Flux CD

Jan 1, 0001

Definition

Flux CD is a continuous delivery tool designed for Kubernetes that automates the deployment of application updates. It operates by monitoring version-controlled configuration files, typically stored in a Git repository, and ensuring that the Kubernetes cluster state matches the desired state defined in these files. Flux CD supports GitOps practices, enabling teams to manage infrastructure and application code in a unified manner, promoting consistency and reliability in deployments.

Secure Settings Example

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: my-secure-app
  namespace: production
spec:
  interval: 5m
  chart:
    spec:
      chart: my-app-chart
      sourceRef:
        kind: HelmRepository
        name: my-repo
  values:
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
    podSecurityContext:
      fsGroup: 2000
  upgrade:
    remediation:
      retries: 3
      strategy: rollback

Insecure Settings Example

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: my-insecure-app
  namespace: production
spec:
  interval: 5m
  chart:
    spec:
      chart: my-app-chart
      sourceRef:
        kind: HelmRepository
        name: my-repo
  values:
    securityContext:
      runAsNonRoot: false
      readOnlyRootFilesystem: false
    podSecurityContext:
      fsGroup: 0
  upgrade:
    remediation:
      retries: 0
      strategy: none

Flux CD

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter