🪴 Zero's Garden

Flux

Oct 01, 20242 min read

HelmRelease

Post Renderer

https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers

HelmRelease resources has a built-in Kustomize compatible Post Renderer, which provides some Kustomize directives.

Note that the patchesStrategicMerge and patchesJson6902 directive is deprecated, just use patches instead.

Troubleshooting

Experiment with helm template locally first. See also Flux Helm Release Troubleshooting.

Secrets

K8s Secrets

Manage with sealed-secrets.

With kubeseal, secrets can be safely committed in Git. After reconciliation, use kubectl get -A sealedsecret to check decryption status.

Reference Secrets from HelmRelease

Secrets used in valuesFrom should be put into the same namespace as the HelmRelease. kubeseal encryption is associated with cluster namespace, so if you got it wrong, it has to be re-encrypted.

Note that targetPath in arrays like array[0].name is not supported. See https://github.com/helm/helm/issues/8320.

Deploy Credentials Rotation

Fine-grained PAT from GitHub only lasts for a year.

To rotate the SSH key generated at bootstrap, first delete the secret from the cluster with:

kubectl -n flux-system delete secret flux-system

Then run flux bootstrap again.

Common Debug Commands

flux logs --tail 10 -f

Helm Controller Logs

kubectl describe -n flux-system helmrelease [name]

Retry Helm Install

flux reconcile source helm [name] # Update repo index
flux reconcile hr [name] # Attempt deploy
 
# If retries are exhausted
flux suspend hr [name]
flux resume hr [name]

Restore from fault

this namespace may not be deleted

flux delete kustomization node-feature-discovery
# wait for resources being deleted
 
# force kill
flux suspend kustomization node-feature-discovery

Run flux suspend kustomization <name> to force delete a Kustomization in deletion that mistook a resource it did not own as its own.

2024-10-01T00:00:00Z error Kustomization/node-feature-discovery.flux-system - Reconciler error delete failed, errors: Namespace/kube-system delete failed: namespaces "kube-system" is forbidden: this namespace may not be deleted;

Graph View

Backlinks

  • No backlinks found