FluxCD Resources
Purpose: For platform engineers, provides FluxCD CRD field reference as used by openCenter.
Resource Types
openCenter uses four FluxCD Custom Resource Definitions (CRDs):
| CRD | API Group | Purpose |
|---|---|---|
GitRepository | source.toolkit.fluxcd.io/v1 | Tracks a Git repository as a source |
HelmRepository | source.toolkit.fluxcd.io/v1 | Tracks a Helm chart repository |
Kustomization | kustomize.toolkit.fluxcd.io/v1 | Reconciles manifests from a source |
HelmRelease | helm.toolkit.fluxcd.io/v2 | Manages a Helm chart release |
GitRepository
Each platform service has a GitRepository in services/sources/ pointing to openCenter-gitops-base.
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: opencenter-cert-manager
namespace: flux-system
spec:
url: ssh://git@github.com/opencenter-cloud/openCenter-gitops-base.git
ref:
tag: v1.0.0
secretRef:
name: opencenter-base
interval: 10m
| Field | Description |
|---|---|
spec.url | Git clone URL (SSH for private repos) |
spec.ref.tag | Pinned tag for reproducible deployments |
spec.secretRef | Kubernetes Secret with SSH deploy key |
spec.interval | How often FluxCD polls for changes |
HelmRepository
Defined in openCenter-gitops-base base manifests. Points to upstream Helm chart registries.
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: jetstack
namespace: cert-manager
spec:
url: https://charts.jetstack.io
interval: 1h
type: default
Kustomization
Defined in services/fluxcd/. Pulls manifests from a GitRepository and applies them with variable substitution.
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cert-manager-base
namespace: flux-system
spec:
sourceRef:
kind: GitRepository
name: opencenter-cert-manager
path: applications/base/services/cert-manager
targetNamespace: cert-manager
interval: 10m
prune: true
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-vars
decryption:
provider: sops
secretRef:
name: sops-age
| Field | Description |
|---|---|
spec.sourceRef | Which source to pull manifests from |
spec.path | Directory path within the source |
spec.targetNamespace | Default namespace for resources |
spec.prune | Delete resources removed from Git |
spec.postBuild.substituteFrom | ConfigMaps/Secrets for variable substitution |
spec.decryption | SOPS decryption config (provider + key secret) |
HelmRelease
Defined in openCenter-gitops-base base manifests. Manages Helm chart installation and upgrades.
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
chart:
spec:
chart: cert-manager
version: "v1.16.2"
sourceRef:
kind: HelmRepository
name: jetstack
interval: 10m
install:
crds: CreateReplace
remediation:
retries: 3
upgrade:
crds: CreateReplace
remediation:
retries: 3
valuesFrom:
- kind: ConfigMap
name: cert-manager-values
| Field | Description |
|---|---|
spec.chart.spec.chart | Chart name in the repository |
spec.chart.spec.version | Pinned chart version |
spec.chart.spec.sourceRef | Which HelmRepository to pull from |
spec.install.crds | CRD install policy: CreateReplace, Skip |
spec.install.remediation | Retry count on failed install |
spec.upgrade.remediation | Retry count on failed upgrade |
spec.valuesFrom | External values sources (ConfigMap or Secret) |
Reconciliation Flow
- FluxCD polls
GitRepositoryat the configured interval - On new commits/tags, the source controller fetches the archive
Kustomizationcontroller builds manifests, substitutes variables, decrypts secretsHelmReleasecontroller installs or upgrades the Helm chart- Failed reconciliations retry according to
remediation.retries
Check reconciliation status with:
flux get sources git -A
flux get kustomizations -A
flux get helmreleases -A