project pavilion for the first time! Stop by the booth to chat with us and check out our booth schedule of talks with various users, contributors, and maintainers.

The Flux maintainers will be speaking during the conference as well:

03 May 2021 - GitOpsCon EU 2021 - KubeCon Day 0 co-located event organized by the GitOps Working Group. Co-hosted by Scott Rigby, Weaveworks and Chris Short, Red Hat. You must be registered to attend

GitOps Con Europe (#GitOpsCon) is designed to foster collaboration, discussion and knowledge sharing on GitOps. This event is aimed at audiences that are new to GitOps as well as those currently using GitOps within their organization. Get connected with others that are passionate about GitOps. Learn from practitioners about pitfalls to avoid, hurdles to jump, and how to adopt GitOps in your cloud native environment.
04 May 2021 - Meet the Maintainer - Stefan Prodan - you must be registered here to attend this session.
05 May 2021 - Keynote: CNCF Project Update: Flux - Stefan Prodan at KubeCon 2021 Europe.
05 May 2021 - Helm Users! What Flux 2 Can Do For You - Scott Rigby & Kingdon Barrett, Weaveworks

Helm, the Package manager for Kubernetes. Flux, the GitOps continuous delivery solution for Kubernetes. Both can be used independently, but are more powerful together. Scott Rigby, Helm and Flux maintainer — and Kingdon Barrett, OSS engineer — will share the benefits of Helm and GitOps for developers, with live demos showcasing the extra awesomeness of Flux v2 and Helm together. This talk is for Helm users who have either never used Flux, or Flux v1 users looking forward to new features in Flux v2.
06 May 2021 - Flux: Multi-tenancy Deep Dive - Philip Laine at KubeCon 2021 Europe

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories) and automating updates to the configuration when there is new code to deploy. In this presentation, we will look at how Flux can be used in multi-tenant environments to simplify the day to day work of developers and Kubernetes cluster operators.
07 May 2021 - Meet the Maintainer - Aurel Canciu - you must be registered here to attend this session

Still a bit further down the line, but this will definitely be worth your time: an entire two-day conference about the newest developments in the GitOps world with Keynotes from Justin Cormack (CTO, Docker), Katie Gamanji (Ecosystem Advocate, CNCF), and Lei “Harry” Zhang (Staff Engineer at Alibaba Cloud).

09-10 Jun 2021 - GitOps Days 2021

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

Our website has grown

Since the start of Flux v2 we wanted to make good documentation front and center of what we do. For a while now we published all the guides and API docs at toolkit.fluxcd.io. For a time now we knew that this was confusing, so we started the work on moving everything to https://fluxcd.io.

We are very pleased to announce that we succeeded in moving the docs and now offer community information, our blog and many other useful bits on the website, everything is searchable and we look forward to adding more.

The team who has been working on this is looking for help, so if you have a knack for fixing typos, improve grammar, add short guides or work on graphics or make the layout more user-friendly, please talk to us in the #flux Slack channel and/or send a pull request to fluxcd/website.

Looking forward to growing the team! 💖

Alison Dowdney joins the maintainer team

Alison has been part of the Flux project for quite a while now. Not only did she present Flux at meetups, fix bugs and add documentation in the last months. She also helped out with the website and has a long background in working with communities in the Kubernetes space. Recently she took on the role of chair in k8s SIG Contributor Experience as well!

We feel very fortunate to have Alison on board!

Over and out

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2021-05-12 12:00 UTC, or 2021-05-20 15:00 UTC
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group

We are looking forward to working with you.

Blog: April 2021 update

Wed, 31 Mar 2021 08:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out some general resources. We like GitOps manifesto or the official GitOps FAQ written by folks at Weaveworks.

The Road to Flux v2

Let’s recap what happened in April - there have been many changes.

We made huge strides moving Flux 2 forward. The end i.e. calling Flux 2 a GA release is slowly getting in sight and we have a huge list of contributors from all around the world to thank for this!

First we released Flux2 0.9.1 which came with improvements to the notification system. The kustomize-controller and helm-controller are now performing retries with exponential backoff when fetching artifacts. This prevents spamming events and alerts when source-controller becomes unavailable for a short period of time (e.g. upgrades, pod rescheduling, leader election changes, etc).

