What should you use for CD in Kubernetes?

FluxCD is our recommendation for how to achieve continuous deployment with gitops in a Kubernetes environment.

Often teams will use helm or kubectl apply to directly apply changes such as a new image tag to deploy right from their CI system. This necessitates that your CI system have expansive k8s credentials and makes it a juicy target for attackers who wish you harm.

You can avoid this entirely by using a system like Flux. It runs a few small services in your cluster that watch for changes to git repos and docker registries that you configure. When it detects a change, it makes the necessary adjust for you from inside your cluster itself. Completely removing the need for your CI system to have cluster credentials at all.

Another option is ArgoCD. It's very similar to FluxCD, but we find it a tad harder to operate day to day with the main benefit being it has a fairly robust web UI which can be nice for your less technical teammates.