The Flux Operator provides a declarative API for the installation and upgrade of CNCF Flux and the ControlPlane enterprise distribution.
The operator automates the patching for hotfixes and CVEs affecting the Flux controllers container images and enables the configuration of multi-tenancy lockdown on Kubernetes and OpenShift clusters.
- Kubernetes 1.22+
- Helm 3.8+
To install the operator in the flux-system namespace:
helm install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \
--namespace flux-system \
--create-namespace \
--waitTo deploy the Flux controllers and to configure automated updates, see the Flux Operator documentation.
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}} |
Pod affinity and anti-affinity settings. |
| commonAnnotations | object | {} |
Common annotations to add to all deployed objects including pods. |
| commonLabels | object | {} |
Common labels to add to all deployed objects including pods. |
| extraArgs | list | [] |
Container extra arguments. |
| extraEnvs | list | [] |
Container extra environment variables. |
| fullnameOverride | string | "" |
|
| hostNetwork | bool | false |
If true, the container ports (8080 and 8081) are exposed on the host network. |
| image | object | {"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""} |
Container image settings. The image tag defaults to the chart appVersion. |
| installCRDs | bool | true |
Install and upgrade the custom resource definitions. |
| livenessProbe | object | {"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20} |
Container liveness probe settings. |
| logLevel | string | "info" |
Container logging level flag. |
| marketplace | object | {"account":"","license":"","type":""} |
Marketplace settings. |
| nameOverride | string | "" |
|
| podSecurityContext | object | {} |
Pod security context settings. |
| priorityClassName | string | "" |
Pod priority class name. Recommended value is system-cluster-critical. |
| readinessProbe | object | {"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10} |
Container readiness probe settings. |
| resources | object | {"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}} |
Container resources requests and limits settings. |
| securityContext | object | {"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}} |
Container security context settings. The default is compliant with the pod security restricted profile. |
| serviceAccount | object | {"automount":true,"create":true,"name":""} |
Pod service account settings. The name of the service account defaults to the release name. |
| serviceMonitor | object | {"create":false,"interval":"60s","labels":{},"scrapeTimeout":"30s"} |
Prometheus Operator scraping settings. |
| tolerations | list | [] |
Pod tolerations settings. |