| name | Flux Debugging |
| description | Diagnose Flux CD reconciliation failures — stale revisions, failed applies, dependency errors, SOPS decrypt failures.
Use when: A kustomization is not Ready, source shows an old commit, Flux events show errors, or changes pushed to git aren't being applied to the cluster.
Don't use when: The pod is crashing after Flux successfully applied (use pod-troubleshooting). Don't use for CI build failures (use ci-diagnosis). Don't use for registry/image issues (use zot-registry). Don't use for deploying new changes step-by-step (use gitops-deploy).
Outputs: Identified root cause of Flux reconciliation failure with specific remediation commands.
|
| requires | ["flux","kubectl"] |
Flux Debugging
Routing
Use This Skill When
flux get kustomization shows Ready=False- Source revision is stale (old commit hash)
- Flux events show reconciliation errors
- Changes pushed to git aren't appearing in the cluster
- SOPS decryption errors in kustomize-controller logs
- Dependency chain is broken
Don't Use This Skill When
- Pod is crashing (CrashLoopBackOff, OOMKilled) → use pod-troubleshooting
- CI workflow failed before Flux gets involved → use ci-diagnosis
- Image "manifest invalid" or ImagePullBackOff → use zot-registry first
- You're deploying changes and want the full workflow → use gitops-deploy
- You need to understand the Flux setup across all 3 clusters → use flux-ops (dyson)
- The pod is Running and healthy but behaving wrong → use debug-troubleshooting
Diagnostic Chain
Always follow this order — each step narrows the problem:
flux get sources git -A | grep openclaw
flux get kustomizations -A | grep openclaw
flux events -A --for Kustomization/openclaw-workspace
kubectl get events -n flux-system --sort-by='.lastTimestamp' | tail -20
Decision Tree
| Source Status | Kustomization Status | Problem | Action |
|---|
| Old revision | any | Stale source | See failures.md → Stale Revision |
| Current | Ready=False | Apply error | See failures.md → Failed Apply |
| Current | Ready=False (dependency) | Blocked | See failures.md → Dependency Not Ready |
| Current | SOPS error | Decrypt failure | See failures.md → SOPS Decrypt Error |
| Current | Ready=True | Flux is fine | Problem is elsewhere — try pod-troubleshooting |
Quick Actions
flux reconcile kustomization openclaw-workspace --with-source
flux suspend kustomization openclaw-workspace
flux resume kustomization openclaw-workspace
flux reconcile kustomization openclaw-workspace --with-source --force
Edge Cases
Security Notes
- SOPS decrypt errors should be escalated — they indicate key management issues
- Never commit decrypted secrets to fix a SOPS error
- Flux logs may contain resource names and namespace info — don't paste full logs in public channels
Compaction Notes
For long Flux debugging sessions, mkdir -p /tmp/outputs then write intermediate findings to /tmp/outputs/flux-debug.md:
- Which sources were checked and their status
- Which kustomizations are failing and why
- What remediation was attempted
For detailed failure diagnosis steps, read failures.md in this skill directory.