Much bigger and more substantial was the release of 0.10, which saw these changes:

We added new commands to improve troubleshooting: flux logs, flux get source all, flux get images all (CLI)
The logs command supports streaming and advanced filtering: e.g. flux logs -f --level=error --kind=helmrelease --namespace=prod (CLI)
Push image updates to a different branch for manual approvals through pull requests (image-automation-controller)
Commit message customisations: list updated images and manifests (image-automation-controller)
Restrict image automation to a path relative to the Git repo root (image-automation-controller)
Trigger image updates to Git using Azure Container Registry webhooks (notification-controller)
Support for sending alerts to Google Chat (notification-controller)
Flux Terraform Provider has been promoted from experimental to beta (terraform-provider-flux)

Hot on the heels of this was 0.11.0 and v0.1.1 of the Terraform module. 📔 Highlights:

Default leader election configuration has been improved to prevent the controllers from crashing when the Kubernetes API rate limits requests. This will be most notable to Azure users where the issue was observed a lot.
In case the new defaults are not sufficient, the configuration can now be tweaked using flag arguments as well.
flux create secret git and flux create source git now support supplying a private key from a file using --private-key-file.
The helm-controller will now emit collected logs on release failures in the status conditions and as an event, this should make it much easier to debug wait timeout errors.
SOPS in the kustomize-controller has been updated to v3.7.0, support for the newly added age encryption format is planned. ⏳
All controllers do now record the suspend status of resources in a gotk_suspend_status Prometheus gauge metric.

🚀 Check out the guide on how to automate image updates to Git.

Next up we will triage image-* issues and mark upcoming changes for v1alpha2. The proposal for v1alpha2 is under discussion at https://github.com/fluxcd/flux2/discussions/1124.

As the go-git team made some strides of their own, we can finally bootstrap GitHub/GitLab on-prem with self-signed certs 🎉. They also fixed clones of git sub-modules, so we should be able to unblock Flux 1 users who use sub-modules instead of Kustomize remote git repositories.

Flux is a CNCF Incubation project

You will likely have seen the news elsewhere already, but Flux was promoted from CNCF Sandbox to CNCF Incubation. This is a huge step for the validation of our work, direction, end-user uptake and maturity of our project. Many of us worked hard to make this possible. It’s not just folks who write the code or documentation, but also everyone who gives talks, works with organisations to implement Flux and GitOps, does training, writes books, and countless other things. It was beautiful how the Technical Oversight Committee and SIG App Delivery at CNCF all acknowledged this and made it a special point to talk to some companies who use Flux in production.

Here is a bit of a press round-up if you want to read more about the history, the move itself and what it means:

Our own announcement
CNCF: https://www.cncf.io/blog/2021/03/11/cncf-toc-votes-to-move-flux-from-sandbox-to-incubation/
CNCF On-Demand Webinar: Flux is Incubating + The Road Ahead: https://www.cncf.io/webinars/cncf-on-demand-webinar-flux-is-incubating-the-road-ahead/
Weaveworks blog: https://www.weave.works/blog/flux-incubation
ZDNet: “While it's only just out of the incubator, Flux has already found many users. More than 80 organizations use it in production. This includes Fidelity Investments, Starbucks, and Plex Systems. The CNCF End User Community recommends Flux in its Adopt category of its Technology Radar on Continuous Delivery. Besides Helm, Flux is the only CD, the group recommends for adoption.”
https://www.zdnet.com/article/flux-gitops-program-becomes-a-cncf-incubator-program/
The New Stack: https://thenewstack.io/flux-takes-its-continuous-delivery-and-operations-to-cncf-incubation/
Container Journal: https://containerjournal.com/features/cncf-advances-flux-cd-platform-for-kubernetes-environments/

Flagger v1.7.0 is out

This release comes with support for manually approving the traffic weight increase. Starting with this version, Flagger can be used with Linkerd v2.10 and its new Viz addon, please see the updated guide. Thanks to the Linkerd team for contributing to Flagger.

