Merge pull request #943 from fluxcd/disable-darwin-arm64

Exclude ARM archs from Darwin release builds
2026-03-01 19:26:55 +00:00 · 2021-02-18 12:17:50 +01:00 · 2021-02-18 12:04:32 +01:00 · 2021-02-18 11:36:09 +01:00 · 2021-02-18 10:22:26 +00:00 · 2021-02-17 14:43:35 +02:00
209 changed files with 5802 additions and 3137 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,46 @@
 ---
 name: Bug report
 about: Create a report to help us improve Flux v2
 title: ''
 assignees: ''
 ---
 <!--
 Find out more about your support options and getting help at
   https://fluxcd.io/support/
 -->
 ### Describe the bug
 A clear and concise description of what the bug is.
 ### To Reproduce
 Steps to reproduce the behaviour:
 1. Provide Flux install instructions
 2. Provide a GitHub repository with Kubernetes manifests
 ### Expected behavior
 A clear and concise description of what you expected to happen.
 ### Additional context
 - Kubernetes version:
 - Git provider:
 - Container registry provider:
 Below please provide the output of the following commands:
 ```cli
 flux --version
 flux check
 kubectl -n <namespace> get all
 kubectl -n <namespace> logs deploy/source-controller
 kubectl -n <namespace> logs deploy/kustomize-controller
 ```
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
 blank_issues_enabled: true
 contact_links:
  - name: Ask a question
    url: https://github.com/fluxcd/flux2/discussions
    about: Please ask and answer questions here.
--- a/.github/kind/config.yaml
+++ b/.github/kind/config.yaml
@@ -0,0 +1,5 @@
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 networking:
  disableDefaultCNI: true   # disable kindnet
  podSubnet: 192.168.0.0/16 # set to Calico's default subnet
--- a/.github/workflows/bootstrap.yaml
+++ b/.github/workflows/bootstrap.yaml
@@ -49,7 +49,8 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: uninstall
        run: |
-          ./bin/flux uninstall --resources --crds -s --timeout=10m
+          ./bin/flux uninstall -s --keep-namespace
          kubectl delete ns flux-system --timeout=10m --wait=true
      - name: bootstrap reinstall
        run: |
          ./bin/flux bootstrap github --manifests ./manifests/install/ \
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -54,6 +54,18 @@ jobs:
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/receiver.md" > docs/components/notification/receiver.md
          }
          {
            # image-*-controller CRDs; these use the same API group
            IMG_REFL_VER=$(controller_version image-reflector-controller)
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/api/image-reflector.md" > docs/components/image/reflector-api.md
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/spec/v1alpha1/imagerepositories.md" > docs/components/image/imagerepositories.md
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/spec/v1alpha1/imagepolicies.md" > docs/components/image/imagepolicies.md
            IMG_AUTO_VER=$(controller_version image-automation-controller)
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-automation-controller/$IMG_AUTO_VER/docs/api/image-automation.md" > docs/components/image/automation-api.md
            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-automation-controller/$IMG_AUTO_VER/docs/spec/v1alpha1/imageupdateautomations.md" > docs/components/image/imageupdateautomations.md
          }
          {
            # install script
            cp install/flux.sh docs/install.sh
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -26,7 +26,13 @@ jobs:
      - name: Setup Kubernetes
        uses: engineerd/setup-kind@v0.5.0
        with:
-          image: kindest/node:v1.16.9
+          version: "v0.10.0"
          image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
          config: .github/kind/config.yaml # disable KIND-net
      - name: Setup Calico for network policy
        run: |
          kubectl apply -f https://docs.projectcalico.org/v3.16/manifests/calico.yaml
          kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
      - name: Run test
        run: make test
      - name: Check if working tree is dirty
@@ -44,6 +50,15 @@ jobs:
      - name: flux install --manifests
        run: |
          ./bin/flux install --manifests ./manifests/install/
      - name: flux create secret
        run: |
          ./bin/flux create secret git git-ssh-test \
            --url ssh://git@github.com/stefanprodan/podinfo
          ./bin/flux create secret git git-https-test \
            --url https://github.com/stefanprodan/podinfo \
            --username=test --password=test
          ./bin/flux create secret helm helm-test \
            --username=test --password=test
      - name: flux create source git
        run: |
          ./bin/flux create source git podinfo \
@@ -156,7 +171,13 @@ jobs:
          ./bin/flux create image policy podinfo \
            --image-ref=podinfo \
            --interval=1m \
-            --semver=5.0.x
+            --select-semver=5.0.x
      - name: flux create image policy podinfo-select-alpha
        run: |
          ./bin/flux create image policy podinfo-alpha \
            --image-ref=podinfo \
            --interval=1m \
            --select-alpha=desc
      - name: flux get image policy
        run: |
          ./bin/flux get image policy podinfo | grep '5.0.3'
@@ -174,7 +195,7 @@ jobs:
          ./bin/flux check
      - name: flux uninstall
        run: |
-          ./bin/flux uninstall --crds --silent --timeout=10m
+          ./bin/flux uninstall --silent
      - name: Debug failure
        if: failure()
        run: |
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -1,25 +0,0 @@
 name: FOSSA
 on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: "^1.14.x"
      - name: Add GOPATH to GITHUB_ENV
        run: echo "GOPATH=$(go env GOPATH)" >>"$GITHUB_ENV"
      - name: Add GOPATH to GITHUB_PATH
        run: echo "$GOPATH/bin" >>"$GITHUB_PATH"
      - name: Run FOSSA scan and upload build data
        uses: fossa-contrib/fossa-action@v1
        with:
          # FOSSA Push-Only API Token
          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
          github-token: ${{ github.token }}
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,44 @@
 name: scan
 on:
  push:
  pull_request:
    branches: [main]
 jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: 1.15.x
      - name: FOSSA Analysis
        if: github.event_name == 'pull_request'
        uses: fossa-contrib/fossa-action@v1
        with:
          fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
          github-token: ${{ github.token }}
      - name: CodeQL Init
        if: github.event_name == 'pull_request'
        uses: github/codeql-action/init@v1
        with:
          languages: "go"
      - name: CodeQL Autobuild
        if: github.event_name == 'pull_request'
        uses: github/codeql-action/autobuild@v1
      - name: CodeQL Analysis
        if: github.event_name == 'pull_request'
        uses: github/codeql-action/analyze@v1
      - name: Snyk Init
        if: github.event_name == 'push'
        uses: snyk/actions/setup@master
      - name: Snyk Analysis
        if: github.event_name == 'push'
        run: snyk test --sarif-file-output=snyk.sarif
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Snyk Upload result to GitHub Code Scanning
        if: github.event_name == 'push'
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: snyk.sarif
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -32,7 +32,8 @@ jobs:
                go mod edit -require="github.com/fluxcd/$1/api@${RELEASE_VERSION}"
              fi
-              PR_BODY="$PR_BODY- $1 to ${RELEASE_VERSION}%0A"
+              # NB: special URL encoded formatting required for newlines
              PR_BODY="$PR_BODY- $1 to ${RELEASE_VERSION}%0A  https://github.com/fluxcd/$1/blob/${RELEASE_VERSION}/CHANGELOG.md%0A"
            fi
          }
@@ -51,7 +52,7 @@ jobs:
            # diff change
            git diff
-            # export PR_BODY for PR
+            # export PR_BODY for PR and commit
            echo "::set-output name=pr_body::$PR_BODY"
          }
@@ -60,19 +61,22 @@ jobs:
        uses: peter-evans/create-pull-request@v3
        with:
            token: ${{ secrets.BOT_GITHUB_TOKEN }}
-            commit-message: Update toolkit components
+            commit-message: |
              Update toolkit components
              ${{ steps.update.outputs.pr_body }}
            committer: GitHub <noreply@github.com>
            author: fluxcdbot <fluxcdbot@users.noreply.github.com>
            signoff: true
            branch: update-components
            title: Update toolkit components
            body: |
              ${{ steps.update.outputs.pr_body }}
-
+            labels: |
-              Auto-generated by [create-pull-request][1]
+              area/build
              [1]: https://github.com/peter-evans/create-pull-request
            branch: update-components
            reviewers: ${{ secrets.ASSIGNEES }}
      - name: Check output
        run: |
          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -20,6 +20,8 @@ builds:
    id: darwin
    goos:
      - darwin
    goarch:
      - amd64
  - <<: *build_defaults
    id: windows
    goos:
--- a/README.md
+++ b/README.md
@@ -60,11 +60,12 @@ To get started with Flux, start [browsing the
 documentation](https://toolkit.fluxcd.io) or get started with one of
 the following guides:
- [Get started with Flux (deep dive)](https://toolkit.fluxcd.io/get-started/)
+- [Get started with Flux](https://toolkit.fluxcd.io/get-started/)
 - [Installation](https://toolkit.fluxcd.io/guides/installation/)
 - [Manage Helm Releases](https://toolkit.fluxcd.io/guides/helmreleases/)
- [Setup Notifications](https://toolkit.fluxcd.io/guides/notifications/)
+- [Automate image updates to Git](https://toolkit.fluxcd.io/guides/image-update/)  
- [Setup Webhook Receivers](https://toolkit.fluxcd.io/guides/webhook-receivers/)
+- [Manage Kubernetes secrets with Mozilla SOPS](https://toolkit.fluxcd.io/guides/mozilla-sops/)  
 If you need help, please refer to our **[Support page](https://fluxcd.io/support/)**.
 ## GitOps Toolkit
@@ -94,21 +95,33 @@ guides](https://toolkit.fluxcd.io/dev-guides/source-watcher/).
    - [Provider CRD](https://toolkit.fluxcd.io/components/notification/provider/)
    - [Alert CRD](https://toolkit.fluxcd.io/components/notification/alert/)
    - [Receiver CRD](https://toolkit.fluxcd.io/components/notification/receiver/)
-
+- [Image Automation Controllers](https://toolkit.fluxcd.io/components/image/controller/)
  - [ImageRepository CRD](https://toolkit.fluxcd.io/components/image/imagerepositories/)
  - [ImagePolicy CRD](https://toolkit.fluxcd.io/components/image/imagepolicies/)
  - [ImageUpdateAutomation CRD](https://toolkit.fluxcd.io/components/image/imageupdateautomations/)
 ## Community
-The Flux project is always looking for new contributors and there are a multitude of ways to get involved.
+Need help or want to contribute? Please see the links below. The Flux project is always looking for
-Depending on what you want to do, some of the following bits might be your first steps:
+new contributors and there are a multitude of ways to get involved.
- Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
+- Getting Started?
- Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
+    - Look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
- Ask questions and propose features on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
+- Need help?
- And if you are completely new to Flux and the GitOps Toolkit, take a look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
+    - First: Ask questions on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
- To be part of the conversation about Flux's development, [join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
+    - Second: Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
- Check out [how to contribute](CONTRIBUTING.md) to the project
+    - Please follow our [Support Guidelines](https://fluxcd.io/support/)
      (in short: be nice, be respectful of volunteers' time, understand that maintainers and
      contributors cannot respond to all DMs, and keep discussions in the public #flux channel as much as possible).
 - Have feature proposals or want to contribute?
    - Propose features on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
    - Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
    - [Join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
    - Check out [how to contribute](CONTRIBUTING.md) to the project
 ### Events
-Check out our **[events calendar](https://fluxcd.io/community/#talks)**, both with upcoming talks you can attend or past events videos you can watch.
+Check out our **[events calendar](https://fluxcd.io/community/#talks)**,
 both with upcoming talks you can attend or past events videos you can watch.
 We look forward to seeing you with us!
--- a/action/Dockerfile
+++ b/action/Dockerfile
@@ -1,6 +0,0 @@
 FROM stefanprodan/alpine-base:latest
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
--- a/action/README.md
+++ b/action/README.md
@@ -10,19 +10,24 @@ Usage:
        run: flux -v
 ```
 This action places the `flux` binary inside your repository root under `bin/flux`.
 You should add `bin/flux` to your `.gitignore` file, as in the following example:
 ```gitignore
 # ignore flux binary
 bin/flux
 ```
 Note that this action can only be used on GitHub **Linux AMD64** runners.
 The latest stable version of the `flux` binary is downloaded from
 GitHub [releases](https://github.com/fluxcd/flux2/releases)
 and placed at `/usr/local/bin/flux`.
 You can download a specific version with:
 ```yaml
    steps:
      - name: Setup Flux CLI
        uses: fluxcd/flux2/action@main
        with:
          version: 0.8.0
 ```
 ### Automate Flux updates
-Example workflow for updating Flux's components generated with `flux bootstrap --arch=amd64 --path=clusters/production`:
+Example workflow for updating Flux's components generated with `flux bootstrap --path=clusters/production`:
 ```yaml
 name: update-flux
@@ -43,7 +48,7 @@ jobs:
      - name: Check for updates
        id: update
        run: |
-          flux install --arch=amd64 \
+          flux install \
            --export > ./clusters/production/flux-system/gotk-components.yaml
          VERSION="$(flux -v)"
--- a/action/action.yml
+++ b/action/action.yml
@@ -1,15 +1,38 @@
-name: 'kustomize'
+name: Setup Flux CLI
-description: 'A GitHub Action for running Flux commands'
+description: A GitHub Action for running Flux commands
-author: 'Flux project'
+author: Stefan Prodan
 branding:
-  icon: 'command'
+  color: blue
-  color: 'blue'
+  icon: command
 inputs:
  version:
-    description: 'strict semver'
+    description: "Flux version e.g. 0.8.0 (defaults to latest stable release)"
    required: false
 runs:
-  using: 'docker'
+  using: composite
-  image: 'Dockerfile'
+  steps:
-  args:
+    - name: "Download flux binary to tmp"
-    - ${{ inputs.version }}
+      shell: bash
      run: |
        VERSION=${{ inputs.version }}
        if [ -z $VERSION ]; then
          VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
        fi
        BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz"
        curl -sL ${BIN_URL} -o /tmp/flux.tar.gz
        mkdir -p /tmp/flux
        tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz
    - name: "Add flux binary to /usr/local/bin"
      shell: bash
      run: |
        sudo cp /tmp/flux/flux /usr/local/bin
    - name: "Cleanup tmp"
      shell: bash
      run: |
        rm -rf /tmp/flux/ /tmp/flux.tar.gz
    - name: "Verify correct installation of binary"
      shell: bash
      run: |
        flux -v
--- a/action/entrypoint.sh
+++ b/action/entrypoint.sh
@@ -1,40 +0,0 @@
 #!/bin/bash
 #  Copyright 2020 The Flux authors
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 set -e
 VERSION=$1
 if [ -z $VERSION ]; then
  # Find latest release if no version is specified
  VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
 fi
 # Download linux binary
 BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz"
 curl -sL $BIN_URL | tar xz
 # Copy binary to GitHub runner
 mkdir -p $GITHUB_WORKSPACE/bin
 mv ./flux $GITHUB_WORKSPACE/bin
 chmod +x $GITHUB_WORKSPACE/bin/flux
 # Print version
 $GITHUB_WORKSPACE/bin/flux -v
 # Add binary to GitHub runner path
 echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
 echo "$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin" >> $GITHUB_PATH
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -45,62 +45,74 @@ var bootstrapCmd = &cobra.Command{
 	Long:  "The bootstrap sub-commands bootstrap the toolkit components on the targeted Git provider.",
 }
-var (
+type bootstrapFlags struct {
-	bootstrapVersion            string
+	version            string
-	bootstrapDefaultComponents  []string
+	defaultComponents  []string
-	bootstrapExtraComponents    []string
+	extraComponents    []string
-	bootstrapRegistry           string
+	registry           string
-	bootstrapImagePullSecret    string
+	imagePullSecret    string
-	bootstrapBranch             string
+	branch             string
-	bootstrapWatchAllNamespaces bool
+	watchAllNamespaces bool
-	bootstrapNetworkPolicy      bool
+	networkPolicy      bool
-	bootstrapManifestsPath      string
+	manifestsPath      string
-	bootstrapArch               flags.Arch
+	arch               flags.Arch
-	bootstrapLogLevel           = flags.LogLevel(defaults.LogLevel)
+	logLevel           flags.LogLevel
-	bootstrapRequiredComponents = []string{"source-controller", "kustomize-controller"}
+	requiredComponents []string
-	bootstrapTokenAuth          bool
+	tokenAuth          bool
-	bootstrapClusterDomain      string
+	clusterDomain      string
-)
+	tolerationKeys     []string
 }
 const (
 	bootstrapDefaultBranch = "main"
 )
 var bootstrapArgs = NewBootstrapFlags()
 func init() {
-	bootstrapCmd.PersistentFlags().StringVarP(&bootstrapVersion, "version", "v", defaults.Version,
+	bootstrapCmd.PersistentFlags().StringVarP(&bootstrapArgs.version, "version", "v", rootArgs.defaults.Version,
 		"toolkit version")
-	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapDefaultComponents, "components", defaults.Components,
+	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.defaultComponents, "components", rootArgs.defaults.Components,
 		"list of components, accepts comma-separated values")
-	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapExtraComponents, "components-extra", nil,
+	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.extraComponents, "components-extra", nil,
 		"list of components in addition to those supplied or defaulted, accepts comma-separated values")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "ghcr.io/fluxcd",
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
-	bootstrapCmd.PersistentFlags().Var(&bootstrapArch, "arch", bootstrapArch.Description())
+	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.arch, "arch", bootstrapArgs.arch.Description())
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapBranch, "branch", bootstrapDefaultBranch,
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.branch, "branch", bootstrapDefaultBranch,
 		"default branch (for GitHub this must match the default branch setting for the organization)")
-	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapWatchAllNamespaces, "watch-all-namespaces", true,
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.watchAllNamespaces, "watch-all-namespaces", true,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
-	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapNetworkPolicy, "network-policy", true,
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.networkPolicy, "network-policy", true,
 		"deny ingress access to the toolkit controllers from other namespaces using network policies")
-	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapTokenAuth, "token-auth", false,
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.tokenAuth, "token-auth", false,
 		"when enabled, the personal access token will be used instead of SSH deploy key")
-	bootstrapCmd.PersistentFlags().Var(&bootstrapLogLevel, "log-level", bootstrapLogLevel.Description())
+	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.logLevel, "log-level", bootstrapArgs.logLevel.Description())
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapManifestsPath, "manifests", "", "path to the manifest directory")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.manifestsPath, "manifests", "", "path to the manifest directory")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapClusterDomain, "cluster-domain", defaults.ClusterDomain, "internal cluster domain")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.clusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.tolerationKeys, "toleration-keys", nil,
 		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
 	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
 	bootstrapCmd.PersistentFlags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
 	rootCmd.AddCommand(bootstrapCmd)
 }
 func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
 	}
 }
 func bootstrapComponents() []string {
-	return append(bootstrapDefaultComponents, bootstrapExtraComponents...)
+	return append(bootstrapArgs.defaultComponents, bootstrapArgs.extraComponents...)
