Flux 2.8.0 is now available as a general availability release. The update introduces support for Helm v4—the upcoming major version of the Kubernetes package manager—and several operational improvements that reduce mean time to recovery (MTTR) for failed deployments.
Helm v4 Support
The headline feature is compatibility with Helm v4. Helm 4 introduces significant changes to the CRD lifecycle, resource ordering, and storage backends. Flux 2.8.0’s Helm controller now supports these changes, allowing teams to upgrade their Helm tooling without breaking GitOps workflows.
For platform teams managing Helm upgrades across dozens or hundreds of clusters, this eliminates a major coordination hurdle. The Helm controller negotiates version compatibility automatically, reducing the operational burden of version migrations.
Server-Side Apply for Helm Releases
Flux 2.8.0 migrates HelmRelease reconciliation to use Kubernetes server-side apply. This addresses field ownership conflicts that historically caused friction when Helm-managed resources were modified by other controllers or manual interventions.
Server-side apply provides clearer field ownership semantics, reducing the class of errors where Helm releases fail due to conflicting field managers. For clusters with multiple controllers managing overlapping resources—such as Istio sidecar injection alongside Helm charts—this change substantially improves reliability.
Kstatus-Based Health Checking
The Helm controller now uses kstatus for health assessments. Kstatus is the standard Kubernetes resource status library developed as part of SIG CLI, providing consistent and reliable resource state evaluation.
This replaces previous health checking logic with a battle-tested implementation used across the Kubernetes ecosystem. The result is fewer false positives in health assessments and more accurate readiness detection for complex Helm charts with multiple dependent resources.
Faster Recovery from Failed Deployments
Flux 2.8.0 introduces CancelHealthCheckOnNewRevision, which reduces recovery time for failed Helm releases. Previously, when a HelmRelease failed health checks, it would continue those checks until timeout even when a new revision was available. The new behavior cancels health checking when a new revision arrives, allowing faster iteration on fixes.
This directly improves MTTR for scenarios where teams push a broken release followed quickly by a fix. The controller now recognizes the new revision’s potential to fix the situation and prioritizes deployment over continued health check failures.
GitHub App Integration
The Source Controller gains support for GitHub App authentication. Previously, Flux supported personal access tokens and deploy keys for Git authentication. GitHub App support allows more granular, organization-scoped permissions with automatic token rotation via GitHub’s JWT-based authentication.
For organizations using GitHub Enterprise, this enables centralized credential management and audit trails that align with enterprise compliance requirements.
Artifact Generator Support
Flux 2.8.0 adds support for ArtifactGenerator, extending the Source Controller’s artifact production capabilities. This enables custom preprocessing of source artifacts before they reach Kustomization and HelmRelease resources, supporting use cases like code generation, manifest templating, and security scanning as part of the GitOps pipeline.
Cosign v3 Support
The Image Automation controllers update to Cosign v3 for OCI image signing verification. Cosign v3 includes improvements to keyless signing, transparency log integration, and policy configuration that enhance the security posture of image update automation.
API Migration Required
Flux 2.8.0 removes deprecated v2beta2 APIs. Before upgrading, existing clusters must run flux migrate to convert resources to the current API versions. The migration is non-breaking when performed as directed, but skipping this step will cause reconciliation failures.
Sources
- Announcing Flux 2.8 GA — Flux Blog
- Prepare for Flux v2.8.0 — GitHub Issue