Upcoming events

5 Apr 2021 - Flux v2 on Azure with Leigh Capili

With Flux v2 we are building extensible and intuitive tools for implementing GitOps to fit your team's needs. Flux 2 integrates well with existing cloud services you may already be using whether it's for source control, secrets-management, or your Kubernetes clusters themselves.

Join Leigh Capili, DX Engineer at Weaveworks, for a live-demo of Flux on Azure. Let's take Microsoft's cloud offerings for a spin.

19 Apr 2021 - Setting up Notifications, Alerts, & Webhook with Flux v2 by Alison Dowdney

🚨❗️ Notifications & Alerts ⚠️
When operating a cluster, different teams may wish to receive notifications about the status of their GitOps pipelines. For example, the on-call team would receive alerts about reconciliation failures in the cluster, while the dev team may wish to be alerted when a new version of an app was deployed and if the deployment is healthy.

🔄 Webhook Receivers 🔁
The GitOps toolkit controllers are by design pull-based. In order to notify the controllers about changes in Git or Helm repositories, you can setup webhooks and trigger a cluster reconciliation every time a source changes. Using webhook receivers, you can build push-based GitOps pipelines that react to external events.

Join Alison Dowdney, Developer Experience Engineer at Weaveworks and CNCF Ambassador, as she walks through how to define a provider and an alert, git commit status, expose the webhook receiver, define a git repository and receiver.

29 Apr 2021 - Doing GitOps for multicloud resource management using Crossplane and Flux2 (at Conf42: Cloud Native 2021)

Leonardo Murillo - CTO @ Qwinix

How would you like for resources to be automatically created across any clouds of your choosing by simply pushing a manifest to a repository? In this talk we'll see hands on how to do multi cloud management following the GitOps operating model by leveraging Flux2 and Crossplane!

A continuous delivery world without pipelines, with automatic reconciliation of resources eliminating all drift in configuration, everything versioned and everything declarative! That is what GitOps is all about. What if only you could follow this same operating model for all your cloud resources, across any public cloud?\

In this talk you'll learn how to do precisely that! We will be using Flux2 and Crossplane, and you will see hands on how, using these two CNCF projects, you can manage your entire multicloud architecture using Kubernetes as your control plane while following the GitOps principles.

You will learn to:

Install Flux2

Using Flux2, install Crossplane in your cluster

Configure AWS and GCP providers for Crossplane

Deploy resources across both clouds with nothing but a push to the repo
This talk is all about code! A couple of slides in the deck to give a brief intro of GitOps and the two projects we'll be using, and then it's all live code!

09-10 Jun 2021 - GitOps Days 2021

The team behind GitOps Days is still busy putting the event together, and the Call for Papers is still open. So if you have something you’d like to talk about, head to the website and submit your talk!

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

💻 The Flux Community is looking for folks who are interested in helping out with the website. We are working on subsuming all our docs on https://fluxcd.io, moving to the Hugo Docsy theme. If you know your way around fixing up CSS and/or want to help make docs and the website more cohesive and inviting, please talk to @dholbach or @alisondy on Slack.

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on 2012-04-08 15:00 UTC, or 2021-04-14, 12:00 UTC
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: March 2021 Update

Mon, 01 Mar 2021 08:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out some general resources. We like the GitOps manifesto or the official GitOps FAQ written by folks at Weaveworks.

The Road to Flux v2

Let’s recap what happened in February - there have been many changes.

Feature Parity - what is this?

If you have been following Slack and other resources you will have heard that in the past Flux v2 releases we reached the “feature parity” milestone, but what does that mean?

When we embarked on this journey to rewrite Flux from scratch, we set out three big blocks of work:

support for Flux operations in read-only mode
Helm v3 support
Image update functionality

Once all of this was realised in Flux v2, we would have feature parity between v1 and v2. After around 10 months of development, we have achieved this.

So what’s left to do? This does not mean Flux v2 is GA just yet. We are in the process of finalising all APIs, updating our documentation and generally consolidating everything. You can find more details on our roadmap.

This means that we will spend some more time on stabilisation and we need your help testing. Flux v2 is only a couple of weeks away and it will be helpful to start your migration journey early. Refer to this discussion and our upcoming workshop.

