Skip to content

GitOps Stuff

Using Flux

A few quick notes from May 2023.

flux logs --level=error
  • Use flux uninstall to make it go away.


Let's look at the flux bootstrap gitlab output:

flux bootstrap gitlab \
  --owner=gitlab-gold/briecarranza/gitops \
  --repository=flux-config-officehours \
  --branch=main \

► connecting to
✔ repository "" created

The flux-config-officehours repository we requested is created.

► cloning branch "main" from Git repository ""
✔ cloned repository

...and cloned via HTTPS.

► generating component manifests
✔ generated component manifests
✔ committed sync manifests to "main" ("6bb5acfecb1ce51d81b1ca2e6cc97819271b155d")
► pushing component manifests to ""
► installing components in "flux-system" namespace
✔ installed components
✔ reconciled components
► checking to reconcile deploy token for source secret
✔ configured deploy token "flux-system-main-flux-system" for ""
► determining if source secret "flux-system/flux-system" exists
► generating source secret
► applying source secret "flux-system/flux-system"
✔ reconciled source secret
► generating sync manifests
✔ generated sync manifests
✔ committed sync manifests to "main" ("db9477be9903116bcc464f59943f8633c4380752")
► pushing sync manifests to ""

Eventually, Flux switches from using HTTPS to using SSH for some git operations.

► applying sync manifests
✔ reconciled sync configuration
◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
✔ Kustomization reconciled successfully
► confirming components are healthy
✔ helm-controller: deployment ready
✔ kustomize-controller: deployment ready
✔ notification-controller: deployment ready
✔ source-controller: deployment ready
✔ all components are healthy

The 🔐 private gitlab-gold/briecarranza/gitops/flux-config-officehours project was created.

See the Bootstrap with http instead of ssh issue, which notes:

PS. using bootstrap github --token-auth does what you want. You need to delete the flux-system secret before rerunning bootstrap and flux will generate the secret with https credentials.


See the Add --deploy-token option to Flux bootstrap issue.

That issue give us this quote from an upstream issue:

add a --deploy-token optional arg to flux bootstrap gitlab, when this is set, then bootstrap switches to HTTP/S and sets the token in the secret, in the same manner it does today for --token-auth

The answer might be:

  • Start over
  • Use the --deploy-token-auth flag from the docs
  • Check the contents of the flux-system secret

Checking the flux-system secret

kubectl get secrets --namespace=flux-system
kubectl --namespace=flux-system describe secret flux-system
kubectl --namespace=flux-system get secret flux-system -o jsonpath='{.data}'