FluxCD Integration
Kuberik uses FluxCD for image automation and GitOps deployments.
Overview
FluxCD provides two critical capabilities for Kuberik:
| Component | Purpose |
|---|---|
| ImageRepository + ImagePolicy | Detects new container image versions |
| Kustomization | Applies versioned manifests to the cluster |
flowchart LR
%% Styles
classDef flux fill:#2D7E9D,stroke:#fff,stroke-width:2px,color:#fff
classDef kuberik fill:#4B4BE8,stroke:#fff,stroke-width:2px,color:#fff
classDef external fill:#E5E7EB,stroke:#374151,stroke-width:1px,color:#374151
classDef boundary fill:#F3F4F6,stroke:#D1D5DB,stroke-width:1px,color:#374151,stroke-dasharray: 5 5
subgraph Registry ["Container Registry"]
REG[Image Repository]:::external
end
subgraph Cluster ["Kubernetes Cluster"]
direction TB
subgraph FluxCD ["FluxCD System"]
IR[ImageRepository]:::flux
IP[ImagePolicy]:::flux
KS[Kustomization]:::flux
end
subgraph Kuberik ["Kuberik"]
RO[Rollout]:::kuberik
end
end
REG --> IR
IR --> IP
IP --> RO
RO -.->|Substitutes Version| KS
class FluxCD,Kuberik boundary
Image Automation Setup
Create ImageRepository
Tell Flux where to scan for images:
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: my-app
namespace: flux-system
spec:
image: ghcr.io/my-org/my-app
interval: 5m
# For private registries
secretRef:
name: registry-credentialsCreate ImagePolicy
Define which tags to consider:
Semantic Versioning (Recommended)
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: my-app
namespace: flux-system
spec:
imageRepositoryRef:
name: my-app
policy:
semver:
range: ">=1.0.0"Alphabetical / Numerical
Useful for timestamps or build numbers:
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: my-app
namespace: flux-system
spec:
imageRepositoryRef:
name: my-app
policy:
alphabetical:
order: descVerify Discovery
Check that Flux found your images:
kubectl get imagepolicy -n flux-system my-appExpected output shows the latest matching version.
Kustomization Integration
Version Substitution
Kuberik updates Kustomizations by modifying postBuild.substitute values:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: my-app
namespace: flux-system
annotations:
# Kuberik reads the version from this Rollout
rollout.kuberik.com/substitute.APP_VERSION.from: "my-app"
spec:
interval: 10m
path: ./k8s/overlays/production
sourceRef:
kind: GitRepository
name: my-app
postBuild:
substitute:
APP_VERSION: "1.0.0" # Default, overwritten by KuberikRepository Structure
Your Git repository should be organized with Kustomize overlays for different environments:
- deployment.yaml
- service.yaml
- kustomization.yaml
- kustomization.yaml
- patches.yaml
- kustomization.yaml
- patches.yaml
Your base deployment uses the substitution variable:
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
template:
spec:
containers:
- name: app
image: ghcr.io/my-org/my-app:${APP_VERSION}Health Check Integration
Use Kustomization health status as a deployment gate:
apiVersion: kuberik.com/v1alpha1
kind: HealthCheck
metadata:
name: my-app-health
annotations:
healthcheck.kuberik.com/kustomization: "my-app"
spec:
class: "kustomization"This checks if the Kustomization’s Ready condition is true.
Troubleshooting
ImagePolicy not finding versions
Check ImageRepository status:
kubectl describe imagerepository -n flux-system my-appVerify registry authentication:
kubectl get secret -n flux-system registry-credentials
Kustomization not updating
- Check Kuberik annotation is present
- Verify Rollout name matches annotation value
- Check Rollout status:
kubectl describe rollout my-app
Common Issues
ImageRepository showing “Failed”
Usually indicates authentication issues or invalid image path. Check the repository name matches your container registry exactly.
Kustomization stuck on old version
Ensure the annotation rollout.kuberik.com/substitute.VAR_NAME.from exactly matches your Rollout name.