Flux v2 is now up at 0.9

Last month saw two big releases of Flux v2.

0.8 included these highlights:

Support for Helm post-renderer and Kustomize patches (helm-controller)
Self-signed certs support for Git over HTTPS (source-controller)
In-line Kustomize Strategic Merge and JSON 6902 patches (kustomize-controller)
Basic templating with bash-style variable substitutions (kustomize-controller)
Prevent objects like volumes from being garbage collected with labels (kustomize-controller)
Filter events from alerting based on regular expressions (notification-controller)
Support numerical ordering in image policies (image-reflector-controller)
Support for Azure DevOps and other Git v2 providers (image-automation-controller)
Install Flux on tainted Kubernetes nodes and other bootstrap improvements (CLI)
Uninstall Flux by handling finalizers and preserving all the deployed workloads (CLI)

Hot on its heels 0.9 was released and included these new features:

flux is now available for Apple Silicon (CLI)
The manifests are embedded in the flux binary allowing air-gapped installations (CLI)
Support for recreating Kubernetes objects (e.g. Jobs) when immutable fields are changed in Git (kustomize-controller)
Fix alert regex filtering (notification-controller)
Improved status reporting for Git push errors (image-automation-controller)

💥 This version comes with breaking changes to Helm users due to upstream changes in Helm v3.5.2. Charts not versioned using strict semver can no longer be deployed using Flux due to this. When using charts from Git, make sure that the version field is set to a valid semver in Chart.yaml.

🚀 The migration guides from Flux v1 to v2 can be found here https://github.com/fluxcd/flux2/discussions/413.

Thanks a lot to everyone who contributed to these releases! 💖

Upcoming events

8 Mar 2021 - Migrating from Flux v1 to Flux v2 with Leigh Capili

Welcome to a GitOps Days Community Special!

Get ahead of the game and migrate to Flux v2! With Flux v1 in maintenance mode we want to ensure you're ready for the transition to Flux v2.

In this session, Leigh Capili, DX Engineer at Weaveworks, will demo the Flux guide on how to Migrate from Flux v1, including bootstrapping a cluster with Flux 1 and how to move it over to Flux v2.

If we don't get to everything in this session, we will have subsequent sessions to cover this topic again. Join us we'll see how far we get!

Resources:

📍 Flux v2 Documentation

📍 Flux v2 Guide Migrate from Flux v1

📍 Flux v2 roadmap.

Check out our calendar section for more upcoming and links to recordings of past talks.

In other news

CNCF: Flux is still in the process of getting promoted to Incubation status within the CNCF. This always takes a while. So far we cleared Due Diligence during which our production users were interviewed, and the two-week public comment period went successfully as well.

Website: The Flux Community team has put some more love into our website https://fluxcd.io/, if you would like to join the team, have ideas on how to make it better or would like to join the Comms team, please reach out to @dholbach or @staceypotter on Slack.

Flagger: The discussions around having a new logo for Flagger have concluded; below is the winner. Thanks a lot Bianca Cheng Costanzo for working on this! Thanks also everyone else for updating the diagrams, website and CNCF Landscape.

Meeting times: the Flux team holds weekly, public meetings. To make these accessible to everyone we offer an “early” and a “late” meeting to make sure everyone can attend. Due to changes in the team we approved the request to move the times a little, so we are currently following this schedule:

"early" meeting: Uneven weeks: Wed, 10:00 UTC
"late" meeting: Even weeks: Thu, 15:00 UTC

Find all the information about meetings here.

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on March, 3rd 12:00 UTC, or March 11th, 15:00 UTC
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: February 2021 Update

Mon, 01 Feb 2021 08:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out some general resources. We like the GitOps manifesto or the official GitOps FAQ written by folks at Weaveworks.

The Road to Flux v2

Let’s recap what happened in January - there have been many changes.

