### HelmRepository Reconciliation Events Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Example output from `kubectl events` for a HelmRepository, showing various stages like 'Failed', 'NewArtifact', and 'ArtifactUpToDate'. ```console LAST SEEN TYPE REASON OBJECT MESSAGE 107s Warning Failed helmrepository/ failed to construct Helm client: scheme "invalid" not supported 7s Normal NewArtifact helmrepository/ fetched index of size 30.88kB from 'https://stefanprodan.github.io/podinfo' 3s Normal ArtifactUpToDate helmrepository/ artifact up-to-date with remote revision: 'sha256:83a3c595163a6ff0333e0154c790383b5be441b9db632cb36da11db1c4ece111' ``` -------------------------------- ### Run Controller Locally Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Start the Flux Source Controller in your local environment. Ensure CRDs are installed first. ```sh make run ``` -------------------------------- ### Example HelmChart Events Output Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md This output shows example events for a HelmChart, including warnings for invalid references and normal events for successful pulls and artifact updates. ```console LAST SEEN TYPE REASON OBJECT MESSAGE 22s Warning InvalidChartReference helmchart/ invalid chart reference: failed to get chart version for remote reference: no 'podinfo' chart with version matching '9.*' found 2s Normal ChartPullSucceeded helmchart/ pulled 'podinfo' chart with version '6.0.3' 2s Normal ArtifactUpToDate helmchart/ artifact up-to-date with remote revision: '6.0.3' ``` -------------------------------- ### HelmChart - Fetch from OCI HelmRepository Source: https://context7.com/fluxcd/source-controller/llms.txt Example of defining a HelmChart resource to fetch a chart from an OCI HelmRepository. ```APIDOC ## HelmChart - Fetch from OCI HelmRepository ### Description This configuration defines a HelmChart resource to fetch a chart from an OCI HelmRepository. ### Kind HelmChart ### Metadata - name: podinfo-oci-chart - namespace: default ### Spec - interval: 5m0s - chart: podinfo - version: '>=6.0.0' - sourceRef: kind: HelmRepository name: podinfo-oci ``` -------------------------------- ### HelmChart - Fetch from HelmRepository Source: https://context7.com/fluxcd/source-controller/llms.txt Example of defining a HelmChart resource to fetch a chart from a HelmRepository using a SemVer range. ```APIDOC ## HelmChart - Fetch from HelmRepository ### Description This configuration defines a HelmChart resource to fetch a chart from a HelmRepository with a specified version range. ### Kind HelmChart ### Metadata - name: podinfo - namespace: default ### Spec - interval: 5m0s - chart: podinfo - version: '5.*' - reconcileStrategy: ChartVersion - sourceRef: kind: HelmRepository name: podinfo ``` -------------------------------- ### Azure Public Bucket Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Example of a Bucket resource configured for Azure with public accessibility. The endpoint should point to the Azure Blob Storage account. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: azure-public namespace: default spec: interval: 5m0s provider: azure bucketName: podinfo endpoint: https://podinfoaccount.blob.core.windows.net timeout: 30s ``` -------------------------------- ### HelmRepository Status Artifact Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md An example of the `.status.artifact` field for a HelmRepository, detailing the fetched index file's properties like digest, size, and URL. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: status: artifact: digest: sha256:83a3c595163a6ff0333e0154c790383b5be441b9db632cb36da11db1c4ece111 lastUpdateTime: "2022-02-04T09:55:58Z" path: helmrepository///index-83a3c595163a6ff0333e0154c790383b5be441b9db632cb36da11db1c4ece111.yaml revision: sha256:83a3c595163a6ff0333e0154c790383b5be441b9db632cb36da11db1c4ece111 size: 40898 url: http://source-controller.flux-system.svc.cluster.local./helmrepository///index-83a3c595163a6ff0333e0154c790383b5be441b9db632cb36da11db1c4ece111.yaml ``` -------------------------------- ### Basic GitRepository Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Defines a GitRepository named 'podinfo' that fetches data from a GitHub repository every five minutes, cloning the 'master' branch. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: podinfo namespace: default spec: interval: 5m0s url: https://github.com/stefanprodan/podinfo ref: branch: master ``` -------------------------------- ### Bucket - S3-compatible static credentials Source: https://context7.com/fluxcd/source-controller/llms.txt Example of configuring a Bucket resource to fetch objects from an S3-compatible storage bucket using static credentials. ```APIDOC ## Bucket - S3-compatible static credentials ### Description This configuration defines a Bucket resource for an S3-compatible object storage bucket using static credentials. ### Kind Bucket ### Metadata - name: minio-bucket - namespace: default ### Spec - interval: 5m0s - endpoint: minio.example.com - insecure: true - bucketName: my-configs - secretRef: name: minio-credentials ### Secret - name: minio-credentials - namespace: default - type: Opaque - stringData: accesskey: minio-access-key secretkey: minio-secret-key ``` -------------------------------- ### Example Bucket and Secret Configuration for LDAP STS Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md This example demonstrates how to configure a Bucket resource to use an LDAP Security Token Service (STS) provider. It includes the necessary Bucket, Secret for credentials, and Secret for TLS configuration. ```yaml --- aspiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: example namespace: example spec: interval: 5m bucketName: example provider: generic endpoint: minio.example.com sts: provider: ldap endpoint: https://ldap.example.com secretRef: name: ldap-credentials certSecretRef: name: ldap-tls --- aspiVersion: v1 kind: Secret metadata: name: ldap-credentials namespace: example type: Opaque stringData: username: password: --- aspiVersion: v1 kind: Secret metadata: name: ldap-tls namespace: example type: kubernetes.io/tls # or Opaque stringData: tls.crt: tls.key: ca.crt: ``` -------------------------------- ### HelmChart - Fetch from GitRepository Source: https://context7.com/fluxcd/source-controller/llms.txt Example of defining a HelmChart resource to fetch a chart from a GitRepository, specifying a path within the repository. ```APIDOC ## HelmChart - Fetch from GitRepository ### Description This configuration defines a HelmChart resource to fetch a chart from a GitRepository, including charts located in sub-directories. ### Kind HelmChart ### Metadata - name: app-chart - namespace: flux-system ### Spec - interval: 5m - chart: "./charts/my-app" - reconcileStrategy: Revision - sourceRef: kind: GitRepository name: my-app-repo ``` -------------------------------- ### Bucket - Amazon S3 with IRSA Source: https://context7.com/fluxcd/source-controller/llms.txt Example of configuring a Bucket resource for an Amazon S3 bucket using IRSA for authentication. ```APIDOC ## Bucket - Amazon S3 with IRSA ### Description This configuration defines a Bucket resource for an Amazon S3 bucket using IRSA for authentication. ### Kind Bucket ### Metadata - name: s3-configs - namespace: flux-system ### Spec - interval: 5m - provider: aws - bucketName: my-flux-configs - region: us-east-1 - endpoint: s3.amazonaws.com ``` -------------------------------- ### Generic Bucket Configuration Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Example of a Bucket resource configured for a generic S3-compatible endpoint, including insecure connection and Minio credentials. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: generic-insecure namespace: default spec: provider: generic interval: 5m0s bucketName: podinfo endpoint: minio.minio.svc.cluster.local:9000 timeout: 60s insecure: true secretRef: name: minio-credentials --- apiVersion: v1 kind: Secret metadata: name: minio-credentials namespace: default type: Opaque data: accesskey: secretkey: ``` -------------------------------- ### Example OCI HelmRepository Manifest Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Defines an OCI-based Helm repository. The .spec.interval field is ignored for OCI types. ```yaml --- aspect: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: podinfo namespace: default spec: type: "oci" interval: 5m0s url: oci://ghcr.io/stefanprodan/charts ``` -------------------------------- ### HelmChart Status Artifact Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md This example shows the structure of the HelmChart status artifact, which includes details about the last built chart, such as its digest, URL, size, and revision. The artifact is a gzip compressed TAR archive. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart metadata: name: status: artifact: digest: sha256:e30b95a08787de69ffdad3c232d65cfb131b5b50c6fd44295f48a078fceaa44e lastUpdateTime: "2022-02-10T18:53:47Z" path: helmchart///-.tgz revision: 6.0.3 size: 14166 url: http://source-controller.flux-system.svc.cluster.local./helmchart///-.tgz ``` -------------------------------- ### Describe OCIRepository Details Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md Get detailed information about an OCIRepository, including its artifact and conditions, using kubectl describe. ```console kubectl describe ocirepository podinfo ``` -------------------------------- ### HelmRepository - Private OCI Source: https://context7.com/fluxcd/source-controller/llms.txt Example