Stefan Prodan

@mhsh64 can you please post here `kubectl get ns flux-system -oyaml`, `flux check` and `flux get all --all-namespaces`, feel free to censor any private info.

Yes you don't use our labels on the namespace and probably not on the deployments. See https://github.com/fluxcd/flux2/blob/main/manifests/install/labels.yaml

@davinkevin you could do a canary deployment of Flux using RBAC to restrict what a Flux instance can see in the cluster. For example, deny the installed version access to...

AWS requires an `fsGroup` to be specified for non root containers, but Openshift doesn't like that. You need to restore the `fsGroup ` and use SCC, all of this is...

> How does Flux knows the secret name when the kustomization resoure is configured to mount a volume from a secret and dump the secret into .aws folder? Flux uses...

@groenator thanks for posting the solution for Openshift. @aryan9600 we need to add this to the kustomize-controller docs in https://github.com/fluxcd/kustomize-controller/pull/641

We need to update the docs with these instructions. Thanks @cdenneen for providing the steps.

@FofM this filename is wrong `./clusters/my-cluster/flux-system/components.yaml` it should be `./clusters/my-cluster/flux-system/gotk-components.yaml` that's why Flux downgrades itself.

If you wrap the HelmReleases in Flux Kustomizations with `wait: true` then the order will be respected for upgrades. Unlike helm-controller, kustomize-controller can do this because it [looks up the...

@antaloala yes that sounds right to me