Skip to content

Flux MCP

Flux is the GitOps provider in the Ikidna architecture (the flux-system namespace): it continuously reconciles the cluster against a Git source of truth, so deployment is a git operation rather than an imperative push. A Flux MCP server exposes that reconciliation surface to agents as governed tool calls.

GitOps is the safest path for agents to affect infrastructure, because it inherits the same review and audit controls as code:

  • Auditable, reversible deploys. A change is a commit to the GitOps repository; rolling back is reverting it. This aligns deployment with the Controls requirement that high-tier actions be reversible and gated.
  • No direct cluster mutation. Agents propose changes to the GitOps repo and Flux reconciles them, rather than agents holding kubectl apply rights a smaller blast radius per Security.
  • Structural gating. Deployment to sensitive environments can require human approval on the GitOps PR, enforced structurally rather than by prompt.

A Flux MCP server typically exposes read operations (reconciliation status, drift, sync health) and constrained write operations (trigger a reconcile, suspend/resume a resource), all routed and audited through the MCP gateway and logged to the Execution Ledger.

  • Architecture - Flux as the GitOps provider.
  • MCP - The integration layer.
  • Controls - Deployment as a gated, reversible action.