Flux CD
kdef ships a Kubernetes controller that integrates natively with Flux CD. You define a KdefRelease CR pointing at a Flux GitRepository, and the controller handles rendering and applying on every new revision.
Install the controller
Section titled “Install the controller”git clone https://github.com/gsid-nl/kdef.gitcd kdef
helm install kdef-controller ./flux-controller/chart \ --namespace flux-systemThe controller registers the kdef.gsid.nl/v1alpha1 API group and runs in the flux-system namespace alongside Flux’s own controllers.
Point it at a repo
Section titled “Point it at a repo”1. The GitRepository
Section titled “1. The GitRepository”apiVersion: source.toolkit.fluxcd.io/v1kind: GitRepositorymetadata: name: my-app namespace: flux-systemspec: interval: 1m url: https://github.com/example/my-app.git ref: branch: main2. The KdefRelease
Section titled “2. The KdefRelease”apiVersion: kdef.gsid.nl/v1alpha1kind: KdefReleasemetadata: name: my-app namespace: flux-systemspec: sourceRef: kind: GitRepository name: my-app path: ./k8s/ interval: 5m prune: trueThat’s it. The controller will:
- Watch the GitRepository for new revisions
- Download and extract the artifact
- Run
kdef renderon the.kdeffiles inpath - Apply the rendered manifests via server-side apply
- Prune resources that dropped out of the output (when
prune: true)
Environment overrides
Section titled “Environment overrides”Pass --env through to the render:
spec: env: production # loads environments/production.kdefVariable overrides
Section titled “Variable overrides”spec: set: image_tag: "v2.0.0" replicas: "3"For complex values (lists, maps), mount them from a ConfigMap or Secret:
spec: valuesFrom: kind: Secret # or ConfigMap name: my-app-values key: values.json # defaultSuspend and resume
Section titled “Suspend and resume”spec: suspend: trueUseful during incidents or deliberate drift investigations.
Check status
Section titled “Check status”kubectl get kdefreleases -n flux-system
# NAME READY STATUS REVISION AGE# my-app True Applied revision: main@sha256:abc123... main@sha... 5mCRD reference
Section titled “CRD reference”| Field | Type | Required | Description |
|---|---|---|---|
sourceRef.kind | string | yes | GitRepository, OCIRepository, or Bucket |
sourceRef.name | string | yes | Name of the Flux source |
sourceRef.namespace | string | no | Namespace of the source (defaults to KdefRelease namespace) |
path | string | no | Path within the artifact to the kdef project directory |
env | string | no | Environment name — loads environments/<env>.kdef |
set | map | no | Variable overrides (--set equivalent) |
valuesFrom.kind | string | no | ConfigMap or Secret |
valuesFrom.name | string | no | Name of the ConfigMap/Secret |
valuesFrom.key | string | no | Key in data (defaults to values.json) |
interval | duration | yes | Reconciliation interval (e.g. 5m, 1h) |
prune | bool | no | Delete resources that dropped out of output |
targetNamespace | string | no | Override namespace for all resources |
serviceAccountName | string | no | ServiceAccount for impersonation |
suspend | bool | no | Pause reconciliation |
A complete real-world example
Section titled “A complete real-world example”A multi-app repo (see Multi-app layout) deployed with one KdefRelease per environment:
---apiVersion: kdef.gsid.nl/v1alpha1kind: KdefReleasemetadata: name: platform-staging namespace: flux-systemspec: sourceRef: kind: GitRepository name: platform path: ./ env: staging interval: 2m prune: true---apiVersion: kdef.gsid.nl/v1alpha1kind: KdefReleasemetadata: name: platform-production namespace: flux-systemspec: sourceRef: kind: GitRepository name: platform path: ./ env: production interval: 5m prune: trueStaging reconciles every 2 minutes for fast feedback. Production every 5 minutes.