of configuring a private OCI Helm repository with username and password credentials. ```APIDOC ## HelmRepository Private OCI ### Description This configuration defines a private OCI Helm repository using static credentials. ### Kind HelmRepository ### Metadata - name: private-oci-charts - namespace: flux-system ### Spec - type: "oci" - url: oci://ghcr.io/my-org/charts - secretRef: name: oci-creds ### Secret - name: oci-creds - namespace: flux-system - stringData: username: "flux" password: "ghp_TOKEN" ``` -------------------------------- ### OCIRepository with SemVer Reference Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md This example demonstrates configuring an OCIRepository to pull a tag that matches a SemVer range. The `.spec.ref.semver` field specifies the version constraint. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: spec: ref: # SemVer range reference: https://github.com/Masterminds/semver#checking-version-constraints semver: "" ``` -------------------------------- ### OCIRepository with Mutual TLS Configuration Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md This example demonstrates an OCIRepository resource configured to use mutual TLS authentication. It references a Secret named 'example-tls' which contains the necessary TLS certificate data. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: example namespace: default spec: interval: 5m0s url: oci://example.com certSecretRef: name: example-tls --- apiVersion: v1 kind: Secret metadata: name: example-tls namespace: default type: kubernetes.io/tls # or Opaque data: tls.crt: tls.key: # NOTE: Can be supplied without the above values ca.crt: ``` -------------------------------- ### AWS Object-Level Workload Identity Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Example of a Bucket resource configured for AWS with Object-Level Workload Identity. Ensure the 'ObjectLevelWorkloadIdentity' feature gate is enabled. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: aws-object-level-workload-identity namespace: default spec: interval: 5m0s provider: aws bucketName: podinfo endpoint: s3.amazonaws.com region: us-east-1 serviceAccountName: aws-workload-identity-sa timeout: 30s --- apiVersion: v1 kind: ServiceAccount metadata: name: aws-workload-identity-sa namespace: default annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/flux-bucket-role ``` -------------------------------- ### Console Output for GitRepository Events Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Example console output from 'kubectl events --for GitRepository/', showing Normal and Warning events with their reasons and messages. ```console LAST SEEN TYPE REASON OBJECT MESSAGE 2m14s Normal NewArtifact gitrepository/ stored artifact for commit 'Merge pull request #160 from stefanprodan/release-6.0.3' 36s Normal ArtifactUpToDate gitrepository/ artifact up-to-date with remote revision: 'master@sha1:132f4e719209eb10b9485302f8593fc0e680f4fc' 94s Warning GitOperationFailed gitrepository/ failed to checkout and determine revision: unable to clone 'https://github.com/stefanprodan/podinfo': couldn't find remote ref "refs/heads/invalid" ``` -------------------------------- ### HelmChart Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md Defines a HelmChart resource to fetch and package a Helm chart, exposing it as a tarball Artifact. It specifies the chart name, version range, reconciliation interval, and the source repository. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmChart metadata: name: podinfo namespace: default spec: interval: 5m0s chart: podinfo reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository name: podinfo version: '5.*' ``` -------------------------------- ### Get Application URL for LoadBalancer Service Source: https://github.com/fluxcd/source-controller/blob/main/internal/controller/testdata/charts/helmchartwithdeps/templates/NOTES.txt This snippet explains how to get the LoadBalancer IP and construct the application URL for a LoadBalancer service. It includes a note about the potential delay in IP availability and provides a command to watch the service status. ```bash NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helmchartwithdeps.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helmchartwithdeps.fullname" . }} --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}") echo http://$SERVICE_IP:{{ .Values.service.port }} ``` -------------------------------- ### OCIRepository with SemVer and SemVerFilter Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md This example configures an OCIRepository to pull tags matching a SemVer range, with an additional filter applied to the tags. The `.spec.ref.semverFilter` uses a regular expression to narrow down the tags considered for SemVer resolution. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: podinfo namespace: default spec: interval: 5m0s url: oci://ghcr.io/stefanprodan/manifests/podinfo ref: # SemVer comparisons using constraints without a prerelease comparator will skip prerelease versions. # Adding a `-0` suffix to the semver range will include prerelease versions. semver: ">= 6.1.x-0" semverFilter: ".*-rc.*" ``` -------------------------------- ### Bucket Artifact Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md This YAML defines a Bucket resource and its status, including the artifact details like digest, size, and URL. It shows the structure of the synchronized artifact. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: status: artifact: digest: sha256:cbec34947cc2f36dee8adcdd12ee62ca6a8a36699fc6e56f6220385ad5bd421a lastUpdateTime: "2024-01-28T10:30:30Z" path: bucket///c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2.tar.gz revision: sha256:c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2 size: 38099 url: http://source-controller..svc.cluster.local./bucket///c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2.tar.gz ``` -------------------------------- ### GCP Static Auth Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Configure a Bucket resource for GCP using static authentication with a service account key. The service account key must be base64 encoded and stored in a Kubernetes Secret. ```yaml --- aspiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: gcp-secret namespace: default spec: interval: 5m0s provider: gcp bucketName: endpoint: storage.googleapis.com region: secretRef: name: gcp-service-account --- aspiVersion: v1 kind: Secret metadata: name: gcp-service-account namespace: default type: Opaque data: serviceaccount: ``` -------------------------------- ### Azure Service Principal Certificate Authentication Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Configures a Bucket for Azure using a Service Principal with a client certificate for authentication. Requires a Kubernetes Secret with tenant ID, client ID, and client certificate. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: azure-service-principal-cert namespace: default spec: interval: 5m0s provider: azure bucketName: endpoint: https://.blob.core.windows.net secretRef: name: azure-sp-auth --- apiVersion: v1 kind: Secret metadata: name: azure-sp-auth namespace: default type: Opaque data: tenantId: clientId: clientCertificate: # Plus optionally clientCertificatePassword: clientCertificateSendChain: # either "1" or "true" ``` -------------------------------- ### HelmChart - Patch values files Source: https://context7.com/fluxcd/source-controller/llms.txt Example of defining a HelmChart resource that patches values files from the source into the chart artifact. ```APIDOC ## HelmChart - Patch values files ### Description This configuration defines a HelmChart resource that allows patching values files from the source into the chart artifact. ### Kind HelmChart ### Metadata - name: podinfo-patched - namespace: default ### Spec - interval: 5m - chart: podinfo - version: "6.*" - sourceRef: kind: HelmRepository name: podinfo - valuesFiles: - values.yaml - values-production.yaml ``` -------------------------------- ### OCIRepository with Tag Reference Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md This example shows how to configure an OCIRepository to pull a specific tag from an OCI registry. The `.spec.ref.tag` field is used for this purpose. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: spec: ref: tag: "" ``` -------------------------------- ### Get Buckets Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Retrieves a list of Bucket resources in the cluster, showing their names, endpoints, age, readiness status, and the latest artifact revision. ```console NAME ENDPOINT AGE READY STATUS minio-bucket minio.example.com 34s True stored artifact for revision 'sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' ``` -------------------------------- ### AWS Bucket Configuration Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Example of a Bucket resource configured for AWS S3, specifying the bucket name, endpoint, and region. Does not use static credentials. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: aws namespace: default spec: interval: 5m0s provider: aws bucketName: podinfo endpoint: s3.amazonaws.com region: us-east-1 timeout: 30s ``` -------------------------------- ### OCIRepository Events Console Output Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md Example console output from `kubectl events` for an OCIRepository, showing normal events like `NewArtifact` and `ArtifactUpToDate`, as well as potential errors like `OCIOperationFailed`. ```console LAST SEEN TYPE REASON OBJECT MESSAGE 2m14s Normal NewArtifact ocirepository/ stored artifact for revision 'latest@sha256:3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de' 36s Normal ArtifactUpToDate ocirepository/ artifact up-to-date with remote revision: 'latest@sha256:3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de' 94s Warning OCIOperationFailed ocirepository/ failed to pull artifact from 'oci://ghcr.io/stefanprodan/manifests/podinfo': couldn't find tag "0.0.1" ``` -------------------------------- ### Basic Auth HelmRepository and Secret Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Example of a HelmRepository using basic access authentication. The referenced Secret must contain username and password data. ```yaml --- assembly: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: example namespace: default spec: interval: 5m0s url: https://example.com secretRef: name: example-user --- assembly: v1 kind: Secret metadata: name: example-user namespace: default stringData: username: "user-123456" password: "pass-123456" ``` -------------------------------- ### Build OSS-Fuzz Fuzzers Source: https://github.com/fluxcd/source-controller/blob/main/tests/fuzz/README.md Builds the fuzzers for the fluxcd project using the specified sanitizer and architecture. This command is part of the local oss-fuzz testing setup. ```bash python infra/helper.py build_fuzzers --sanitizer address --architecture x86_64 fluxcd ``` -------------------------------- ### Azure Managed Identity with Client ID Authentication Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Configures a Bucket for Azure using a Managed Identity authenticated via a client ID. Requires a Kubernetes Secret containing the client ID. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: azure-managed-identity namespace: default spec: interval: 5m0s provider: azure bucketName: endpoint: https://.blob.core.windows.net secretRef: name: azure-smi-auth --- apiVersion: v1 kind: Secret metadata: name: azure-smi-auth namespace: default type: Opaque data: clientId: ``` -------------------------------- ### OCIRepository Artifact Status Example Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md This YAML snippet illustrates the structure of the `.status.artifact` field for an OCIRepository. It shows details like digest, last update time, metadata, path, revision, size, and URL. ```yaml apiVersion: source.toolkit.fluxcd.io/v1 kind: OCIRepository metadata: name: status: artifact: digest: sha256:9f3bc0f341d4ecf2bab460cc59320a2a9ea292f01d7b96e32740a9abfd341088 lastUpdateTime: "2025-08-08T09:35:45Z" metadata: org.opencontainers.image.created: "2025-08-08T12:31:41+03:00" org.opencontainers.image.revision: 6.1.8/b3b00fe35424a45d373bf4c7214178bc36fd7872 org.opencontainers.image.source: https://github.com/stefanprodan/podinfo.git path: ocirepository///.tar.gz revision: @ size: 1105 url: http://source-controller..svc.cluster.local./ocirepository///.tar.gz ``` -------------------------------- ### Get OCIRepository Status Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md Retrieve the status of an OCIRepository using kubectl get. ```console kubectl get ocirepository ``` -------------------------------- ### Run Test Suite Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Execute the controller's test suite. Ensure Go version is 1.25 or higher. ```sh make test ``` -------------------------------- ### Example ExternalArtifact Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/externalartifacts.md An example of an ExternalArtifact produced by a third-party source controller, detailing its source reference, artifact information, and status conditions. ```yaml apiVersion: source.toolkit.fluxcd.io/v1 kind: ExternalArtifact metadata: name: my-artifact namespace: flux-system spec: sourceRef: apiVersion: example.com/v1 kind: Source name: my-source status: artifact: digest: sha256:35d47c9db0eee6ffe08a404dfb416bee31b2b79eabc3f2eb26749163ce487f52 lastUpdateTime: "2025-08-21T13:37:31Z" path: source/flux-system/my-source/35d47c9d.tar.gz revision: v1.0.0@sha256:35d47c9db0eee6ffe08a404dfb416bee31b2b79eabc3f2eb26749163ce487f52 size: 20914 url: http://example-controller.flux-system.svc.cluster.local./source/flux-system/my-source/35d47c9d.tar.gz conditions: - lastTransitionTime: "2025-08-21T13:37:31Z" message: stored artifact for revision v1.0.0 observedGeneration: 1 reason: Succeeded status: "True" type: Ready ``` -------------------------------- ### Create and Use Docker Buildx Builder Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md If encountering errors with multi-platform builds, create and switch to a new builder that supports multiple platforms using `docker buildx create --use`. ```sh docker buildx create --use ``` -------------------------------- ### Build and Push