Update Flux SSH Key (flux-system secret)
Steps to rotate the SSH key used by Flux (flux-system secret).
1. Generate a new SSH keypair
ssh-keygen -t rsa -b 4096 -C "your.email@example.com"Rename for clarity if desired:
cd ~/.ssh/
mv id_rsa flux-system.id_rsa
mv id_rsa.pub flux-system.id_rsa.pub2. Backup the existing secret
kubectl get secret -n flux-system flux-system -o yaml > flux-system.secret.bckp.yaml3. Create a new secret manifest (dry-run)
kubectl create secret generic flux-template \
--from-file=identity.pub=./flux-system.id_rsa.pub \
--from-file=identity=./flux-system.id_rsa \
--dry-run=client -o yaml > template.yaml4. Validate the patch
kubectl patch secret -n flux-system flux-system --patch-file template.yaml --dry-run=server5. Apply the patch
kubectl patch secret -n flux-system flux-system --patch-file template.yaml6. Reconcile Flux
flux reconcile kustomization flux-system --with-sourceOptional useful commands
# Diff local vs cluster state
flux diff kustomization flux-system --path=clusters/myloc/flux-system/
# Render Kustomize output for inspection
kubectl kustomize clusters/myloc/ > all.kustomize.yaml
# Show the new public key for registration in your Git host
cat ~/.ssh/flux-system.id_rsa.pub