Flux GitOps for AKS and Azure Arc (2025 Update)
Flux is a CNCF GitOps operator for Kubernetes, integrated with Azure Arc and AKS for declarative, automated cluster management. Below are the latest best practices and command updates for 2025:
Prerequisites
- Register required resource providers:
az provider register --namespace Microsoft.Kubernetes az provider register --namespace Microsoft.ContainerService az provider register --namespace Microsoft.KubernetesConfiguration - Install/upgrade the latest CLI extensions:
az extension add -n k8s-configuration --upgrade az extension add -n k8s-extension --upgrade
Create a Flux Configuration
- Works with AKS (
-t managedClusters), Azure Arc (-t connectedClusters), and AKS hybrid (-t provisionedClusters). - Example for Azure Arc:
az k8s-configuration flux create -g flux-demo-rg \ -c flux-demo-arc \ -n cluster-config \ --namespace cluster-config \ -t connectedClusters \ --scope cluster \ -u https://github.com/Azure/gitops-flux2-kustomize-helm-mt \ --branch main \ --kustomization name=infra path=./infrastructure prune=true \ --kustomization name=apps path=./apps/staging prune=true dependsOn=["infra"] - For AKS, use
-t managedClustersand set-cto your AKS cluster name.
Best Practices (2025)
- Use separate namespaces for Flux system and configuration objects.
- Use
prune=trueto ensure deleted resources in Git are also removed from the cluster. - Use
dependsOnto control kustomization order. - Store secrets in Azure Key Vault and reference them securely in manifests.
- Use branch protection and signed commits for GitOps repos.
- Monitor compliance state with
az k8s-configuration flux show .... - Use private Git repos and deploy with SSH or token authentication for production.
Validate Deployment
- Check compliance state:
az k8s-configuration flux show -g flux-demo-rg -c flux-demo-arc -n cluster-config -t connectedClusters - Confirm namespaces:
kubectl get namespaces - Confirm Flux controllers:
kubectl get pods -n flux-system - Confirm kustomizations, sources, and releases:
kubectl get kustomizations -A kubectl get gitrepositories -A kubectl get helmreleases -A