 }
 func bootstrapValidate() error {
 	components := bootstrapComponents()
-	for _, component := range bootstrapRequiredComponents {
+	for _, component := range bootstrapArgs.requiredComponents {
 		if !utils.ContainsItemString(components, component) {
 			return fmt.Errorf("component %s is required", component)
 		}
@@ -114,25 +126,45 @@ func bootstrapValidate() error {
 }
 func generateInstallManifests(targetPath, namespace, tmpDir string, localManifests string) (string, error) {
 	if bootstrapArgs.version == install.MakeDefaultOptions().Version {
 		version, err := install.GetLatestVersion()
 		if err != nil {
 			return "", err
 		}
 		bootstrapArgs.version = version
 	} else {
 		if ok, err := install.ExistingVersion(bootstrapArgs.version); err != nil || !ok {
 			if err == nil {
 				err = fmt.Errorf("targeted version '%s' does not exist", bootstrapArgs.version)
 			}
 			return "", err
 		}
 	}
 	if !utils.CompatibleVersion(VERSION, bootstrapArgs.version) {
 		return "", fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", bootstrapArgs.version, VERSION)
 	}
 	opts := install.Options{
 		BaseURL:                localManifests,
-		Version:                bootstrapVersion,
+		Version:                bootstrapArgs.version,
 		Namespace:              namespace,
 		Components:             bootstrapComponents(),
-		Registry:               bootstrapRegistry,
+		Registry:               bootstrapArgs.registry,
-		ImagePullSecret:        bootstrapImagePullSecret,
+		ImagePullSecret:        bootstrapArgs.imagePullSecret,
-		WatchAllNamespaces:     bootstrapWatchAllNamespaces,
+		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
-		NetworkPolicy:          bootstrapNetworkPolicy,
+		NetworkPolicy:          bootstrapArgs.networkPolicy,
-		LogLevel:               bootstrapLogLevel.String(),
+		LogLevel:               bootstrapArgs.logLevel.String(),
-		NotificationController: defaults.NotificationController,
+		NotificationController: rootArgs.defaults.NotificationController,
-		ManifestFile:           defaults.ManifestFile,
+		ManifestFile:           rootArgs.defaults.ManifestFile,
-		Timeout:                timeout,
+		Timeout:                rootArgs.timeout,
 		TargetPath:             targetPath,
-		ClusterDomain:          bootstrapClusterDomain,
+		ClusterDomain:          bootstrapArgs.clusterDomain,
 		TolerationKeys:         bootstrapArgs.tolerationKeys,
 	}
 	if localManifests == "" {
-		opts.BaseURL = defaults.BaseURL
+		opts.BaseURL = rootArgs.defaults.BaseURL
 	}
 	output, err := install.Generate(opts)
@@ -149,16 +181,20 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
 func applyInstallManifests(ctx context.Context, manifestPath string, components []string) error {
 	kubectlArgs := []string{"apply", "-f", manifestPath}
-	if _, err := utils.ExecKubectlCommand(ctx, utils.ModeOS, kubeconfig, kubecontext, kubectlArgs...); err != nil {
+	if _, err := utils.ExecKubectlCommand(ctx, utils.ModeOS, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err != nil {
 		return fmt.Errorf("install failed")
 	}
-	for _, deployment := range components {
+	statusChecker, err := NewStatusChecker(time.Second, rootArgs.timeout)
-		kubectlArgs = []string{"-n", namespace, "rollout", "status", "deployment", deployment, "--timeout", timeout.String()}
+	if err != nil {
-		if _, err := utils.ExecKubectlCommand(ctx, utils.ModeOS, kubeconfig, kubecontext, kubectlArgs...); err != nil {
+		return fmt.Errorf("install failed: %w", err)
 			return fmt.Errorf("install failed")
 		}
 	}
 	logger.Waitingf("verifying installation")
 	if err := statusChecker.Assess(components...); err != nil {
 		return fmt.Errorf("install failed")
 	}
 	return nil
 }
@@ -191,20 +227,20 @@ func generateSyncManifests(url, branch, name, namespace, targetPath, tmpDir stri
 func applySyncManifests(ctx context.Context, kubeClient client.Client, name, namespace, manifestsPath string) error {
 	kubectlArgs := []string{"apply", "-k", manifestsPath}
-	if _, err := utils.ExecKubectlCommand(ctx, utils.ModeStderrOS, kubeconfig, kubecontext, kubectlArgs...); err != nil {
+	if _, err := utils.ExecKubectlCommand(ctx, utils.ModeStderrOS, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err != nil {
 		return err
 	}
 	logger.Waitingf("waiting for cluster sync")
 	var gitRepository sourcev1.GitRepository
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isGitRepositoryReady(ctx, kubeClient, types.NamespacedName{Name: name, Namespace: namespace}, &gitRepository)); err != nil {
 		return err
 	}
 	var kustomization kustomizev1.Kustomization
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isKustomizationReady(ctx, kubeClient, types.NamespacedName{Name: name, Namespace: namespace}, &kustomization)); err != nil {
 		return err
 	}
@@ -239,7 +275,7 @@ func shouldCreateDeployKey(ctx context.Context, kubeClient client.Client, namesp
 }
 func generateDeployKey(ctx context.Context, kubeClient client.Client, url *url.URL, namespace string) (string, error) {
-	pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
+	pair, err := generateKeyPair(ctx, sourceGitArgs.keyAlgorithm, sourceGitArgs.keyRSABits, sourceGitArgs.keyECDSACurve)
 	if err != nil {
 		return "", err
 	}
--- a/cmd/flux/bootstrap_github.go
+++ b/cmd/flux/bootstrap_github.go
@@ -71,35 +71,37 @@ the bootstrap command will perform an upgrade if needed.`,
 	RunE: bootstrapGitHubCmdRun,
 }
-var (
+type githubFlags struct {
-	ghOwner       string
+	owner       string
-	ghRepository  string
+	repository  string
-	ghInterval    time.Duration
+	interval    time.Duration
-	ghPersonal    bool
+	personal    bool
-	ghPrivate     bool
+	private     bool
-	ghHostname    string
+	hostname    string
-	ghPath        flags.SafeRelativePath
+	path        flags.SafeRelativePath
-	ghTeams       []string
+	teams       []string
-	ghDelete      bool
+	delete      bool
-	ghSSHHostname string
+	sshHostname string
-)
+}
 const (
 	ghDefaultPermission = "maintain"
 )
-func init() {
+var githubArgs githubFlags
 	bootstrapGitHubCmd.Flags().StringVar(&ghOwner, "owner", "", "GitHub user or organization name")
 	bootstrapGitHubCmd.Flags().StringVar(&ghRepository, "repository", "", "GitHub repository name")
 	bootstrapGitHubCmd.Flags().StringArrayVar(&ghTeams, "team", []string{}, "GitHub team to be given maintainer access")
 	bootstrapGitHubCmd.Flags().BoolVar(&ghPersonal, "personal", false, "is personal repository")
 	bootstrapGitHubCmd.Flags().BoolVar(&ghPrivate, "private", true, "is private repository")
 	bootstrapGitHubCmd.Flags().DurationVar(&ghInterval, "interval", time.Minute, "sync interval")
 	bootstrapGitHubCmd.Flags().StringVar(&ghHostname, "hostname", git.GitHubDefaultHostname, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().StringVar(&ghSSHHostname, "ssh-hostname", "", "GitHub SSH hostname, to be used when the SSH host differs from the HTTPS one")
 	bootstrapGitHubCmd.Flags().Var(&ghPath, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
-	bootstrapGitHubCmd.Flags().BoolVar(&ghDelete, "delete", false, "delete repository (used for testing only)")
+func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.owner, "owner", "", "GitHub user or organization name")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.repository, "repository", "", "GitHub repository name")
 	bootstrapGitHubCmd.Flags().StringArrayVar(&githubArgs.teams, "team", []string{}, "GitHub team to be given maintainer access")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.personal, "personal", false, "if true, the owner is assumed to be a GitHub user; otherwise an org")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.private, "private", true, "if true, the repository is assumed to be private")
 	bootstrapGitHubCmd.Flags().DurationVar(&githubArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.hostname, "hostname", git.GitHubDefaultHostname, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.sshHostname, "ssh-hostname", "", "GitHub SSH hostname, to be used when the SSH host differs from the HTTPS one")
 	bootstrapGitHubCmd.Flags().Var(&githubArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.delete, "delete", false, "delete repository (used for testing only)")
 	bootstrapGitHubCmd.Flags().MarkHidden("delete")
 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
@@ -115,41 +117,53 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	usedPath, bootstrapPathDiffers := checkIfBootstrapPathDiffers(ctx, kubeClient, namespace, filepath.ToSlash(ghPath.String()))
+	usedPath, bootstrapPathDiffers := checkIfBootstrapPathDiffers(
 		ctx,
 		kubeClient,
 		rootArgs.namespace,
 		filepath.ToSlash(githubArgs.path.String()),
 	)
 	if bootstrapPathDiffers {
 		return fmt.Errorf("cluster already bootstrapped to %v path", usedPath)
 	}
-	repository, err := git.NewRepository(ghRepository, ghOwner, ghHostname, ghToken, "flux", ghOwner+"@users.noreply.github.com")
+	repository, err := git.NewRepository(
 		githubArgs.repository,
 		githubArgs.owner,
 		githubArgs.hostname,
 		ghToken,
 		"flux",
 		githubArgs.owner+"@users.noreply.github.com",
 	)
 	if err != nil {
 		return err
 	}
-	if ghSSHHostname != "" {
+	if githubArgs.sshHostname != "" {
-		repository.SSHHost = ghSSHHostname
+		repository.SSHHost = githubArgs.sshHostname
 	}
 	provider := &git.GithubProvider{
-		IsPrivate:  ghPrivate,
+		IsPrivate:  githubArgs.private,
-		IsPersonal: ghPersonal,
+		IsPersonal: githubArgs.personal,
 	}
-	tmpDir, err := ioutil.TempDir("", namespace)
+	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(tmpDir)
-	if ghDelete {
+	if githubArgs.delete {
 		if err := provider.DeleteRepository(ctx, repository); err != nil {
 			return err
 		}
@@ -158,7 +172,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	// create GitHub repository if doesn't exists
-	logger.Actionf("connecting to %s", ghHostname)
+	logger.Actionf("connecting to %s", githubArgs.hostname)
 	changed, err := provider.CreateRepository(ctx, repository)
 	if err != nil {
 		return err
@@ -169,8 +183,8 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	withErrors := false
 	// add teams to org repository
-	if !ghPersonal {
+	if !githubArgs.personal {
-		for _, team := range ghTeams {
+		for _, team := range githubArgs.teams {
 			if changed, err := provider.AddTeam(ctx, repository, team, ghDefaultPermission); err != nil {
 				logger.Failuref(err.Error())
 				withErrors = true
@@ -181,20 +195,29 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	// clone repository and checkout the main branch
-	if err := repository.Checkout(ctx, bootstrapBranch, tmpDir); err != nil {
+	if err := repository.Checkout(ctx, bootstrapArgs.branch, tmpDir); err != nil {
 		return err
 	}
 	logger.Successf("repository cloned")
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	installManifest, err := generateInstallManifests(ghPath.String(), namespace, tmpDir, bootstrapManifestsPath)
+	installManifest, err := generateInstallManifests(
 		githubArgs.path.String(),
 		rootArgs.namespace,
 		tmpDir,
 		bootstrapArgs.manifestsPath,
 	)
 	if err != nil {
 		return err
 	}
 	// stage install manifests
-	changed, err = repository.Commit(ctx, path.Join(ghPath.String(), namespace), "Add manifests")
+	changed, err = repository.Commit(
 		ctx,
 		path.Join(githubArgs.path.String(), rootArgs.namespace),
 		fmt.Sprintf("Add flux %s components manifests", bootstrapArgs.version),
 	)
 	if err != nil {
 		return err
 	}
@@ -210,11 +233,11 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	// determine if repo synchronization is working
-	isInstall := shouldInstallManifests(ctx, kubeClient, namespace)
+	isInstall := shouldInstallManifests(ctx, kubeClient, rootArgs.namespace)
 	if isInstall {
 		// apply install manifests
-		logger.Actionf("installing components in %s namespace", namespace)
+		logger.Actionf("installing components in %s namespace", rootArgs.namespace)
 		if err := applyInstallManifests(ctx, installManifest, bootstrapComponents()); err != nil {
 			return err
 		}
@@ -223,12 +246,12 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	repoURL := repository.GetURL()
-	if bootstrapTokenAuth {
+	if bootstrapArgs.tokenAuth {
 		// setup HTTPS token auth
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      namespace,
+				Name:      rootArgs.namespace,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 			},
 			StringData: map[string]string{
 				"username": "git",
@@ -241,21 +264,21 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		// setup SSH deploy key
 		repoURL = repository.GetSSH()
-		if shouldCreateDeployKey(ctx, kubeClient, namespace) {
+		if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
 			logger.Actionf("configuring deploy key")
 			u, err := url.Parse(repository.GetSSH())
 			if err != nil {
 				return fmt.Errorf("git URL parse failed: %w", err)
 			}
-			key, err := generateDeployKey(ctx, kubeClient, u, namespace)
+			key, err := generateDeployKey(ctx, kubeClient, u, rootArgs.namespace)
 			if err != nil {
 				return fmt.Errorf("generating deploy key failed: %w", err)
 			}
 			keyName := "flux"
-			if ghPath != "" {
+			if githubArgs.path != "" {
-				keyName = fmt.Sprintf("flux-%s", ghPath)
+				keyName = fmt.Sprintf("flux-%s", githubArgs.path)
 			}
 			if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
@@ -268,13 +291,25 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	// configure repo synchronization
 	logger.Actionf("generating sync manifests")
-	syncManifests, err := generateSyncManifests(repoURL, bootstrapBranch, namespace, namespace, filepath.ToSlash(ghPath.String()), tmpDir, ghInterval)
+	syncManifests, err := generateSyncManifests(
 		repoURL,
 		bootstrapArgs.branch,
 		rootArgs.namespace,
 		rootArgs.namespace,
 		filepath.ToSlash(githubArgs.path.String()),
 		tmpDir,
 		githubArgs.interval,
 	)
 	if err != nil {
 		return err
 	}
 	// commit and push manifests
-	if changed, err = repository.Commit(ctx, path.Join(ghPath.String(), namespace), "Add manifests"); err != nil {
+	if changed, err = repository.Commit(
 		ctx,
 		path.Join(githubArgs.path.String(), rootArgs.namespace),
 		fmt.Sprintf("Add flux %s sync manifests", bootstrapArgs.version),
 	); err != nil {
 		return err
 	} else if changed {
 		if err := repository.Push(ctx); err != nil {
@@ -285,7 +320,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	// apply manifests and waiting for sync
 	logger.Actionf("applying sync manifests")
-	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, syncManifests); err != nil {
+	if err := applySyncManifests(ctx, kubeClient, rootArgs.namespace, rootArgs.namespace, syncManifests); err != nil {
 		return err
 	}
--- a/cmd/flux/bootstrap_gitlab.go
+++ b/cmd/flux/bootstrap_gitlab.go
@@ -73,26 +73,28 @@ const (
 	gitlabProjectRegex = `\A[[:alnum:]\x{00A9}-\x{1f9ff}_][[:alnum:]\p{Pd}\x{00A9}-\x{1f9ff}_\.]*\z`
 )
-var (
+type gitlabFlags struct {
-	glOwner       string
+	owner       string
-	glRepository  string
+	repository  string
-	glInterval    time.Duration
+	interval    time.Duration
-	glPersonal    bool
+	personal    bool
-	glPrivate     bool
+	private     bool
-	glHostname    string
+	hostname    string
-	glSSHHostname string
+	sshHostname string
-	glPath        flags.SafeRelativePath
+	path        flags.SafeRelativePath
-)
+}
 var gitlabArgs gitlabFlags
 func init() {
-	bootstrapGitLabCmd.Flags().StringVar(&glOwner, "owner", "", "GitLab user or group name")
+	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.owner, "owner", "", "GitLab user or group name")
-	bootstrapGitLabCmd.Flags().StringVar(&glRepository, "repository", "", "GitLab repository name")
+	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.repository, "repository", "", "GitLab repository name")
-	bootstrapGitLabCmd.Flags().BoolVar(&glPersonal, "personal", false, "is personal repository")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.personal, "personal", false, "if true, the owner is assumed to be a GitLab user; otherwise a group")
-	bootstrapGitLabCmd.Flags().BoolVar(&glPrivate, "private", true, "is private repository")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is assumed to be private")
-	bootstrapGitLabCmd.Flags().DurationVar(&glInterval, "interval", time.Minute, "sync interval")
+	bootstrapGitLabCmd.Flags().DurationVar(&gitlabArgs.interval, "interval", time.Minute, "sync interval")
-	bootstrapGitLabCmd.Flags().StringVar(&glHostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
+	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.hostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
-	bootstrapGitLabCmd.Flags().StringVar(&glSSHHostname, "ssh-hostname", "", "GitLab SSH hostname, to be used when the SSH host differs from the HTTPS one")
+	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.sshHostname, "ssh-hostname", "", "GitLab SSH hostname, to be used when the SSH host differs from the HTTPS one")
-	bootstrapGitLabCmd.Flags().Var(&glPath, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
+	bootstrapGitLabCmd.Flags().Var(&gitlabArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapCmd.AddCommand(bootstrapGitLabCmd)
 }
@@ -103,54 +105,61 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitLabTokenName)
 	}
-	projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, glRepository)
+	projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, gitlabArgs.repository)
 	if err != nil {
 		return err
 	}
 	if !projectNameIsValid {
-		return fmt.Errorf("%s is an invalid project name for gitlab.\nIt can contain only letters, digits, emojis, '_', '.', dash, space. It must start with letter, digit, emoji or '_'.", glRepository)
+		return fmt.Errorf("%s is an invalid project name for gitlab.\nIt can contain only letters, digits, emojis, '_', '.', dash, space. It must start with letter, digit, emoji or '_'.", gitlabArgs.repository)
 	}
 	if err := bootstrapValidate(); err != nil {
 		return err
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	usedPath, bootstrapPathDiffers := checkIfBootstrapPathDiffers(ctx, kubeClient, namespace, filepath.ToSlash(glPath.String()))
+	usedPath, bootstrapPathDiffers := checkIfBootstrapPathDiffers(ctx, kubeClient, rootArgs.namespace, filepath.ToSlash(gitlabArgs.path.String()))
 	if bootstrapPathDiffers {
 		return fmt.Errorf("cluster already bootstrapped to %v path", usedPath)
 	}
-	repository, err := git.NewRepository(glRepository, glOwner, glHostname, glToken, "flux", glOwner+"@users.noreply.gitlab.com")
+	repository, err := git.NewRepository(
 		gitlabArgs.repository,
 		gitlabArgs.owner,
 		gitlabArgs.hostname,
 		glToken,
 		"flux",
 		gitlabArgs.owner+"@users.noreply.gitlab.com",
 	)
 	if err != nil {
 		return err
 	}
-	if glSSHHostname != "" {
+	if gitlabArgs.sshHostname != "" {
-		repository.SSHHost = glSSHHostname
+		repository.SSHHost = gitlabArgs.sshHostname
 	}
-	tmpDir, err := ioutil.TempDir("", namespace)
+	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(tmpDir)
 	provider := &git.GitLabProvider{
-		IsPrivate:  glPrivate,
+		IsPrivate:  gitlabArgs.private,
-		IsPersonal: glPersonal,
+		IsPersonal: gitlabArgs.personal,
 	}
 	// create GitLab project if doesn't exists
-	logger.Actionf("connecting to %s", glHostname)
+	logger.Actionf("connecting to %s", gitlabArgs.hostname)
 	changed, err := provider.CreateRepository(ctx, repository)
 	if err != nil {
 		return err
@@ -160,20 +169,29 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	// clone repository and checkout the master branch
-	if err := repository.Checkout(ctx, bootstrapBranch, tmpDir); err != nil {
+	if err := repository.Checkout(ctx, bootstrapArgs.branch, tmpDir); err != nil {
 		return err
 	}
 	logger.Successf("repository cloned")
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	installManifest, err := generateInstallManifests(glPath.String(), namespace, tmpDir, bootstrapManifestsPath)
+	installManifest, err := generateInstallManifests(
 		gitlabArgs.path.String(),
 		rootArgs.namespace,
 		tmpDir,
 		bootstrapArgs.manifestsPath,
 	)
 	if err != nil {
 		return err
 	}
 	// stage install manifests
-	changed, err = repository.Commit(ctx, path.Join(glPath.String(), namespace), "Add manifests")
+	changed, err = repository.Commit(
 		ctx,
 		path.Join(gitlabArgs.path.String(), rootArgs.namespace),
 		fmt.Sprintf("Add flux %s components manifests", bootstrapArgs.version),
 	)
 	if err != nil {
 		return err
 	}
@@ -189,11 +207,11 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	// determine if repo synchronization is working
-	isInstall := shouldInstallManifests(ctx, kubeClient, namespace)
+	isInstall := shouldInstallManifests(ctx, kubeClient, rootArgs.namespace)
 	if isInstall {
 		// apply install manifests
-		logger.Actionf("installing components in %s namespace", namespace)
+		logger.Actionf("installing components in %s namespace", rootArgs.namespace)
 		if err := applyInstallManifests(ctx, installManifest, bootstrapComponents()); err != nil {
 			return err
 		}
@@ -202,12 +220,12 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	repoURL := repository.GetURL()
-	if bootstrapTokenAuth {
+	if bootstrapArgs.tokenAuth {
 		// setup HTTPS token auth
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      namespace,
+				Name:      rootArgs.namespace,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 			},
 			StringData: map[string]string{
 				"username": "git",
@@ -220,21 +238,21 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		// setup SSH deploy key
 		repoURL = repository.GetSSH()
-		if shouldCreateDeployKey(ctx, kubeClient, namespace) {
+		if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
 			logger.Actionf("configuring deploy key")
 			u, err := url.Parse(repoURL)
 			if err != nil {
 				return fmt.Errorf("git URL parse failed: %w", err)
 			}
-			key, err := generateDeployKey(ctx, kubeClient, u, namespace)
+			key, err := generateDeployKey(ctx, kubeClient, u, rootArgs.namespace)
 			if err != nil {
 				return fmt.Errorf("generating deploy key failed: %w", err)
 			}
 			keyName := "flux"
-			if glPath != "" {
+			if gitlabArgs.path != "" {
-				keyName = fmt.Sprintf("flux-%s", glPath)
+				keyName = fmt.Sprintf("flux-%s", gitlabArgs.path)
 			}
 			if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
@@ -247,13 +265,25 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	// configure repo synchronization
 	logger.Actionf("generating sync manifests")
-	syncManifests, err := generateSyncManifests(repoURL, bootstrapBranch, namespace, namespace, filepath.ToSlash(glPath.String()), tmpDir, glInterval)
+	syncManifests, err := generateSyncManifests(
 		repoURL,
 		bootstrapArgs.branch,
 		rootArgs.namespace,
 		rootArgs.namespace,
 		filepath.ToSlash(gitlabArgs.path.String()),
 		tmpDir,
 		gitlabArgs.interval,
 	)
 	if err != nil {
 		return err
 	}
 	// commit and push manifests
-	if changed, err = repository.Commit(ctx, path.Join(glPath.String(), namespace), "Add manifests"); err != nil {
+	if changed, err = repository.Commit(
 		ctx,
 		path.Join(gitlabArgs.path.String(), rootArgs.namespace),
 		fmt.Sprintf("Add flux %s sync manifests", bootstrapArgs.version),
 	); err != nil {
 		return err
 	} else if changed {
 		if err := repository.Push(ctx); err != nil {
@@ -264,7 +294,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	// apply manifests and waiting for sync
 	logger.Actionf("applying sync manifests")
-	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, syncManifests); err != nil {
+	if err := applySyncManifests(ctx, kubeClient, rootArgs.namespace, rootArgs.namespace, syncManifests); err != nil {
 		return err
 	}
--- a/cmd/flux/check.go
+++ b/cmd/flux/check.go
@@ -21,13 +21,19 @@ import (
 	"encoding/json"
 	"os"
 	"os/exec"
-	"strings"
+	"time"
-	"github.com/blang/semver/v4"
+	"github.com/Masterminds/semver/v3"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
 	v1 "k8s.io/api/apps/v1"
 	apimachineryversion "k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/pkg/version"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 )
 var checkCmd = &cobra.Command{
@@ -44,30 +50,37 @@ the local environment is configured correctly and if the installed components ar
 	RunE: runCheckCmd,
 }
-var (
+type checkFlags struct {
-	checkPre        bool
+	pre             bool
-	checkComponents []string
+	components      []string
-)
+	extraComponents []string
 }
 type kubectlVersion struct {
 	ClientVersion *apimachineryversion.Info `json:"clientVersion"`
 }
 var checkArgs checkFlags
 func init() {
-	checkCmd.Flags().BoolVarP(&checkPre, "pre", "", false,
+	checkCmd.Flags().BoolVarP(&checkArgs.pre, "pre", "", false,
 		"only run pre-installation checks")
-	checkCmd.Flags().StringSliceVar(&checkComponents, "components", defaults.Components,
+	checkCmd.Flags().StringSliceVar(&checkArgs.components, "components", rootArgs.defaults.Components,
 		"list of components, accepts comma-separated values")
 	checkCmd.Flags().StringSliceVar(&checkArgs.extraComponents, "components-extra", nil,
 		"list of components in addition to those supplied or defaulted, accepts comma-separated values")
 	rootCmd.AddCommand(checkCmd)
 }
 func runCheckCmd(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 	logger.Actionf("checking prerequisites")
 	checkFailed := false
 	fluxCheck()
 	if !kubectlCheck(ctx, ">=1.18.0") {
 		checkFailed = true
 	}
@@ -76,7 +89,7 @@ func runCheckCmd(cmd *cobra.Command, args []string) error {
 		checkFailed = true
 	}
-	if checkPre {
+	if checkArgs.pre {
 		if checkFailed {
 			os.Exit(1)
 		}
@@ -95,7 +108,29 @@ func runCheckCmd(cmd *cobra.Command, args []string) error {
 	return nil
 }
-func kubectlCheck(ctx context.Context, version string) bool {
+func fluxCheck() {
 	curSv, err := version.ParseVersion(VERSION)
 	if err != nil {
 		return
 	}
 	// Exclude development builds.
 	if curSv.Prerelease() != "" {
 		return
 	}
 	latest, err := install.GetLatestVersion()
 	if err != nil {
 		return
 	}
 	latestSv, err := version.ParseVersion(latest)
 	if err != nil {
 		return
 	}
 	if latestSv.GreaterThan(curSv) {
 		logger.Failuref("flux %s <%s (new version is available, please upgrade)", curSv, latestSv)
 	}
 }
 func kubectlCheck(ctx context.Context, constraint string) bool {
 	_, err := exec.LookPath("kubectl")
 	if err != nil {
 		logger.Failuref("kubectl not found")
@@ -103,7 +138,7 @@ func kubectlCheck(ctx context.Context, version string) bool {
 	}
 	kubectlArgs := []string{"version", "--client", "--output", "json"}
-	output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, kubeconfig, kubecontext, kubectlArgs...)
+	output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...)
 	if err != nil {
 		logger.Failuref("kubectl version can't be determined")
 		return false
@@ -111,77 +146,88 @@ func kubectlCheck(ctx context.Context, version string) bool {
 	kv := &kubectlVersion{}
 	if err = json.Unmarshal([]byte(output), kv); err != nil {
-		logger.Failuref("kubectl version output can't be unmarshaled")
+		logger.Failuref("kubectl version output can't be unmarshalled")
 		return false
 	}
-	v, err := semver.ParseTolerant(kv.ClientVersion.GitVersion)
+	v, err := version.ParseVersion(kv.ClientVersion.GitVersion)
 	if err != nil {
 		logger.Failuref("kubectl version can't be parsed")
 		return false
 	}
-	rng, _ := semver.ParseRange(version)
+	c, _ := semver.NewConstraint(constraint)
-	if !rng(v) {
+	if !c.Check(v) {
-		logger.Failuref("kubectl version must be %s", version)
+		logger.Failuref("kubectl version must be %s", constraint)
 		return false
 	}
-	logger.Successf("kubectl %s %s", v.String(), version)
+	logger.Successf("kubectl %s %s", v.String(), constraint)
 	return true
 }
-func kubernetesCheck(version string) bool {
+func kubernetesCheck(constraint string) bool {
-	cfg, err := utils.KubeConfig(kubeconfig, kubecontext)
+	cfg, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		logger.Failuref("Kubernetes client initialization failed: %s", err.Error())
 		return false
 	}
-	client, err := kubernetes.NewForConfig(cfg)
+	clientSet, err := kubernetes.NewForConfig(cfg)
 	if err != nil {
 		logger.Failuref("Kubernetes client initialization failed: %s", err.Error())
 		return false
 	}
-	ver, err := client.Discovery().ServerVersion()
+	kv, err := clientSet.Discovery().ServerVersion()
 	if err != nil {
 		logger.Failuref("Kubernetes API call failed: %s", err.Error())
 		return false
 	}
-	v, err := semver.ParseTolerant(ver.String())
+	v, err := version.ParseVersion(kv.String())
 	if err != nil {
 		logger.Failuref("Kubernetes version can't be determined")
 		return false
 	}
-	rng, _ := semver.ParseRange(version)
+	c, _ := semver.NewConstraint(constraint)
-	if !rng(v) {
+	if !c.Check(v) {
-		logger.Failuref("Kubernetes version must be %s", version)
+		logger.Failuref("Kubernetes version must be %s", constraint)
 		return false
 	}
-	logger.Successf("Kubernetes %s %s", v.String(), version)
+	logger.Successf("Kubernetes %s %s", v.String(), constraint)
 	return true
 }
 func componentsCheck() bool {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return false
 	}
 	statusChecker, err := NewStatusChecker(time.Second, rootArgs.timeout)
 	if err != nil {
 		return false
 	}
 	ok := true
-	for _, deployment := range checkComponents {
+	selector := client.MatchingLabels{"app.kubernetes.io/instance": rootArgs.namespace}
-		kubectlArgs := []string{"-n", namespace, "rollout", "status", "deployment", deployment, "--timeout", timeout.String()}
+	var list v1.DeploymentList
-		if output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, kubeconfig, kubecontext, kubectlArgs...); err != nil {
+	if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err == nil {
-			logger.Failuref("%s: %s", deployment, strings.TrimSuffix(output, "\n"))
+		for _, d := range list.Items {
-			ok = false
+			if err := statusChecker.Assess(d.Name); err != nil {
-		} else {
+				ok = false
-			logger.Successf("%s is healthy", deployment)
+			} else {
-		}
+				logger.Successf("%s: healthy", d.Name)
-		kubectlArgs = []string{"-n", namespace, "get", "deployment", deployment, "-o", "jsonpath=\"{..image}\""}
+			}
-		if output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, kubeconfig, kubecontext, kubectlArgs...); err == nil {
+			for _, c := range d.Spec.Template.Spec.Containers {
-			logger.Actionf(strings.TrimPrefix(strings.TrimSuffix(output, "\""), "\""))
+				logger.Actionf(c.Image)
 			}
 		}
 	}
 	return ok
--- a/cmd/flux/create.go
+++ b/cmd/flux/create.go
@@ -38,16 +38,18 @@ var createCmd = &cobra.Command{
 	Long:  "The create sub-commands generate sources and resources.",
 }
-var (
+type createFlags struct {
 	interval time.Duration
 	export   bool
 	labels   []string
-)
+}
 var createArgs createFlags
 func init() {
-	createCmd.PersistentFlags().DurationVarP(&interval, "interval", "", time.Minute, "source sync interval")
+	createCmd.PersistentFlags().DurationVarP(&createArgs.interval, "interval", "", time.Minute, "source sync interval")
-	createCmd.PersistentFlags().BoolVar(&export, "export", false, "export in YAML format to stdout")
+	createCmd.PersistentFlags().BoolVar(&createArgs.export, "export", false, "export in YAML format to stdout")
-	createCmd.PersistentFlags().StringSliceVar(&labels, "label", nil,
+	createCmd.PersistentFlags().StringSliceVar(&createArgs.labels, "label", nil,
 		"set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)")
 	rootCmd.AddCommand(createCmd)
 }
@@ -99,10 +101,10 @@ type upsertWaitable interface {
 // resource, then waiting for it to reconcile. See the note on
 // `upsert` for how to work with the `mutate` argument.
