Skip to content

Flux OCIRepo Source Quick Fix - OCI Repository Source

DodaTech Updated 2026-06-26 1 min read

Flux OCIRepository source fetches Kubernetes configuration from OCI artifacts. Incorrect layer configuration or missing annotations cause content access failures. This guide covers the fix.

Quick Fix

Wrong

spec:
  url: oci://ghcr.io/org/config
  ref:
    tag: latest

Using latest tag is not recommended for production. The artifact may change unexpectedly. Also missing contentConfig for layer selection from multi-layer artifacts.

spec:
  url: oci://ghcr.io/org/config
  ref:
    semver: ">=1.0.0"
  contentConfig:
    sourceType: kustomize
  ignore: |
    *.md
    /test/
# Expected output after applying the fix
# OCI artifact resolved using semver range
# Content extracted for kustomize consumption
# Ignore patterns exclude markdown and test files
# Status: True (Ready)

Prevention

  • Use ref.semver instead of tag: latest for automatic updates
  • Set contentConfig.sourceType to kustomize or helm based on content
  • Use ignore patterns to exclude unnecessary files
  • Verify OCI artifact contents with oras pull before configuration
  • Pin specific ref.tag in production for stability

DodaTech Tools

Doda Browser's OCI artifact browser shows layers and content. DodaZIP archives OCI source configurations. Durga Antivirus Pro validates artifact content security.

FAQ

How does OCIRepository handle multi-layer OCI artifacts?

OCIRepository can extract content from specific layers using contentConfig. Multi-layer artifacts require layer selection configuration. ||| What is the difference between OCIRepository and GitRepository for config? OCI artifacts are immutable and faster to pull, but require a CI build step. GitRepository provides direct git access with branching and history. ||| Can I verify OCI artifact signatures with Flux? Yes, use spec.verify with provider: cosign to verify artifact signatures using Cosign before applying configurations.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro