flux

Flux

See Automate image updates to Git | Flux.

Note: There is an argocd-image-updater, but it is very specific to Argo CD and supports Helm and Kustomize only. Flux supports any YAML file and is agnostic regarding the deployment solution.

Suspend and resume an Image Repository

Suspend

kubectl patch ImageRepository \
  --namespace=flux-system "${IMAGE_REPOSITORY}" \
  --type=json --patch='[{ "op": "add", "path": "/spec/suspend", "value": true }]'

Resume

kubectl patch ImageRepository \
  --namespace=flux-system "${IMAGE_REPOSITORY}" \
  --type=json --patch='[{ "op": "remove", "path": "/spec/suspend" }]'

See also Image Repositories | Flux - Suspending and resuming

Suspend and resume Image Update Automation

Suspend

kubectl patch ImageUpdateAutomation \
  --namespace=flux-system parca-dev-demo-deployments \
  --type=json --patch='[{ "op": "add", "path": "/spec/suspend", "value": true }]'

Resume

kubectl patch ImageUpdateAutomation \
  --namespace=flux-system parca-dev-demo-deployments \
  --type=json --patch='[{ "op": "remove", "path": "/spec/suspend" }]'

See also Image Update Automations | Flux

Configure SSH key

Based on Git Repositories - SSH authentication | Flux.

1. Generate a new SSH key pair:

   ssh-keygen -b 4096 -N '' -C fluxcdbot -f fluxcdbot

2. Create a new secret in the cluster:

   PATCH="$(jq --null-input --arg identity "$(<fluxcdbot)" '[{
     "op": "replace",
     "path": "/data/identity",
     "value": "\($identity|@base64)"
   }]')"
   kubectl patch secret \
     --namespace=flux-system flux-ssh-credentials \
     --type=json --patch="${PATCH}"

3. Add the fluxcdbot.pub public key to the repository's deploy keys with write access.

Retrieve current SSH public key from the cluster

kubectl get secret --namespace=flux-system flux-ssh-credentials --output=json \
  | jq --raw-output '.data.identity|@base64d' \
  | ssh-keygen -y -f /dev/stdin