Controller Options

Controller command flags and defaults.

To customise the controller options at install time, please see the bootstrap customization guide.

Image automation flags

NameTypeDescription
--concurrentintThe number of concurrent kustomize reconciles. (default 4)
--default-service-accountstringDefault service account used for impersonation.
--enable-leader-electionbooleanEnable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
--events-addrstringThe address of the events receiver.
--health-addrstringThe address the health endpoint binds to. (default “:9440”)
--kube-api-burstintThe maximum burst queries-per-second of requests sent to the Kubernetes API. (default 100)
--kube-api-qpsfloat32The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
--leader-election-lease-durationdurationInterval at which non-leader candidates will wait to force acquire leadership (duration string). (default 35s)
--leader-election-release-on-cancelbooleanDefines if the leader should step down voluntarily on controller manager shutdown. (default true)
--leader-election-renew-deadlinedurationDuration that the leading controller manager will retry refreshing leadership before giving up (duration string). (default 30s)
--leader-election-retry-perioddurationDuration the LeaderElector clients should wait between tries of actions (duration string). (default 5s)
--log-encodingstringLog encoding format. Can be ‘json’ or ‘console’. (default “json”)
--log-levelstringLog verbosity level. Can be one of ’trace’, ‘debug’, ‘info’, ’error’. (default “info”)
--max-retry-delaydurationThe maximum amount of time for which an object being reconciled will have to wait before a retry. (default 15m0s)
--metrics-addrstringThe address the metric endpoint binds to. (default “:8080”)
--min-retry-delaydurationThe minimum amount of time for which an object being reconciled will have to wait before a retry. (default 750ms)
--no-cross-namespace-refsbooleanWhen set to true, references between custom resources are allowed only if the reference and the referee are in the same namespace.
--ssh-hostkey-algosstringsThe list of hostkey algorithms to use for ssh connections, arranged from most preferred to the least.
--ssh-kex-algosstringsThe list of key exchange algorithms to use for ssh connections, arranged from most preferred to the least.
--watch-all-namespacesbooleanWatch for custom resources in all namespaces, if set to false it will only watch the runtime namespace. (default true)
--watch-label-selectorstringWatch for resources with matching labels e.g. ‘sharding.fluxcd.io/key=shard1’.
--feature-gatesmapStringBoolA comma separated list of key=value pairs defining the state of experimental features.

Feature Gates

NameDefault ValueDescription
GitForcePushBranchtrueEnables the use of “force push” when pushing changes to a separate branch. This fixes issues with stale push branches.
GitAllBranchReferencestrueEnables the download of all branch head references when push branches are configured.
CacheSecretsAndConfigMapsfalseConfigures the caching of Secrets and ConfigMaps by the controller-runtime client. When enabled, it will cache both object types, resulting in increased memory usage and cluster-wide RBAC permissions (list and watch).

Image reflector flags

NameTypeDescription
--concurrentintThe number of concurrent kustomize reconciles. (default 4)
--default-service-accountstringDefault service account used for impersonation.
--enable-leader-electionbooleanEnable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
--events-addrstringThe address of the events receiver.
--health-addrstringThe address the health endpoint binds to. (default “:9440”)
--kube-api-burstintThe maximum burst queries-per-second of requests sent to the Kubernetes API. (default 100)
--kube-api-qpsfloat32The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
--leader-election-lease-durationdurationInterval at which non-leader candidates will wait to force acquire leadership (duration string). (default 35s)
--leader-election-release-on-cancelbooleanDefines if the leader should step down voluntarily on controller manager shutdown. (default true)
--leader-election-renew-deadlinedurationDuration that the leading controller manager will retry refreshing leadership before giving up (duration string). (default 30s)
--leader-election-retry-perioddurationDuration the LeaderElector clients should wait between tries of actions (duration string). (default 5s)
--log-encodingstringLog encoding format. Can be ‘json’ or ‘console’. (default “json”)
--log-levelstringLog verbosity level. Can be one of ’trace’, ‘debug’, ‘info’, ’error’. (default “info”)
--metrics-addrstringThe address the metric endpoint binds to. (default “:8080”)
--no-cross-namespace-refsbooleanWhen set to true, references between custom resources are allowed only if the reference and the referee are in the same namespace.
--storage-pathstringWhere to store the persistent database of image metadata. (default “/data”)
--storage-value-log-file-sizeintSet the database’s memory mapped value log file size in bytes. Effective memory usage is about two times this size. (default 268435456)
--watch-all-namespacesbooleanWatch for custom resources in all namespaces, if set to false it will only watch the runtime namespace. (default true)
--watch-label-selectorstringWatch for resources with matching labels e.g. ‘sharding.fluxcd.io/key=shard1’.
--feature-gatesmapStringBoolA comma separated list of key=value pairs defining the state of experimental features.

Feature Gates

NameDefault ValueDescription
CacheSecretsAndConfigMapsfalseConfigures the caching of Secrets and ConfigMaps by the controller-runtime client. When enabled, it will cache both object types, resulting in increased memory usage and cluster-wide RBAC permissions (list and watch).