Flux2 v0.7 is here

The Flux2 team is very pleased to bring you the 0.7 release series. Most importantly these new features have been added:

The GitOps Toolkit controllers come with dedicated service accounts and RBAC (this is a breaking change for those of you who used the default SA to bind to IAM Roles).
All the controller images are now multi-arch (AMD64, ARM64, ARM 32bit), the --arch flag is no longer used when installing Flux.
You can now set a retry interval for Kustomization reconciliation failures.
In a multi-tenancy setup, health checking and garbage collection are now run using the tenant's service account.
The Helm storage namespace can be configured inside the HelmRelease spec, this is particularly useful when targeting remote clusters.
The image update automation can be triggered using DockerHub, Quay, Nexus, GCR, GHCR, Harbor and generic CI webhooks.
The image update policy now supports alphabetical sorting (Build IDs, CalVer, RFC3339 timestamps) and regex filters.
The image automation controllers can now be run on ARM devices with 1GiB RAM including RaspberryPI 32bit.
Flux bootstrap comes with support for GitLab sub-groups and project tokens.

If you have been watching our roadmap document, you might have noticed that we hit the 80% mark of automated image updates milestone. This means we are getting closer and closer to feature parity with Flux v1 overall.

Some bits are still on our to-do list, but soon we are going to start working on a migration guide for this particular feature and subsequently make a big push in terms of testing and asking for feedback before we ask everyone to cut over to Flux2. This will be a longer process for sure - we are just detailing our next steps here, so you’re aware of what’s coming next.

fluxcd.io website updates

In the last months’ summaries we talked about our plans of revamping our fluxcd.io website. Originally it was mostly just spiffy placeholder page which pointed to more Flux resources. Since then we landed a new design, made its focus Flux2, now we have added two pages which should hopefully help new users and aspiring contributors learn about their options getting help and joining the team

Community | Flux and
SUPPORT | Flux

Please let us know if there’s anything missing or you’d like to help with the site or docs.

Speaking of support, long-time Flux contributor Kingdon Barrett joined Weaveworks as OSS Support Engineer and will take on a more active role in the Flux community. Here’s what he has to say

"I have been in the Flux community for some time, though it seems like only a short while since I first heard about Flux and started getting to know the helpful folks at Weaveworks. Happy to now be taking a more active part in the Flux community through my new role as the Open Source Support Engineer, I am glad to meet everyone and thanks for the welcoming atmosphere! I am here to support the community during the transition from Flux v1 into the new supported series, for all GitOps practitioners."

Needless to say: we’re very excited to have Kingdon with us!

The Flagger move is happening

Avid readers of our blog might be wondering why we’re reporting this again. It’s because the move of Flagger is still happening. Moving the Github repository and Docker images was just the first, and very obvious, step.

There are other resources though which are important for its community. Slack for instance. If you haven’t, please join the #flagger channel on the CNCF Slack - this is the new home for Flagger discussions.

Its website and documentation will be integrated into fluxcd.io at some point. We also want to update the scope and description of the Flux family of projects to encompass Flagger’s Progressive Delivery capabilities. Another important piece is the Flagger logo.

Bianca Cheng Costanzo has been working with the Flux community on a proposal for a new flagger logo - it would be great if you could leave your feedback and let us know how you feel about it.

Flagger v1.6 is here

We are very happy to announce the v1.6 release of Flagger. This release includes:

Support for A/B testing using Gloo Edge HTTP headers based routing.
Extended support for Istio's HTTPMatchRequest and VirtualService delegation.
Support for Kubernetes anti-affinity rules.

Note that starting with Flagger v1.6, the minimum supported version of Kubernetes is v1.16.0.

Repository cleanup

Just a heads-up: we have been cleaning up some of our example repositories. As there are v1 and v2 versions of these under the Flux organisation, we decided to archive the v1 versions and point to the corresponding new versions. These are in particular:

Both come with better documentation, diagrams and more features. So a triple-win for everyone. Be sure to check them out!

Upcoming events

8 Feb 2021 - Fluxv2 Image Update Automation Sneak Peak with Leigh Capili

On the road to feature parity with Flux v1, Image Update Automation is a big milestone for Flux v2. The hard at work Flux team has recently released this feature as alpha. During this session, Leigh Capili, DX Engineer at Weaveworks, will walk us through & demo configuring container image scanning and deployment rollouts with Flux v2.

