Flux, the popular GitOps tool for Kubernetes, has released version 2.5, bringing a host of powerful new capabilities that significantly enhance its functionality and flexibility. This release represents a substantial evolution in Flux’s capabilities, with features that the community has been eagerly awaiting. Let’s explore what’s new and how these changes can improve your GitOps workflows.
Perhaps the most transformative addition in Flux v2.5 is the integration of Common Expression Language (CEL). This integration has enabled several long-requested features that give users more control and flexibility in their deployments.
Flux now supports custom health checks using CEL expressions, allowing you to define precisely how Flux should determine the health of your custom resources. While Flux has always performed health checks for core Kubernetes resources, this new capability lets you teach Flux how to verify the readiness of custom resources that don’t follow standard Kubernetes conventions.
For example, when managing a fleet of Kubernetes clusters with Cluster API, you can now define health checks to ensure clusters are ready before deploying addons:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: prod-clusters
namespace: infra
spec:
interval: 30m
retryInterval: 5m
prune: true
sourceRef:
kind: GitRepository
name: fleet
path: "./production"
timeout: 15m
wait: true
healthCheckExprs:
- apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
failed: "status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'False')"
current: "status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')"
In this example, Flux will wait for all Cluster objects to reach the Ready state before proceeding with dependent Kustomizations. The community is also maintaining a health check library with CEL expressions for popular custom resources, making it easy to implement common patterns.
The Receiver API now supports filtering resources based on CEL expressions, giving you finer-grained control over which events trigger reconciliations. This allows for more sophisticated automation workflows and reduces unnecessary reconciliation operations.
Another significant improvement is the addition of GitHub App authentication support. This addresses a common pain point in GitOps workflows: the reliance on personal access tokens or SSH keys that require manual rotation.
With GitHub App authentication, you can configure Flux to interact with GitHub repositories using an identity not tied to a specific user account. This approach provides better security posture and simpler credential management.
Setting up GitHub App authentication is straightforward using the new Flux CLI command:
flux create secret githubapp github-auth
--app-id=1
--app-installation-id=2
--app-private-key=~/private-key.pem
The resulting Kubernetes Secret can be referenced in GitRepository and ImageUpdateAutomation resources, providing a more robust authentication mechanism for your GitOps pipelines.
Flux v2.5 introduces also, the ability to enrich event metadata by adding annotations to Flux resources. This feature significantly improves the context provided in notifications sent to platforms like Slack or Microsoft Teams. One particularly useful application is including image tags in notifications when Flux’s image automation updates container images.
The Flux ecosystem continues to grow with Flux Operator v0.14, which introduces one of the most requested features: ephemeral environments for testing and validating changes in pull requests.
This powerful capability allows you to automatically deploy application code or configuration changes from GitHub Pull Requests or GitLab Merge Requests to temporary environments. The Flux Operator can create, update, and delete application instances on-demand based on ResourceSet definitions and the state of the PR/MR.
This feature streamlines the development workflow by providing isolated testing environments that accurately reflect how changes will behave in production, without affecting existing environments.
Flux v2.5 adds several CLI improvements designed to make troubleshooting easier:
flux debug kustomization --show-vars: Inspect the final variable values by merging inline variables with those from ConfigMaps/Secretsflux debug helmrelease --show-values: Examine the final Helm values by merging inline values with those from ConfigMaps/Secretsflux create secret githubapp: Generate Kubernetes Secrets for GitHub App authentication
These tools provide greater visibility into Flux’s internal state, making it easier to diagnose and fix issues in your GitOps pipelines.
The release includes several other enhancements:
- Fine-grained control of garbage collection with
.spec.deletionPolicy - SOPS support for decryption of Kubernetes secrets generated by Kustomize components
- Ability to update Git commit statuses from events about Kustomizations that consume OCIRepositories
To take advantage of these new features, you’ll need to upgrade your Flux installation to v2.5. For detailed instructions on using these new capabilities, refer to the official Flux documentation, which provides comprehensive guides for implementing each feature.
FluxCD has gained traction as a powerful GitOps tool for Kubernetes, enabling teams to manage cluster state declaratively through Git repositories. However, depending on your needs, several alternatives offer unique features that might better suit your infrastructure.
One of the most popular alternatives is Argo CD, which provides a Kubernetes-native continuous delivery solution with an intuitive UI, multi-cluster support, and advanced progressive delivery capabilities. If you’re looking for a GitOps solution designed for large-scale multi-cluster environments, Fleet (from Rancher) is a lightweight yet scalable option. Meanwhile, Jenkins X integrates GitOps principles into a CI/CD workflow, bridging the gap between traditional automation and Kubernetes-native deployments. For teams already using Spinnaker, its support for GitOps workflows makes it a viable option for multi-cloud continuous delivery.
Choosing the right tool depends on your requirements—whether you prioritize UI-driven workflows, scalability, or deep Kubernetes integration. As GitOps continues to evolve, these alternatives to FluxCD are helping organizations simplify and streamline their Kubernetes deployment strategies.
