controlplaneio-fluxcd · stefanprodan · Oct 29, 2025 · Oct 29, 2025
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -15,8 +15,11 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - name: Setup Flux
+      - name: Setup Flux CLI
         uses: fluxcd/flux2/action@4a15fa6a023259353ef750acf1c98fe88407d4d0 #v2.7.2
+      - name: Setup Flux Operator CLI
+        uses: controlplaneio-fluxcd/flux-operator/actions/setup@ee1939211d37e56f71e56c4a951a07a385bd5492 #v0.33.0
       - run: make up
       - run: make sync
+      - run: make ls
       - run: make down
diff --git a/Makefile b/Makefile
@@ -8,8 +8,8 @@
 # - Docker
 # - Kind
 # - Kubectl
-# - Helm
 # - Flux CLI
+# - Flux Operator CLI
 
 SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
@@ -28,9 +28,9 @@ down: cluster-down ## Delete the local cluster and registry
 .PHONY: sync
 sync: flux-push flux-sync ## Build, push and reconcile the local manifests with the cluster
 
-.PHONY: help
-help: ## Display this help.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+.PHONY: ls
+ls: ## List all deployed resources
+	flux-operator -n flux-system tree ks flux-system
 
 ##@ Cluster
 
@@ -76,3 +76,7 @@ GOBIN=$(LOCALBIN) go install $${package} ;\
 mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
 }
 endef
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/README.md b/README.md
@@ -22,7 +22,6 @@ The following tools are required:
 - [Docker](https://docs.docker.com/get-docker/)
 - [Kubernetes KIND](https://kind.sigs.k8s.io/docs/user/quick-start/)
 - [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
-- [Helm](https://helm.sh/docs/intro/install/)
 - [Flux CLI](https://fluxcd.io/docs/installation/)
 - [Flux Operator CLI](https://fluxcd.control-plane.io/operator/cli/)
 
@@ -54,7 +53,7 @@ The `make up` command performs the following steps:
 To list all deployed resources, run:
 
 ```shell
-flux-operator -n flux-system tree ks flux-system
+make ls
 ```
 
 ### Sync changes

diff --git a/kubernetes/clusters/local/apps.yaml b/kubernetes/clusters/local/apps.yaml
@@ -64,4 +64,4 @@ spec:
         healthCheckExprs:
           - apiVersion: fluxcd.controlplane.io/v1
             kind: ResourceSet
-            current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')
+            current: status.conditions.filter(c, c.type == 'Ready').all(c, c.status == 'True' && c.observedGeneration == metadata.generation)
diff --git a/kubernetes/clusters/local/infra.yaml b/kubernetes/clusters/local/infra.yaml
@@ -40,4 +40,4 @@ spec:
         healthCheckExprs:
           - apiVersion: fluxcd.controlplane.io/v1
             kind: ResourceSet
-            current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')
+            current: status.conditions.filter(c, c.type == 'Ready').all(c, c.status == 'True' && c.observedGeneration == metadata.generation)
diff --git a/kubernetes/clusters/local/instance.yaml b/kubernetes/clusters/local/instance.yaml
@@ -0,0 +1,35 @@
+apiVersion: fluxcd.controlplane.io/v1
+kind: FluxInstance
+metadata:
+  name: flux
+  namespace: flux-system
+spec:
+  distribution:
+    version: "2.x"
+    registry: "ghcr.io/fluxcd"
+    artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest"
+  components:
+    - source-controller
+    - kustomize-controller
+    - helm-controller
+    - notification-controller
+    - source-watcher
+  cluster:
+    type: kubernetes
+    size: medium
+    multitenant: false
+    networkPolicy: true
+    domain: "cluster.local"
+  sync:
+    kind: OCIRepository
+    url: "oci://flux-registry:5000/flux-cluster-sync"
+    ref: "local"
+    path: "./"
+  kustomize:
+    patches:
+      - patch: |
+          - op: add
+            path: /spec/insecure
+            value: true
+        target:
+          kind: OCIRepository
diff --git a/kubernetes/infra/cluster-issuers.yaml b/kubernetes/infra/cluster-issuers.yaml
diff --git a/kubernetes/infra/flux-operator.yaml b/kubernetes/infra/flux-operator.yaml
diff --git a/kubernetes/infra/metrics-server.yaml b/kubernetes/infra/metrics-server.yaml
@@ -5,6 +5,12 @@ metadata:
   namespace: flux-system
 spec:
   wait: true
+  dependsOn:
+    - apiVersion: fluxcd.controlplane.io/v1
+      kind: ResourceSet
+      name: cert-manager
+      namespace: flux-system
+      ready: true
   inputs:
     - interval: "1h" # check for updates every hour
       version: "*" # upgrade to latest stable version
@@ -50,5 +56,9 @@ spec:
           kind: OCIRepository
           name: << inputs.provider.name >>
         values:
+          apiService:
+            insecureSkipTLSVerify: false
+          tls:
+            type: cert-manager
           args:
             - --kubelet-insecure-tls
diff --git a/scripts/flux-push.sh b/scripts/flux-push.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2024 Stefan Prodan
+# Copyright 2025 Stefan Prodan
 # SPDX-License-Identifier: AGPL-3.0
 