For a container image you can configure Flux to:

scan the container registry and fetch the image tags

select the latest tag based on a semver range

replace the tag in Kubernetes manifests (YAML format)

checkout a branch, commit and push the changes to the remote Git repository

apply the changes in-cluster and rollout the container image

For production environments, this feature allows you to automatically deploy application patches (CVEs and bug fixes), and keep a record of all deployments in Git history. For staging environments, this feature allows you to deploy the latest pre-release of an application, without having to manually edit its deployment manifests in Git.

18 Feb 2021 - Who wants Cookies? … and GitOps and Runtime Security (at KubeSec Enterprise Online)

There is so much to think about with regard to cluster runtime security and your configuration pipeline. A good recipe helps you reduce the things you need to think about.

You will learn how to use quality OSS ingredients like Flux and Falco to serve a secure platform of gitops goodness the whole team will enjoy! You can rest easy in your gitops kitchen knowing no horrible geese (exploits, vulnerabilities etc) will burn your cookies.

This talk will be given by

Dan “POP” Papandrea, Director of Open Source Community and Ecosystem at Sysdig and

Leigh Capili, Developer Experience Engineer at Weaveworks

Check out our calendar section for more upcoming and links to recordings of past talks.

Get involved and join us

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meetings on Feb, 3rd 10:00 UTC, or Feb 11th, 15:00 UT
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Blog: January 2021 Update

Wed, 06 Jan 2021 12:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out the GitOps manifesto or the official GitOps FAQ.

The Road to Flux v2

Let’s recap what happened in December - there have been many changes.

Flagger moves under the `fluxcd` organization

Flagger extends Flux functionality with progressive delivery strategies like Canary Releases, A/B Testing and Blue/Green and it was specifically designed for GitOps style delivery.

Since the inception of the GitOps Toolkit, it’s clear that fluxcd/ will become more of a family of GitOps related projects. The Flagger maintainers are looking forward to making use of the toolkit components and simplifying Flagger this way. Consolidating the code-bases and thinking in terms of a “Flux Family of Projects” and writing up the roadmap accordingly should benefit both communities as a whole.

The two Flagger maintainers (Stefan Prodan and Takeshi Yoneda) are very happy to see this happening. Thanks also to Weaveworks for agreeing to transfer Flagger and its copyright to fluxcd org (and thus, CNCF).

Review the upcoming roadmap for Flagger - it now includes GitOps Toolkit integration.

Please help us steer this project forward!

Thanks also to everyone who contributed to the latest two releases:

Flagger 1.6.0:
- Add support for A/B testing using Gloo Edge HTTP headers based routing
Flagger 1.5.0:
- Flagger can be installed on multi-arch Kubernetes clusters (Linux AMD64/ARM64/ARM).
- The multi-arch image is available on GitHub Container Registry at ghcr.io/fluxcd/flagger.

Newest Flux v2 release: 0.5

🚀 🎁 We've released Flux2 v0.5, this is the last release for 2020.

Besides bug fixes and performance improvements, it comes with many new features. The highlights are:

Alpha support for automated image updates to Git (thanks to Michael Bridgen - read more in the next paragraph)
Support for Azure DevOps and the Git v2 protocol (thanks to Philip Laine - more below)
Support for overriding container images in kustomize-controller (thanks to Somtochi Onyekwere)
“flux bootstrap” and install commands can now be used on Windows OS without WSL (thanks to Hidde Beydals)
flux can now be installed on Arch Linux using AUR packages (flux-bin or flux-git for the latest release) (thanks to Aurel Canciu)

Automated Image Updates

Automated Image Updates Guide (alpha release)

Flux v2 now includes two controllers for automating image updates -- one of the controllers is for scanning container image repositories, and the other updates and commits changes to YAML config, when there are new images to deploy.

These are the Flux v2 version of Flux’s automation, but work a little differently. The guide linked above explains how to set it up. Be aware that this is an alpha release for the image update automation controllers.

Azure DevOps repository support

Flux has not been able to support Azure DevOps repositories up until the 0.5 release. This was due to the git library go-git used by source-controller not supporting specific git capabilities required by Azure Devops. The same requirements do not exist in the other major git providers, which is why this was not caught during the initial development of source-controller.

