az k8s-configuration flux

Note

This reference is part of the k8s-configuration extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az k8s-configuration flux command. Learn more about extensions.

Commands to manage Flux v2 Kubernetes configurations.

Commands

Name	Description	Type	Status
az k8s-configuration flux create	Create a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux delete	Delete a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux deployed-object	Commands to see deployed objects associated with Flux v2 Kubernetes configurations.	Extension	GA
az k8s-configuration flux deployed-object list	List deployed objects associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux deployed-object show	Show a deployed object associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux kustomization	Commands to manage Kustomizations associated with Flux v2 Kubernetes configurations.	Extension	GA
az k8s-configuration flux kustomization create	Create a Kustomization associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux kustomization delete	Delete a Kustomization associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux kustomization list	List Kustomizations associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux kustomization show	Show a Kustomization associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux kustomization update	Update a Kustomization associated with a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux list	List all Flux v2 Kubernetes configurations.	Extension	GA
az k8s-configuration flux show	Show a Flux v2 Kubernetes configuration.	Extension	GA
az k8s-configuration flux update	Update a Flux v2 Kubernetes configuration.	Extension	GA

az k8s-configuration flux create

Create a Flux v2 Kubernetes configuration.

az k8s-configuration flux create --cluster-name
                                 --cluster-type {connectedClusters, managedClusters, provisionedClusters}
                                 --name
                                 --resource-group
                                 --url
                                 [--account-key]
                                 [--branch]
                                 [--bucket-access-key]
                                 [--bucket-insecure {false, true}]
                                 [--bucket-name]
                                 [--bucket-secret-key]
                                 [--cluster-resource-provider]
                                 [--commit]
                                 [--container-name]
                                 [--https-ca-cert]
                                 [--https-ca-cert-file]
                                 [--https-key]
                                 [--https-user]
                                 [--interval]
                                 [--kind {azblob, bucket, git}]
                                 [--known-hosts]
                                 [--known-hosts-file]
                                 [--kustomization]
                                 [--local-auth-ref]
                                 [--managed-identity-client-id]
                                 [--namespace]
                                 [--no-wait]
                                 [--sas-token]
                                 [--scope {cluster, namespace}]
                                 [--semver]
                                 [--service-principal-client-certificate]
                                 [--service-principal-client-certificate-password]
                                 [--service-principal-client-certificate-send-chain]
                                 [--service-principal-client-id]
                                 [--service-principal-client-secret]
                                 [--service-principal-tenant-id]
                                 [--ssh-private-key]
                                 [--ssh-private-key-file]
                                 [--suspend {false, true}]
                                 [--tag]
                                 [--timeout]

Examples

Create a Flux v2 Kubernetes configuration

az k8s-configuration flux create --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters \
--name myconfig --scope cluster --namespace my-namespace \
--kind git --url https://github.com/Azure/arc-k8s-demo \
--branch main --kustomization name=my-kustomization

Create a Kubernetes v2 Flux Configuration with Bucket Source Kind

az k8s-configuration flux create --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters \
--name myconfig --scope cluster --namespace my-namespace \
--kind bucket --url https://bucket-provider.minio.io \
--bucket-name my-bucket --kustomization name=my-kustomization \
--bucket-access-key my-access-key --bucket-secret-key my-secret-key

Create a Kubernetes v2 Flux Configuration with Azure Blob Source Kind

az k8s-configuration flux create --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters \
--name myconfig --scope cluster --namespace my-namespace \
--kind azblob --url https://mystorageaccount.blob.core.windows.net \
--container-name my-container --kustomization name=my-kustomization \
--account-key my-account-key

Required Parameters

--cluster-name -c

Name of the Kubernetes cluster.

--cluster-type -t

Specify Arc connected clusters or AKS managed clusters or provisioned clusters.

accepted values: connectedClusters, managedClusters, provisionedClusters

--name -n

Name of the flux configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--url -u

URL of the source to reconcile.

Optional Parameters

--account-key

The Azure Blob Shared Key for authentication.

--branch

Branch within the git source to reconcile with the cluster.

--bucket-access-key

Access Key ID used to authenticate with the bucket.

--bucket-insecure

Communicate with a bucket without TLS.

accepted values: false, true

default value: False

--bucket-name

Name of the S3 bucket to sync.

--bucket-secret-key

Secret Key used to authenticate with the bucket.

--cluster-resource-provider --cluster-rp

Cluster Resource Provider name for this clusterType (Required for provisionedClusters).

--commit

Commit within the git source to reconcile with the cluster.

--container-name

Name of the Azure Blob Storage container to sync.

--https-ca-cert

Base64-encoded HTTPS CA certificate for TLS communication with private repository sync.

--https-ca-cert-file

File path to HTTPS CA certificate file for TLS communication with private repository sync.

--https-key

HTTPS token/password for private repository sync.

--https-user

HTTPS username for private repository sync.

--interval --sync-interval

Time between reconciliations of the source on the cluster.

--kind

Source kind to reconcile.

accepted values: azblob, bucket, git

default value: git

--known-hosts

Base64-encoded known_hosts data containing public SSH keys required to access private Git instances.

--known-hosts-file

File path to known_hosts contents containing public SSH keys required to access private Git instances.

--kustomization -k

Define kustomizations to sync sources with parameters ['name', 'path', 'depends_on', 'timeout', 'sync_interval', 'retry_interval', 'prune', 'force'].

--local-auth-ref --local-ref

Local reference to a kubernetes secret in the configuration namespace to use for communication to the source.

--managed-identity-client-id --mi-client-id

The client ID of the managed identity for authentication with Azure Blob.

--namespace --ns

Namespace to deploy the configuration.

default value: default

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--sas-token

The Azure Blob SAS Token for authentication.

--scope -s

Specify scope of the operator to be 'namespace' or 'cluster'.

accepted values: cluster, namespace

default value: cluster

--semver

Semver range within the git source to reconcile with the cluster.

--service-principal-client-certificate --sp-client-cert

The Base64 encoded client certificate for authenticating a service principal with Azure Blob.

--service-principal-client-certificate-password --sp-cert-password

The password for the client certificate used to authenticate a service principal with Azure Blob.

--service-principal-client-certificate-send-chain --sp-cert-send-chain

Specify whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate.

default value: False

--service-principal-client-id --sp-client-id

The client ID for authenticating a service principal with Azure Blob, required for this authentication method.

--service-principal-client-secret --sp-client-secret

The client secret for authenticating a service principal with Azure Blob.

--service-principal-tenant-id --sp-tenant-id

The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method.

--ssh-private-key

Base64-encoded private ssh key for private repository sync.

--ssh-private-key-file

File path to private ssh key for private repository sync.

--suspend

Suspend the reconciliation of the source and kustomizations associated with this configuration.

accepted values: false, true

default value: False

--tag

Tag within the git source to reconcile with the cluster.

--timeout

Maximum time to reconcile the source before timing out.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az k8s-configuration flux delete

Delete a Flux v2 Kubernetes configuration.

az k8s-configuration flux delete --cluster-name
                                 --cluster-type {connectedClusters, managedClusters, provisionedClusters}
                                 --name
                                 --resource-group
                                 [--cluster-resource-provider]
                                 [--force {false, true}]
                                 [--no-wait]
                                 [--yes]

Examples

Delete an existing Flux v2 Kubernetes configuration

az k8s-configuration flux delete --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters --name myconfig

Required Parameters

--cluster-name -c

Name of the Kubernetes cluster.

--cluster-type -t

Specify Arc connected clusters or AKS managed clusters or provisioned clusters.

accepted values: connectedClusters, managedClusters, provisionedClusters

--name -n

Name of the flux configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cluster-resource-provider --cluster-rp

Cluster Resource Provider name for this clusterType (Required for provisionedClusters).

--force

Force delete the flux configuration from the cluster.

accepted values: false, true

default value: False

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az k8s-configuration flux list

List all Flux v2 Kubernetes configurations.

az k8s-configuration flux list --cluster-name
                               --cluster-type {connectedClusters, managedClusters, provisionedClusters}
                               --resource-group
                               [--cluster-resource-provider]

Examples

List Flux v2 Kubernetes configurations on a cluster

az k8s-configuration flux list --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters

Required Parameters

--cluster-name -c

Name of the Kubernetes cluster.

--cluster-type -t

Specify Arc connected clusters or AKS managed clusters or provisioned clusters.

accepted values: connectedClusters, managedClusters, provisionedClusters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cluster-resource-provider --cluster-rp

Cluster Resource Provider name for this clusterType (Required for provisionedClusters).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az k8s-configuration flux show

Show a Flux v2 Kubernetes configuration.

az k8s-configuration flux show --cluster-name
                               --cluster-type {connectedClusters, managedClusters, provisionedClusters}
                               --name
                               --resource-group
                               [--cluster-resource-provider]

Examples

Show details of a Flux v2 Kubernetes configuration

az k8s-configuration flux show --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters --name myconfig

Required Parameters

--cluster-name -c

Name of the Kubernetes cluster.

