flux-operator-cli
Flux Operator CLI
Installation
brew install controlplaneio-fluxcd/tap/flux-operator
Uses ~/.kube/config. Supports offline (no cluster) and online commands.
Command Overview
Commands fall into two categories: offline (no cluster access) and online (requires cluster).
Offline Commands (no cluster needed)
| Command | Purpose |
|---|---|
build instance |
Generate K8s manifests from a FluxInstance YAML |
build rset |
Generate K8s manifests from a ResourceSet YAML |
diff yaml <source> <target> |
Compare YAML files, produce RFC 6902 JSON patch |
patch instance |
Generate kustomize patches for upgrading Flux controllers |
Online Commands (cluster access required)
| Command | Purpose |
|---|---|
get instance|rset|rsip|all |
List Flux Operator resources and their status |
export report |
Export FluxReport with distribution status |
export resource <kind>/<name> |
Export a Flux resource as YAML/JSON |
reconcile instance|rset|rsip|resource|all |
Trigger reconciliation |
suspend instance|rset|rsip|resource |
Pause reconciliation |
resume instance|rset|rsip|resource |
Resume reconciliation |
delete instance|rset|rsip |
Delete Flux resources |
stats |
Reconciliation statistics and storage usage |
trace <kind>/<name> |
Trace object through GitOps delivery pipeline |
tree rset|ks|hr |
Visualize managed objects as a tree |
wait instance|rset|rsip |
Poll until resource is ready |
create secret <type> |
Create Kubernetes secrets for Flux |
install |
Bootstrap cluster with Flux Operator + instance |
uninstall |
Remove Flux Operator from cluster |
version |
Show CLI, operator, and distribution versions |
Common Patterns
Build and preview manifests locally
# Build FluxInstance manifests
flux-operator build instance -f flux-instance.yaml
# Build ResourceSet with inputs
flux-operator build rset -f resourceset.yaml \
--inputs-from inputs.yaml
# Diff two YAML files (local or remote URLs)
flux-operator diff yaml old.yaml new.yaml -o json-patch-yaml
Day-2 cluster operations
# Check status of everything
flux-operator get all -A
# Filter by readiness
flux-operator get all --ready-status=False
# Reconcile a stuck resource
flux-operator reconcile resource Kustomization/my-app -n default --wait
# Reconcile everything
flux-operator reconcile all --wait
# Trace where an object comes from in the GitOps pipeline
flux-operator trace Deployment/my-app -n default
# View the object tree under a Kustomization
flux-operator tree ks my-app -n default
Upgrade Flux controllers
# Generate upgrade patches for a target version
flux-operator patch instance -f flux-instance.yaml -v v2.5
# With a custom registry
flux-operator patch instance -f flux-instance.yaml -v v2.5 \
-r my-registry.example.com/flux
# Verify controllers updated
flux-operator get instance -A
Suspend and resume for maintenance
# Suspend before maintenance
flux-operator suspend instance flux -n flux-system
# Verify suspended
flux-operator get instance flux -n flux-system
# Resume after maintenance
flux-operator resume instance flux -n flux-system --wait
Delete with safety
# Delete but keep managed resources in place
flux-operator delete instance flux -n flux-system --with-suspend
# Delete and wait for completion
flux-operator delete rset my-rset -n default --wait
# Verify deletion
flux-operator get all -n default
Bootstrap a cluster
# Basic install
flux-operator install
# Verify install succeeded
flux-operator get all -A
# Install with Git sync
flux-operator install \
--instance-sync-url=https://github.com/org/fleet \
--instance-sync-ref=main \
--instance-sync-path=clusters/production \
--instance-sync-creds=username:ghp_token
# Install with cluster tuning
flux-operator install \
--instance-cluster-type=aws \
--instance-cluster-size=large \
--instance-cluster-multitenant
Create secrets for Flux
# Git SSH auth
flux-operator create secret ssh my-ssh-secret \
--private-key-file=id_ed25519 \
--knownhosts-file=known_hosts \
-n flux-system
# Container registry auth
flux-operator create secret registry my-reg-secret \
--server=ghcr.io \
--username=bot \
--password-stdin \
-n flux-system
# SOPS age encryption
flux-operator create secret sops my-sops-secret \
--age-key-file=age.key \
-n flux-system
# Export as YAML instead of applying (for GitOps)
flux-operator create secret basic-auth my-auth \
--username=admin --password=secret --export
Uninstall
# Full removal
flux-operator -n flux-system uninstall
# Keep the namespace
flux-operator -n flux-system uninstall --keep-namespace
# Verify removal
flux-operator version
References
- references/commands-build-diff-patch.md - Build, diff, and patch commands
- references/commands-cluster-ops.md - Cluster operations (get, reconcile, suspend, resume, etc.)