This resulted in Flux v1 users who used Azure DevOps that were now not able to migrate to Flux v2. The initial attempt at a solution was to implement the missing capabilities in the existing library, which turned into its own epic. Instead the solution was to introduce a secondary git library libgit2 as it implements the required git capabilities. It turned out that libgit2 has its own limitations as it does not currently support shallow cloning, a feature that speeds up the git polling especially in very large git repositories. The compromise is to allow the user to choose which git library to use. The majority of users will be fine with the default original git library, while the Azure DevOps users will have to specify to use libgit2 in their GitRepository resources.

Follow the generic git server guide for further instructions in how to use Flux with Azure DevOps.

Upcoming events

11 Jan 2021 - Helm + GitOps ⚡ ⚡ ⚡ with Scott Rigby

In this session, Scott will go through the business value as well as the technical value for users + demo these benefits especially if you use Helm 3 with Flux 2.

In other news

The Flux community is growing and we are in the middle of a quite a few big discussions:

We have a new guide which explains core concepts in the Flux world - please give feedback - and thanks Somtochi!
Flux applies to upgrade to CNCF Incubation status: https://github.com/cncf/toc/pull/567

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meeting on Jan 14
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group

We are looking forward to working with you.

Blog: December Update

Tue, 01 Dec 2020 12:30:00 +0000

Before we get started, what is GitOps?

If you are new to the community and GitOps, you might want to check out the GitOps manifesto or the official GitOps FAQ.

The Road to Flux v2

Let’s recap what happened in November - there have been many changes.

Newest Flux v2 release: 0.4.0

The highlight is multi-tenancy support: you can now create tenants with the Flux CLI and restrict access to cluster resources with good old Kubernetes RBAC. Other notable changes: source operations for Git and Helm repositories, Helm charts and Buckets can now be suspended/resumed via Flux CLI or Git. This allows you to freeze the cluster reconciliation to the last fetched revision during an incident or on “No Release Fridays”. We’ve also fixed a couple of helm-controller issues and made available a CLI command to inspect the Helm charts status.

To get you started with setting up Flux and managing multi-tenant environments, an example repository and guide has been published on: https://github.com/fluxcd/flux2-multi-tenancy.

Guides for Helm users

If you have been using the Helm Operator in the past, you should be able to easily upgrade to the Helm Controller (Flux v2). Check out this guide and please give us feedback - we’d love to hear from you:

If you are interested in an example which describes how you can keep e.g. two clusters updated with minimal duplication, check out this repository - it uses Flux v2, Helm and Kustomize:

https://github.com/fluxcd/flux2-kustomize-helm-example

Aurel Canciu joins Flux v2 maintainers

Aurel Canciu has been putting quite a bit of work into Flux projects in the past weeks. We are very pleased to see his contributions across the project. Let’s hear a few words from Aurel himself:

As an avid promoter of the GitOps set of principles, I was very excited about the new Flux toolkit as a user, so naturally I decided to get involved and contribute to the best of my abilities and time availability. I am happy to now be part of an excellent team of maintainers and help move forward with this promising project.

First milestone of fluxcd.io redesign landed

Ever since Flux moved into the CNCF Sandbox, we had a website for it which Luc Perkins created. For a while we have been thinking about how to best make use of the domain. We came up with a three-stage plan:

Move to new them, point to Flux 2 resources
Add a blog
Subsume current docs and toolkit subdomains under fluxcd.io

Thanks to Hidde Beydals’s tireless work we were able to complete stage 1 and 2. Below is what it currently looks like:

If you want to help out with the next steps, please reach out.

Fantastic demo on Flux v2

We are very pleased Viktor Farcic from Codefresh took Flux v2 for a second spin and reviewed it in his demo. If you haven’t seen Flux v2 in action yet and want to know what the big deal is about check this out:

Flux v1 is in maintenance mode

This means we

are focusing most of our attention on Flux v2
will only be working on Flux (and the Helm Operator v1) for critical updates and bug fixes

Flux is still being maintained and supported, it will just take a little bit longer to get around to addressing issues and PRs. Critical bug fixes have our priority. Read more about what this means.

(The same goes for Helm Operator v1.)

