Flux Operator Helm Chart

Artifact Hubflux-operator

Install from GitHub

helm upgrade -i flux-operator \
  oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator \
  --namespace flux-system \
  --create-namespace \
  --wait

Install from Quay

helm upgrade -i flux-operator \
  oci://quay.io/fluxoperatordev/charts/flux-operator \
  --set image.repository=quay.io/fluxoperatordev/flux-operator \
  --namespace flux-system \
  --create-namespace \
  --wait

Values

# Default values for flux-operator.

nameOverride: ""
fullnameOverride: ""

# -- Enable [multitenancy lockdown](/docs/crd/resourceset/#role-based-access-control) for the ResourceSet APIs.
multitenancy:
  enabled: false
  enabledForWorkloadIdentity: false
  defaultServiceAccount: "flux-operator" # @schema required: true
  defaultWorkloadIdentityServiceAccount: "flux-operator" # @schema required: true

# -- Flux [reporting](/docs/crd/fluxreport/) settings.
reporting:
  interval: 5m # @schema required: true

web:
  # -- Enable the [Flux Status web server](/web-ui/) on port 9080.
  enabled: true
  # -- The spec of the [Web Config API](/docs/web-ui/web-config-api/)
  config: { } # @schema type: object
  # -- Reference to an existing Secret in the same namespace as the deployment containing the Web Config API. Should have the key `config.yaml`.
  configSecretName: "" # @schema default: ""
  # -- Create a NetworkPolicy to allow access to the Flux Status web interface.
  networkPolicy:
    create: true
  # -- Create standard roles for [user access management](/docs/web-ui/user-management/).
  rbac:
    createRoles: true # @schema default: true
    createAggregation: false # @schema default: false
  # -- Run the Flux Status web server as a standalone deployment (requires a dedicated Helm release).
  serverOnly: false
  # -- Number of replicas for the Flux Status web server standalone deployment (only applicable if `web.serverOnly` is `true`).
  serverReplicas: 1 # @schema default: 1
  # -- Ingress settings for the Flux Status web interface.
  ingress: # @schema default: {"enabled":false,"className":"","annotations":{}}
    enabled: false # @schema default: false
    className: ""
    annotations: { } # @schema type: object
    hosts: [ ] # @schema item: object ; uniqueItems: true
    # - host: flux-operator.example.com
    #   paths:
    #     - path: /
    #       pathType: ImplementationSpecific
    tls: [ ] # @schema item: object ; uniqueItems: true
    #  - secretName: flux-operator-tls
    #    hosts:
    #      - flux-operator.example.com
  # -- Gateway API HTTPRoute settings for the Flux Status web interface.
  httpRoute: # @schema default: {"enabled":false,"annotations":{},"parentRefs":[],"hostnames":[]}
    enabled: false # @schema default: false
    annotations: { } # @schema type: object
    parentRefs: [ ] # @schema item: object ; uniqueItems: true
    # - name: my-gateway
    #   namespace: gateway-system
    #   sectionName: https
    hostnames: [ ] # @schema item: string ; uniqueItems: true
    # - flux.example.com

# -- Install and upgrade the custom resource definitions.
installCRDs: true # @schema default: true

# -- Common annotations to add to all deployed objects including pods.
commonAnnotations: { }

# -- Common labels to add to all deployed objects including pods.
commonLabels: { }

# -- Container image settings.
# The image tag defaults to the chart appVersion.
image:
  repository: ghcr.io/controlplaneio-fluxcd/flux-operator # @schema required: true
  tag: ""
  pullSecrets: [ ] # @schema item: object ; uniqueItems: true
  imagePullPolicy: IfNotPresent # @schema enum:[IfNotPresent, Always, Never]

# -- Pod priority class name.
# Recommended value is system-cluster-critical.
priorityClassName: "" # @schema default: "system-cluster-critical"

# -- Kubernetes <a href="https://kubernetes.io/docs/concepts/cluster-administration/flow-control/" target="_blank" rel="noopener noreferrer">API priority and fairness</a> settings.
apiPriority: # @schema default: {"enabled":false,"level":"workload-high","extraServiceAccounts":[]}
  enabled: false
  level: workload-high
  extraServiceAccounts: []
#    - name: kustomize-controller
#      namespace: flux-system
#    - name: helm-controller
#      namespace: flux-system

# -- Container resources requests and limits settings.
resources: # @schema required: true
  limits:
    cpu: 2000m
    memory: 1Gi
  requests: # @schema default: {"cpu":"100m","memory":"64Mi"}
    cpu: 100m
    memory: 64Mi

# -- Container liveness probe settings.
livenessProbe: # @schema default: {"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}
  httpGet:
    path: /healthz
    port: 8081
  initialDelaySeconds: 15
  periodSeconds: 20

# -- Container readiness probe settings.
readinessProbe: # @schema default: {"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}
  httpGet:
    path: /readyz
    port: 8081
  initialDelaySeconds: 5
  periodSeconds: 10

# -- Pod service account settings.
# The name of the service account defaults to the release name.
serviceAccount: # @schema default: {"create":true,"automount":true,"name":""}
  create: true
  automount: true
  name: ""

rbac:
   # -- Grant the cluster-admin role to the flux-operator service account (required for the Flux Instance deployment).
  create: true
  # -- Grant the Kubernetes view, edit and admin roles access to ResourceSet APIs.
  createAggregation: true

# -- Pod security context settings.
podSecurityContext: { } # @schema default: {"fsGroup":1337}

# -- Container security context settings.
# The default is compliant with the pod security restricted profile.
securityContext: # @schema required: true
  runAsNonRoot: true # @schema default: true
  readOnlyRootFilesystem: true # @schema default: true
  allowPrivilegeEscalation: false # @schema default: false
  capabilities: # @schema default: {"drop":["ALL"]}
    drop: # @schema item: string ; uniqueItems: true
      - "ALL"
  seccompProfile: # @schema default: {"type":"RuntimeDefault"}
    type: "RuntimeDefault"

# -- Pod affinity and anti-affinity settings.
affinity: # @schema default: {"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/os
              operator: In
              values:
                - linux

# -- Pod tolerations settings.
tolerations: [ ] # @schema item: object ; uniqueItems: true

# -- Pod Node Selector settings.
nodeSelector: { } # @schema type: object

# -- If `true`, the container ports (`8080` and `8081`) are exposed on the host network.
hostNetwork: false # @schema default: false

# -- Pod extra volumes.
extraVolumes: [ ] # @schema item: object ; uniqueItems: true

# -- Container extra environment variables.
extraEnvs: [ ] # @schema item: object ; uniqueItems: true

# -- Container extra arguments.
extraArgs: [ ] # @schema item: string ; uniqueItems: true

# -- Container extra volume mounts.
extraVolumeMounts: [ ] # @schema item: object ; uniqueItems: true

# -- Container logging level flag.
logLevel: "info" # @schema enum:[debug,info,error]

# -- Prometheus Operator scraping settings.
serviceMonitor: # @schema default: {"create":false,"interval":"60s","scrapeTimeout":"30s"}
  create: false
  interval: 60s
  scrapeTimeout: 30s
  labels: { }

# -- Marketplace settings.
marketplace:
  type: ""
  license: ""
  account: ""