--cluster-type -t

Specify Arc connected clusters or AKS managed clusters or provisioned clusters.

accepted values: connectedClusters, managedClusters, provisionedClusters

--name -n

Name of the flux configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cluster-resource-provider --cluster-rp

Cluster Resource Provider name for this clusterType (Required for provisionedClusters).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az k8s-configuration flux update

Update a Flux v2 Kubernetes configuration.

az k8s-configuration flux update --cluster-name
                                 --cluster-type {connectedClusters, managedClusters, provisionedClusters}
                                 --name
                                 --resource-group
                                 [--account-key]
                                 [--branch]
                                 [--bucket-access-key]
                                 [--bucket-insecure {false, true}]
                                 [--bucket-name]
                                 [--bucket-secret-key]
                                 [--cluster-resource-provider]
                                 [--commit]
                                 [--container-name]
                                 [--https-ca-cert]
                                 [--https-ca-cert-file]
                                 [--https-key]
                                 [--https-user]
                                 [--interval]
                                 [--kind {azblob, bucket, git}]
                                 [--known-hosts]
                                 [--known-hosts-file]
                                 [--kustomization]
                                 [--local-auth-ref]
                                 [--managed-identity-client-id]
                                 [--no-wait]
                                 [--sas-token]
                                 [--semver]
                                 [--service-principal-client-certificate]
                                 [--service-principal-client-certificate-password]
                                 [--service-principal-client-certificate-send-chain]
                                 [--service-principal-client-id]
                                 [--service-principal-client-secret]
                                 [--service-principal-tenant-id]
                                 [--ssh-private-key]
                                 [--ssh-private-key-file]
                                 [--suspend {false, true}]
                                 [--tag]
                                 [--timeout]
                                 [--url]
                                 [--yes]

Examples

Update a Flux v2 Kubernetes configuration

az k8s-configuration flux update --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \
--url https://github.com/Azure/arc-k8s-demo --branch main \
--kustomization name=my-kustomization path=./my/new-path

Update a Flux v2 Kubernetes configuration with Bucket Source Kind to connect insecurely

az k8s-configuration flux update --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \
--bucket-insecure

Update a Flux v2 Kubernetes configuration with Azure Blob Source Kind with another container name

az k8s-configuration flux update --resource-group my-resource-group \
--cluster-name mycluster --cluster-type connectedClusters --name myconfig \
--container-name other-container

Required Parameters

--cluster-name -c

Name of the Kubernetes cluster.

--cluster-type -t

Specify Arc connected clusters or AKS managed clusters or provisioned clusters.

accepted values: connectedClusters, managedClusters, provisionedClusters

--name -n

Name of the flux configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--account-key

The Azure Blob Shared Key for authentication.

--branch

Branch within the git source to reconcile with the cluster.

--bucket-access-key

Access Key ID used to authenticate with the bucket.

--bucket-insecure

Communicate with a bucket without TLS.

accepted values: false, true

--bucket-name

Name of the S3 bucket to sync.

--bucket-secret-key

Secret Key used to authenticate with the bucket.

--cluster-resource-provider --cluster-rp

Cluster Resource Provider name for this clusterType (Required for provisionedClusters).

--commit

Commit within the git source to reconcile with the cluster.

--container-name

Name of the Azure Blob Storage container to sync.

--https-ca-cert

Base64-encoded HTTPS CA certificate for TLS communication with private repository sync.

--https-ca-cert-file

File path to HTTPS CA certificate file for TLS communication with private repository sync.

--https-key

HTTPS token/password for private repository sync.

--https-user

HTTPS username for private repository sync.

--interval --sync-interval

Time between reconciliations of the source on the cluster.

--kind

Source kind to reconcile.

accepted values: azblob, bucket, git

--known-hosts

Base64-encoded known_hosts data containing public SSH keys required to access private Git instances.

--known-hosts-file

File path to known_hosts contents containing public SSH keys required to access private Git instances.

--kustomization -k

Define kustomizations to sync sources with parameters ['name', 'path', 'depends_on', 'timeout', 'sync_interval', 'retry_interval', 'prune', 'force'].

--local-auth-ref --local-ref

Local reference to a kubernetes secret in the configuration namespace to use for communication to the source.

--managed-identity-client-id --mi-client-id

The client ID of the managed identity for authentication with Azure Blob.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--sas-token

The Azure Blob SAS Token for authentication.

--semver

Semver range within the git source to reconcile with the cluster.

--service-principal-client-certificate --sp-client-cert

The Base64 encoded client certificate for authenticating a service principal with Azure Blob.

--service-principal-client-certificate-password --sp-cert-password

The password for the client certificate used to authenticate a service principal with Azure Blob.

--service-principal-client-certificate-send-chain --sp-cert-send-chain

Specify whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate.

default value: False

--service-principal-client-id --sp-client-id

The client ID for authenticating a service principal with Azure Blob, required for this authentication method.

--service-principal-client-secret --sp-client-secret

The client secret for authenticating a service principal with Azure Blob.

--service-principal-tenant-id --sp-tenant-id

The tenant ID for authenticating a service principal with Azure Blob, required for this authentication method.

--ssh-private-key

Base64-encoded private ssh key for private repository sync.

--ssh-private-key-file

File path to private ssh key for private repository sync.

--suspend

Suspend the reconciliation of the source and kustomizations associated with this configuration.

accepted values: false, true

--tag

Tag within the git source to reconcile with the cluster.

--timeout

Maximum time to reconcile the source before timing out.

--url -u

URL of the source to reconcile.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.