 func (names apiType) upsertAndWait(object upsertWaitable, mutate func() error) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext) // NB globals
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext) // NB globals
 	if err != nil {
 		return err
 	}
@@ -116,7 +118,7 @@ func (names apiType) upsertAndWait(object upsertWaitable, mutate func() error) e
 	}
 	logger.Waitingf("waiting for %s reconciliation", names.kind)
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isReady(ctx, kubeClient, namespacedName, object)); err != nil {
 		return err
 	}
@@ -126,7 +128,7 @@ func (names apiType) upsertAndWait(object upsertWaitable, mutate func() error) e
 func parseLabels() (map[string]string, error) {
 	result := make(map[string]string)
-	for _, label := range labels {
+	for _, label := range createArgs.labels {
 		// validate key value pair
 		parts := strings.Split(label, "=")
 		if len(parts) != 2 {
--- a/cmd/flux/create_alert.go
+++ b/cmd/flux/create_alert.go
@@ -20,11 +20,7 @@ import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -33,6 +29,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createAlertCmd = &cobra.Command{
@@ -49,16 +48,18 @@ var createAlertCmd = &cobra.Command{
 	RunE: createAlertCmdRun,
 }
-var (
+type alertFlags struct {
-	aProviderRef   string
+	providerRef   string
-	aEventSeverity string
+	eventSeverity string
-	aEventSources  []string
+	eventSources  []string
-)
+}
 var alertArgs alertFlags
 func init() {
-	createAlertCmd.Flags().StringVar(&aProviderRef, "provider-ref", "", "reference to provider")
+	createAlertCmd.Flags().StringVar(&alertArgs.providerRef, "provider-ref", "", "reference to provider")
-	createAlertCmd.Flags().StringVar(&aEventSeverity, "event-severity", "", "severity of events to send alerts for")
+	createAlertCmd.Flags().StringVar(&alertArgs.eventSeverity, "event-severity", "", "severity of events to send alerts for")
-	createAlertCmd.Flags().StringArrayVar(&aEventSources, "event-source", []string{}, "sources that should generate alerts (<kind>/<name>)")
+	createAlertCmd.Flags().StringArrayVar(&alertArgs.eventSources, "event-source", []string{}, "sources that should generate alerts (<kind>/<name>)")
 	createCmd.AddCommand(createAlertCmd)
 }
@@ -68,12 +69,12 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	if aProviderRef == "" {
+	if alertArgs.providerRef == "" {
 		return fmt.Errorf("provider ref is required")
 	}
 	eventSources := []notificationv1.CrossNamespaceObjectReference{}
-	for _, eventSource := range aEventSources {
+	for _, eventSource := range alertArgs.eventSources {
 		kind, name := utils.ParseObjectKindName(eventSource)
 		if kind == "" {
 			return fmt.Errorf("invalid event source '%s', must be in format <kind>/<name>", eventSource)
@@ -94,34 +95,34 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !export {
+	if !createArgs.export {
 		logger.Generatef("generating Alert")
 	}
 	alert := notificationv1.Alert{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: notificationv1.AlertSpec{
-			ProviderRef: corev1.LocalObjectReference{
+			ProviderRef: meta.LocalObjectReference{
-				Name: aProviderRef,
+				Name: alertArgs.providerRef,
 			},
-			EventSeverity: aEventSeverity,
+			EventSeverity: alertArgs.eventSeverity,
 			EventSources:  eventSources,
 			Suspend:       false,
 		},
 	}
-	if export {
+	if createArgs.export {
 		return exportAlert(alert)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -133,7 +134,7 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for Alert reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isAlertReady(ctx, kubeClient, namespacedName, &alert)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_alertprovider.go
+++ b/cmd/flux/create_alertprovider.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -29,9 +28,10 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createAlertProviderCmd = &cobra.Command{
@@ -54,20 +54,22 @@ var createAlertProviderCmd = &cobra.Command{
 	RunE: createAlertProviderCmdRun,
 }
-var (
+type alertProviderFlags struct {
-	apType      string
+	alertType string
-	apChannel   string
+	channel   string
-	apUsername  string
+	username  string
-	apAddress   string
+	address   string
-	apSecretRef string
+	secretRef string
-)
+}
 var alertProviderArgs alertProviderFlags
 func init() {
-	createAlertProviderCmd.Flags().StringVar(&apType, "type", "", "type of provider")
+	createAlertProviderCmd.Flags().StringVar(&alertProviderArgs.alertType, "type", "", "type of provider")
-	createAlertProviderCmd.Flags().StringVar(&apChannel, "channel", "", "channel to send messages to in the case of a chat provider")
+	createAlertProviderCmd.Flags().StringVar(&alertProviderArgs.channel, "channel", "", "channel to send messages to in the case of a chat provider")
-	createAlertProviderCmd.Flags().StringVar(&apUsername, "username", "", "bot username used by the provider")
+	createAlertProviderCmd.Flags().StringVar(&alertProviderArgs.username, "username", "", "bot username used by the provider")
-	createAlertProviderCmd.Flags().StringVar(&apAddress, "address", "", "path to either the git repository, chat provider or webhook")
+	createAlertProviderCmd.Flags().StringVar(&alertProviderArgs.address, "address", "", "path to either the git repository, chat provider or webhook")
-	createAlertProviderCmd.Flags().StringVar(&apSecretRef, "secret-ref", "", "name of secret containing authentication token")
+	createAlertProviderCmd.Flags().StringVar(&alertProviderArgs.secretRef, "secret-ref", "", "name of secret containing authentication token")
 	createCmd.AddCommand(createAlertProviderCmd)
 }
@@ -77,7 +79,7 @@ func createAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	if apType == "" {
+	if alertProviderArgs.alertType == "" {
 		return fmt.Errorf("Provider type is required")
 	}
@@ -86,38 +88,38 @@ func createAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !export {
+	if !createArgs.export {
 		logger.Generatef("generating Provider")
 	}
 	provider := notificationv1.Provider{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: notificationv1.ProviderSpec{
-			Type:     apType,
+			Type:     alertProviderArgs.alertType,
-			Channel:  apChannel,
+			Channel:  alertProviderArgs.channel,
-			Username: apUsername,
+			Username: alertProviderArgs.username,
-			Address:  apAddress,
+			Address:  alertProviderArgs.address,
 		},
 	}
-	if apSecretRef != "" {
+	if alertProviderArgs.secretRef != "" {
-		provider.Spec.SecretRef = &corev1.LocalObjectReference{
+		provider.Spec.SecretRef = &meta.LocalObjectReference{
-			Name: apSecretRef,
+			Name: alertProviderArgs.secretRef,
 		}
 	}
-	if export {
+	if createArgs.export {
 		return exportAlertProvider(provider)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -129,7 +131,7 @@ func createAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for Provider reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isAlertProviderReady(ctx, kubeClient, namespacedName, &provider)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_helmrelease.go
+++ b/cmd/flux/create_helmrelease.go
@@ -18,12 +18,14 @@ package main
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/pkg/runtime/transform"
 	"github.com/spf13/cobra"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
@@ -62,11 +64,12 @@ var createHelmReleaseCmd = &cobra.Command{
    --source=Bucket/podinfo \
    --chart=./charts/podinfo
-  # Create a HelmRelease with values from a local YAML file
+  # Create a HelmRelease with values from local YAML files
  flux create hr podinfo \
    --source=HelmRepository/podinfo \
    --chart=podinfo \
-    --values=./my-values.yaml
+    --values=./my-values1.yaml \
    --values=./my-values2.yaml
  # Create a HelmRelease with values from a Kubernetes secret
  kubectl -n app create secret generic my-secret-values \
@@ -98,28 +101,30 @@ var createHelmReleaseCmd = &cobra.Command{
 	RunE: createHelmReleaseCmdRun,
 }
-var (
+type helmReleaseFlags struct {
-	hrName            string
+	name            string
-	hrSource          flags.HelmChartSource
+	source          flags.HelmChartSource
-	hrDependsOn       []string
+	dependsOn       []string
-	hrChart           string
+	chart           string
-	hrChartVersion    string
+	chartVersion    string
-	hrTargetNamespace string
+	targetNamespace string
-	hrValuesFile      string
+	valuesFile      []string
-	hrValuesFrom      flags.HelmReleaseValuesFrom
+	valuesFrom      flags.HelmReleaseValuesFrom
-	hrSAName          string
+	saName          string
-)
+}
 var helmReleaseArgs helmReleaseFlags
 func init() {
-	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<HelmRelease-name>'")
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.name, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<HelmRelease-name>'")
-	createHelmReleaseCmd.Flags().Var(&hrSource, "source", hrSource.Description())
+	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.source, "source", helmReleaseArgs.source.Description())
-	createHelmReleaseCmd.Flags().StringVar(&hrChart, "chart", "", "Helm chart name or path")
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.chart, "chart", "", "Helm chart name or path")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.chartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
-	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
+	createHelmReleaseCmd.Flags().StringArrayVar(&helmReleaseArgs.dependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
-	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.targetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
-	createHelmReleaseCmd.Flags().StringVar(&hrSAName, "service-account", "", "the name of the service account to impersonate when reconciling this HelmRelease")
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.saName, "service-account", "", "the name of the service account to impersonate when reconciling this HelmRelease")
-	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
+	createHelmReleaseCmd.Flags().StringArrayVar(&helmReleaseArgs.valuesFile, "values", nil, "local path to values.yaml files")
-	createHelmReleaseCmd.Flags().Var(&hrValuesFrom, "values-from", hrValuesFrom.Description())
+	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.valuesFrom, "values-from", helmReleaseArgs.valuesFrom.Description())
 	createCmd.AddCommand(createHelmReleaseCmd)
 }
@@ -129,7 +134,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	if hrChart == "" {
+	if helmReleaseArgs.chart == "" {
 		return fmt.Errorf("chart name or path is required")
 	}
@@ -138,30 +143,30 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !export {
+	if !createArgs.export {
 		logger.Generatef("generating HelmRelease")
 	}
 	helmRelease := helmv2.HelmRelease{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: helmv2.HelmReleaseSpec{
-			ReleaseName: hrName,
+			ReleaseName: helmReleaseArgs.name,
-			DependsOn:   utils.MakeDependsOn(hrDependsOn),
+			DependsOn:   utils.MakeDependsOn(helmReleaseArgs.dependsOn),
 			Interval: metav1.Duration{
-				Duration: interval,
+				Duration: createArgs.interval,
 			},
-			TargetNamespace: hrTargetNamespace,
+			TargetNamespace: helmReleaseArgs.targetNamespace,
 			Chart: helmv2.HelmChartTemplate{
 				Spec: helmv2.HelmChartTemplateSpec{
-					Chart:   hrChart,
+					Chart:   helmReleaseArgs.chart,
-					Version: hrChartVersion,
+					Version: helmReleaseArgs.chartVersion,
 					SourceRef: helmv2.CrossNamespaceObjectReference{
-						Kind: hrSource.Kind,
+						Kind: helmReleaseArgs.source.Kind,
-						Name: hrSource.Name,
+						Name: helmReleaseArgs.source.Name,
 					},
 				},
 			},
@@ -169,39 +174,58 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
-	if hrSAName != "" {
+	if helmReleaseArgs.saName != "" {
-		helmRelease.Spec.ServiceAccountName = hrSAName
+		helmRelease.Spec.ServiceAccountName = helmReleaseArgs.saName
 	}
-	if hrValuesFile != "" {
+	if len(helmReleaseArgs.valuesFile) > 0 {
-		data, err := ioutil.ReadFile(hrValuesFile)
+		var valuesMap map[string]interface{}
-		if err != nil {
+		for _, v := range helmReleaseArgs.valuesFile {
-			return fmt.Errorf("reading values from %s failed: %w", hrValuesFile, err)
+			data, err := ioutil.ReadFile(v)
 			if err != nil {
 				return fmt.Errorf("reading values from %s failed: %w", v, err)
 			}
 			jsonBytes, err := yaml.YAMLToJSON(data)
 			if err != nil {
 				return fmt.Errorf("converting values to JSON from %s failed: %w", v, err)
 			}
 			jsonMap := make(map[string]interface{})
 			if err := json.Unmarshal(jsonBytes, &jsonMap); err != nil {
 				return fmt.Errorf("unmarshaling values from %s failed: %w", v, err)
 			}
 			if valuesMap == nil {
 				valuesMap = jsonMap
 			} else {
 				valuesMap = transform.MergeMaps(valuesMap, jsonMap)
 			}
 		}
-		json, err := yaml.YAMLToJSON(data)
+		jsonRaw, err := json.Marshal(valuesMap)
 		if err != nil {
-			return fmt.Errorf("converting values to JSON from %s failed: %w", hrValuesFile, err)
+			return fmt.Errorf("marshaling values failed: %w", err)
 		}
-		helmRelease.Spec.Values = &apiextensionsv1.JSON{Raw: json}
+		helmRelease.Spec.Values = &apiextensionsv1.JSON{Raw: jsonRaw}
 	}
-	if hrValuesFrom.String() != "" {
+	if helmReleaseArgs.valuesFrom.String() != "" {
 		helmRelease.Spec.ValuesFrom = []helmv2.ValuesReference{{
-			Kind: hrValuesFrom.Kind,
+			Kind: helmReleaseArgs.valuesFrom.Kind,
-			Name: hrValuesFrom.Name,
+			Name: helmReleaseArgs.valuesFrom.Name,
 		}}
 	}
-	if export {
+	if createArgs.export {
 		return exportHelmRelease(helmRelease)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -213,7 +237,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for HelmRelease reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isHelmReleaseReady(ctx, kubeClient, namespacedName, &helmRelease)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_image_policy.go
+++ b/cmd/flux/create_image_policy.go
@@ -18,11 +18,16 @@ package main
 import (
 	"fmt"
 	"regexp/syntax"
 	"strings"
 	"unicode"
 	"unicode/utf8"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"github.com/fluxcd/pkg/apis/meta"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
 )
@@ -38,9 +43,13 @@ the status of the object.`,
 	RunE: createImagePolicyRun}
 type imagePolicyFlags struct {
-	imageRef    string
+	imageRef        string
-	semver      string
+	semver          string
-	filterRegex string
+	alpha           string
 	numeric         string
 	filterRegex     string
 	filterExtract   string
 	filterNumerical string
 }
 var imagePolicyArgs = imagePolicyFlags{}
@@ -48,8 +57,11 @@ var imagePolicyArgs = imagePolicyFlags{}
 func init() {
 	flags := createImagePolicyCmd.Flags()
 	flags.StringVar(&imagePolicyArgs.imageRef, "image-ref", "", "the name of an image repository object")
-	flags.StringVar(&imagePolicyArgs.semver, "semver", "", "a semver range to apply to tags; e.g., '1.x'")
+	flags.StringVar(&imagePolicyArgs.semver, "select-semver", "", "a semver range to apply to tags; e.g., '1.x'")
-	flags.StringVar(&imagePolicyArgs.filterRegex, "filter-regex", "", " regular expression pattern used to filter the image tags")
+	flags.StringVar(&imagePolicyArgs.alpha, "select-alpha", "", "use alphabetical sorting to select image; either \"asc\" meaning select the last, or \"desc\" meaning select the first")
 	flags.StringVar(&imagePolicyArgs.numeric, "select-numeric", "", "use numeric sorting to select image; either \"asc\" meaning select the last, or \"desc\" meaning select the first")
 	flags.StringVar(&imagePolicyArgs.filterRegex, "filter-regex", "", "regular expression pattern used to filter the image tags")
 	flags.StringVar(&imagePolicyArgs.filterExtract, "filter-extract", "", "replacement pattern (using capture groups from --filter-regex) to use for sorting")
 	createImageCmd.AddCommand(createImagePolicyCmd)
 }
@@ -78,32 +90,63 @@ func createImagePolicyRun(cmd *cobra.Command, args []string) error {
 	var policy = imagev1.ImagePolicy{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      objectName,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    labels,
 		},
 		Spec: imagev1.ImagePolicySpec{
-			ImageRepositoryRef: corev1.LocalObjectReference{
+			ImageRepositoryRef: meta.LocalObjectReference{
 				Name: imagePolicyArgs.imageRef,
 			},
 		},
 	}
 	switch {
 	case imagePolicyArgs.semver != "" && imagePolicyArgs.alpha != "":
 	case imagePolicyArgs.semver != "" && imagePolicyArgs.numeric != "":
 	case imagePolicyArgs.alpha != "" && imagePolicyArgs.numeric != "":
 		return fmt.Errorf("only one of --select-semver, --select-alpha or --select-numeric can be specified")
 	case imagePolicyArgs.semver != "":
 		policy.Spec.Policy.SemVer = &imagev1.SemVerPolicy{
 			Range: imagePolicyArgs.semver,
 		}
 	case imagePolicyArgs.alpha != "":
 		if imagePolicyArgs.alpha != "desc" && imagePolicyArgs.alpha != "asc" {
 			return fmt.Errorf("--select-alpha must be one of [\"asc\", \"desc\"]")
 		}
 		policy.Spec.Policy.Alphabetical = &imagev1.AlphabeticalPolicy{
 			Order: imagePolicyArgs.alpha,
 		}
 	case imagePolicyArgs.numeric != "":
 		if imagePolicyArgs.numeric != "desc" && imagePolicyArgs.numeric != "asc" {
 			return fmt.Errorf("--select-numeric must be one of [\"asc\", \"desc\"]")
 		}
 		policy.Spec.Policy.Numerical = &imagev1.NumericalPolicy{
 			Order: imagePolicyArgs.numeric,
 		}
 	default:
-		return fmt.Errorf("a policy must be provided with --semver")
+		return fmt.Errorf("a policy must be provided with either --select-semver or --select-alpha")
 	}
 	if imagePolicyArgs.filterRegex != "" {
 		exp, err := syntax.Parse(imagePolicyArgs.filterRegex, syntax.Perl)
 		if err != nil {
 			return fmt.Errorf("--filter-regex is an invalid regex pattern")
 		}
 		policy.Spec.FilterTags = &imagev1.TagFilter{
 			Pattern: imagePolicyArgs.filterRegex,
 		}
 		if imagePolicyArgs.filterExtract != "" {
 			if err := validateExtractStr(imagePolicyArgs.filterExtract, exp.CapNames()); err != nil {
 				return err
 			}
 			policy.Spec.FilterTags.Extract = imagePolicyArgs.filterExtract
 		}
 	} else if imagePolicyArgs.filterExtract != "" {
 		return fmt.Errorf("cannot specify --filter-extract without specifying --filter-regex")
 	}
-	if export {
+	if createArgs.export {
 		return printExport(exportImagePolicy(&policy))
 	}
@@ -116,3 +159,94 @@ func createImagePolicyRun(cmd *cobra.Command, args []string) error {
 	})
 	return err
 }
 // Performs a dry-run of the extract function in Regexp to validate the template
 func validateExtractStr(template string, capNames []string) error {
 	for len(template) > 0 {
 		i := strings.Index(template, "$")
 		if i < 0 {
 			return nil
 		}
 		template = template[i:]
 		if len(template) > 1 && template[1] == '$' {
 			template = template[2:]
 			continue
 		}
 		name, num, rest, ok := extract(template)
 		if !ok {
 			// Malformed extract string, assume user didn't want this
 			template = template[1:]
 			return fmt.Errorf("--filter-extract is malformed")
 		}
 		template = rest
 		if num >= 0 {
 			// we won't worry about numbers as we can't validate these
 			continue
 		} else {
 			found := false
 			for _, capName := range capNames {
 				if name == capName {
 					found = true
 				}
 			}
 			if !found {
 				return fmt.Errorf("capture group $%s used in --filter-extract not found in --filter-regex", name)
 			}
 		}
 	}
 	return nil
 }
 // extract method from the regexp package
 // returns the name or number of the value prepended by $
 func extract(str string) (name string, num int, rest string, ok bool) {
 	if len(str) < 2 || str[0] != '$' {
 		return
 	}
 	brace := false
 	if str[1] == '{' {
 		brace = true
 		str = str[2:]
 	} else {
 		str = str[1:]
 	}
 	i := 0
 	for i < len(str) {
 		rune, size := utf8.DecodeRuneInString(str[i:])
 		if !unicode.IsLetter(rune) && !unicode.IsDigit(rune) && rune != '_' {
 			break
 		}
 		i += size
 	}
 	if i == 0 {
 		// empty name is not okay
 		return
 	}
 	name = str[:i]
 	if brace {
 		if i >= len(str) || str[i] != '}' {
 			// missing closing brace
 			return
 		}
 		i++
 	}
 	// Parse number.
 	num = 0
 	for i := 0; i < len(name); i++ {
 		if name[i] < '0' || '9' < name[i] || num >= 1e8 {
 			num = -1
 			break
 		}
 		num = num*10 + int(name[i]) - '0'
 	}
 	// Disallow leading zeros.
 	if name[0] == '0' && len(name) > 1 {
 		num = -1
 	}
 	rest = str[i:]
 	ok = true
 	return
 }
--- a/cmd/flux/create_image_repository.go
+++ b/cmd/flux/create_image_repository.go
@@ -22,9 +22,10 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"github.com/fluxcd/pkg/apis/meta"
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
 )
@@ -33,13 +34,39 @@ var createImageRepositoryCmd = &cobra.Command{
 	Short: "Create or update an ImageRepository object",
 	Long: `The create image repository command generates an ImageRepository resource.
 An ImageRepository object specifies an image repository to scan.`,
 	Example: `  # Create an ImageRepository object to scan the alpine image repository:
  flux create image repository alpine-repo --image alpine --interval 20m
  # Create an image repository that uses an image pull secret (assumed to
  # have been created already):
  flux create image repository myapp-repo \
    --secret-ref image-pull \
    --image ghcr.io/example.com/myapp --interval 5m
  # Create a TLS secret for a local image registry using a self-signed
  # host certificate, and use it to scan an image. ca.pem is a file
  # containing the CA certificate used to sign the host certificate.
  flux create secret tls local-registry-cert --ca-file ./ca.pem
  flux create image repository app-repo \
    --cert-secret-ref local-registry-cert \
    --image local-registry:5000/app --interval 5m
  # Create a TLS secret with a client certificate and key, and use it
  # to scan a private image registry.
  flux create secret tls client-cert \
    --cert-file client.crt --key-file client.key
  flux create image repository app-repo \
    --cert-secret-ref client-cert \
    --image registry.example.com/private/app --interval 5m
 `,
 	RunE: createImageRepositoryRun,
 }
 type imageRepoFlags struct {
-	image     string
+	image         string
-	secretRef string
+	secretRef     string
-	timeout   time.Duration
+	certSecretRef string
 	timeout       time.Duration
 }
 var imageRepoArgs = imageRepoFlags{}
@@ -48,6 +75,7 @@ func init() {
 	flags := createImageRepositoryCmd.Flags()
 	flags.StringVar(&imageRepoArgs.image, "image", "", "the image repository to scan; e.g., library/alpine")
 	flags.StringVar(&imageRepoArgs.secretRef, "secret-ref", "", "the name of a docker-registry secret to use for credentials")
 	flags.StringVar(&imageRepoArgs.certSecretRef, "cert-ref", "", "the name of a secret to use for TLS certificates")
 	// NB there is already a --timeout in the global flags, for
 	// controlling timeout on operations while e.g., creating objects.
