Flux Security Deep Dive


Authors:   Stefan Prodan


Flux is a secure and flexible continuous delivery tool for Kubernetes that can be easily integrated into various platforms.
  • Flux has focused on security hardening and undergone internal audits to address vulnerabilities in its multi-tenancy model and improve secrets management and decryption.
  • Flux can be easily kept up to date through its self-upgrading feature and integration with renovatebot.
  • Flux works with open PGP to restrict access to sensitive data and prevent unauthorized modifications.
  • Flux execution is predictable and can be extended through building new Kubernetes controllers using the GitHub toolkit.
  • Flux has been adopted by various platforms and organizations, including the U.S. Department of Defense and Deutsche Telekom.
  • Flux has a security RFC process in place to ensure that any changes that affect its security posture undergo thorough review and approval.
Flux's self-upgrading feature can save time and effort for users who would otherwise have to manually update the tool every few weeks.


In this session Stefan will go deep into the security aspects of Flux v2. We'll start by explaining the Flux authorization model and how it relates to Kubernetes RBAC and account impersonation. Then we'll compare the soft and hard multitenancy models from a GitOps perspective. We'll explore the configuration options on how platform admins can lockdown Flux on multitenant environments and how they can onboard tenants onto clusters using the Flux CLI and Git. Finally we'll talk about the Flux roadmap for 2022.Click here to view captioning/translation in the MeetingPlay platform!


Post a comment

Related work

Authors: Michael Bridgen, Hidde Beydals