Add manual bootstrap manifests and Flux installation playbook#92
Merged
ExtraToast merged 2 commits intomainfrom Apr 17, 2026
Merged
Add manual bootstrap manifests and Flux installation playbook#92ExtraToast merged 2 commits intomainfrom
ExtraToast merged 2 commits intomainfrom
Conversation
Branch protection on main blocks 'flux bootstrap' from pushing its
controllers commit directly. Pre-generate what bootstrap would have
written so it can land through the normal PR flow instead:
- platform/cluster/flux/clusters/production/flux-system/gotk-components.yaml
= output of 'flux install --export', the four controller deployments
and all their RBAC/CRDs.
- platform/cluster/flux/clusters/production/flux-system/gotk-sync.yaml
= GitRepository + Kustomization pointing Flux at
github.com/ExtraToast/personal-stack @ main, syncing
platform/cluster/flux/clusters/production.
- platform/cluster/flux/clusters/production/flux-system/kustomization.yaml
= wires the two files above into the tree.
Also deduplicate the flux-system Namespace (gotk-components.yaml now
owns it) and include the new flux-system/ dir from the production
kustomization.
After merge:
kubectl apply -k platform/cluster/flux/clusters/production/flux-system
flux check
flux get kustomizations -A
and Flux takes over reconciliation from main.
Document the one-off kubectl apply + flux create secret git sequence that replaces 'flux bootstrap github' on this repo (main has branch protection that rejects the direct push Flux wants to make). Covers: - prerequisites (flux CLI, kubeconfig, read-only fine-grained PAT) - the three commands to run once main has the flux-system manifests - how to upgrade Flux later via a regular PR - secret rotation and the reason apps/core no longer owns the flux-system namespace. Link the new playbook from platform/cluster/bootstrap/README.md.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a formalized, documented, and idempotent process for bootstrapping Flux onto a new Kubernetes cluster, ensuring compatibility with branch protection rules and improving maintainability. The main changes include adding a detailed Flux bootstrap playbook, restructuring Flux manifests, and removing duplicate namespace declarations to resolve resource conflicts.
Documentation and Playbooks
flux-bootstrap-playbook.md, a comprehensive guide for first-time Flux installation, secret rotation, and upgrades, tailored for repositories with branch protection.README.mdto reference the new Flux bootstrap playbook and explain the one-off install process.Flux Bootstrap Manifests and Structure
gotk-sync.yamlandkustomization.yamltoflux-system/, defining the GitRepository and Kustomization resources for Flux, and restructured the Flux manifests for clarity and maintainability. [1] [2]production/kustomization.yamlto include the newflux-systemdirectory as a resource.Namespace Declaration Cleanup
Namespace/flux-systemresource fromapps/core/namespace.yamland its reference fromapps/core/kustomization.yaml, ensuring the namespace is only managed bygotk-components.yamlto avoid kustomize build errors. [1] [2]These changes make the Flux installation process reproducible, compatible with protected branches, and eliminate resource conflicts during cluster reconciliation.