 	flags.DurationVar(&imageRepoArgs.timeout, "scan-timeout", 0, "a timeout for scanning; this defaults to the interval if not set")
@@ -77,24 +105,29 @@ func createImageRepositoryRun(cmd *cobra.Command, args []string) error {
 	var repo = imagev1.ImageRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      objectName,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    labels,
 		},
 		Spec: imagev1.ImageRepositorySpec{
 			Image:    imageRepoArgs.image,
-			Interval: metav1.Duration{Duration: interval},
+			Interval: metav1.Duration{Duration: createArgs.interval},
 		},
 	}
 	if imageRepoArgs.timeout != 0 {
 		repo.Spec.Timeout = &metav1.Duration{Duration: imageRepoArgs.timeout}
 	}
 	if imageRepoArgs.secretRef != "" {
-		repo.Spec.SecretRef = &corev1.LocalObjectReference{
+		repo.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: imageRepoArgs.secretRef,
 		}
 	}
 	if imageRepoArgs.certSecretRef != "" {
 		repo.Spec.CertSecretRef = &meta.LocalObjectReference{
 			Name: imageRepoArgs.certSecretRef,
 		}
 	}
-	if export {
+	if createArgs.export {
 		return printExport(exportImageRepository(&repo))
 	}
--- a/cmd/flux/create_image_updateauto.go
+++ b/cmd/flux/create_image_updateauto.go
@@ -20,9 +20,10 @@ import (
 	"fmt"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"github.com/fluxcd/pkg/apis/meta"
 	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
 )
@@ -69,7 +70,7 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 	}
 	if imageUpdateArgs.branch == "" {
-		return fmt.Errorf("the Git repoistory branch is required (--branch)")
+		return fmt.Errorf("the Git repository branch is required (--branch)")
 	}
 	labels, err := parseLabels()
@@ -80,20 +81,17 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 	var update = autov1.ImageUpdateAutomation{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      objectName,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    labels,
 		},
 		Spec: autov1.ImageUpdateAutomationSpec{
 			Checkout: autov1.GitCheckoutSpec{
-				GitRepositoryRef: corev1.LocalObjectReference{
+				GitRepositoryRef: meta.LocalObjectReference{
 					Name: imageUpdateArgs.gitRepoRef,
 				},
 				Branch: imageUpdateArgs.branch,
 			},
-			Interval: metav1.Duration{Duration: interval},
+			Interval: metav1.Duration{Duration: createArgs.interval},
 			Update: autov1.UpdateStrategy{
 				Setters: &autov1.SettersStrategy{},
 			},
 			Commit: autov1.CommitSpec{
 				AuthorName:      imageUpdateArgs.authorName,
 				AuthorEmail:     imageUpdateArgs.authorEmail,
@@ -102,7 +100,7 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 		},
 	}
-	if export {
+	if createArgs.export {
 		return printExport(exportImageUpdate(&update))
 	}
--- a/cmd/flux/create_kustomization.go
+++ b/cmd/flux/create_kustomization.go
@@ -23,7 +23,6 @@ import (
 	"time"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -31,11 +30,12 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createKsCmd = &cobra.Command{
@@ -72,53 +72,61 @@ var createKsCmd = &cobra.Command{
 	RunE: createKsCmdRun,
 }
-var (
+type kustomizationFlags struct {
-	ksSource             flags.KustomizationSource
+	source             flags.KustomizationSource
-	ksPath               flags.SafeRelativePath = "./"
+	path               flags.SafeRelativePath
-	ksPrune              bool
+	prune              bool
-	ksDependsOn          []string
+	dependsOn          []string
-	ksValidation         string
+	validation         string
-	ksHealthCheck        []string
+	healthCheck        []string
-	ksHealthTimeout      time.Duration
+	healthTimeout      time.Duration
-	ksSAName             string
+	saName             string
-	ksDecryptionProvider flags.DecryptionProvider
+	decryptionProvider flags.DecryptionProvider
-	ksDecryptionSecret   string
+	decryptionSecret   string
-	ksTargetNamespace    string
+	targetNamespace    string
-)
+}
 var kustomizationArgs = NewKustomizationFlags()
 func init() {
-	createKsCmd.Flags().Var(&ksSource, "source", ksSource.Description())
+	createKsCmd.Flags().Var(&kustomizationArgs.source, "source", kustomizationArgs.source.Description())
-	createKsCmd.Flags().Var(&ksPath, "path", "path to the directory containing a kustomization.yaml file")
+	createKsCmd.Flags().Var(&kustomizationArgs.path, "path", "path to the directory containing a kustomization.yaml file")
-	createKsCmd.Flags().BoolVar(&ksPrune, "prune", false, "enable garbage collection")
+	createKsCmd.Flags().BoolVar(&kustomizationArgs.prune, "prune", false, "enable garbage collection")
-	createKsCmd.Flags().StringArrayVar(&ksHealthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
+	createKsCmd.Flags().StringArrayVar(&kustomizationArgs.healthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
-	createKsCmd.Flags().DurationVar(&ksHealthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
+	createKsCmd.Flags().DurationVar(&kustomizationArgs.healthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
-	createKsCmd.Flags().StringVar(&ksValidation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
+	createKsCmd.Flags().StringVar(&kustomizationArgs.validation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
-	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
+	createKsCmd.Flags().StringArrayVar(&kustomizationArgs.dependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
-	createKsCmd.Flags().StringVar(&ksSAName, "service-account", "", "the name of the service account to impersonate when reconciling this Kustomization")
+	createKsCmd.Flags().StringVar(&kustomizationArgs.saName, "service-account", "", "the name of the service account to impersonate when reconciling this Kustomization")
-	createKsCmd.Flags().Var(&ksDecryptionProvider, "decryption-provider", ksDecryptionProvider.Description())
+	createKsCmd.Flags().Var(&kustomizationArgs.decryptionProvider, "decryption-provider", kustomizationArgs.decryptionProvider.Description())
-	createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
+	createKsCmd.Flags().StringVar(&kustomizationArgs.decryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
-	createKsCmd.Flags().StringVar(&ksTargetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")
+	createKsCmd.Flags().StringVar(&kustomizationArgs.targetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")
 	createCmd.AddCommand(createKsCmd)
 }
 func NewKustomizationFlags() kustomizationFlags {
 	return kustomizationFlags{
 		path: "./",
 	}
 }
 func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("Kustomization name is required")
 	}
 	name := args[0]
-	if ksPath == "" {
+	if kustomizationArgs.path == "" {
 		return fmt.Errorf("path is required")
 	}
-	if !strings.HasPrefix(ksPath.String(), "./") {
+	if !strings.HasPrefix(kustomizationArgs.path.String(), "./") {
 		return fmt.Errorf("path must begin with ./")
 	}
-	if !export {
+	if !createArgs.export {
 		logger.Generatef("generating Kustomization")
 	}
-	ksLabels, err := parseLabels()
+	kslabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
@@ -126,29 +134,29 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	kustomization := kustomizev1.Kustomization{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
-			Labels:    ksLabels,
+			Labels:    kslabels,
 		},
 		Spec: kustomizev1.KustomizationSpec{
-			DependsOn: utils.MakeDependsOn(ksDependsOn),
+			DependsOn: utils.MakeDependsOn(kustomizationArgs.dependsOn),
 			Interval: metav1.Duration{
-				Duration: interval,
+				Duration: createArgs.interval,
 			},
-			Path:  ksPath.String(),
+			Path:  kustomizationArgs.path.String(),
-			Prune: ksPrune,
+			Prune: kustomizationArgs.prune,
 			SourceRef: kustomizev1.CrossNamespaceSourceReference{
-				Kind: ksSource.Kind,
+				Kind: kustomizationArgs.source.Kind,
-				Name: ksSource.Name,
+				Name: kustomizationArgs.source.Name,
 			},
 			Suspend:         false,
-			Validation:      ksValidation,
+			Validation:      kustomizationArgs.validation,
-			TargetNamespace: ksTargetNamespace,
+			TargetNamespace: kustomizationArgs.targetNamespace,
 		},
 	}
-	if len(ksHealthCheck) > 0 {
+	if len(kustomizationArgs.healthCheck) > 0 {
-		healthChecks := make([]kustomizev1.CrossNamespaceObjectReference, 0)
+		healthChecks := make([]meta.NamespacedObjectKindReference, 0)
-		for _, w := range ksHealthCheck {
+		for _, w := range kustomizationArgs.healthCheck {
 			kindObj := strings.Split(w, "/")
 			if len(kindObj) != 2 {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace' %v", w, kindObj)
@@ -170,7 +178,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace'", w)
 			}
-			check := kustomizev1.CrossNamespaceObjectReference{
+			check := meta.NamespacedObjectKindReference{
 				Kind:      kind,
 				Name:      nameNs[0],
 				Namespace: nameNs[1],
@@ -183,32 +191,32 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		}
 		kustomization.Spec.HealthChecks = healthChecks
 		kustomization.Spec.Timeout = &metav1.Duration{
-			Duration: ksHealthTimeout,
+			Duration: kustomizationArgs.healthTimeout,
 		}
 	}
-	if ksSAName != "" {
+	if kustomizationArgs.saName != "" {
-		kustomization.Spec.ServiceAccountName = ksSAName
+		kustomization.Spec.ServiceAccountName = kustomizationArgs.saName
 	}
-	if ksDecryptionProvider != "" {
+	if kustomizationArgs.decryptionProvider != "" {
 		kustomization.Spec.Decryption = &kustomizev1.Decryption{
-			Provider: ksDecryptionProvider.String(),
+			Provider: kustomizationArgs.decryptionProvider.String(),
 		}
-		if ksDecryptionSecret != "" {
+		if kustomizationArgs.decryptionSecret != "" {
-			kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
+			kustomization.Spec.Decryption.SecretRef = &meta.LocalObjectReference{Name: kustomizationArgs.decryptionSecret}
 		}
 	}
-	if export {
+	if createArgs.export {
 		return exportKs(kustomization)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -220,7 +228,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for Kustomization reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isKustomizationReady(ctx, kubeClient, namespacedName, &kustomization)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_receiver.go
+++ b/cmd/flux/create_receiver.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -29,9 +28,10 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createReceiverCmd = &cobra.Command{
@@ -50,18 +50,20 @@ var createReceiverCmd = &cobra.Command{
 	RunE: createReceiverCmdRun,
 }
-var (
+type receiverFlags struct {
-	rcvType      string
+	receiverType string
-	rcvSecretRef string
+	secretRef    string
-	rcvEvents    []string
+	events       []string
-	rcvResources []string
+	resources    []string
-)
+}
 var receiverArgs receiverFlags
 func init() {
-	createReceiverCmd.Flags().StringVar(&rcvType, "type", "", "")
+	createReceiverCmd.Flags().StringVar(&receiverArgs.receiverType, "type", "", "")
-	createReceiverCmd.Flags().StringVar(&rcvSecretRef, "secret-ref", "", "")
+	createReceiverCmd.Flags().StringVar(&receiverArgs.secretRef, "secret-ref", "", "")
-	createReceiverCmd.Flags().StringArrayVar(&rcvEvents, "event", []string{}, "")
+	createReceiverCmd.Flags().StringArrayVar(&receiverArgs.events, "event", []string{}, "")
-	createReceiverCmd.Flags().StringArrayVar(&rcvResources, "resource", []string{}, "")
+	createReceiverCmd.Flags().StringArrayVar(&receiverArgs.resources, "resource", []string{}, "")
 	createCmd.AddCommand(createReceiverCmd)
 }
@@ -71,16 +73,16 @@ func createReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	if rcvType == "" {
+	if receiverArgs.receiverType == "" {
 		return fmt.Errorf("Receiver type is required")
 	}
-	if rcvSecretRef == "" {
+	if receiverArgs.secretRef == "" {
 		return fmt.Errorf("secret ref is required")
 	}
 	resources := []notificationv1.CrossNamespaceObjectReference{}
-	for _, resource := range rcvResources {
+	for _, resource := range receiverArgs.resources {
 		kind, name := utils.ParseObjectKindName(resource)
 		if kind == "" {
 			return fmt.Errorf("invalid event source '%s', must be in format <kind>/<name>", resource)
@@ -101,35 +103,35 @@ func createReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !export {
+	if !createArgs.export {
 		logger.Generatef("generating Receiver")
 	}
 	receiver := notificationv1.Receiver{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: notificationv1.ReceiverSpec{
-			Type:      rcvType,
+			Type:      receiverArgs.receiverType,
-			Events:    rcvEvents,
+			Events:    receiverArgs.events,
 			Resources: resources,
-			SecretRef: corev1.LocalObjectReference{
+			SecretRef: meta.LocalObjectReference{
-				Name: rcvSecretRef,
+				Name: receiverArgs.secretRef,
 			},
 			Suspend: false,
 		},
 	}
-	if export {
+	if createArgs.export {
 		return exportReceiver(receiver)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -141,7 +143,7 @@ func createReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for Receiver reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isReceiverReady(ctx, kubeClient, namespacedName, &receiver)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_secret.go
+++ b/cmd/flux/create_secret.go
@@ -39,6 +39,23 @@ func init() {
 	createCmd.AddCommand(createSecretCmd)
 }
 func makeSecret(name string) (corev1.Secret, error) {
 	secretLabels, err := parseLabels()
 	if err != nil {
 		return corev1.Secret{}, err
 	}
 	return corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: rootArgs.namespace,
 			Labels:    secretLabels,
 		},
 		StringData: map[string]string{},
 		Data:       nil,
 	}, nil
 }
 func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
 	namespacedName := types.NamespacedName{
 		Namespace: secret.GetNamespace(),
--- a/cmd/flux/create_secret_git.go
+++ b/cmd/flux/create_secret_git.go
@@ -20,12 +20,11 @@ import (
 	"context"
 	"crypto/elliptic"
 	"fmt"
 	"io/ioutil"
 	"net/url"
 	"time"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
@@ -71,60 +70,63 @@ For Git over HTTP/S, the provided basic authentication credentials are stored in
 	RunE: createSecretGitCmdRun,
 }
-var (
+type secretGitFlags struct {
-	secretGitURL          string
+	url          string
-	secretGitUsername     string
+	username     string
-	secretGitPassword     string
+	password     string
-	secretGitKeyAlgorithm flags.PublicKeyAlgorithm = "rsa"
+	keyAlgorithm flags.PublicKeyAlgorithm
-	secretGitRSABits      flags.RSAKeyBits         = 2048
+	rsaBits      flags.RSAKeyBits
-	secretGitECDSACurve                            = flags.ECDSACurve{Curve: elliptic.P384()}
+	ecdsaCurve   flags.ECDSACurve
-)
+	caFile       string
 }
 var secretGitArgs = NewSecretGitFlags()
 func init() {
-	createSecretGitCmd.Flags().StringVar(&secretGitURL, "url", "", "git address, e.g. ssh://git@host/org/repository")
+	createSecretGitCmd.Flags().StringVar(&secretGitArgs.url, "url", "", "git address, e.g. ssh://git@host/org/repository")
-	createSecretGitCmd.Flags().StringVarP(&secretGitUsername, "username", "u", "", "basic authentication username")
+	createSecretGitCmd.Flags().StringVarP(&secretGitArgs.username, "username", "u", "", "basic authentication username")
-	createSecretGitCmd.Flags().StringVarP(&secretGitPassword, "password", "p", "", "basic authentication password")
+	createSecretGitCmd.Flags().StringVarP(&secretGitArgs.password, "password", "p", "", "basic authentication password")
-	createSecretGitCmd.Flags().Var(&secretGitKeyAlgorithm, "ssh-key-algorithm", secretGitKeyAlgorithm.Description())
+	createSecretGitCmd.Flags().Var(&secretGitArgs.keyAlgorithm, "ssh-key-algorithm", secretGitArgs.keyAlgorithm.Description())
-	createSecretGitCmd.Flags().Var(&secretGitRSABits, "ssh-rsa-bits", secretGitRSABits.Description())
+	createSecretGitCmd.Flags().Var(&secretGitArgs.rsaBits, "ssh-rsa-bits", secretGitArgs.rsaBits.Description())
-	createSecretGitCmd.Flags().Var(&secretGitECDSACurve, "ssh-ecdsa-curve", secretGitECDSACurve.Description())
+	createSecretGitCmd.Flags().Var(&secretGitArgs.ecdsaCurve, "ssh-ecdsa-curve", secretGitArgs.ecdsaCurve.Description())
 	createSecretGitCmd.Flags().StringVar(&secretGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
 	createSecretCmd.AddCommand(createSecretGitCmd)
 }
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
 		keyAlgorithm: "rsa",
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}
 }
 func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
-
+	secret, err := makeSecret(name)
 	if secretGitURL == "" {
 		return fmt.Errorf("url is required")
 	}
 	u, err := url.Parse(secretGitURL)
 	if err != nil {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
 	secretLabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	if secretGitArgs.url == "" {
-	defer cancel()
+		return fmt.Errorf("url is required")
 	secret := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
 			Labels:    secretLabels,
 		},
 	}
 	u, err := url.Parse(secretGitArgs.url)
 	if err != nil {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 	switch u.Scheme {
 	case "ssh":
-		pair, err := generateKeyPair(ctx, secretGitKeyAlgorithm, secretGitRSABits, secretGitECDSACurve)
+		pair, err := generateKeyPair(ctx, secretGitArgs.keyAlgorithm, secretGitArgs.rsaBits, secretGitArgs.ecdsaCurve)
 		if err != nil {
 			return err
 		}
@@ -134,34 +136,42 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 			return err
 		}
-		secret.Data = map[string][]byte{
+		secret.StringData = map[string]string{
-			"identity":     pair.PrivateKey,
+			"identity":     string(pair.PrivateKey),
-			"identity.pub": pair.PublicKey,
+			"identity.pub": string(pair.PublicKey),
-			"known_hosts":  hostKey,
+			"known_hosts":  string(hostKey),
 		}
-		if !export {
+		if !createArgs.export {
 			logger.Generatef("deploy key: %s", string(pair.PublicKey))
 		}
 	case "http", "https":
-		if secretGitUsername == "" || secretGitPassword == "" {
+		if secretGitArgs.username == "" || secretGitArgs.password == "" {
 			return fmt.Errorf("for Git over HTTP/S the username and password are required")
 		}
-		// TODO: add cert data when it's implemented in source-controller
+		secret.StringData = map[string]string{
-		secret.Data = map[string][]byte{
+			"username": secretGitArgs.username,
-			"username": []byte(secretGitUsername),
+			"password": secretGitArgs.password,
 			"password": []byte(secretGitPassword),
 		}
 		if secretGitArgs.caFile != "" {
 			ca, err := ioutil.ReadFile(secretGitArgs.caFile)
 			if err != nil {
 				return fmt.Errorf("failed to read CA file '%s': %w", secretGitArgs.caFile, err)
 			}
 			secret.StringData["caFile"] = string(ca)
 		}
 	default:
 		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
 	}
-	if export {
+	if createArgs.export {
 		return exportSecret(secret)
 	}
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -169,7 +179,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 		return err
 	}
-	logger.Actionf("secret '%s' created in '%s' namespace", name, namespace)
+	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 	return nil
 }
--- a/cmd/flux/create_secret_helm.go
+++ b/cmd/flux/create_secret_helm.go
@@ -19,11 +19,8 @@ package main
 import (
 	"context"
 	"fmt"
 	"io/ioutil"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"github.com/fluxcd/flux2/internal/utils"
 )
@@ -55,21 +52,18 @@ The create secret helm command generates a Kubernetes secret with basic authenti
 	RunE: createSecretHelmCmdRun,
 }
-var (
+type secretHelmFlags struct {
-	secretHelmUsername string
+	username string
-	secretHelmPassword string
+	password string
-	secretHelmCertFile string
+	secretTLSFlags
-	secretHelmKeyFile  string
+}
-	secretHelmCAFile   string
+
-)
+var secretHelmArgs secretHelmFlags
 func init() {
-	createSecretHelmCmd.Flags().StringVarP(&secretHelmUsername, "username", "u", "", "basic authentication username")
+	createSecretHelmCmd.Flags().StringVarP(&secretHelmArgs.username, "username", "u", "", "basic authentication username")
-	createSecretHelmCmd.Flags().StringVarP(&secretHelmPassword, "password", "p", "", "basic authentication password")
+	createSecretHelmCmd.Flags().StringVarP(&secretHelmArgs.password, "password", "p", "", "basic authentication password")
-	createSecretHelmCmd.Flags().StringVar(&secretHelmCertFile, "cert-file", "", "TLS authentication cert file path")
+	initSecretTLSFlags(createSecretHelmCmd.Flags(), &secretHelmArgs.secretTLSFlags)
 	createSecretHelmCmd.Flags().StringVar(&secretHelmKeyFile, "key-file", "", "TLS authentication key file path")
 	createSecretHelmCmd.Flags().StringVar(&secretHelmCAFile, "ca-file", "", "TLS authentication CA file path")
 	createSecretCmd.AddCommand(createSecretHelmCmd)
 }
@@ -78,56 +72,28 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
-
+	secret, err := makeSecret(name)
 	secretLabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
-	secret := corev1.Secret{
+	if secretHelmArgs.username != "" && secretHelmArgs.password != "" {
-		ObjectMeta: metav1.ObjectMeta{
+		secret.StringData["username"] = secretHelmArgs.username
-			Name:      name,
+		secret.StringData["password"] = secretHelmArgs.password
 			Namespace: namespace,
 			Labels:    secretLabels,
 		},
 		StringData: map[string]string{},
 	}
-	if secretHelmUsername != "" && secretHelmPassword != "" {
+	if err = populateSecretTLS(&secret, secretHelmArgs.secretTLSFlags); err != nil {
-		secret.StringData["username"] = secretHelmUsername
+		return err
 		secret.StringData["password"] = secretHelmPassword
 	}
-	if secretHelmCertFile != "" && secretHelmKeyFile != "" {
+	if createArgs.export {
 		cert, err := ioutil.ReadFile(secretHelmCertFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository cert file '%s': %w", secretHelmCertFile, err)
 		}
 		secret.StringData["certFile"] = string(cert)
 		key, err := ioutil.ReadFile(secretHelmKeyFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository key file '%s': %w", secretHelmKeyFile, err)
 		}
 		secret.StringData["keyFile"] = string(key)
 	}
 	if secretHelmCAFile != "" {
 		ca, err := ioutil.ReadFile(secretHelmCAFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository CA file '%s': %w", secretHelmCAFile, err)
 		}
 		secret.StringData["caFile"] = string(ca)
 	}
 	if export {
 		return exportSecret(secret)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
@@ -135,7 +101,7 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
 	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 		return err
 	}
-	logger.Actionf("secret '%s' created in '%s' namespace", name, namespace)
+	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 	return nil
 }
--- a/cmd/flux/create_secret_tls.go
+++ b/cmd/flux/create_secret_tls.go
@@ -0,0 +1,128 @@
 /*
 Copyright 2020, 2021 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"context"
 	"fmt"
 	"io/ioutil"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	corev1 "k8s.io/api/core/v1"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createSecretTLSCmd = &cobra.Command{