Container Image (Single Command) Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Combines building and pushing the container image into a single command. Use `BUILD_ARGS=--push` to enable pushing. ```sh IMG=registry-path/source-controller TAG=latest BUILD_ARGS=--push \ make docker-build ``` -------------------------------- ### Get Application URL for NodePort Service Source: https://github.com/fluxcd/source-controller/blob/main/internal/controller/testdata/charts/helmchartwithdeps/templates/NOTES.txt This snippet demonstrates how to retrieve the NodePort and Node IP to construct the application URL when the service type is NodePort. It uses kubectl commands to get the necessary information. ```bash export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helmchartwithdeps.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT ``` -------------------------------- ### Build Fuzzers with make Source: https://github.com/fluxcd/source-controller/blob/main/tests/fuzz/README.md Builds all fuzzers for local testing. Fuzzers are placed in the ./build/fuzz/out directory. ```bash make fuzz-build ``` -------------------------------- ### GitRepository Spec with Branch Reference Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Example of a GitRepository specification that checks out a specific branch. This performs a shallow clone. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: spec: ref: branch: ``` -------------------------------- ### Get GitRepository Status Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Retrieves a list of all GitRepository resources in the cluster, showing their name, URL, age, readiness, and status. ```console kubectl get gitrepository ``` -------------------------------- ### Install Controller CRDs Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Apply the Custom Resource Definitions (CRDs) for the controller to your cluster. This is a prerequisite for running the controller locally. ```sh make install ``` -------------------------------- ### Describe HelmChart Resource Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md Command to get detailed information about a specific HelmChart resource, including its status, artifact details, and conditions. ```console kubectl describe helmchart podinfo ``` -------------------------------- ### Get HelmChart Resource Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md Command to retrieve and display HelmChart resources in the cluster, showing their name, chart, version, source, and status. ```console kubectl get helmchart ``` -------------------------------- ### Display Application URL for Ingress Source: https://github.com/fluxcd/source-controller/blob/main/internal/controller/testdata/charts/helmchartwithdeps/templates/NOTES.txt This snippet shows how to construct the application URL when an ingress is enabled. It iterates through hosts and paths defined in the values. ```go-template {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} {{- end }} {{- end }} {{- end }} ``` -------------------------------- ### HelmRepository - AWS ECR Source: https://context7.com/fluxcd/source-controller/llms.txt Example of configuring an AWS ECR Helm repository using IAM Roles for Service Accounts (IRSA). ```APIDOC ## HelmRepository AWS ECR ### Description This configuration defines an AWS ECR Helm repository that uses IRSA for authentication. ### Kind HelmRepository ### Metadata - name: ecr-charts - namespace: flux-system ### Spec - type: "oci" - provider: aws - interval: 10m - url: oci://123456789.dkr.ecr.us-east-1.amazonaws.com/my-charts ### ServiceAccount Patch for IRSA - apiVersion: v1 - kind: ServiceAccount - metadata: name: source-controller annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/ecr-read-role ``` -------------------------------- ### Describe OCIRepository for Debugging Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/ocirepositories.md Use `kubectl describe` to view the latest recorded status and events for an OCIRepository. This is crucial for diagnosing issues like failed fetches or reconciliation problems. ```console ... Status: ... Conditions: Last Transition Time: 2025-02-14T09:40:27Z Message: processing object: new generation 1 -> 2 Observed Generation: 2 Reason: ProgressingWithRetry Status: True Type: Reconciling Last Transition Time: 2025-02-14T09:40:27Z Message: failed to pull artifact from 'oci://ghcr.io/stefanprodan/manifests/podinfo': couldn't find tag "0.0.1" Observed Generation: 2 Reason: OCIOperationFailed Status: False Type: Ready Last Transition Time: 2025-02-14T09:40:27Z Message: failed to pull artifact from 'oci://ghcr.io/stefanprodan/manifests/podinfo': couldn't find tag "0.0.1" Observed Generation: 2 Reason: OCIOperationFailed Status: True Type: FetchFailed Observed Generation: 1 URL: http://source-controller.source-system.svc.cluster.local./ocirepository/default/podinfo/latest.tar.gz Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning OCIOperationFailed 2s (x9 over 4s) source-controller failed to pull artifact from 'oci://ghcr.io/stefanprodan/manifests/podinfo': couldn't find tag "0.0.1" ``` -------------------------------- ### Describe GitRepository Details Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Provides detailed information about a specific GitRepository, including its artifact details, conditions, observed generation, and events. ```console kubectl describe gitrepository podinfo ``` -------------------------------- ### Access Application URL via ClusterIP with Port Forwarding Source: https://github.com/fluxcd/source-controller/blob/main/internal/controller/testdata/charts/helmchart/templates/NOTES.txt This snippet is for ClusterIP services. It finds a pod and sets up port forwarding to access the application locally. ```bash export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helmchart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 ``` -------------------------------- ### AWS Bucket with Static Authentication Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Example of a Bucket resource configured for AWS S3 using static credentials stored in a Kubernetes Secret. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: aws namespace: default spec: interval: 5m0s provider: aws bucketName: podinfo endpoint: s3.amazonaws.com region: us-east-1 secretRef: name: aws-credentials --- apiVersion: v1 kind: Secret metadata: name: aws-credentials namespace: default type: Opaque data: accesskey: secretkey: ``` -------------------------------- ### Deploy Controller to Cluster Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Deploy the source-controller to the cluster configured in your local kubeconfig file using `make deploy`. ```sh make deploy ``` -------------------------------- ### OCI HelmRepository and Secret Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Example of an OCI HelmRepository requiring authentication. The referenced Secret contains username and password for OCI registry access. ```yaml --- assembly: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: podinfo namespace: default spec: interval: 5m0s url: oci://ghcr.io/my-user/my-private-repo type: "oci" secretRef: name: oci-creds --- assembly: v1 kind: Secret metadata: name: oci-creds namespace: default stringData: username: "user-123456" password: "pass-123456" ``` -------------------------------- ### GitRepository Spec with Tag Reference Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Example of a GitRepository specification that checks out a specific tag. This reference type takes precedence over the branch reference. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: spec: ref: tag: ``` -------------------------------- ### Create a Bucket for Minio Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/buckets.md Defines a Bucket resource to fetch objects from a Minio instance. Includes interval for checks, endpoint, insecure connection flag, and a reference to a Kubernetes Secret for authentication. Also defines the Secret containing access and secret keys. ```yaml --- apiVersion: source.toolkit.fluxcd.io/v1 kind: Bucket metadata: name: minio-bucket namespace: default spec: interval: 5m0s endpoint: minio.example.com insecure: true secretRef: name: minio-bucket-secret bucketName: example --- apiVersion: v1 kind: Secret metadata: name: minio-bucket-secret namespace: default type: Opaque stringData: accesskey: secretkey: ``` -------------------------------- ### VSCode Debug Configuration for Go Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Configure VSCode for debugging the Go controller. Create a `.vscode/launch.json` file with the provided settings. ```json { "version": "0.2.0", "configurations": [ { "name": "Launch Package", "type": "go", "request": "launch", "mode": "auto", "program": "${workspaceFolder}/main.go", "args": ["--storage-adv-addr=:0", "--storage-path=${workspaceFolder}/bin/data"] } ] } ``` -------------------------------- ### HelmChart Spec with HelmRepository Source Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md Example of a HelmChart specification referencing a HelmRepository for the chart source. This is used when the chart is available in a Helm repository. ```yaml spec: chart: podinfo sourceRef: name: podinfo kind: HelmRepository ``` -------------------------------- ### Run Single Test Case Source: https://github.com/fluxcd/source-controller/blob/main/AGENTS.md Allows running a specific test case by providing arguments to the Go test runner via GO_TEST_ARGS. ```bash make test GO_TEST_ARGS="-v -run