Skip to content

Flux Instance Customization

The FluxInstance allows for the customization of the Flux controller deployments and the Flux sync custom resources using Kustomize patches.

Kustomize patches usage

You can make changes to all controllers using a single patch or target a specific controller:

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      # target all controller deployments
      - patch: |
          # strategic merge or JSON patch
        target:
          kind: Deployment
      # target multiple controller deployments by name
      - patch: |
          # strategic merge or JSON patch      
        target:
          kind: Deployment
          name: "(kustomize-controller|helm-controller)"
      # target a single controller service account by name
      - patch: |
          # strategic merge or JSON patch     
        target:
          kind: ServiceAccount
          name: "source-controller"

Examples

The following examples demonstrate how to customize the Flux manifests.

Increase concurrency and resources limits

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          - op: add
            path: /spec/template/spec/containers/0/args/-
            value: --concurrent=10
          - op: add
            path: /spec/template/spec/containers/0/args/-
            value: --requeue-dependency=5s 
          - op: replace
            path: /spec/template/spec/containers/0/resources/limits
            value:
              cpu: 2000m
              memory: 2048Mi
        target:
          kind: Deployment
          name: "(kustomize-controller|helm-controller|source-controller)"

Node affinity and tolerations

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: all
          spec:
            template:
              metadata:
                annotations:
                  cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
              spec:
                affinity:
                  nodeAffinity:
                    requiredDuringSchedulingIgnoredDuringExecution:
                      nodeSelectorTerms:
                        - matchExpressions:
                            - key: role
                              operator: In
                              values:
                                - flux
                tolerations:
                  - effect: NoSchedule
                    key: role
                    operator: Equal
                    value: flux      
        target:
          kind: Deployment

HTTP/S Proxy

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: all
          spec:
            template:
              spec:
                containers:
                  - name: manager
                    env:
                      - name: "HTTPS_PROXY"
                        value: "https://proxy.example.com"
                      - name: "NO_PROXY"
                        value: ".cluster.local.,.cluster.local,.svc"      
        target:
          kind: Deployment

Cluster sync semver range

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          - op: replace
            path: /spec/ref
            value:
              semver: ">=1.0.0-0"
        target:
          kind: (GitRepository|OCIRepository)

Cluster sync AWS workload identity

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: controller
          annotations:
            eks.amazonaws.com/role-arn: <ROLE ARN>
        target:
          kind: ServiceAccount
          name: "(source-controller|image-reflector-controller)"
      - patch: |
          apiVersion: source.toolkit.fluxcd.io/v1beta2
          kind: OCIRepository
          metadata:
            name: flux-system
          spec:
            provider: aws
        target:
          kind: OCIRepository

Cluster sync SOPS decryption

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
spec:
  kustomize:
    patches:
      - patch: |
          - op: add
            path: /spec/decryption
            value:
              provider: sops
              secretRef:
                name: flux-sops
        target:
          kind: Kustomization

For more examples, refer to the Flux bootstrap documentation.