The Flux Community team

The Flux community identified work that falls into the categories of contributor experience, advocacy and communications, community management as integral to its success long ago. While this has been an implicit focus of the team for a while, we want to build out the team, open it up and formalise processes.

If you are generally interested in helping out with this effort, let us know. For now we started some social media channels for Flux and want to inform the wider community about what’s happening.

We started a Flux LinkedIn group and Flux Twitter. We will put more effort into building out the Flux community. If you are keen to help in a non-coding fashion, we’re looking forward to hearing from you.

In other news

The Flux community is growing and we are in the middle of a quite a few big discussions:

Flagger plans to move under the Flux organisation: https://github.com/fluxcd/community/issues/34
Flux applies to upgrade to CNCF Incubation status: https://github.com/cncf/toc/pull/567
GitOps Working Group starts off as a Flux sub-project (for now): https://web.archive.org/web/20231105205138/https://www.weave.works/blog/announcing-gitops-working-group

If you like what you read and would like to get involved, here are a few good ways to do that:

Join our upcoming dev meeting on Dec 3
Talk to us in the #flux channel on CNCF Slack
Join the planning discussions
And if you are completely new to Flux v2, take a look at our Get Started guide and give us feedback
Social media: Follow Flux on Twitter, join the discussion in the Flux LinkedIn group.

We are looking forward to working with you.

Flux – monthly-update

Blog: May 2023 Update

Flux technology things to know

Three more Flux release candidates! Many improvements - Please test

Fixes and improvements

Security news

Flagger 1.31.0

News from Flux users & the Community!

Newly posted Flux adopters!

Flux members, contributors, and maintainers!

Priyanka Ravi joins as Flux Project Member

Matheus Pimenta joins as a Flux Project Member

Tamao Nakahara joins as Flux Project Member

Sanskar Jaiswal becomes a Core Maintainer

Mehak Saeed selected for Flux’s Season of Docs

Share your story at KubeCon NA in Chicago this year! 📆

Use Cases from Flux users at GitOpsCon / Open Source Summit 2023 in May!

DevOps Days Medellin, Colombia

Talks on Flux+GitLab, Flux+ARM64, Flux+Terraform, Flux+VS Code, Flux+WASM and more from GitOpsCon-CDCon / Open Source Summit 2023

Talk summaries in The New Stack:

Talks by Flux contributors and maintainers include:

Upcoming Events

Flux project meetings and Flux Bug Scrub+ChatGPT!

Flux Fun Fact!

Over and out

Blog: April 2023 Update

News in the Flux family

Flux v2.0.0 release candidate

Flagger: Bug fix release 1.30.0 hits the streets

Flux Ecosystem

Weave GitOps

Terraform-controller

Flux Subsystem for Argo

New additions to the Flux Ecosystem

Recent & Upcoming Events

cdCon + GitOpsCon North America 2023

OSS Summit North America 2023

Recent Events (ICYMI) 📺

CloudNativeCon / KubeCon EU 2023

Upcoming Events 📆

Flux Bug Scrub

In other news

Michael Fornaro joins Flux as a Project Member

People writing/talking about Flux

News from the Website and our Docs

Flux Adopters shout-out

More docs and website news

Flux Project Facts

Over and out

Blog: March 2023 Update

News in the Flux family

Flux v0.41: more performance improvements, Helm-related features and “flux events”

Flux Ecosystem

Weave GitOps

Terraform-controller

Flux Subsystem for Argo

VS Code GitOps Extension

New additions to the Flux Ecosystem

Recent & Upcoming Events

Recent Events (ICYMI) 📺

Upcoming Events 📆

CloudNativeCon / KubeCon EU 2023

Tuesday, April 18

Wednesday, April 19

Thursday, April 20

Friday, April 21

Flux Bug Scrub

In other news

People writing/talking about Flux

News from the Website and our Docs

Flux Adopters shout-out

More docs and website news

Flux Project Facts

Over and out

Blog: February 2023 Update

News in the Flux family

Two Flux minor releases hit the streets

v0.40: ImageRepository and ImagePolicy promote to v1beta2

v0.39: better security support, improved performance and observability

Security news