 	Use:   "tls [name]",
 	Short: "Create or update a Kubernetes secret with TLS certificates",
 	Long: `
 The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`,
 	Example: `
  # Create a TLS secret on disk and encrypt it with Mozilla SOPS.
  # Files are expected to be PEM-encoded.
  flux create secret tls certs \
    --namespace=my-namespace \
    --cert-file=./client.crt \
    --key-file=./client.key \
    --export > certs.yaml
  sops --encrypt --encrypted-regex '^(data|stringData)$' \
    --in-place certs.yaml
 `,
 	RunE: createSecretTLSCmdRun,
 }
 type secretTLSFlags struct {
 	certFile string
 	keyFile  string
 	caFile   string
 }
 var secretTLSArgs secretTLSFlags
 func initSecretTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) {
 	flags.StringVar(&args.certFile, "cert-file", "", "TLS authentication cert file path")
 	flags.StringVar(&args.keyFile, "key-file", "", "TLS authentication key file path")
 	flags.StringVar(&args.caFile, "ca-file", "", "TLS authentication CA file path")
 }
 func init() {
 	flags := createSecretTLSCmd.Flags()
 	initSecretTLSFlags(flags, &secretTLSArgs)
 	createSecretCmd.AddCommand(createSecretTLSCmd)
 }
 func populateSecretTLS(secret *corev1.Secret, args secretTLSFlags) error {
 	if args.certFile != "" && args.keyFile != "" {
 		cert, err := ioutil.ReadFile(args.certFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository cert file '%s': %w", args.certFile, err)
 		}
 		secret.StringData["certFile"] = string(cert)
 		key, err := ioutil.ReadFile(args.keyFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository key file '%s': %w", args.keyFile, err)
 		}
 		secret.StringData["keyFile"] = string(key)
 	}
 	if args.caFile != "" {
 		ca, err := ioutil.ReadFile(args.caFile)
 		if err != nil {
 			return fmt.Errorf("failed to read repository CA file '%s': %w", args.caFile, err)
 		}
 		secret.StringData["caFile"] = string(ca)
 	}
 	return nil
 }
 func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
 	secret, err := makeSecret(name)
 	if err != nil {
 		return err
 	}
 	if err = populateSecretTLS(&secret, secretTLSArgs); err != nil {
 		return err
 	}
 	if createArgs.export {
 		return exportSecret(secret)
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 		return err
 	}
 	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 	return nil
 }
--- a/cmd/flux/create_source_bucket.go
+++ b/cmd/flux/create_source_bucket.go
@@ -30,9 +30,11 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 var createSourceBucketCmd = &cobra.Command{
@@ -61,41 +63,49 @@ For Buckets with static authentication, the credentials are stored in a Kubernet
 	RunE: createSourceBucketCmdRun,
 }
-var (
+type sourceBucketFlags struct {
-	sourceBucketName      string
+	name      string
-	sourceBucketProvider  = flags.SourceBucketProvider(sourcev1.GenericBucketProvider)
+	provider  flags.SourceBucketProvider
-	sourceBucketEndpoint  string
+	endpoint  string
-	sourceBucketAccessKey string
+	accessKey string
-	sourceBucketSecretKey string
+	secretKey string
-	sourceBucketRegion    string
+	region    string
-	sourceBucketInsecure  bool
+	insecure  bool
-	sourceBucketSecretRef string
+	secretRef string
-)
+}
 var sourceBucketArgs = NewSourceBucketFlags()
 func init() {
-	createSourceBucketCmd.Flags().Var(&sourceBucketProvider, "provider", sourceBucketProvider.Description())
+	createSourceBucketCmd.Flags().Var(&sourceBucketArgs.provider, "provider", sourceBucketArgs.provider.Description())
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketName, "bucket-name", "", "the bucket name")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.name, "bucket-name", "", "the bucket name")
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketEndpoint, "endpoint", "", "the bucket endpoint address")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.endpoint, "endpoint", "", "the bucket endpoint address")
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketAccessKey, "access-key", "", "the bucket access key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.accessKey, "access-key", "", "the bucket access key")
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.secretKey, "secret-key", "", "the bucket secret key")
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.region, "region", "", "the bucket region")
-	createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
+	createSourceBucketCmd.Flags().BoolVar(&sourceBucketArgs.insecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
-	createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretRef, "secret-ref", "", "the name of an existing secret containing credentials")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketArgs.secretRef, "secret-ref", "", "the name of an existing secret containing credentials")
 	createSourceCmd.AddCommand(createSourceBucketCmd)
 }
 func NewSourceBucketFlags() sourceBucketFlags {
 	return sourceBucketFlags{
 		provider: flags.SourceBucketProvider(sourcev1.GenericBucketProvider),
 	}
 }
 func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("Bucket source name is required")
 	}
 	name := args[0]
-	if sourceBucketName == "" {
+	if sourceBucketArgs.name == "" {
 		return fmt.Errorf("bucket-name is required")
 	}
-	if sourceBucketEndpoint == "" {
+	if sourceBucketArgs.endpoint == "" {
 		return fmt.Errorf("endpoint is required")
 	}
@@ -113,55 +123,55 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	bucket := &sourcev1.Bucket{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.BucketSpec{
-			BucketName: sourceBucketName,
+			BucketName: sourceBucketArgs.name,
-			Provider:   sourceBucketProvider.String(),
+			Provider:   sourceBucketArgs.provider.String(),
-			Insecure:   sourceBucketInsecure,
+			Insecure:   sourceBucketArgs.insecure,
-			Endpoint:   sourceBucketEndpoint,
+			Endpoint:   sourceBucketArgs.endpoint,
-			Region:     sourceBucketRegion,
+			Region:     sourceBucketArgs.region,
 			Interval: metav1.Duration{
-				Duration: interval,
+				Duration: createArgs.interval,
 			},
 		},
 	}
-	if sourceHelmSecretRef != "" {
+	if sourceHelmArgs.secretRef != "" {
-		bucket.Spec.SecretRef = &corev1.LocalObjectReference{
+		bucket.Spec.SecretRef = &meta.LocalObjectReference{
-			Name: sourceBucketSecretRef,
+			Name: sourceBucketArgs.secretRef,
 		}
 	}
-	if export {
+	if createArgs.export {
 		return exportBucket(*bucket)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	logger.Generatef("generating Bucket source")
-	if sourceBucketSecretRef == "" {
+	if sourceBucketArgs.secretRef == "" {
 		secretName := fmt.Sprintf("bucket-%s", name)
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      secretName,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 				Labels:    sourceLabels,
 			},
 			StringData: map[string]string{},
 		}
-		if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
+		if sourceBucketArgs.accessKey != "" && sourceBucketArgs.secretKey != "" {
-			secret.StringData["accesskey"] = sourceBucketAccessKey
+			secret.StringData["accesskey"] = sourceBucketArgs.accessKey
-			secret.StringData["secretkey"] = sourceBucketSecretKey
+			secret.StringData["secretkey"] = sourceBucketArgs.secretKey
 		}
 		if len(secret.StringData) > 0 {
@@ -169,7 +179,7 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 			if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 				return err
 			}
-			bucket.Spec.SecretRef = &corev1.LocalObjectReference{
+			bucket.Spec.SecretRef = &meta.LocalObjectReference{
 				Name: secretName,
 			}
 			logger.Successf("authentication configured")
@@ -183,7 +193,7 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for Bucket source reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isBucketReady(ctx, kubeClient, namespacedName, bucket)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@@ -34,12 +34,28 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 type sourceGitFlags struct {
 	url               string
 	branch            string
 	tag               string
 	semver            string
 	username          string
 	password          string
 	caFile            string
 	keyAlgorithm      flags.PublicKeyAlgorithm
 	keyRSABits        flags.RSAKeyBits
 	keyECDSACurve     flags.ECDSACurve
 	secretRef         string
 	gitImplementation flags.GitImplementation
 }
 var createSourceGitCmd = &cobra.Command{
 	Use:   "git [name]",
 	Short: "Create or update a GitRepository source",
@@ -84,54 +100,54 @@ For private Git repositories, the basic authentication credentials are stored in
 	RunE: createSourceGitCmdRun,
 }
-var (
+var sourceGitArgs = newSourceGitFlags()
 	sourceGitURL      string
 	sourceGitBranch   string
 	sourceGitTag      string
 	sourceGitSemver   string
 	sourceGitUsername string
 	sourceGitPassword string
 	sourceGitKeyAlgorithm   flags.PublicKeyAlgorithm = "rsa"
 	sourceGitRSABits        flags.RSAKeyBits         = 2048
 	sourceGitECDSACurve                              = flags.ECDSACurve{Curve: elliptic.P384()}
 	sourceGitSecretRef      string
 	sourceGitImplementation flags.GitImplementation
 )
 func init() {
-	createSourceGitCmd.Flags().StringVar(&sourceGitURL, "url", "", "git address, e.g. ssh://git@host/org/repository")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.url, "url", "", "git address, e.g. ssh://git@host/org/repository")
-	createSourceGitCmd.Flags().StringVar(&sourceGitBranch, "branch", "master", "git branch")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.branch, "branch", "master", "git branch")
-	createSourceGitCmd.Flags().StringVar(&sourceGitTag, "tag", "", "git tag")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.tag, "tag", "", "git tag")
-	createSourceGitCmd.Flags().StringVar(&sourceGitSemver, "tag-semver", "", "git tag semver range")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.semver, "tag-semver", "", "git tag semver range")
-	createSourceGitCmd.Flags().StringVarP(&sourceGitUsername, "username", "u", "", "basic authentication username")
+	createSourceGitCmd.Flags().StringVarP(&sourceGitArgs.username, "username", "u", "", "basic authentication username")
-	createSourceGitCmd.Flags().StringVarP(&sourceGitPassword, "password", "p", "", "basic authentication password")
+	createSourceGitCmd.Flags().StringVarP(&sourceGitArgs.password, "password", "p", "", "basic authentication password")
-	createSourceGitCmd.Flags().Var(&sourceGitKeyAlgorithm, "ssh-key-algorithm", sourceGitKeyAlgorithm.Description())
+	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyAlgorithm, "ssh-key-algorithm", sourceGitArgs.keyAlgorithm.Description())
-	createSourceGitCmd.Flags().Var(&sourceGitRSABits, "ssh-rsa-bits", sourceGitRSABits.Description())
+	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyRSABits, "ssh-rsa-bits", sourceGitArgs.keyRSABits.Description())
-	createSourceGitCmd.Flags().Var(&sourceGitECDSACurve, "ssh-ecdsa-curve", sourceGitECDSACurve.Description())
+	createSourceGitCmd.Flags().Var(&sourceGitArgs.keyECDSACurve, "ssh-ecdsa-curve", sourceGitArgs.keyECDSACurve.Description())
-	createSourceGitCmd.Flags().StringVarP(&sourceGitSecretRef, "secret-ref", "", "", "the name of an existing secret containing SSH or basic credentials")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials")
-	createSourceGitCmd.Flags().Var(&sourceGitImplementation, "git-implementation", sourceGitImplementation.Description())
+	createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description())
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates, requires libgit2")
 	createSourceCmd.AddCommand(createSourceGitCmd)
 }
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
 		keyAlgorithm:  "rsa",
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
 }
 func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("GitRepository source name is required")
 	}
 	name := args[0]
-	if sourceGitURL == "" {
+	if sourceGitArgs.url == "" {
 		return fmt.Errorf("url is required")
 	}
 	if sourceGitArgs.gitImplementation.String() != sourcev1.LibGit2Implementation && sourceGitArgs.caFile != "" {
 		return fmt.Errorf("specifing a CA file requires --git-implementation=%s", sourcev1.LibGit2Implementation)
 	}
 	tmpDir, err := ioutil.TempDir("", name)
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(tmpDir)
-	u, err := url.Parse(sourceGitURL)
+	u, err := url.Parse(sourceGitArgs.url)
 	if err != nil {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
@@ -144,54 +160,54 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	gitRepository := sourcev1.GitRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.GitRepositorySpec{
-			URL: sourceGitURL,
+			URL: sourceGitArgs.url,
 			Interval: metav1.Duration{
-				Duration: interval,
+				Duration: createArgs.interval,
 			},
 			Reference: &sourcev1.GitRepositoryRef{},
 		},
 	}
-	if sourceGitImplementation != "" {
+	if sourceGitArgs.gitImplementation != "" {
-		gitRepository.Spec.GitImplementation = sourceGitImplementation.String()
+		gitRepository.Spec.GitImplementation = sourceGitArgs.gitImplementation.String()
 	}
-	if sourceGitSemver != "" {
+	if sourceGitArgs.semver != "" {
-		gitRepository.Spec.Reference.SemVer = sourceGitSemver
+		gitRepository.Spec.Reference.SemVer = sourceGitArgs.semver
-	} else if sourceGitTag != "" {
+	} else if sourceGitArgs.tag != "" {
-		gitRepository.Spec.Reference.Tag = sourceGitTag
+		gitRepository.Spec.Reference.Tag = sourceGitArgs.tag
 	} else {
-		gitRepository.Spec.Reference.Branch = sourceGitBranch
+		gitRepository.Spec.Reference.Branch = sourceGitArgs.branch
 	}
-	if export {
+	if createArgs.export {
-		if sourceGitSecretRef != "" {
+		if sourceGitArgs.secretRef != "" {
-			gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
+			gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
-				Name: sourceGitSecretRef,
+				Name: sourceGitArgs.secretRef,
 			}
 		}
 		return exportGit(gitRepository)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	withAuth := false
 	// TODO(hidde): move all auth prep to separate func?
-	if sourceGitSecretRef != "" {
+	if sourceGitArgs.secretRef != "" {
 		withAuth = true
 	} else if u.Scheme == "ssh" {
 		logger.Generatef("generating deploy key pair")
-		pair, err := generateKeyPair(ctx, sourceGitKeyAlgorithm, sourceGitRSABits, sourceGitECDSACurve)
+		pair, err := generateKeyPair(ctx, sourceGitArgs.keyAlgorithm, sourceGitArgs.keyRSABits, sourceGitArgs.keyECDSACurve)
 		if err != nil {
 			return err
 		}
@@ -216,7 +232,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      name,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 				Labels:    sourceLabels,
 			},
 			StringData: map[string]string{
@@ -229,19 +245,28 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 			return err
 		}
 		withAuth = true
-	} else if sourceGitUsername != "" && sourceGitPassword != "" {
+	} else if sourceGitArgs.username != "" && sourceGitArgs.password != "" {
 		logger.Actionf("applying secret with basic auth credentials")
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      name,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 				Labels:    sourceLabels,
 			},
 			StringData: map[string]string{
-				"username": sourceGitUsername,
+				"username": sourceGitArgs.username,
-				"password": sourceGitPassword,
+				"password": sourceGitArgs.password,
 			},
 		}
 		if sourceGitArgs.caFile != "" {
 			ca, err := ioutil.ReadFile(sourceGitArgs.caFile)
 			if err != nil {
 				return fmt.Errorf("failed to read CA file '%s': %w", sourceGitArgs.caFile, err)
 			}
 			secret.StringData["caFile"] = string(ca)
 		}
 		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 			return err
 		}
@@ -256,10 +281,10 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if withAuth {
 		secretName := name
-		if sourceGitSecretRef != "" {
+		if sourceGitArgs.secretRef != "" {
-			secretName = sourceGitSecretRef
+			secretName = sourceGitArgs.secretRef
 		}
-		gitRepository.Spec.SecretRef = &corev1.LocalObjectReference{
+		gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: secretName,
 		}
 	}
@@ -271,7 +296,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for GitRepository source reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isGitRepositoryReady(ctx, kubeClient, namespacedName, &gitRepository)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_source_helm.go
+++ b/cmd/flux/create_source_helm.go
@@ -33,8 +33,9 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/fluxcd/flux2/internal/utils"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/fluxcd/flux2/internal/utils"
 )
 var createSourceHelmCmd = &cobra.Command{
@@ -64,24 +65,26 @@ For private Helm repositories, the basic authentication credentials are stored i
 	RunE: createSourceHelmCmdRun,
 }
-var (
+type sourceHelmFlags struct {
-	sourceHelmURL       string
+	url       string
-	sourceHelmUsername  string
+	username  string
-	sourceHelmPassword  string
+	password  string
-	sourceHelmCertFile  string
+	certFile  string
-	sourceHelmKeyFile   string
+	keyFile   string
-	sourceHelmCAFile    string
+	caFile    string
-	sourceHelmSecretRef string
+	secretRef string
-)
+}
 var sourceHelmArgs sourceHelmFlags
 func init() {
-	createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.url, "url", "", "Helm repository address")
-	createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
+	createSourceHelmCmd.Flags().StringVarP(&sourceHelmArgs.username, "username", "u", "", "basic authentication username")
-	createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
+	createSourceHelmCmd.Flags().StringVarP(&sourceHelmArgs.password, "password", "p", "", "basic authentication password")
-	createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.certFile, "cert-file", "", "TLS authentication cert file path")
-	createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.keyFile, "key-file", "", "TLS authentication key file path")
-	createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.caFile, "ca-file", "", "TLS authentication CA file path")
-	createSourceHelmCmd.Flags().StringVarP(&sourceHelmSecretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
+	createSourceHelmCmd.Flags().StringVarP(&sourceHelmArgs.secretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
 	createSourceCmd.AddCommand(createSourceHelmCmd)
 }
@@ -92,7 +95,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	if sourceHelmURL == "" {
+	if sourceHelmArgs.url == "" {
 		return fmt.Errorf("url is required")
 	}
@@ -107,78 +110,78 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	defer os.RemoveAll(tmpDir)
-	if _, err := url.Parse(sourceHelmURL); err != nil {
+	if _, err := url.Parse(sourceHelmArgs.url); err != nil {
 		return fmt.Errorf("url parse failed: %w", err)
 	}
 	helmRepository := &sourcev1.HelmRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.HelmRepositorySpec{
-			URL: sourceHelmURL,
+			URL: sourceHelmArgs.url,
 			Interval: metav1.Duration{
-				Duration: interval,
+				Duration: createArgs.interval,
 			},
 		},
 	}
-	if sourceHelmSecretRef != "" {
+	if sourceHelmArgs.secretRef != "" {
-		helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
+		helmRepository.Spec.SecretRef = &meta.LocalObjectReference{
-			Name: sourceHelmSecretRef,
+			Name: sourceHelmArgs.secretRef,
 		}
 	}
-	if export {
+	if createArgs.export {
 		return exportHelmRepository(*helmRepository)
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	logger.Generatef("generating HelmRepository source")
-	if sourceHelmSecretRef == "" {
+	if sourceHelmArgs.secretRef == "" {
 		secretName := fmt.Sprintf("helm-%s", name)
 		secret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      secretName,
-				Namespace: namespace,
+				Namespace: rootArgs.namespace,
 				Labels:    sourceLabels,
 			},
 			StringData: map[string]string{},
 		}
-		if sourceHelmUsername != "" && sourceHelmPassword != "" {
+		if sourceHelmArgs.username != "" && sourceHelmArgs.password != "" {
-			secret.StringData["username"] = sourceHelmUsername
+			secret.StringData["username"] = sourceHelmArgs.username
-			secret.StringData["password"] = sourceHelmPassword
+			secret.StringData["password"] = sourceHelmArgs.password
 		}
-		if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
+		if sourceHelmArgs.certFile != "" && sourceHelmArgs.keyFile != "" {
-			cert, err := ioutil.ReadFile(sourceHelmCertFile)
+			cert, err := ioutil.ReadFile(sourceHelmArgs.certFile)
 			if err != nil {
-				return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
+				return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmArgs.certFile, err)
 			}
 			secret.StringData["certFile"] = string(cert)
-			key, err := ioutil.ReadFile(sourceHelmKeyFile)
+			key, err := ioutil.ReadFile(sourceHelmArgs.keyFile)
 			if err != nil {
-				return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
+				return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmArgs.keyFile, err)
 			}
 			secret.StringData["keyFile"] = string(key)
 		}
-		if sourceHelmCAFile != "" {
+		if sourceHelmArgs.caFile != "" {
-			ca, err := ioutil.ReadFile(sourceHelmCAFile)
+			ca, err := ioutil.ReadFile(sourceHelmArgs.caFile)
 			if err != nil {
-				return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
+				return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmArgs.caFile, err)
 			}
 			secret.StringData["caFile"] = string(ca)
 		}
@@ -188,7 +191,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 			if err := upsertSecret(ctx, kubeClient, secret); err != nil {
 				return err
 			}
-			helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
+			helmRepository.Spec.SecretRef = &meta.LocalObjectReference{
 				Name: secretName,
 			}
 			logger.Successf("authentication configured")
@@ -202,7 +205,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Waitingf("waiting for HelmRepository source reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isHelmRepositoryReady(ctx, kubeClient, namespacedName, helmRepository)); err != nil {
 		return err
 	}
--- a/cmd/flux/create_tenant.go
+++ b/cmd/flux/create_tenant.go
@@ -58,14 +58,16 @@ const (
 	tenantLabel = "toolkit.fluxcd.io/tenant"
 )
-var (
+type tenantFlags struct {
-	tenantNamespaces  []string
+	namespaces  []string
-	tenantClusterRole string
+	clusterRole string
-)
+}
 var tenantArgs tenantFlags
 func init() {
-	createTenantCmd.Flags().StringSliceVar(&tenantNamespaces, "with-namespace", nil, "namespace belonging to this tenant")
+	createTenantCmd.Flags().StringSliceVar(&tenantArgs.namespaces, "with-namespace", nil, "namespace belonging to this tenant")
-	createTenantCmd.Flags().StringVar(&tenantClusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding")
+	createTenantCmd.Flags().StringVar(&tenantArgs.clusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding")
 	createCmd.AddCommand(createTenantCmd)
 }
@@ -78,11 +80,11 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("invalid tenant name '%s': %v", tenant, err)
 	}
-	if tenantClusterRole == "" {
+	if tenantArgs.clusterRole == "" {
 		return fmt.Errorf("cluster-role is required")
 	}
-	if tenantNamespaces == nil {
+	if tenantArgs.namespaces == nil {
 		return fmt.Errorf("with-namespace is required")
 	}
@@ -90,7 +92,7 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 	var accounts []corev1.ServiceAccount
 	var roleBindings []rbacv1.RoleBinding
-	for _, ns := range tenantNamespaces {
+	for _, ns := range tenantArgs.namespaces {
 		if err := validation.IsQualifiedName(ns); len(err) > 0 {
 			return fmt.Errorf("invalid namespace '%s': %v", ns, err)
 		}
@@ -141,14 +143,14 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 			RoleRef: rbacv1.RoleRef{
 				APIGroup: "rbac.authorization.k8s.io",
 				Kind:     "ClusterRole",
-				Name:     tenantClusterRole,
+				Name:     tenantArgs.clusterRole,
 			},
 		}
 		roleBindings = append(roleBindings, roleBinding)
 	}
-	if export {
+	if createArgs.export {
-		for i, _ := range tenantNamespaces {
+		for i, _ := range tenantArgs.namespaces {
 			if err := exportTenant(namespaces[i], accounts[i], roleBindings[i]); err != nil {
 				return err
 			}
@@ -156,15 +158,15 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 		return nil
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	for i, _ := range tenantNamespaces {
+	for i, _ := range tenantArgs.namespaces {
 		logger.Actionf("applying namespace %s", namespaces[i].Name)
 		if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil {
 			return err
--- a/cmd/flux/delete.go
+++ b/cmd/flux/delete.go
@@ -33,12 +33,14 @@ var deleteCmd = &cobra.Command{
 	Long:  "The delete sub-commands delete sources and resources.",
 }
-var (
+type deleteFlags struct {
-	deleteSilent bool
+	silent bool
-)
+}
 var deleteArgs deleteFlags
 func init() {
-	deleteCmd.PersistentFlags().BoolVarP(&deleteSilent, "silent", "s", false,
+	deleteCmd.PersistentFlags().BoolVarP(&deleteArgs.silent, "silent", "s", false,
 		"delete resource without asking for confirmation")
 	rootCmd.AddCommand(deleteCmd)
@@ -55,16 +57,16 @@ func (del deleteCommand) run(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -73,7 +75,7 @@ func (del deleteCommand) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !deleteSilent {
+	if !deleteArgs.silent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this " + del.humanKind,
 			IsConfirm: true,
@@ -83,7 +85,7 @@ func (del deleteCommand) run(cmd *cobra.Command, args []string) error {
 		}
 	}
-	logger.Actionf("deleting %s %s in %s namespace", del.humanKind, name, namespace)
+	logger.Actionf("deleting %s %s in %s namespace", del.humanKind, name, rootArgs.namespace)
 	err = kubeClient.Delete(ctx, del.object.asClientObject())
 	if err != nil {
 		return err
--- a/cmd/flux/delete_alert.go
+++ b/cmd/flux/delete_alert.go
@@ -48,16 +48,16 @@ func deleteAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -67,7 +67,7 @@ func deleteAlertCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !deleteSilent {
+	if !deleteArgs.silent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this Alert",
 			IsConfirm: true,
@@ -77,7 +77,7 @@ func deleteAlertCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
-	logger.Actionf("deleting alert %s in %s namespace", name, namespace)
+	logger.Actionf("deleting alert %s in %s namespace", name, rootArgs.namespace)
 	err = kubeClient.Delete(ctx, &alert)
 	if err != nil {
 		return err
--- a/cmd/flux/delete_alertprovider.go
+++ b/cmd/flux/delete_alertprovider.go
@@ -48,16 +48,16 @@ func deleteAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -67,7 +67,7 @@ func deleteAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !deleteSilent {
+	if !deleteArgs.silent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this Provider",
 			IsConfirm: true,
@@ -77,7 +77,7 @@ func deleteAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
-	logger.Actionf("deleting provider %s in %s namespace", name, namespace)
+	logger.Actionf("deleting provider %s in %s namespace", name, rootArgs.namespace)
 	err = kubeClient.Delete(ctx, &alertProvider)
 	if err != nil {
 		return err
--- a/cmd/flux/delete_helmrelease.go
+++ b/cmd/flux/delete_helmrelease.go
@@ -17,15 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"github.com/fluxcd/flux2/internal/utils"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"github.com/spf13/cobra"
 )
 var deleteHelmReleaseCmd = &cobra.Command{
@@ -36,57 +29,12 @@ var deleteHelmReleaseCmd = &cobra.Command{
 	Example: `  # Delete a Helm release and the Kubernetes resources created by it
  flux delete hr podinfo
 `,
-	RunE: deleteHelmReleaseCmdRun,
+	RunE: deleteCommand{
 		apiType: helmReleaseType,
 		object:  universalAdapter{&helmv2.HelmRelease{}},
 	}.run,
 }
 func init() {
 	deleteCmd.AddCommand(deleteHelmReleaseCmd)
 }
 func deleteHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("release name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var helmRelease helmv2.HelmRelease
 	err = kubeClient.Get(ctx, namespacedName, &helmRelease)
 	if err != nil {
 		return err
 	}
 	if !deleteSilent {
 		if !helmRelease.Spec.Suspend {
 			logger.Waitingf("This action will remove the Kubernetes objects previously applied by the %s Helm release!", name)
 		}
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this Helm release",
 			IsConfirm: true,
 		}
 		if _, err := prompt.Run(); err != nil {
 			return fmt.Errorf("aborting")
 		}
 	}
 	logger.Actionf("deleting release %s in %s namespace", name, namespace)
 	err = kubeClient.Delete(ctx, &helmRelease)
 	if err != nil {
 		return err
 	}
 	logger.Successf("release deleted")
 	return nil
 }
--- a/cmd/flux/delete_image.go
+++ b/cmd/flux/delete_image.go
@@ -20,12 +20,12 @@ import (
 	"github.com/spf13/cobra"
 )
-var deleteAutoCmd = &cobra.Command{
+var deleteImageCmd = &cobra.Command{
-	Use:   "auto",
+	Use:   "image",
-	Short: "Delete automation objects",
+	Short: "Delete image automation objects",
-	Long:  "The delete auto sub-commands delete automation objects.",
+	Long:  "The delete image sub-commands delete image automation objects.",
 }
 func init() {
-	deleteCmd.AddCommand(deleteAutoCmd)
+	deleteCmd.AddCommand(deleteImageCmd)
 }
--- a/cmd/flux/delete_image_policy.go
+++ b/cmd/flux/delete_image_policy.go
@@ -23,11 +23,11 @@ import (
 )
 var deleteImagePolicyCmd = &cobra.Command{
-	Use:   "image-policy [name]",
+	Use:   "policy [name]",
 	Short: "Delete an ImagePolicy object",
-	Long:  "The delete auto image-policy command deletes the given ImagePolicy from the cluster.",
+	Long:  "The delete image policy command deletes the given ImagePolicy from the cluster.",
 	Example: `  # Delete an image policy
-  flux delete auto image-policy alpine3.x
+  flux delete image policy alpine3.x
 `,
 	RunE: deleteCommand{
 		apiType: imagePolicyType,
@@ -36,5 +36,5 @@ var deleteImagePolicyCmd = &cobra.Command{
 }
 func init() {
-	deleteAutoCmd.AddCommand(deleteImagePolicyCmd)
+	deleteImageCmd.AddCommand(deleteImagePolicyCmd)
 }
--- a/cmd/flux/delete_image_repository.go
+++ b/cmd/flux/delete_image_repository.go
@@ -23,11 +23,11 @@ import (
 )
 var deleteImageRepositoryCmd = &cobra.Command{
-	Use:   "image-repository [name]",
+	Use:   "repository [name]",
 	Short: "Delete an ImageRepository object",
-	Long:  "The delete auto image-repository command deletes the given ImageRepository from the cluster.",
+	Long:  "The delete image repository command deletes the given ImageRepository from the cluster.",
 	Example: `  # Delete an image repository
-  flux delete auto image-repository alpine
+  flux delete image repository alpine
 `,
 	RunE: deleteCommand{
 		apiType: imageRepositoryType,
@@ -36,5 +36,5 @@ var deleteImageRepositoryCmd = &cobra.Command{
 }
 func init() {
-	deleteAutoCmd.AddCommand(deleteImageRepositoryCmd)
+	deleteImageCmd.AddCommand(deleteImageRepositoryCmd)
 }
--- a/cmd/flux/delete_image_updateauto.go
+++ b/cmd/flux/delete_image_updateauto.go
@@ -23,11 +23,11 @@ import (
 )
 var deleteImageUpdateCmd = &cobra.Command{
-	Use:   "image-update [name]",
+	Use:   "update [name]",
 	Short: "Delete an ImageUpdateAutomation object",
-	Long:  "The delete auto image-update command deletes the given ImageUpdateAutomation from the cluster.",
+	Long:  "The delete image update command deletes the given ImageUpdateAutomation from the cluster.",
 	Example: `  # Delete an image update automation
-  flux delete auto image-update latest-images
+  flux delete image update latest-images
 `,
 	RunE: deleteCommand{
 		apiType: imageUpdateAutomationType,
@@ -36,5 +36,5 @@ var deleteImageUpdateCmd = &cobra.Command{
 }
 func init() {
-	deleteAutoCmd.AddCommand(deleteImageUpdateCmd)
+	deleteImageCmd.AddCommand(deleteImageUpdateCmd)
 }
--- a/cmd/flux/delete_kustomization.go
+++ b/cmd/flux/delete_kustomization.go
@@ -17,14 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
 var deleteKsCmd = &cobra.Command{
@@ -35,57 +29,12 @@ var deleteKsCmd = &cobra.Command{
 	Example: `  # Delete a kustomization and the Kubernetes resources created by it
  flux delete kustomization podinfo
 `,
-	RunE: deleteKsCmdRun,
+	RunE: deleteCommand{
 		apiType: kustomizationType,
 		object:  universalAdapter{&kustomizev1.Kustomization{}},
 	}.run,
 }
 func init() {
 	deleteCmd.AddCommand(deleteKsCmd)
 }
 func deleteKsCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("kustomization name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var kustomization kustomizev1.Kustomization
 	err = kubeClient.Get(ctx, namespacedName, &kustomization)
 	if err != nil {
 		return err
 	}
 	if !deleteSilent {
 		if !kustomization.Spec.Suspend {
 			logger.Waitingf("This action will remove the Kubernetes objects previously applied by the %s kustomization!", name)
 		}
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this kustomization",
 			IsConfirm: true,
 		}
 		if _, err := prompt.Run(); err != nil {
 			return fmt.Errorf("aborting")
 		}
 	}
 	logger.Actionf("deleting kustomization %s in %s namespace", name, namespace)
 	err = kubeClient.Delete(ctx, &kustomization)
 	if err != nil {
 		return err
 	}
 	logger.Successf("kustomization deleted")
 	return nil
 }
--- a/cmd/flux/delete_receiver.go
+++ b/cmd/flux/delete_receiver.go
@@ -48,16 +48,16 @@ func deleteReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -67,7 +67,7 @@ func deleteReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !deleteSilent {
+	if !deleteArgs.silent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this Receiver",
 			IsConfirm: true,
@@ -77,7 +77,7 @@ func deleteReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
-	logger.Actionf("deleting receiver %s in %s namespace", name, namespace)
+	logger.Actionf("deleting receiver %s in %s namespace", name, rootArgs.namespace)
 	err = kubeClient.Delete(ctx, &receiver)
 	if err != nil {
 		return err
--- a/cmd/flux/delete_source_bucket.go
+++ b/cmd/flux/delete_source_bucket.go
@@ -17,14 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
 var deleteSourceBucketCmd = &cobra.Command{
@@ -34,54 +28,12 @@ var deleteSourceBucketCmd = &cobra.Command{
 	Example: `  # Delete a Bucket source
  flux delete source bucket podinfo
 `,
-	RunE: deleteSourceBucketCmdRun,
+	RunE: deleteCommand{
 		apiType: bucketType,
 		object:  universalAdapter{&sourcev1.Bucket{}},
 	}.run,
 }
 func init() {
 	deleteSourceCmd.AddCommand(deleteSourceBucketCmd)
 }
 func deleteSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var bucket sourcev1.Bucket
 	err = kubeClient.Get(ctx, namespacedName, &bucket)
 	if err != nil {
 		return err
 	}
 	if !deleteSilent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this source",
 			IsConfirm: true,
 		}
 		if _, err := prompt.Run(); err != nil {
 			return fmt.Errorf("aborting")
 		}
 	}
 	logger.Actionf("deleting source %s in %s namespace", name, namespace)
 	err = kubeClient.Delete(ctx, &bucket)
 	if err != nil {
 		return err
 	}
 	logger.Successf("source deleted")
 	return nil
 }
--- a/cmd/flux/delete_source_git.go
+++ b/cmd/flux/delete_source_git.go
@@ -17,14 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
 var deleteSourceGitCmd = &cobra.Command{
@@ -34,54 +28,12 @@ var deleteSourceGitCmd = &cobra.Command{
 	Example: `  # Delete a Git repository
  flux delete source git podinfo
 `,
-	RunE: deleteSourceGitCmdRun,
+	RunE: deleteCommand{
 		apiType: gitRepositoryType,
 		object:  universalAdapter{&sourcev1.GitRepository{}},
 	}.run,
 }
 func init() {
 	deleteSourceCmd.AddCommand(deleteSourceGitCmd)
 }
 func deleteSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("git name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var git sourcev1.GitRepository
 	err = kubeClient.Get(ctx, namespacedName, &git)
 	if err != nil {
 		return err
 	}
 	if !deleteSilent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this source",
 			IsConfirm: true,
 		}
 		if _, err := prompt.Run(); err != nil {
 			return fmt.Errorf("aborting")
 		}
 	}
 	logger.Actionf("deleting source %s in %s namespace", name, namespace)
 	err = kubeClient.Delete(ctx, &git)
 	if err != nil {
 		return err
 	}
 	logger.Successf("source deleted")
 	return nil
 }
--- a/cmd/flux/delete_source_helm.go
+++ b/cmd/flux/delete_source_helm.go
@@ -34,7 +34,10 @@ var deleteSourceHelmCmd = &cobra.Command{
 	Example: `  # Delete a Helm repository
  flux delete source helm podinfo
 `,
-	RunE: deleteSourceHelmCmdRun,
+	RunE: deleteCommand{
 		apiType: helmRepositoryType,
 		object:  universalAdapter{&sourcev1.HelmRepository{}},
 	}.run,
 }
 func init() {
@@ -47,16 +50,16 @@ func deleteSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -66,7 +69,7 @@ func deleteSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	if !deleteSilent {
+	if !deleteArgs.silent {
 		prompt := promptui.Prompt{
 			Label:     "Are you sure you want to delete this source",
 			IsConfirm: true,
@@ -76,7 +79,7 @@ func deleteSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
-	logger.Actionf("deleting source %s in %s namespace", name, namespace)
+	logger.Actionf("deleting source %s in %s namespace", name, rootArgs.namespace)
 	err = kubeClient.Delete(ctx, &helmRepository)
 	if err != nil {
 		return err
--- a/cmd/flux/export.go
+++ b/cmd/flux/export.go
@@ -35,12 +35,14 @@ var exportCmd = &cobra.Command{
 	Long:  "The export sub-commands export resources in YAML format.",
 }
-var (
+type exportFlags struct {
-	exportAll bool
+	all bool
-)
+}
 var exportArgs exportFlags
 func init() {
-	exportCmd.PersistentFlags().BoolVar(&exportAll, "all", false, "select all resources")
+	exportCmd.PersistentFlags().BoolVar(&exportArgs.all, "all", false, "select all resources")
 	rootCmd.AddCommand(exportCmd)
 }
@@ -65,26 +67,26 @@ type exportCommand struct {
 }
 func (export exportCommand) run(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
-		err = kubeClient.List(ctx, export.list.asClientList(), client.InNamespace(namespace))
+		err = kubeClient.List(ctx, export.list.asClientList(), client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if export.list.len() == 0 {
-			logger.Failuref("no objects found in %s namespace", namespace)
+			logger.Failuref("no objects found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -96,7 +98,7 @@ func (export exportCommand) run(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		err = kubeClient.Get(ctx, namespacedName, export.object.asClientObject())
--- a/cmd/flux/export_alert.go
+++ b/cmd/flux/export_alert.go
@@ -48,27 +48,27 @@ func init() {
 }
 func exportAlertCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list notificationv1.AlertList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no alerts found in %s namespace", namespace)
+			logger.Failuref("no alerts found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -80,7 +80,7 @@ func exportAlertCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var alert notificationv1.Alert
--- a/cmd/flux/export_alertprovider.go
+++ b/cmd/flux/export_alertprovider.go
@@ -48,27 +48,27 @@ func init() {
 }
 func exportAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list notificationv1.ProviderList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no alertproviders found in %s namespace", namespace)
+			logger.Failuref("no alertproviders found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -80,7 +80,7 @@ func exportAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var alertProvider notificationv1.Provider
--- a/cmd/flux/export_helmrelease.go
+++ b/cmd/flux/export_helmrelease.go
@@ -49,27 +49,27 @@ func init() {
 }
 func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list helmv2.HelmReleaseList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no helmrelease found in %s namespace", namespace)
+			logger.Failuref("no helmrelease found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -81,7 +81,7 @@ func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var helmRelease helmv2.HelmRelease
--- a/cmd/flux/export_kustomization.go
+++ b/cmd/flux/export_kustomization.go
@@ -49,27 +49,27 @@ func init() {
 }
 func exportKsCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("kustomization name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list kustomizev1.KustomizationList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no kustomizations found in %s namespace", namespace)
+			logger.Failuref("no kustomizations found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -81,7 +81,7 @@ func exportKsCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var kustomization kustomizev1.Kustomization
--- a/cmd/flux/export_receiver.go
+++ b/cmd/flux/export_receiver.go
@@ -48,27 +48,27 @@ func init() {
 }
 func exportReceiverCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list notificationv1.ReceiverList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no receivers found in %s namespace", namespace)
+			logger.Failuref("no receivers found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -80,7 +80,7 @@ func exportReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var receiver notificationv1.Receiver
--- a/cmd/flux/export_source_bucket.go
+++ b/cmd/flux/export_source_bucket.go
@@ -49,27 +49,27 @@ func init() {
 }
 func exportSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list sourcev1.BucketList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", namespace)
+			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -86,7 +86,7 @@ func exportSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var bucket sourcev1.Bucket
--- a/cmd/flux/export_source_git.go
+++ b/cmd/flux/export_source_git.go
@@ -49,27 +49,27 @@ func init() {
 }
 func exportSourceGitCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list sourcev1.GitRepositoryList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", namespace)
+			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -86,7 +86,7 @@ func exportSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var repository sourcev1.GitRepository
--- a/cmd/flux/export_source_helm.go
+++ b/cmd/flux/export_source_helm.go
@@ -49,27 +49,27 @@ func init() {
 }
 func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
-	if !exportAll && len(args) < 1 {
+	if !exportArgs.all && len(args) < 1 {
 		return fmt.Errorf("name is required")
 	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-	if exportAll {
+	if exportArgs.all {
 		var list sourcev1.HelmRepositoryList
-		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
 		if err != nil {
 			return err
 		}
 		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", namespace)
+			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
 			return nil
 		}
@@ -86,7 +86,7 @@ func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	} else {
 		name := args[0]
 		namespacedName := types.NamespacedName{
-			Namespace: namespace,
+			Namespace: rootArgs.namespace,
 			Name:      name,
 		}
 		var repository sourcev1.HelmRepository
--- a/cmd/flux/get.go
+++ b/cmd/flux/get.go
@@ -36,10 +36,14 @@ var getCmd = &cobra.Command{
 	Long:  "The get sub-commands print the statuses of sources and resources.",
 }
-var allNamespaces bool
+type GetFlags struct {
 	allNamespaces bool
 }
 var getArgs GetFlags
 func init() {
-	getCmd.PersistentFlags().BoolVarP(&allNamespaces, "all-namespaces", "A", false,
+	getCmd.PersistentFlags().BoolVarP(&getArgs.allNamespaces, "all-namespaces", "A", false,
 		"list the requested object(s) across all namespaces")
 	rootCmd.AddCommand(getCmd)
 }
@@ -74,32 +78,37 @@ type getCommand struct {
 }
 func (get getCommand) run(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	var listOpts []client.ListOption
-	if !allNamespaces {
+	if !getArgs.allNamespaces {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
 	}
 	if len(args) > 0 {
 		listOpts = append(listOpts, client.MatchingFields{"metadata.name": args[0]})
 	}
 	err = kubeClient.List(ctx, get.list.asClientList(), listOpts...)
 	if err != nil {
 		return err
 	}
 	if get.list.len() == 0 {
-		logger.Failuref("no %s objects found in %s namespace", get.kind, namespace)
+		logger.Failuref("no %s objects found in %s namespace", get.kind, rootArgs.namespace)
 		return nil
 	}
-	header := get.list.headers(allNamespaces)
+	header := get.list.headers(getArgs.allNamespaces)
 	var rows [][]string
 	for i := 0; i < get.list.len(); i++ {
-		row := get.list.summariseItem(i, allNamespaces)
+		row := get.list.summariseItem(i, getArgs.allNamespaces)
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
--- a/cmd/flux/get_alert.go
+++ b/cmd/flux/get_alert.go
@@ -33,9 +33,10 @@ import (
 )
 var getAlertCmd = &cobra.Command{
-	Use:   "alerts",
+	Use:     "alerts",
-	Short: "Get Alert statuses",
+	Aliases: []string{"alert"},
-	Long:  "The get alert command prints the statuses of the resources.",
+	Short:   "Get Alert statuses",
 	Long:    "The get alert command prints the statuses of the resources.",
 	Example: `  # List all Alerts and their status
  flux get alerts
 `,
@@ -47,17 +48,17 @@ func init() {
 }
 func getAlertCmdRun(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	var listOpts []client.ListOption
-	if !allNamespaces {
+	if !getArgs.allNamespaces {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
 	}
 	var list notificationv1.AlertList
 	err = kubeClient.List(ctx, &list, listOpts...)
@@ -66,12 +67,12 @@ func getAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	if len(list.Items) == 0 {
-		logger.Failuref("no alerts found in %s namespace", namespace)
+		logger.Failuref("no alerts found in %s namespace", rootArgs.namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Suspended"}
-	if allNamespaces {
+	if getArgs.allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
@@ -92,7 +93,7 @@ func getAlertCmdRun(cmd *cobra.Command, args []string) error {
 				strings.Title(strconv.FormatBool(alert.Spec.Suspend)),
 			}
 		}
-		if allNamespaces {
+		if getArgs.allNamespaces {
 			row = append([]string{alert.Namespace}, row...)
 		}
 		rows = append(rows, row)
--- a/cmd/flux/get_alertprovider.go
+++ b/cmd/flux/get_alertprovider.go
@@ -31,9 +31,10 @@ import (
 )
 var getAlertProviderCmd = &cobra.Command{
-	Use:   "alert-providers",
+	Use:     "alert-providers",
-	Short: "Get Provider statuses",
+	Aliases: []string{"alert-provider"},
-	Long:  "The get alert-provider command prints the statuses of the resources.",
+	Short:   "Get Provider statuses",
 	Long:    "The get alert-provider command prints the statuses of the resources.",
 	Example: `  # List all Providers and their status
  flux get alert-providers
 `,
@@ -45,17 +46,17 @@ func init() {
 }
 func getAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	var listOpts []client.ListOption
-	if !allNamespaces {
+	if !getArgs.allNamespaces {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
 	}
 	var list notificationv1.ProviderList
 	err = kubeClient.List(ctx, &list, listOpts...)
@@ -64,12 +65,12 @@ func getAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	if len(list.Items) == 0 {
-		logger.Failuref("no providers found in %s namespace", namespace)
+		logger.Failuref("no providers found in %s namespace", rootArgs.namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message"}
-	if allNamespaces {
+	if getArgs.allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
@@ -88,7 +89,7 @@ func getAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 				"waiting to be reconciled",
 			}
 		}
-		if allNamespaces {
+		if getArgs.allNamespaces {
 			row = append([]string{provider.Namespace}, row...)
 		}
 		rows = append(rows, row)
--- a/cmd/flux/get_helmrelease.go
+++ b/cmd/flux/get_helmrelease.go
@@ -17,90 +17,43 @@ limitations under the License.
 package main
 import (
 	"context"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"github.com/spf13/cobra"
 )
 var getHelmReleaseCmd = &cobra.Command{
 	Use:     "helmreleases",
-	Aliases: []string{"hr"},
+	Aliases: []string{"hr", "helmrelease"},
 	Short:   "Get HelmRelease statuses",
 	Long:    "The get helmreleases command prints the statuses of the resources.",
 	Example: `  # List all Helm releases and their status
  flux get helmreleases
 `,
-	RunE: getHelmReleaseCmdRun,
+	RunE: getCommand{
 		apiType: helmReleaseType,
 		list:    &helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
 	}.run,
 }
 func init() {
 	getCmd.AddCommand(getHelmReleaseCmd)
 }
-func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+func (a helmReleaseListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	revision := item.Status.LastAppliedRevision
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	return append(nameColumns(&item, includeNamespace),
-	if err != nil {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		return err
+}
-	}
+
-
+func (a helmReleaseListAdapter) headers(includeNamespace bool) []string {
-	var listOpts []client.ListOption
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if !allNamespaces {
+	if includeNamespace {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-	var list helmv2.HelmReleaseList
+	return headers
 	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
 	if len(list.Items) == 0 {
 		logger.Failuref("no releases found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, helmRelease := range list.Items {
 		row := []string{}
 		if c := apimeta.FindStatusCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				helmRelease.GetName(),
 				string(c.Status),
 				c.Message,
 				helmRelease.Status.LastAppliedRevision,
 				strings.Title(strconv.FormatBool(helmRelease.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				helmRelease.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				helmRelease.Status.LastAppliedRevision,
 				strings.Title(strconv.FormatBool(helmRelease.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{helmRelease.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/get_image.go
+++ b/cmd/flux/get_image.go
@@ -21,9 +21,10 @@ import (
 )
 var getImageCmd = &cobra.Command{
-	Use:   "image",
+	Use:     "images",
-	Short: "Get image automation object status",
+	Aliases: []string{"image"},
-	Long:  "The get image sub-commands print the status of image automation objects.",
+	Short:   "Get image automation object status",
 	Long:    "The get image sub-commands print the status of image automation objects.",
 }
 func init() {
--- a/cmd/flux/get_kustomization.go
+++ b/cmd/flux/get_kustomization.go
@@ -17,89 +17,43 @@ limitations under the License.
 package main
 import (
 	"context"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var getKsCmd = &cobra.Command{
 	Use:     "kustomizations",
-	Aliases: []string{"ks"},
+	Aliases: []string{"ks", "kustomization"},
 	Short:   "Get Kustomization statuses",
 	Long:    "The get kustomizations command prints the statuses of the resources.",
 	Example: `  # List all kustomizations and their status
  flux get kustomizations
 `,
-	RunE: getKsCmdRun,
+	RunE: getCommand{
 		apiType: kustomizationType,
 		list:    &kustomizationListAdapter{&kustomizev1.KustomizationList{}},
 	}.run,
 }
 func init() {
 	getCmd.AddCommand(getKsCmd)
 }
-func getKsCmdRun(cmd *cobra.Command, args []string) error {
+func (a kustomizationListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	revision := item.Status.LastAppliedRevision
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	return append(nameColumns(&item, includeNamespace),
-	if err != nil {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		return err
+}
-	}
+
-
+func (a kustomizationListAdapter) headers(includeNamespace bool) []string {
-	var listOpts []client.ListOption
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if !allNamespaces {
+	if includeNamespace {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-	var list kustomizev1.KustomizationList
+	return headers
 	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
 	if len(list.Items) == 0 {
 		logger.Failuref("no kustomizations found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, kustomization := range list.Items {
 		row := []string{}
 		if c := apimeta.FindStatusCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				kustomization.GetName(),
 				string(c.Status),
 				c.Message,
 				kustomization.Status.LastAppliedRevision,
 				strings.Title(strconv.FormatBool(kustomization.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				kustomization.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				kustomization.Status.LastAppliedRevision,
 				strings.Title(strconv.FormatBool(kustomization.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{kustomization.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/get_receiver.go
+++ b/cmd/flux/get_receiver.go
@@ -33,9 +33,10 @@ import (
 )
 var getReceiverCmd = &cobra.Command{
-	Use:   "receivers",
+	Use:     "receivers",
-	Short: "Get Receiver statuses",
+	Aliases: []string{"receiver"},
-	Long:  "The get receiver command prints the statuses of the resources.",
+	Short:   "Get Receiver statuses",
 	Long:    "The get receiver command prints the statuses of the resources.",
 	Example: `  # List all Receiver and their status
  flux get receivers
 `,
@@ -47,17 +48,17 @@ func init() {
 }
 func getReceiverCmdRun(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	var listOpts []client.ListOption
-	if !allNamespaces {
+	if !getArgs.allNamespaces {
-		listOpts = append(listOpts, client.InNamespace(namespace))
+		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
 	}
 	var list notificationv1.ReceiverList
 	err = kubeClient.List(ctx, &list, listOpts...)
@@ -66,12 +67,12 @@ func getReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	if len(list.Items) == 0 {
-		logger.Failuref("no receivers found in %s namespace", namespace)
+		logger.Failuref("no receivers found in %s namespace", rootArgs.namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Suspended"}
-	if allNamespaces {
+	if getArgs.allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
--- a/cmd/flux/get_source.go
+++ b/cmd/flux/get_source.go
@@ -21,9 +21,10 @@ import (
 )
 var getSourceCmd = &cobra.Command{
-	Use:   "sources",
+	Use:     "sources",
-	Short: "Get source statuses",
+	Aliases: []string{"source"},
-	Long:  "The get source sub-commands print the statuses of the sources.",
+	Short:   "Get source statuses",
 	Long:    "The get source sub-commands print the statuses of the sources.",
 }
 func init() {
--- a/cmd/flux/get_source_bucket.go
+++ b/cmd/flux/get_source_bucket.go
@@ -17,19 +17,11 @@ limitations under the License.
 package main
 import (
-	"context"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var getSourceBucketCmd = &cobra.Command{
@@ -42,70 +34,31 @@ var getSourceBucketCmd = &cobra.Command{
 # List buckets from all namespaces
  flux get sources helm --all-namespaces
 `,
-	RunE: getSourceBucketCmdRun,
+	RunE: getCommand{
 		apiType: bucketType,
 		list:    &bucketListAdapter{&sourcev1.BucketList{}},
 	}.run,
 }
 func init() {
 	getSourceCmd.AddCommand(getSourceBucketCmd)
 }
-func getSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+func (a *bucketListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	var revision string
-
+	if item.GetArtifact() != nil {
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+		revision = item.GetArtifact().Revision
 	if err != nil {
 		return err
 	}
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	var listOpts []client.ListOption
+	return append(nameColumns(&item, includeNamespace),
-	if !allNamespaces {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		listOpts = append(listOpts, client.InNamespace(namespace))
+}
-	}
+
-	var list sourcev1.BucketList
+func (a bucketListAdapter) headers(includeNamespace bool) []string {
-	err = kubeClient.List(ctx, &list, listOpts...)
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if err != nil {
+	if includeNamespace {
-		return err
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-
+	return headers
 	if len(list.Items) == 0 {
 		logger.Failuref("no bucket sources found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, source := range list.Items {
 		var row []string
 		var revision string
 		if source.GetArtifact() != nil {
 			revision = source.GetArtifact().Revision
 		}
 		if c := apimeta.FindStatusCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				source.GetName(),
 				string(c.Status),
 				c.Message,
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				source.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{source.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/get_source_chart.go
+++ b/cmd/flux/get_source_chart.go
@@ -17,19 +17,11 @@ limitations under the License.
 package main
 import (
 	"context"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var getSourceHelmChartCmd = &cobra.Command{
@@ -42,70 +34,31 @@ var getSourceHelmChartCmd = &cobra.Command{
 # List Helm charts from all namespaces
  flux get sources chart --all-namespaces
 `,
-	RunE: getSourceHelmChartCmdRun,
+	RunE: getCommand{
 		apiType: helmChartType,
 		list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
 	}.run,
 }
 func init() {
 	getSourceCmd.AddCommand(getSourceHelmChartCmd)
 }
-func getSourceHelmChartCmdRun(cmd *cobra.Command, args []string) error {
+func (a *helmChartListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	var revision string
-
+	if item.GetArtifact() != nil {
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+		revision = item.GetArtifact().Revision
 	if err != nil {
 		return err
 	}
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	var listOpts []client.ListOption
+	return append(nameColumns(&item, includeNamespace),
-	if !allNamespaces {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		listOpts = append(listOpts, client.InNamespace(namespace))
+}
-	}
+
-	var list sourcev1.HelmChartList
+func (a helmChartListAdapter) headers(includeNamespace bool) []string {
-	err = kubeClient.List(ctx, &list, listOpts...)
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if err != nil {
+	if includeNamespace {
-		return err
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-
+	return headers
 	if len(list.Items) == 0 {
 		logger.Failuref("no chart sources found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, source := range list.Items {
 		var row []string
 		var revision string
 		if source.GetArtifact() != nil {
 			revision = source.GetArtifact().Revision
 		}
 		if c := apimeta.FindStatusCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				source.GetName(),
 				string(c.Status),
 				c.Message,
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				source.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{source.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/get_source_git.go
+++ b/cmd/flux/get_source_git.go
@@ -17,19 +17,11 @@ limitations under the License.
 package main
 import (
 	"context"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var getSourceGitCmd = &cobra.Command{
@@ -42,70 +34,31 @@ var getSourceGitCmd = &cobra.Command{
 # List Git repositories from all namespaces
  flux get sources git --all-namespaces
 `,
-	RunE: getSourceGitCmdRun,
+	RunE: getCommand{
 		apiType: gitRepositoryType,
 		list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
 	}.run,
 }
 func init() {
 	getSourceCmd.AddCommand(getSourceGitCmd)
 }
-func getSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func (a *gitRepositoryListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	var revision string
-
+	if item.GetArtifact() != nil {
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+		revision = item.GetArtifact().Revision
 	if err != nil {
 		return err
 	}
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	var listOpts []client.ListOption
+	return append(nameColumns(&item, includeNamespace),
-	if !allNamespaces {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		listOpts = append(listOpts, client.InNamespace(namespace))
+}
-	}
+
-	var list sourcev1.GitRepositoryList
+func (a gitRepositoryListAdapter) headers(includeNamespace bool) []string {
-	err = kubeClient.List(ctx, &list, listOpts...)
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if err != nil {
+	if includeNamespace {
-		return err
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-
+	return headers
 	if len(list.Items) == 0 {
 		logger.Failuref("no git sources found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, source := range list.Items {
 		var row []string
 		var revision string
 		if source.GetArtifact() != nil {
 			revision = source.GetArtifact().Revision
 		}
 		if c := apimeta.FindStatusCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				source.GetName(),
 				string(c.Status),
 				c.Message,
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				source.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{source.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/get_source_helm.go
+++ b/cmd/flux/get_source_helm.go
@@ -17,19 +17,11 @@ limitations under the License.
 package main
 import (
 	"context"
 	"os"
 	"strconv"
 	"strings"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var getSourceHelmCmd = &cobra.Command{
@@ -42,70 +34,31 @@ var getSourceHelmCmd = &cobra.Command{
 # List Helm repositories from all namespaces
  flux get sources helm --all-namespaces
 `,
-	RunE: getSourceHelmCmdRun,
+	RunE: getCommand{
 		apiType: helmRepositoryType,
 		list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
 	}.run,
 }
 func init() {
 	getSourceCmd.AddCommand(getSourceHelmCmd)
 }
-func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func (a *helmRepositoryListAdapter) summariseItem(i int, includeNamespace bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	item := a.Items[i]
-	defer cancel()
+	var revision string
-
+	if item.GetArtifact() != nil {
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+		revision = item.GetArtifact().Revision
 	if err != nil {
 		return err
 	}
-
+	status, msg := statusAndMessage(item.Status.Conditions)
-	var listOpts []client.ListOption
+	return append(nameColumns(&item, includeNamespace),
-	if !allNamespaces {
+		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-		listOpts = append(listOpts, client.InNamespace(namespace))
+}
-	}
+
-	var list sourcev1.HelmRepositoryList
+func (a helmRepositoryListAdapter) headers(includeNamespace bool) []string {
-	err = kubeClient.List(ctx, &list, listOpts...)
+	headers := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
-	if err != nil {
+	if includeNamespace {
-		return err
+		headers = append([]string{"Namespace"}, headers...)
-	}
+	}
-
+	return headers
 	if len(list.Items) == 0 {
 		logger.Failuref("no helm sources found in %s namespace", namespace)
 		return nil
 	}
 	header := []string{"Name", "Ready", "Message", "Revision", "Suspended"}
 	if allNamespaces {
 		header = append([]string{"Namespace"}, header...)
 	}
 	var rows [][]string
 	for _, source := range list.Items {
 		var row []string
 		var revision string
 		if source.GetArtifact() != nil {
 			revision = source.GetArtifact().Revision
 		}
 		if c := apimeta.FindStatusCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
 			row = []string{
 				source.GetName(),
 				string(c.Status),
 				c.Message,
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		} else {
 			row = []string{
 				source.GetName(),
 				string(metav1.ConditionFalse),
 				"waiting to be reconciled",
 				revision,
 				strings.Title(strconv.FormatBool(source.Spec.Suspend)),
 			}
 		}
 		if allNamespaces {
 			row = append([]string{source.Namespace}, row...)
 		}
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
 	return nil
 }
--- a/cmd/flux/helmrelease.go
+++ b/cmd/flux/helmrelease.go
@@ -0,0 +1,51 @@
 /*
 Copyright 2021 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 // helmv2.HelmRelease
 var helmReleaseType = apiType{
 	kind:      helmv2.HelmReleaseKind,
 	humanKind: "helmreleases",
 }
 type helmReleaseAdapter struct {
 	*helmv2.HelmRelease
 }
 func (h helmReleaseAdapter) asClientObject() client.Object {
 	return h.HelmRelease
 }
 // helmv2.HelmReleaseList
 type helmReleaseListAdapter struct {
 	*helmv2.HelmReleaseList
 }
 func (h helmReleaseListAdapter) asClientList() client.ObjectList {
 	return h.HelmReleaseList
 }
 func (h helmReleaseListAdapter) len() int {
 	return len(h.HelmReleaseList.Items)
 }
--- a/cmd/flux/install.go
+++ b/cmd/flux/install.go
@@ -23,6 +23,7 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 	"github.com/spf13/cobra"
@@ -33,15 +34,18 @@ import (
 var installCmd = &cobra.Command{
 	Use:   "install",
-	Short: "Install the toolkit components",
+	Short: "Install or upgrade Flux",
-	Long: `The install command deploys the toolkit components in the specified namespace.
+	Long: `The install command deploys Flux in the specified namespace.
 If a previous version is installed, then an in-place upgrade will be performed.`,
 	Example: `  # Install the latest version in the flux-system namespace
  flux install --version=latest --namespace=flux-system
-  # Dry-run install for a specific version and a series of components
+  # Install a specific version and a series of components
  flux install --dry-run --version=v0.0.7 --components="source-controller,kustomize-controller"
  # Install Flux onto tainted Kubernetes nodes
  flux install --toleration-keys=node.kubernetes.io/dedicated-to-flux
  # Dry-run install with manifests preview
  flux install --dry-run --verbose
@@ -63,8 +67,9 @@ var (
 	installWatchAllNamespaces bool
 	installNetworkPolicy      bool
 	installArch               flags.Arch
-	installLogLevel           = flags.LogLevel(defaults.LogLevel)
+	installLogLevel           = flags.LogLevel(rootArgs.defaults.LogLevel)
 	installClusterDomain      string
 	installTolerationKeys     []string
 )
 func init() {
@@ -72,34 +77,60 @@ func init() {
 		"write the install manifests to stdout and exit")
 	installCmd.Flags().BoolVarP(&installDryRun, "dry-run", "", false,
 		"only print the object that would be applied")
-	installCmd.Flags().StringVarP(&installVersion, "version", "v", defaults.Version,
+	installCmd.Flags().StringVarP(&installVersion, "version", "v", rootArgs.defaults.Version,
 		"toolkit version")
-	installCmd.Flags().StringSliceVar(&installDefaultComponents, "components", defaults.Components,
+	installCmd.Flags().StringSliceVar(&installDefaultComponents, "components", rootArgs.defaults.Components,
 		"list of components, accepts comma-separated values")
 	installCmd.Flags().StringSliceVar(&installExtraComponents, "components-extra", nil,
 		"list of components in addition to those supplied or defaulted, accepts comma-separated values")
 	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "", "path to the manifest directory")
-	installCmd.Flags().StringVar(&installRegistry, "registry", defaults.Registry,
+	installCmd.Flags().StringVar(&installRegistry, "registry", rootArgs.defaults.Registry,
 		"container registry where the toolkit images are published")
 	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	installCmd.Flags().Var(&installArch, "arch", installArch.Description())
-	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", defaults.WatchAllNamespaces,
+	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
 	installCmd.Flags().Var(&installLogLevel, "log-level", installLogLevel.Description())
-	installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", defaults.NetworkPolicy,
+	installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", rootArgs.defaults.NetworkPolicy,
 		"deny ingress access to the toolkit controllers from other namespaces using network policies")
-	installCmd.Flags().StringVar(&installClusterDomain, "cluster-domain", defaults.ClusterDomain, "internal cluster domain")
+	installCmd.Flags().StringVar(&installClusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
 	installCmd.Flags().StringSliceVar(&installTolerationKeys, "toleration-keys", nil,
 		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
 	installCmd.Flags().MarkHidden("manifests")
 	installCmd.Flags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
 	rootCmd.AddCommand(installCmd)
 }
 func installCmdRun(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	tmpDir, err := ioutil.TempDir("", namespace)
+	components := append(installDefaultComponents, installExtraComponents...)
 	err := utils.ValidateComponents(components)
 	if err != nil {
 		return err
 	}
 	if installVersion == install.MakeDefaultOptions().Version {
 		installVersion, err = install.GetLatestVersion()
 		if err != nil {
 			return err
 		}
 	} else {
 		if ok, err := install.ExistingVersion(installVersion); err != nil || !ok {
 			if err == nil {
 				err = fmt.Errorf("targeted version '%s' does not exist", installVersion)
 			}
 			return err
 		}
 	}
 	if !utils.CompatibleVersion(VERSION, installVersion) {
 		return fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", installVersion, VERSION)
 	}
 	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
 	if err != nil {
 		return err
 	}
@@ -109,26 +140,21 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 	components := append(installDefaultComponents, installExtraComponents...)
 	if err := utils.ValidateComponents(components); err != nil {
 		return err
 	}
 	opts := install.Options{
 		BaseURL:                installManifestsPath,
 		Version:                installVersion,
-		Namespace:              namespace,
+		Namespace:              rootArgs.namespace,
 		Components:             components,
 		Registry:               installRegistry,
 		ImagePullSecret:        installImagePullSecret,
 		WatchAllNamespaces:     installWatchAllNamespaces,
 		NetworkPolicy:          installNetworkPolicy,
 		LogLevel:               installLogLevel.String(),
-		NotificationController: defaults.NotificationController,
+		NotificationController: rootArgs.defaults.NotificationController,
-		ManifestFile:           fmt.Sprintf("%s.yaml", namespace),
+		ManifestFile:           fmt.Sprintf("%s.yaml", rootArgs.namespace),
-		Timeout:                timeout,
+		Timeout:                rootArgs.timeout,
 		ClusterDomain:          installClusterDomain,
 		TolerationKeys:         installTolerationKeys,
 	}
 	if installManifestsPath == "" {
@@ -144,11 +170,11 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("install failed: %w", err)
 	}
-	if verbose {
+	if rootArgs.verbose {
 		fmt.Print(manifest.Content)
 	} else if installExport {
 		fmt.Println("---")
-		fmt.Println("# GitOps Toolkit revision", installVersion)
+		fmt.Println("# Flux version:", installVersion)
 		fmt.Println("# Components:", strings.Join(components, ","))
 		fmt.Print(manifest.Content)
 		fmt.Println("---")
@@ -156,9 +182,9 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	logger.Successf("manifests build completed")
-	logger.Actionf("installing components in %s namespace", namespace)
+	logger.Actionf("installing components in %s namespace", rootArgs.namespace)
 	applyOutput := utils.ModeStderrOS
-	if verbose {
+	if rootArgs.verbose {
 		applyOutput = utils.ModeOS
 	}
@@ -167,25 +193,23 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		kubectlArgs = append(kubectlArgs, "--dry-run=client")
 		applyOutput = utils.ModeOS
 	}
-	if _, err := utils.ExecKubectlCommand(ctx, applyOutput, kubeconfig, kubecontext, kubectlArgs...); err != nil {
+	if _, err := utils.ExecKubectlCommand(ctx, applyOutput, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err != nil {
 		return fmt.Errorf("install failed")
 	}
 	if installDryRun {
 		logger.Successf("install dry-run finished")
 		return nil
-	} else {
+	}
-		logger.Successf("install completed")
+
 	statusChecker, err := NewStatusChecker(time.Second, time.Minute)
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
 	logger.Waitingf("verifying installation")
-	for _, deployment := range components {
+	if err := statusChecker.Assess(components...); err != nil {
-		kubectlArgs = []string{"-n", namespace, "rollout", "status", "deployment", deployment, "--timeout", timeout.String()}
+		return fmt.Errorf("install failed")
 		if _, err := utils.ExecKubectlCommand(ctx, applyOutput, kubeconfig, kubecontext, kubectlArgs...); err != nil {
 			return fmt.Errorf("install failed")
 		} else {
 			logger.Successf("%s ready", deployment)
 		}
 	}
 	logger.Successf("install finished")
--- a/cmd/flux/kustomization.go
+++ b/cmd/flux/kustomization.go
@@ -0,0 +1,51 @@
 /*
 Copyright 2020 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 // kustomizev1.Kustomization
 var kustomizationType = apiType{
 	kind:      kustomizev1.KustomizationKind,
 	humanKind: "kustomizations",
 }
 type kustomizationAdapter struct {
 	*kustomizev1.Kustomization
 }
 func (a kustomizationAdapter) asClientObject() client.Object {
 	return a.Kustomization
 }
 // kustomizev1.KustomizationList
 type kustomizationListAdapter struct {
 	*kustomizev1.KustomizationList
 }
 func (a kustomizationListAdapter) asClientList() client.ObjectList {
 	return a.KustomizationList
 }
 func (a kustomizationListAdapter) len() int {
 	return len(a.KustomizationList.Items)
 }
--- a/cmd/flux/main.go
+++ b/cmd/flux/main.go
@@ -26,7 +26,6 @@ import (
 	"github.com/spf13/cobra/doc"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	fluxlog "github.com/fluxcd/flux2/pkg/log"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 )
@@ -42,7 +41,7 @@ var rootCmd = &cobra.Command{
 	Example: `  # Check prerequisites
  flux check --pre
-  # Install the latest version of the toolkit
+  # Install the latest version of Flux
  flux install --version=master
  # Create a source from a public Git repository
@@ -89,27 +88,37 @@ var rootCmd = &cobra.Command{
  # Delete a GitRepository source
  flux delete source git webapp-latest
-  # Uninstall the toolkit and delete CRDs
+  # Uninstall Flux and delete CRDs
-  flux uninstall --crds
+  flux uninstall
 `,
 }
-var (
+var logger = stderrLogger{stderr: os.Stderr}
 type rootFlags struct {
 	kubeconfig   string
 	kubecontext  string
 	namespace    string
 	timeout      time.Duration
 	verbose      bool
-	pollInterval                = 2 * time.Second
+	pollInterval time.Duration
-	logger       fluxlog.Logger = stderrLogger{stderr: os.Stderr}
+	defaults     install.Options
-	defaults                    = install.MakeDefaultOptions()
+}
-)
+
 var rootArgs = NewRootFlags()
 func init() {
-	rootCmd.PersistentFlags().StringVarP(&namespace, "namespace", "n", defaults.Namespace, "the namespace scope for this operation")
+	rootCmd.PersistentFlags().StringVarP(&rootArgs.namespace, "namespace", "n", rootArgs.defaults.Namespace, "the namespace scope for this operation")
-	rootCmd.PersistentFlags().DurationVar(&timeout, "timeout", 5*time.Minute, "timeout for this operation")
+	rootCmd.PersistentFlags().DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
-	rootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "print generated objects")
+	rootCmd.PersistentFlags().BoolVar(&rootArgs.verbose, "verbose", false, "print generated objects")
-	rootCmd.PersistentFlags().StringVarP(&kubecontext, "context", "", "", "kubernetes context to use")
+	rootCmd.PersistentFlags().StringVarP(&rootArgs.kubecontext, "context", "", "", "kubernetes context to use")
 }
 func NewRootFlags() rootFlags {
 	return rootFlags{
 		pollInterval: 2 * time.Second,
 		defaults:     install.MakeDefaultOptions(),
 	}
 }
 func main() {
@@ -124,22 +133,22 @@ func main() {
 func kubeconfigFlag() {
 	if home := homeDir(); home != "" {
-		rootCmd.PersistentFlags().StringVarP(&kubeconfig, "kubeconfig", "", filepath.Join(home, ".kube", "config"),
+		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", filepath.Join(home, ".kube", "config"),
 			"path to the kubeconfig file")
 	} else {
-		rootCmd.PersistentFlags().StringVarP(&kubeconfig, "kubeconfig", "", "",
+		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", "",
 			"absolute path to the kubeconfig file")
 	}
 	if len(os.Getenv("KUBECONFIG")) > 0 {
-		kubeconfig = os.Getenv("KUBECONFIG")
+		rootArgs.kubeconfig = os.Getenv("KUBECONFIG")
 	}
 }
 func generateDocs() {
 	args := os.Args[1:]
 	if len(args) > 0 && args[0] == "docgen" {
-		rootCmd.PersistentFlags().StringVarP(&kubeconfig, "kubeconfig", "", "~/.kube/config",
+		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", "~/.kube/config",
 			"path to the kubeconfig file")
 		rootCmd.DisableAutoGenTag = true
 		err := doc.GenMarkdownTree(rootCmd, "./docs/cmd")
--- a/cmd/flux/reconcile.go
+++ b/cmd/flux/reconcile.go
@@ -69,16 +69,16 @@ func (reconcile reconcileCommand) run(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -91,7 +91,7 @@ func (reconcile reconcileCommand) run(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("resource is suspended")
 	}
-	logger.Actionf("annotating %s %s in %s namespace", reconcile.kind, name, namespace)
+	logger.Actionf("annotating %s %s in %s namespace", reconcile.kind, name, rootArgs.namespace)
 	if err := requestReconciliation(ctx, kubeClient, namespacedName, reconcile.object); err != nil {
 		return err
 	}
@@ -99,7 +99,7 @@ func (reconcile reconcileCommand) run(cmd *cobra.Command, args []string) error {
 	lastHandledReconcileAt := reconcile.object.lastHandledReconcileRequest()
 	logger.Waitingf("waiting for %s reconciliation", reconcile.kind)
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		reconciliationHandled(ctx, kubeClient, namespacedName, reconcile.object, lastHandledReconcileAt)); err != nil {
 		return err
 	}
--- a/cmd/flux/reconcile_alert.go
+++ b/cmd/flux/reconcile_alert.go
@@ -51,16 +51,16 @@ func reconcileAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -74,7 +74,7 @@ func reconcileAlertCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("resource is suspended")
 	}
-	logger.Actionf("annotating Alert %s in %s namespace", name, namespace)
+	logger.Actionf("annotating Alert %s in %s namespace", name, rootArgs.namespace)
 	if alert.Annotations == nil {
 		alert.Annotations = map[string]string{
 			meta.ReconcileRequestAnnotation: time.Now().Format(time.RFC3339Nano),
@@ -89,7 +89,7 @@ func reconcileAlertCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("Alert annotated")
 	logger.Waitingf("waiting for reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isAlertReady(ctx, kubeClient, namespacedName, &alert)); err != nil {
 		return err
 	}
--- a/cmd/flux/reconcile_alertprovider.go
+++ b/cmd/flux/reconcile_alertprovider.go
@@ -51,20 +51,20 @@ func reconcileAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
-	logger.Actionf("annotating Provider %s in %s namespace", name, namespace)
+	logger.Actionf("annotating Provider %s in %s namespace", name, rootArgs.namespace)
 	var alertProvider notificationv1.Provider
 	err = kubeClient.Get(ctx, namespacedName, &alertProvider)
 	if err != nil {
@@ -84,7 +84,7 @@ func reconcileAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("Provider annotated")
 	logger.Waitingf("waiting for reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isAlertProviderReady(ctx, kubeClient, namespacedName, &alertProvider)); err != nil {
 		return err
 	}
--- a/cmd/flux/reconcile_helmrelease.go
+++ b/cmd/flux/reconcile_helmrelease.go
@@ -51,12 +51,14 @@ The reconcile kustomization command triggers a reconciliation of a HelmRelease r
 	RunE: reconcileHrCmdRun,
 }
-var (
+type reconcileHelmReleaseFlags struct {
 	syncHrWithSource bool
-)
+}
 var rhrArgs reconcileHelmReleaseFlags
 func init() {
-	reconcileHrCmd.Flags().BoolVar(&syncHrWithSource, "with-source", false, "reconcile HelmRelease source")
+	reconcileHrCmd.Flags().BoolVar(&rhrArgs.syncHrWithSource, "with-source", false, "reconcile HelmRelease source")
 	reconcileCmd.AddCommand(reconcileHrCmd)
 }
@@ -67,16 +69,16 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -90,29 +92,43 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("resource is suspended")
 	}
-	if syncHrWithSource {
+	if rhrArgs.syncHrWithSource {
 		nsCopy := rootArgs.namespace
 		if helmRelease.Spec.Chart.Spec.SourceRef.Namespace != "" {
 			rootArgs.namespace = helmRelease.Spec.Chart.Spec.SourceRef.Namespace
 		}
 		switch helmRelease.Spec.Chart.Spec.SourceRef.Kind {
 		case sourcev1.HelmRepositoryKind:
-			err = reconcileSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+			err = reconcileCommand{
 				apiType: helmRepositoryType,
 				object:  helmRepositoryAdapter{&sourcev1.HelmRepository{}},
 			}.run(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
 		case sourcev1.GitRepositoryKind:
-			err = reconcileSourceGitCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+			err = reconcileCommand{
 				apiType: gitRepositoryType,
 				object:  gitRepositoryAdapter{&sourcev1.GitRepository{}},
 			}.run(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
 		case sourcev1.BucketKind:
-			err = reconcileSourceBucketCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+			err = reconcileCommand{
 				apiType: bucketType,
 				object:  bucketAdapter{&sourcev1.Bucket{}},
 			}.run(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
 		}
 		if err != nil {
 			return err
 		}
 		rootArgs.namespace = nsCopy
 	}
 	lastHandledReconcileAt := helmRelease.Status.LastHandledReconcileAt
-	logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
+	logger.Actionf("annotating HelmRelease %s in %s namespace", name, rootArgs.namespace)
 	if err := requestHelmReleaseReconciliation(ctx, kubeClient, namespacedName, &helmRelease); err != nil {
 		return err
 	}
 	logger.Successf("HelmRelease annotated")
 	logger.Waitingf("waiting for HelmRelease reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		helmReleaseReconciliationHandled(ctx, kubeClient, namespacedName, &helmRelease, lastHandledReconcileAt),
 	); err != nil {
 		return err
--- a/cmd/flux/reconcile_kustomization.go
+++ b/cmd/flux/reconcile_kustomization.go
@@ -50,12 +50,14 @@ The reconcile kustomization command triggers a reconciliation of a Kustomization
 	RunE: reconcileKsCmdRun,
 }
-var (
+type reconcileKsFlags struct {
 	syncKsWithSource bool
-)
+}
 var rksArgs reconcileKsFlags
 func init() {
-	reconcileKsCmd.Flags().BoolVar(&syncKsWithSource, "with-source", false, "reconcile Kustomization source")
+	reconcileKsCmd.Flags().BoolVar(&rksArgs.syncKsWithSource, "with-source", false, "reconcile Kustomization source")
 	reconcileCmd.AddCommand(reconcileKsCmd)
 }
@@ -66,16 +68,16 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	var kustomization kustomizev1.Kustomization
@@ -88,20 +90,31 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("resource is suspended")
 	}
-	if syncKsWithSource {
+	if rksArgs.syncKsWithSource {
 		nsCopy := rootArgs.namespace
 		if kustomization.Spec.SourceRef.Namespace != "" {
 			rootArgs.namespace = kustomization.Spec.SourceRef.Namespace
 		}
 		switch kustomization.Spec.SourceRef.Kind {
 		case sourcev1.GitRepositoryKind:
-			err = reconcileSourceGitCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+			err = reconcileCommand{
 				apiType: gitRepositoryType,
 				object:  gitRepositoryAdapter{&sourcev1.GitRepository{}},
 			}.run(nil, []string{kustomization.Spec.SourceRef.Name})
 		case sourcev1.BucketKind:
-			err = reconcileSourceBucketCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+			err = reconcileCommand{
 				apiType: bucketType,
 				object:  bucketAdapter{&sourcev1.Bucket{}},
 			}.run(nil, []string{kustomization.Spec.SourceRef.Name})
 		}
 		if err != nil {
 			return err
 		}
 		rootArgs.namespace = nsCopy
 	}
 	lastHandledReconcileAt := kustomization.Status.LastHandledReconcileAt
-	logger.Actionf("annotating Kustomization %s in %s namespace", name, namespace)
+	logger.Actionf("annotating Kustomization %s in %s namespace", name, rootArgs.namespace)
 	if err := requestKustomizeReconciliation(ctx, kubeClient, namespacedName, &kustomization); err != nil {
 		return err
 	}
@@ -109,7 +122,7 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Waitingf("waiting for Kustomization reconciliation")
 	if err := wait.PollImmediate(
-		pollInterval, timeout,
+		rootArgs.pollInterval, rootArgs.timeout,
 		kustomizeReconciliationHandled(ctx, kubeClient, namespacedName, &kustomization, lastHandledReconcileAt),
 	); err != nil {
 		return err
--- a/cmd/flux/reconcile_receiver.go
+++ b/cmd/flux/reconcile_receiver.go
@@ -51,16 +51,16 @@ func reconcileReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -74,7 +74,7 @@ func reconcileReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("resource is suspended")
 	}
-	logger.Actionf("annotating Receiver %s in %s namespace", name, namespace)
+	logger.Actionf("annotating Receiver %s in %s namespace", name, rootArgs.namespace)
 	if receiver.Annotations == nil {
 		receiver.Annotations = map[string]string{
 			meta.ReconcileRequestAnnotation: time.Now().Format(time.RFC3339Nano),
@@ -88,7 +88,7 @@ func reconcileReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("Receiver annotated")
 	logger.Waitingf("waiting for Receiver reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isReceiverReady(ctx, kubeClient, namespacedName, &receiver)); err != nil {
 		return err
 	}
--- a/cmd/flux/reconcile_source_bucket.go
+++ b/cmd/flux/reconcile_source_bucket.go
@@ -19,13 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/fluxcd/pkg/apis/meta"
 	"k8s.io/client-go/util/retry"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -43,64 +37,16 @@ var reconcileSourceBucketCmd = &cobra.Command{
 	Example: `  # Trigger a reconciliation for an existing source
  flux reconcile source bucket podinfo
 `,
-	RunE: reconcileSourceBucketCmdRun,
+	RunE: reconcileCommand{
 		apiType: bucketType,
 		object:  bucketAdapter{&sourcev1.Bucket{}},
 	}.run,
 }
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceBucketCmd)
 }
 func reconcileSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var bucket sourcev1.Bucket
 	err = kubeClient.Get(ctx, namespacedName, &bucket)
 	if err != nil {
 		return err
 	}
 	if bucket.Spec.Suspend {
 		return fmt.Errorf("resource is suspended")
 	}
 	lastHandledReconcileAt := bucket.Status.LastHandledReconcileAt
 	logger.Actionf("annotating Bucket source %s in %s namespace", name, namespace)
 	if err := requestBucketReconciliation(ctx, kubeClient, namespacedName, &bucket); err != nil {
 		return err
 	}
 	logger.Successf("Bucket source annotated")
 	logger.Waitingf("waiting for Bucket source reconciliation")
 	if err := wait.PollImmediate(
 		pollInterval, timeout,
 		bucketReconciliationHandled(ctx, kubeClient, namespacedName, &bucket, lastHandledReconcileAt),
 	); err != nil {
 		return err
 	}
 	logger.Successf("Bucket source reconciliation completed")
 	if apimeta.IsStatusConditionFalse(bucket.Status.Conditions, meta.ReadyCondition) {
 		return fmt.Errorf("Bucket source reconciliation failed")
 	}
 	logger.Successf("fetched revision %s", bucket.Status.Artifact.Revision)
 	return nil
 }
 func isBucketReady(ctx context.Context, kubeClient client.Client,
 	namespacedName types.NamespacedName, bucket *sourcev1.Bucket) wait.ConditionFunc {
 	return func() (bool, error) {
@@ -126,30 +72,10 @@ func isBucketReady(ctx context.Context, kubeClient client.Client,
 	}
 }
-func bucketReconciliationHandled(ctx context.Context, kubeClient client.Client,
+func (obj bucketAdapter) lastHandledReconcileRequest() string {
-	namespacedName types.NamespacedName, bucket *sourcev1.Bucket, lastHandledReconcileAt string) wait.ConditionFunc {
+	return obj.Status.GetLastHandledReconcileRequest()
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, bucket)
 		if err != nil {
 			return false, err
 		}
 		return bucket.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
-func requestBucketReconciliation(ctx context.Context, kubeClient client.Client,
+func (obj bucketAdapter) successMessage() string {
-	namespacedName types.NamespacedName, bucket *sourcev1.Bucket) error {
+	return fmt.Sprintf("fetched revision %s", obj.Status.Artifact.Revision)
 	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
 		if err := kubeClient.Get(ctx, namespacedName, bucket); err != nil {
 			return err
