Beta

GitOps with FluxCD

Source and Kustomize Controller

Source Controller S3 Bucket

In this guide, you’ll learn how to use Flux CD’s Source Controller to fetch Kubernetes manifests from an S3-compatible bucket (for example, MinIO). We assume you have a bucket named k8s-manifests with two subfolders, app-A and app-B, each containing its own manifests. By the end, you will:

  1. Store MinIO credentials in a Kubernetes Secret
  2. Register the bucket as a Flux Bucket source
  3. Apply the app-A manifests via a Flux Kustomization

Prerequisites

  • A running Kubernetes cluster
  • Flux CD installed (Source and Kustomize Controllers)
  • A MinIO (or other S3-compatible) endpoint
  • A bucket named k8s-manifests containing app-A/ and app-B/

1. Create the MinIO Credentials Secret

Store your MinIO access key and secret key as a Kubernetes Secret in the flux-system namespace:

kubectl -n flux-system create secret generic minio-crd \
  --from-literal=accesskey=minioadmin \
  --from-literal=secretkey=minioadmin

Expected output:

secret/minio-crd created

Note

Ensure your credentials are scoped to the least-privileged user on your S3 endpoint.

2. Register the Flux Bucket Source

Define a Flux Bucket resource that points to your S3-compatible endpoint. Replace the --endpoint value with your MinIO service address if different.

flux create source bucket minio-bucket \
  --bucket-name k8s-manifests \
  --endpoint minio.minio-dev.svc.cluster.local:9000 \
  --provider generic \
  --insecure \
  --secret-ref minio-crd

Sample output:

► generating Bucket source
✔ Bucket source updated
⟳ waiting for Bucket source reconciliation
✔ Bucket source reconciliation completed
fetched revision: b3642f24daf09a297b6237b345a6a

This creates a Bucket named minio-bucket in the flux-system namespace, which tars and retrieves all contents under k8s-manifests.

Warning

Using --insecure disables TLS verification. Only use this flag in trusted environments or testing scenarios.

3. Apply Manifests with Flux Kustomization

Now that Flux can fetch the bucket contents, configure a Kustomization to build and apply the app-A manifests:

flux create kustomization kust-app-a \
  --source Bucket/minio-bucket \
  --path "./app-A" \
  --prune=true \
  --interval=10m

Sample output:

► generating Kustomization
✔ Kustomization updated
⟳ waiting for Kustomization reconciliation
✔ Kustomization kust-app-a is ready
✔ applied revision b3642f24daf09a297b6237b345a6a

Flux will now periodically reconcile and apply the contents of app-A to your cluster.

Summary of Resources

ResourcePurposeFlux Command
SecretStore MinIO S3 credentialskubectl create secret generic minio-crd …
Bucket (Source)Fetch objects from k8s-manifestsflux create source bucket minio-bucket …
KustomizationBuild & apply manifests from app-Aflux create kustomization kust-app-a …

Watch Video

Watch video content

Previous
DEMO Kustomize Controller Kustomize Overlay
Next
DEMO Source Controller S3 Bucket