FluxCD Integration
Kapitan works with FluxCD by compiling manifests in CI and publishing them as OCI artifacts. FluxCD pulls the artifact and applies it to the cluster.
Prerequisites
- FluxCD v2.0+
fluxCLI installed in your CI pipeline
Workflow
- CI runs
kapitan compile - CI pushes the
compiled/directory as an OCI artifact - FluxCD pulls the artifact and applies it
CI
Push the compiled output with the flux CLI:
kapitan compile
flux push artifact oci://ghcr.io/org/app-manifests:$(git rev-parse --short HEAD) \
--path="./compiled" \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
FluxCD Resources
Pull the artifact:
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: app-manifests
namespace: flux-system
spec:
interval: 5m
url: oci://ghcr.io/org/app-manifests
ref:
tag: latest
Apply it:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: app
namespace: flux-system
spec:
interval: 10m
sourceRef:
kind: OCIRepository
name: app-manifests
path: ./
prune: true
wait: true
See the FluxCD OCI cheatsheet for tagging strategies, cosign signing, and verification.