- references/commands-secrets.md - All create secret subcommands
- references/commands-skills.md - Skills management commands
Abbreviations
| Short | Full Resource |
|---|---|
rset |
ResourceSet |
rsip |
ResourceSetInputProvider |
ks |
Kustomization |
hr |
HelmRelease |
Tips
-
Use
--exportoncreate secretcommands to generate YAML without applying — useful for GitOps workflows where secrets are managed declaratively. -
tracewalks backward from any Kubernetes object to find which Flux reconciler manages it and where the source manifests live. -
diff yamlaccepts remote URLs (GitHub, GitLab, Gist, OCI) in addition to local files. -
patch instancemodifies the FluxInstance YAML in-place and replaces previously generated patches, so it's safe to run repeatedly. -
installis designed for dev/test environments. For production, use Helm charts.
More from dirien/claude-skills
pulumi-typescript
Scaffolds Pulumi TypeScript infrastructure-as-code projects, writes IaC code with proper resource configuration, manages Pulumi ESC environments for centralized secrets and configuration, configures OIDC authentication for cloud providers, and builds multi-language component resources. Use when the user asks to create Pulumi TypeScript projects, write Pulumi infrastructure code, set up ESC environments, configure OIDC for Pulumi, implement infrastructure automation with Node.js/TypeScript, create reusable Pulumi components, or work with stack references. Also use when the user mentions Pulumi with TypeScript, AWS/Azure/GCP infrastructure in TypeScript, or PulumiPlugin.yaml for multi-language components.
177pulumi-python
Creates Pulumi infrastructure-as-code projects in Python, defines cloud resources (AWS, Azure, GCP), configures ESC environments for secrets management, sets up OIDC authentication for secure deployments, and builds multi-language component resources. Use when creating Pulumi Python projects, writing infrastructure code, configuring cloud providers, managing secrets with Pulumi ESC, setting up OIDC for Pulumi, automating infrastructure deployments with Python, creating reusable Pulumi components in Python, or configuring Python toolchains (pip, poetry, uv) for Pulumi. Also use when the user mentions pyproject.toml with Pulumi, component_provider_host, or Python virtual environments for infrastructure code.
40pulumi-go
Creates Pulumi infrastructure-as-code projects in Go, configures OIDC authentication, integrates with Pulumi ESC for centralized secrets and configuration management, and builds multi-language component resources. Use when setting up Pulumi Go projects, writing infrastructure code with Go, configuring OIDC for Pulumi, using Pulumi ESC with Go, automating cloud infrastructure with Golang, creating reusable Pulumi components in Go, or working with pulumi-go-provider. Also use when the user mentions Pulumi with Go/Golang, AWS/Azure/GCP infrastructure in Go, or Go-based ComponentResource patterns.
31pulumi-neo
Manages cloud infrastructure through natural language conversations with Pulumi Neo, an AI agent for platform engineers. Enables infrastructure analysis, resource provisioning, stack deployment, and configuration management via conversational AI. Use when creating Neo tasks, requesting infrastructure analysis, automating cloud deployments, managing infrastructure as code (IaC), provisioning AWS/Azure/GCP resources, managing infrastructure through natural language prompts, reviewing PRs with Neo, handling Neo approval workflows, or checking Neo task status and events. Also use when the user mentions "Pulumi Neo", "Neo task", "Neo agent", or wants AI-assisted infrastructure management.
28pulumi-cli
Use for hands-on Pulumi CLI work: running deployments, fixing broken stacks, and managing infrastructure state. Handles: recovering from stuck or interrupted `pulumi up` with pending operations, cleaning orphaned resources from state after out-of-band cloud deletions, protecting critical resources from accidental `pulumi destroy`, moving resources between stacks without recreating them, targeting specific resources during deployment, migrating between backends (local file to Pulumi Cloud, S3), stack lifecycle management, state export/import/repair, CI/CD pipeline setup, and importing existing cloud resources. Use this skill — not the language-specific Pulumi skills — whenever the user's question is about operating, troubleshooting, or recovering Pulumi infrastructure rather than writing program code.
25flux-cli
>
1