Skills
skills/vdesjardins/nix-config/flux

flux

SKILL.md

FluxCD Skill

FluxCD is the standard GitOps tool for Kubernetes. It continuously reconciles desired state from Git repositories with actual cluster state. Use this skill when:

  • Troubleshooting Flux reconciliation failures or synchronization issues
  • Managing Flux custom resources (GitRepository, HelmRepository, Kustomization, HelmRelease)
  • Analyzing and fixing pod/deployment issues in Flux-managed clusters
  • Debugging webhook receivers and automation flows
  • Optimizing image automation and deployment strategies
  • Understanding cluster state and reconciliation status

Core Concepts

Flux Architecture: FluxCD operates as controllers within Kubernetes that reconcile desired state (from Git) with actual cluster state. The primary components are:

  • Source Controllers: Pull configuration and charts from Git/OCI registries

    • GitRepository: Watch and fetch from Git repositories
    • OCIRepository: Fetch from OCI registries
    • HelmRepository: Index Helm charts from repositories

  • Sync Controllers: Apply configuration to the cluster

    • Kustomization: Apply Kustomize overlays declaratively
    • HelmRelease: Deploy and manage Helm charts with templating

  • Notification & Webhooks:

    • Receiver: Webhook endpoint for Git push notifications
    • Provider: Configure notification destinations
    • Alert: Monitor resource status changes

  • Image Automation:

    • ImageRepository: Poll container registries
    • ImagePolicy: Define versioning policies (semver, alphabetical, etc.)
    • ImageUpdateAutomation: Automatically commit image updates to Git

Troubleshooting Workflow

  1. Identify the resource type: Determine which Flux resource is failing (GitRepository, HelmRelease, Kustomization, etc.)

  2. Get resource status: Check the custom resource's status conditions and lastObservedGeneration

  3. Review logs: Examine controller logs for reconciliation errors or warnings

  4. Check dependencies: Verify source resources (GitRepository, HelmRepository) are ready before sync resources

  5. Analyze events: Look at Kubernetes events for more context on failures

  6. Check Git/Registry: Validate that referenced Git branches, OCI registries, or Helm repos are accessible

Common Issues and Patterns

GitRepository Failures

  • Authentication: SSH keys or credentials misconfigured
  • Branch/ref: Target branch doesn't exist or is wrong
  • Network: Repository unreachable or firewall blocked
  • Secrets: GitRepository can't find SSH keys or HTTP auth secrets

HelmRelease Failures

  • Chart not found: HelmRepository not ready or chart doesn't exist
  • Values: Chart values invalid or incompatible with installed version
  • Dependencies: Chart dependencies not available
  • Secrets: Release references secret that doesn't exist

Kustomization Failures

  • Source not ready: Referenced GitRepository hasn't synced yet
  • Validation: Kustomize validation errors in the overlay
  • RBAC: Controller doesn't have permissions to apply resources
  • Reconciliation: Resource conflicts or immutable field changes

Image Automation

  • Scan failures: ImageRepository can't access registry
  • Policy matching: No tags match the version policy
  • Git operations: Can't push image update commits to repository
  • Permission: Missing write access to Git repo for automation commits

Key Commands for Analysis

When analyzing a Flux-managed cluster:

  1. List all Flux resources: kubectl get fluxcd.io or check specific types
  2. Describe a resource: kubectl describe <resource-type> <name> -n <namespace>
  3. View status conditions: Look at .status.conditions array
  4. Check recent events: kubectl describe <resource> -n <namespace> (shows events)
  5. Review controller logs: kubectl logs -n flux-system deploy/<controller> -f
  6. Validate Git sync: Check the commit hash in status matches Git
  7. Test Helm chart: Use helm template to validate rendering

Integration Points

  • Git repositories: Source of truth for all configuration
  • Container registries: Image sources for workloads
  • Helm repositories: Chart repositories for package management
  • Kubernetes API: All resources apply via standard kubectl
  • Webhooks: Git platforms trigger Flux reconciliation via receivers

References

See the references/ directory for detailed documentation:

  • FLUX-API-REFERENCE.md: Complete API reference for all FluxCD custom resources (GitRepository, HelmRelease, Kustomization, ImagePolicy, etc.) with field descriptions, examples, and status conditions
  • BEST-PRACTICES.md: Production deployment patterns and optimization strategies
  • TROUBLESHOOTING-WORKFLOWS.md: Step-by-step diagnostic procedures for common failure scenarios
  • COMMON-COMMANDS.md: kubectl and flux CLI command reference
Weekly Installs
19
Repository
vdesjardins/nix-config
GitHub Stars
6
First Seen
Feb 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
Installed on
opencode18
github-copilot18
codex18
kimi-cli18
gemini-cli18
cursor18