 set -o errexit
@@ -12,6 +12,8 @@ registry='localhost:5050'
 diff_push() {
   artifact_name=$1
   artifact_path=$2
+  diff_exit_code=0
+  push_exit_code=0
 
   flux diff artifact oci://${artifact_name} \
     --path="${artifact_path}" &>/dev/null || diff_exit_code=$?
@@ -20,15 +22,15 @@ diff_push() {
     flux_output=$(flux push artifact oci://${artifact_name} \
       --path="${artifact_path}" \
       --source="$(git config --get remote.origin.url)" \
-      --revision="$(git rev-parse HEAD)" 2>&1) || exit_code=$?
+      --revision="$(git rev-parse HEAD)" 2>&1) || push_exit_code=$?
 
      oci_url=$(echo ${flux_output} | tail -n1 | awk '/to/{print $NF}')
   else
     echo "✔ no changes detected in ${artifact_path}"
     return
   fi
 
-  if [[  ${exit_code} -ne 0 ]]; then
+  if [[  ${push_exit_code} -ne 0 ]]; then
     echo ${flux_output}
     exit 1
   fi

diff --git a/scripts/flux-up.sh b/scripts/flux-up.sh
@@ -1,66 +1,20 @@
 #!/usr/bin/env bash
 
-# Copyright 2024 Stefan Prodan
+# Copyright 2025 Stefan Prodan
 # SPDX-License-Identifier: AGPL-3.0
 
 set -o errexit
 
-cluster_name="${CLUSTER_NAME:=flux}"
-registry="${cluster_name}-registry:5000"
-
-install_flux_operator() {
-helm -n flux-system upgrade --install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --create-namespace --wait
-}
-
-install_flux_instance() {
-cat <<EOF | helm -n flux-system upgrade --install flux oci://ghcr.io/controlplaneio-fluxcd/charts/flux-instance --values -
-instance:
-  components:
-    - source-controller
-    - source-watcher
-    - kustomize-controller
-    - helm-controller
-    - notification-controller
-  sync:
-    kind: OCIRepository
-    url: oci://${registry}/flux-cluster-sync
-    ref: local
-    path: ./
-  kustomize:
-    patches:
-      - target:
-          kind: OCIRepository
-        patch: |
-          - op: add
-            path: /spec/insecure
-            value: true
-      - target:
-          kind: Deployment
-          name: "(kustomize-controller|helm-controller)"
-        patch: |
-          - op: add
-            path: /spec/template/spec/containers/0/args/-
-            value: --concurrent=10
-          - op: add
-            path: /spec/template/spec/containers/0/args/-
-            value: --requeue-dependency=5s
-EOF
-}
-
-install_flux_operator
-install_flux_instance
-
-echo "Waiting for Flux controllers to be ready"
-kubectl -n flux-system wait --for=condition=Ready fluxinstance/flux --timeout=5m
-flux check
-echo "✔ Flux is ready"
+echo "Starting cluster bootstrap"
+flux-operator install -f ./kubernetes/clusters/local/instance.yaml
 
+echo ""
 echo "Waiting for cluster addons sync to complete"
-kubectl -n flux-system wait --for=condition=Ready kustomization/infra-sync --timeout=5m
+flux-operator -n flux-system wait rset infra --timeout=5m
 flux tree kustomization infra-sync
 
 echo "Waiting for apps sync to complete"
-kubectl -n flux-system wait --for=condition=Ready kustomization/apps-sync --timeout=5m
+flux-operator -n flux-system wait rset apps --timeout=5m
 flux tree kustomization apps-sync
 
 echo "✔ Cluster is ready"
diff --git a/scripts/kind-up.sh b/scripts/kind-up.sh
@@ -49,7 +49,7 @@ EOF
 if [ "$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" != 'true' ]; then
   echo "starting Docker registry on localhost:${reg_localhost_port}"
   docker run -d --restart=always -p "127.0.0.1:${reg_localhost_port}:${reg_cluster_port}" \
-    --name "${reg_name}" registry:2
+    --name "${reg_name}" registry:3
 fi
 
 # Create a cluster with the local registry enabled