TestGitRepositoryReconciler_reconcileSource" ``` -------------------------------- ### Build Container Image Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Build the controller's container image using `make docker-build`. The image will be tagged as `$(IMG):$(TAG)`. ```sh make docker-build ``` -------------------------------- ### Display LoadBalancer Service URL in Helm NOTES.txt Source: https://github.com/fluxcd/source-controller/blob/main/internal/helm/testdata/charts/helmchart/templates/NOTES.txt For LoadBalancer services, this snippet explains that it may take time for the IP to become available and provides a command to watch the service status. It then retrieves the LoadBalancer IP and displays the application URL. ```go-template {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helmchart.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helmchart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}) echo http://$SERVICE_IP:{{ .Values.service.port }} {{- end }} ``` -------------------------------- ### Describe HelmRepository for Debugging Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Display detailed status and events for a HelmRepository using `kubectl describe`. This is useful for diagnosing issues like connection errors or failed fetches. ```console ... Status: ... Conditions: Last Transition Time: 2022-02-04T13:41:56Z Message: failed to construct Helm client: scheme "invalid" not supported Observed Generation: 2 Reason: Failed Status: True Type: Stalled Last Transition Time: 2022-02-04T13:41:56Z Message: failed to construct Helm client: scheme "invalid" not supported Observed Generation: 2 Reason: Failed Status: False Type: Ready Last Transition Time: 2022-02-04T13:41:56Z Message: failed to construct Helm client: scheme "invalid" not supported Observed Generation: 2 Reason: Failed Status: True Type: FetchFailed Observed Generation: 2 URL: http://source-controller.source-system.svc.cluster.local./helmrepository/default/podinfo/index.yaml Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning Failed 6s source-controller failed to construct Helm client: scheme "invalid" not supported ``` -------------------------------- ### Get HelmRepository Status Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmrepositories.md Retrieves a list of all HelmRepository resources in the cluster, showing their name, URL, age, readiness status, and a summary of the latest artifact revision. ```console kubectl get helmrepository ``` -------------------------------- ### Configure Sparse Checkout for GitRepository Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/gitrepositories.md Specify directories to checkout when cloning a repository. Only the contents of these directories will be present in the produced artifact. ```yaml apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: podinfo namespace: default spec: interval: 5m url: https://github.com/stefanprodan/podinfo ref: branch: master sparseCheckout: - charts - kustomize ``` -------------------------------- ### Run Fuzzer Locally Source: https://github.com/fluxcd/source-controller/blob/main/tests/fuzz/README.md Executes a specific fuzzer binary directly from the build output directory. ```bash ./build/fuzz/out/fuzz_conditions_match ``` -------------------------------- ### Bucket - GCP Cloud Storage with Workload Identity Source: https://context7.com/fluxcd/source-controller/llms.txt Example of configuring a Bucket resource for a GCP Cloud Storage bucket using Workload Identity for authentication. ```APIDOC ## Bucket - GCP Cloud Storage with Workload Identity ### Description This configuration defines a Bucket resource for a GCP Cloud Storage bucket using Workload Identity for authentication. ### Kind Bucket ### Metadata - name: gcs-configs - namespace: flux-system ### Spec - interval: 5m - provider: gcp - bucketName: my-gcs-bucket - region: us-central1 ``` -------------------------------- ### Push Container Image Source: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md Upload the built container image to the specified registry using `make docker-push`. ```sh make docker-push ``` -------------------------------- ### HelmChart Spec with GitRepository or Bucket Source Source: https://github.com/fluxcd/source-controller/blob/main/docs/spec/v1/helmcharts.md Example of a HelmChart specification referencing a GitRepository or Bucket for the chart source. The chart is specified as a path within the repository or bucket. ```yaml spec: chart: ./charts/podinfo sourceRef: name: podinfo kind: ``` -------------------------------- ### Build OSS-Fuzz Docker Image Source: https://github.com/fluxcd/source-controller/blob/main/tests/fuzz/README.md Builds the Docker image required for running oss-fuzz locally for the fluxcd project. ```bash python infra/helper.py build_image fluxcd ```