flux-charts/docs/fluxcd/_index.md

---
title: "FluxCD: Get Started"
slug: "get-started"
weight: 1
cascade:
  - url: /:sections[:2]/:sections[3:]/:slugorfilename
---

## Install FluxCD into a cluster

Here i install it with connection to codeberg:

* the path is just for the cluster
* the url a repo where fluxcd (in given path) install itself and monitor
* i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)

```bash
flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.git
```

### Secure with verify

Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster.
That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.

in your repository the flux cli has created an `<path>/flux-system/kustomization.yaml`, we will edit them.

```patch
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - gotk-components.yaml
  - gotk-sync.yaml

+patches:
+  - target:
+      kind: GitRepository
+      name: flux-system
+    patch: |-
+      apiVersion: source.toolkit.fluxcd.io/v1
+      kind: GitRepository
+      metadata:
+        name: flux-system
+      spec:
+        verify: <1>
+          mode: HEAD
+          secretRef:
+            name: gpg-publickey
+
+generatorOptions:
+  disableNameSuffixHash: true <2>
+
+secretGenerator:
+  - name: gpg-publickey <3>
+    namespace: flux-system
+    files:
+      - gpg-publickey/wrenix.gpg <4>
```
* <1> add verify, that only HEAD git commit with valide gpg signature is used
* <2> on the next generate, do not add hash
* <3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
* <4> Add list of valide gpg key files