 		}
 		if bucket.Annotations == nil {
 			bucket.Annotations = map[string]string{
 				meta.ReconcileRequestAnnotation: time.Now().Format(time.RFC3339Nano),
 			}
 		} else {
 			bucket.Annotations[meta.ReconcileRequestAnnotation] = time.Now().Format(time.RFC3339Nano)
 		}
 		return kubeClient.Update(ctx, bucket)
 	})
 }
--- a/cmd/flux/reconcile_source_git.go
+++ b/cmd/flux/reconcile_source_git.go
@@ -17,21 +17,9 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var reconcileSourceGitCmd = &cobra.Command{
@@ -41,86 +29,20 @@ var reconcileSourceGitCmd = &cobra.Command{
 	Example: `  # Trigger a git pull for an existing source
  flux reconcile source git podinfo
 `,
-	RunE: reconcileSourceGitCmdRun,
+	RunE: reconcileCommand{
 		apiType: gitRepositoryType,
 		object:  gitRepositoryAdapter{&sourcev1.GitRepository{}},
 	}.run,
 }
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceGitCmd)
 }
-func reconcileSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func (obj gitRepositoryAdapter) lastHandledReconcileRequest() string {
-	if len(args) < 1 {
+	return obj.Status.GetLastHandledReconcileRequest()
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var repository sourcev1.GitRepository
 	err = kubeClient.Get(ctx, namespacedName, &repository)
 	if err != nil {
 		return err
 	}
 	if repository.Spec.Suspend {
 		return fmt.Errorf("resource is suspended")
 	}
 	logger.Actionf("annotating GitRepository source %s in %s namespace", name, namespace)
 	if err := requestGitRepositoryReconciliation(ctx, kubeClient, namespacedName, &repository); err != nil {
 		return err
 	}
 	logger.Successf("GitRepository source annotated")
 	lastHandledReconcileAt := repository.Status.LastHandledReconcileAt
 	logger.Waitingf("waiting for GitRepository source reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		gitRepositoryReconciliationHandled(ctx, kubeClient, namespacedName, &repository, lastHandledReconcileAt)); err != nil {
 		return err
 	}
 	logger.Successf("GitRepository source reconciliation completed")
 	if apimeta.IsStatusConditionFalse(repository.Status.Conditions, meta.ReadyCondition) {
 		return fmt.Errorf("GitRepository source reconciliation failed")
 	}
 	logger.Successf("fetched revision %s", repository.Status.Artifact.Revision)
 	return nil
 }
-func gitRepositoryReconciliationHandled(ctx context.Context, kubeClient client.Client,
+func (obj gitRepositoryAdapter) successMessage() string {
-	namespacedName types.NamespacedName, repository *sourcev1.GitRepository, lastHandledReconcileAt string) wait.ConditionFunc {
+	return fmt.Sprintf("fetched revision %s", obj.Status.Artifact.Revision)
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, repository)
 		if err != nil {
 			return false, err
 		}
 		return repository.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
 func requestGitRepositoryReconciliation(ctx context.Context, kubeClient client.Client,
 	namespacedName types.NamespacedName, repository *sourcev1.GitRepository) error {
 	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
 		if err := kubeClient.Get(ctx, namespacedName, repository); err != nil {
 			return err
 		}
 		if repository.Annotations == nil {
 			repository.Annotations = map[string]string{
 				meta.ReconcileRequestAnnotation: time.Now().Format(time.RFC3339Nano),
 			}
 		} else {
 			repository.Annotations[meta.ReconcileRequestAnnotation] = time.Now().Format(time.RFC3339Nano)
 		}
 		return kubeClient.Update(ctx, repository)
 	})
 }
--- a/cmd/flux/reconcile_source_helm.go
+++ b/cmd/flux/reconcile_source_helm.go
@@ -17,22 +17,9 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"time"
 	"github.com/fluxcd/pkg/apis/meta"
 	"k8s.io/client-go/util/retry"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var reconcileSourceHelmCmd = &cobra.Command{
@@ -42,86 +29,20 @@ var reconcileSourceHelmCmd = &cobra.Command{
 	Example: `  # Trigger a reconciliation for an existing source
  flux reconcile source helm podinfo
 `,
-	RunE: reconcileSourceHelmCmdRun,
+	RunE: reconcileCommand{
 		apiType: helmRepositoryType,
 		object:  helmRepositoryAdapter{&sourcev1.HelmRepository{}},
 	}.run,
 }
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceHelmCmd)
 }
-func reconcileSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func (obj helmRepositoryAdapter) lastHandledReconcileRequest() string {
-	if len(args) < 1 {
+	return obj.Status.GetLastHandledReconcileRequest()
 		return fmt.Errorf("HelmRepository source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var repository sourcev1.HelmRepository
 	err = kubeClient.Get(ctx, namespacedName, &repository)
 	if err != nil {
 		return err
 	}
 	if repository.Spec.Suspend {
 		return fmt.Errorf("resource is suspended")
 	}
 	logger.Actionf("annotating HelmRepository source %s in %s namespace", name, namespace)
 	if err := requestHelmRepositoryReconciliation(ctx, kubeClient, namespacedName, &repository); err != nil {
 		return err
 	}
 	logger.Successf("HelmRepository source annotated")
 	lastHandledReconcileAt := repository.Status.LastHandledReconcileAt
 	logger.Waitingf("waiting for HelmRepository source reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		helmRepositoryReconciliationHandled(ctx, kubeClient, namespacedName, &repository, lastHandledReconcileAt)); err != nil {
 		return err
 	}
 	logger.Successf("HelmRepository source reconciliation completed")
 	if apimeta.IsStatusConditionFalse(repository.Status.Conditions, meta.ReadyCondition) {
 		return fmt.Errorf("HelmRepository source reconciliation failed")
 	}
 	logger.Successf("fetched revision %s", repository.Status.Artifact.Revision)
 	return nil
 }
-func helmRepositoryReconciliationHandled(ctx context.Context, kubeClient client.Client,
+func (obj helmRepositoryAdapter) successMessage() string {
-	namespacedName types.NamespacedName, repository *sourcev1.HelmRepository, lastHandledReconcileAt string) wait.ConditionFunc {
+	return fmt.Sprintf("fetched revision %s", obj.Status.Artifact.Revision)
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, repository)
 		if err != nil {
 			return false, err
 		}
 		return repository.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
 func requestHelmRepositoryReconciliation(ctx context.Context, kubeClient client.Client,
 	namespacedName types.NamespacedName, repository *sourcev1.HelmRepository) error {
 	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
 		if err := kubeClient.Get(ctx, namespacedName, repository); err != nil {
 			return err
 		}
 		if repository.Annotations == nil {
 			repository.Annotations = map[string]string{
 				meta.ReconcileRequestAnnotation: time.Now().Format(time.RFC3339Nano),
 			}
 		} else {
 			repository.Annotations[meta.ReconcileRequestAnnotation] = time.Now().Format(time.RFC3339Nano)
 		}
 		return kubeClient.Update(ctx, repository)
 	})
 }
--- a/cmd/flux/resume.go
+++ b/cmd/flux/resume.go
@@ -55,16 +55,16 @@ func (resume resumeCommand) run(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
@@ -73,7 +73,7 @@ func (resume resumeCommand) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("resuming %s %s in %s namespace", resume.humanKind, name, namespace)
+	logger.Actionf("resuming %s %s in %s namespace", resume.humanKind, name, rootArgs.namespace)
 	resume.object.setUnsuspended()
 	if err := kubeClient.Update(ctx, resume.object.asClientObject()); err != nil {
 		return err
@@ -81,7 +81,7 @@ func (resume resumeCommand) run(cmd *cobra.Command, args []string) error {
 	logger.Successf("%s resumed", resume.humanKind)
 	logger.Waitingf("waiting for %s reconciliation", resume.kind)
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isReady(ctx, kubeClient, namespacedName, resume.object)); err != nil {
 		return err
 	}
--- a/cmd/flux/resume_alert.go
+++ b/cmd/flux/resume_alert.go
@@ -54,16 +54,16 @@ func resumeAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	var alert notificationv1.Alert
@@ -72,7 +72,7 @@ func resumeAlertCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("resuming Alert %s in %s namespace", name, namespace)
+	logger.Actionf("resuming Alert %s in %s namespace", name, rootArgs.namespace)
 	alert.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &alert); err != nil {
 		return err
@@ -80,7 +80,7 @@ func resumeAlertCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("Alert resumed")
 	logger.Waitingf("waiting for Alert reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isAlertResumed(ctx, kubeClient, namespacedName, &alert)); err != nil {
 		return err
 	}
--- a/cmd/flux/resume_helmrelease.go
+++ b/cmd/flux/resume_helmrelease.go
@@ -17,20 +17,9 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"github.com/spf13/cobra"
 )
 var resumeHrCmd = &cobra.Command{
@@ -42,76 +31,24 @@ finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Helm release
  flux resume hr podinfo
 `,
-	RunE: resumeHrCmdRun,
+	RunE: resumeCommand{
 		apiType: helmReleaseType,
 		object:  helmReleaseAdapter{&helmv2.HelmRelease{}},
 	}.run,
 }
 func init() {
 	resumeCmd.AddCommand(resumeHrCmd)
 }
-func resumeHrCmdRun(cmd *cobra.Command, args []string) error {
+func (obj helmReleaseAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.HelmRelease.Status.ObservedGeneration
 		return fmt.Errorf("HelmRelease name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var helmRelease helmv2.HelmRelease
 	err = kubeClient.Get(ctx, namespacedName, &helmRelease)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming HelmRelease %s in %s namespace", name, namespace)
 	helmRelease.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &helmRelease); err != nil {
 		return err
 	}
 	logger.Successf("HelmRelease resumed")
 	logger.Waitingf("waiting for HelmRelease reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isHelmReleaseResumed(ctx, kubeClient, namespacedName, &helmRelease)); err != nil {
 		return err
 	}
 	logger.Successf("HelmRelease reconciliation completed")
 	logger.Successf("applied revision %s", helmRelease.Status.LastAppliedRevision)
 	return nil
 }
-func isHelmReleaseResumed(ctx context.Context, kubeClient client.Client,
+func (obj helmReleaseAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, helmRelease *helmv2.HelmRelease) wait.ConditionFunc {
+	obj.HelmRelease.Spec.Suspend = false
-	return func() (bool, error) {
+}
-		err := kubeClient.Get(ctx, namespacedName, helmRelease)
+
-		if err != nil {
+func (obj helmReleaseAdapter) successMessage() string {
-			return false, err
+	return fmt.Sprintf("applied revision %s", obj.Status.LastAppliedRevision)
 		}
 		// Confirm the state we are observing is for the current generation
 		if helmRelease.Generation != helmRelease.Status.ObservedGeneration {
 			return false, err
 		}
 		if c := apimeta.FindStatusCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/resume_kustomization.go
+++ b/cmd/flux/resume_kustomization.go
@@ -17,19 +17,10 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 var resumeKsCmd = &cobra.Command{
@@ -41,76 +32,24 @@ finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Kustomization
  flux resume ks podinfo
 `,
-	RunE: resumeKsCmdRun,
+	RunE: resumeCommand{
 		apiType: kustomizationType,
 		object:  kustomizationAdapter{&kustomizev1.Kustomization{}},
 	}.run,
 }
 func init() {
 	resumeCmd.AddCommand(resumeKsCmd)
 }
-func resumeKsCmdRun(cmd *cobra.Command, args []string) error {
+func (obj kustomizationAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.Kustomization.Status.ObservedGeneration
 		return fmt.Errorf("Kustomization name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var kustomization kustomizev1.Kustomization
 	err = kubeClient.Get(ctx, namespacedName, &kustomization)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming Kustomization %s in %s namespace", name, namespace)
 	kustomization.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &kustomization); err != nil {
 		return err
 	}
 	logger.Successf("Kustomization resumed")
 	logger.Waitingf("waiting for Kustomization reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isKustomizationResumed(ctx, kubeClient, namespacedName, &kustomization)); err != nil {
 		return err
 	}
 	logger.Successf("Kustomization reconciliation completed")
 	logger.Successf("applied revision %s", kustomization.Status.LastAppliedRevision)
 	return nil
 }
-func isKustomizationResumed(ctx context.Context, kubeClient client.Client,
+func (obj kustomizationAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, kustomization *kustomizev1.Kustomization) wait.ConditionFunc {
+	obj.Kustomization.Spec.Suspend = false
-	return func() (bool, error) {
+}
-		err := kubeClient.Get(ctx, namespacedName, kustomization)
+
-		if err != nil {
+func (obj kustomizationAdapter) successMessage() string {
-			return false, err
+	return fmt.Sprintf("applied revision %s", obj.Status.LastAppliedRevision)
 		}
 		// Confirm the state we are observing is for the current generation
 		if kustomization.Generation != kustomization.Status.ObservedGeneration {
 			return false, nil
 		}
 		if c := apimeta.FindStatusCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/resume_receiver.go
+++ b/cmd/flux/resume_receiver.go
@@ -54,16 +54,16 @@ func resumeReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	var receiver notificationv1.Receiver
@@ -72,7 +72,7 @@ func resumeReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("resuming Receiver %s in %s namespace", name, namespace)
+	logger.Actionf("resuming Receiver %s in %s namespace", name, rootArgs.namespace)
 	receiver.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &receiver); err != nil {
 		return err
@@ -80,7 +80,7 @@ func resumeReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Successf("Receiver resumed")
 	logger.Waitingf("waiting for Receiver reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
+	if err := wait.PollImmediate(rootArgs.pollInterval, rootArgs.timeout,
 		isReceiverResumed(ctx, kubeClient, namespacedName, &receiver)); err != nil {
 		return err
 	}
--- a/cmd/flux/resume_source_bucket.go
+++ b/cmd/flux/resume_source_bucket.go
@@ -17,20 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var resumeSourceBucketCmd = &cobra.Command{
@@ -40,76 +28,20 @@ var resumeSourceBucketCmd = &cobra.Command{
 	Example: `  # Resume reconciliation for an existing Bucket
  flux resume source bucket podinfo
 `,
-	RunE: resumeSourceBucketCmdRun,
+	RunE: resumeCommand{
 		apiType: bucketType,
 		object:  &bucketAdapter{&sourcev1.Bucket{}},
 	}.run,
 }
 func init() {
 	resumeSourceCmd.AddCommand(resumeSourceBucketCmd)
 }
-func resumeSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+func (obj bucketAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.Bucket.Status.ObservedGeneration
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var bucket sourcev1.Bucket
 	err = kubeClient.Get(ctx, namespacedName, &bucket)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming source %s in %s namespace", name, namespace)
 	bucket.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &bucket); err != nil {
 		return err
 	}
 	logger.Successf("source resumed")
 	logger.Waitingf("waiting for Bucket reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isBucketResumed(ctx, kubeClient, namespacedName, &bucket)); err != nil {
 		return err
 	}
 	logger.Successf("Bucket reconciliation completed")
 	logger.Successf("fetched revision %s", bucket.Status.Artifact.Revision)
 	return nil
 }
-func isBucketResumed(ctx context.Context, kubeClient client.Client,
+func (obj bucketAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, bucket *sourcev1.Bucket) wait.ConditionFunc {
+	obj.Bucket.Spec.Suspend = false
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, bucket)
 		if err != nil {
 			return false, err
 		}
 		// Confirm the state we are observing is for the current generation
 		if bucket.Generation != bucket.Status.ObservedGeneration {
 			return false, nil
 		}
 		if c := apimeta.FindStatusCondition(bucket.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/resume_source_chart.go
+++ b/cmd/flux/resume_source_chart.go
@@ -17,20 +17,10 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var resumeSourceHelmChartCmd = &cobra.Command{
@@ -40,76 +30,24 @@ var resumeSourceHelmChartCmd = &cobra.Command{
 	Example: `  # Resume reconciliation for an existing HelmChart
  flux resume source chart podinfo
 `,
-	RunE: resumeSourceHelmChartCmdRun,
+	RunE: resumeCommand{
 		apiType: helmChartType,
 		object:  &helmChartAdapter{&sourcev1.HelmChart{}},
 	}.run,
 }
 func init() {
 	resumeSourceCmd.AddCommand(resumeSourceHelmChartCmd)
 }
-func resumeSourceHelmChartCmdRun(cmd *cobra.Command, args []string) error {
+func (obj helmChartAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.HelmChart.Status.ObservedGeneration
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var repository sourcev1.HelmChart
 	err = kubeClient.Get(ctx, namespacedName, &repository)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming source %s in %s namespace", name, namespace)
 	repository.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &repository); err != nil {
 		return err
 	}
 	logger.Successf("source resumed")
 	logger.Waitingf("waiting for HelmChart reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isHelmChartResumed(ctx, kubeClient, namespacedName, &repository)); err != nil {
 		return err
 	}
 	logger.Successf("HelmChart reconciliation completed")
 	logger.Successf("fetched revision %s", repository.Status.Artifact.Revision)
 	return nil
 }
-func isHelmChartResumed(ctx context.Context, kubeClient client.Client,
+func (obj helmChartAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, chart *sourcev1.HelmChart) wait.ConditionFunc {
+	obj.HelmChart.Spec.Suspend = false
-	return func() (bool, error) {
+}
-		err := kubeClient.Get(ctx, namespacedName, chart)
+
-		if err != nil {
+func (obj helmChartAdapter) successMessage() string {
-			return false, err
+	return fmt.Sprintf("fetched revision %s", obj.Status.Artifact.Revision)
 		}
 		// Confirm the state we are observing is for the current generation
 		if chart.Generation != chart.Status.ObservedGeneration {
 			return false, nil
 		}
 		if c := apimeta.FindStatusCondition(chart.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/resume_source_git.go
+++ b/cmd/flux/resume_source_git.go
@@ -17,20 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var resumeSourceGitCmd = &cobra.Command{
@@ -40,76 +28,20 @@ var resumeSourceGitCmd = &cobra.Command{
 	Example: `  # Resume reconciliation for an existing GitRepository
  flux resume source git podinfo
 `,
-	RunE: resumeSourceGitCmdRun,
+	RunE: resumeCommand{
 		apiType: gitRepositoryType,
 		object:  gitRepositoryAdapter{&sourcev1.GitRepository{}},
 	}.run,
 }
 func init() {
 	resumeSourceCmd.AddCommand(resumeSourceGitCmd)
 }
-func resumeSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func (obj gitRepositoryAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.GitRepository.Status.ObservedGeneration
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var repository sourcev1.GitRepository
 	err = kubeClient.Get(ctx, namespacedName, &repository)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming source %s in %s namespace", name, namespace)
 	repository.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &repository); err != nil {
 		return err
 	}
 	logger.Successf("source resumed")
 	logger.Waitingf("waiting for GitRepository reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isGitRepositoryResumed(ctx, kubeClient, namespacedName, &repository)); err != nil {
 		return err
 	}
 	logger.Successf("GitRepository reconciliation completed")
 	logger.Successf("fetched revision %s", repository.Status.Artifact.Revision)
 	return nil
 }
-func isGitRepositoryResumed(ctx context.Context, kubeClient client.Client,
+func (obj gitRepositoryAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, repository *sourcev1.GitRepository) wait.ConditionFunc {
+	obj.GitRepository.Spec.Suspend = false
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, repository)
 		if err != nil {
 			return false, err
 		}
 		// Confirm the state we are observing is for the current generation
 		if repository.Generation != repository.Status.ObservedGeneration {
 			return false, nil
 		}
 		if c := apimeta.FindStatusCondition(repository.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/resume_source_helm.go
+++ b/cmd/flux/resume_source_helm.go
@@ -17,20 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 )
 var resumeSourceHelmCmd = &cobra.Command{
@@ -40,76 +28,20 @@ var resumeSourceHelmCmd = &cobra.Command{
 	Example: `  # Resume reconciliation for an existing HelmRepository
  flux resume source helm bitnami
 `,
-	RunE: resumeSourceHelmCmdRun,
+	RunE: resumeCommand{
 		apiType: helmRepositoryType,
 		object:  helmRepositoryAdapter{&sourcev1.HelmRepository{}},
 	}.run,
 }
 func init() {
 	resumeSourceCmd.AddCommand(resumeSourceHelmCmd)
 }
-func resumeSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func (obj helmRepositoryAdapter) getObservedGeneration() int64 {
-	if len(args) < 1 {
+	return obj.HelmRepository.Status.ObservedGeneration
 		return fmt.Errorf("source name is required")
 	}
 	name := args[0]
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var repository sourcev1.HelmRepository
 	err = kubeClient.Get(ctx, namespacedName, &repository)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("resuming source %s in %s namespace", name, namespace)
 	repository.Spec.Suspend = false
 	if err := kubeClient.Update(ctx, &repository); err != nil {
 		return err
 	}
 	logger.Successf("source resumed")
 	logger.Waitingf("waiting for HelmRepository reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
 		isHelmRepositoryResumed(ctx, kubeClient, namespacedName, &repository)); err != nil {
 		return err
 	}
 	logger.Successf("HelmRepository reconciliation completed")
 	logger.Successf("fetched revision %s", repository.Status.Artifact.Revision)
 	return nil
 }
-func isHelmRepositoryResumed(ctx context.Context, kubeClient client.Client,
+func (obj helmRepositoryAdapter) setUnsuspended() {
-	namespacedName types.NamespacedName, repository *sourcev1.HelmRepository) wait.ConditionFunc {
+	obj.HelmRepository.Spec.Suspend = false
 	return func() (bool, error) {
 		err := kubeClient.Get(ctx, namespacedName, repository)
 		if err != nil {
 			return false, err
 		}
 		// Confirm the state we are observing is for the current generation
 		if repository.Generation != repository.Status.ObservedGeneration {
 			return false, nil
 		}
 		if c := apimeta.FindStatusCondition(repository.Status.Conditions, meta.ReadyCondition); c != nil {
 			switch c.Status {
 			case metav1.ConditionTrue:
 				return true, nil
 			case metav1.ConditionFalse:
 				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil
 	}
 }
--- a/cmd/flux/source.go
+++ b/cmd/flux/source.go
@@ -0,0 +1,143 @@
 /*
 Copyright 2021 The Flux authors
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
 package main
 import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 // These are general-purpose adapters for attaching methods to, for
 // the various commands. The *List adapters implement len(), since
 // it's used in at least a couple of commands.
 // sourcev1.Bucket
 var bucketType = apiType{
 	kind:      sourcev1.BucketKind,
 	humanKind: "source bucket",
 }
 type bucketAdapter struct {
 	*sourcev1.Bucket
 }
 func (a bucketAdapter) asClientObject() client.Object {
 	return a.Bucket
 }
 // sourcev1.BucketList
 type bucketListAdapter struct {
 	*sourcev1.BucketList
 }
 func (a bucketListAdapter) asClientList() client.ObjectList {
 	return a.BucketList
 }
 func (a bucketListAdapter) len() int {
 	return len(a.BucketList.Items)
 }
 // sourcev1.HelmChart
 var helmChartType = apiType{
 	kind:      sourcev1.HelmChartKind,
 	humanKind: "source chart",
 }
 type helmChartAdapter struct {
 	*sourcev1.HelmChart
 }
 func (a helmChartAdapter) asClientObject() client.Object {
 	return a.HelmChart
 }
 // sourcev1.ImagePolicyList
 type helmChartListAdapter struct {
 	*sourcev1.HelmChartList
 }
 func (a helmChartListAdapter) asClientList() client.ObjectList {
 	return a.HelmChartList
 }
 func (a helmChartListAdapter) len() int {
 	return len(a.HelmChartList.Items)
 }
 // sourcev1.GitRepository
 var gitRepositoryType = apiType{
 	kind:      sourcev1.GitRepositoryKind,
 	humanKind: "source git",
 }
 type gitRepositoryAdapter struct {
 	*sourcev1.GitRepository
 }
 func (a gitRepositoryAdapter) asClientObject() client.Object {
 	return a.GitRepository
 }
 // sourcev1.GitRepositoryList
 type gitRepositoryListAdapter struct {
 	*sourcev1.GitRepositoryList
 }
 func (a gitRepositoryListAdapter) asClientList() client.ObjectList {
 	return a.GitRepositoryList
 }
 func (a gitRepositoryListAdapter) len() int {
 	return len(a.GitRepositoryList.Items)
 }
 // sourcev1.HelmRepository
 var helmRepositoryType = apiType{
 	kind:      sourcev1.HelmRepositoryKind,
 	humanKind: "source helm",
 }
 type helmRepositoryAdapter struct {
 	*sourcev1.HelmRepository
 }
 func (a helmRepositoryAdapter) asClientObject() client.Object {
 	return a.HelmRepository
 }
 // sourcev1.HelmRepositoryList
 type helmRepositoryListAdapter struct {
 	*sourcev1.HelmRepositoryList
 }
 func (a helmRepositoryListAdapter) asClientList() client.ObjectList {
 	return a.HelmRepositoryList
 }
 func (a helmRepositoryListAdapter) len() int {
 	return len(a.HelmRepositoryList.Items)
 }
--- a/cmd/flux/status.go
+++ b/cmd/flux/status.go
@@ -19,13 +19,24 @@ package main
 import (
 	"context"
 	"fmt"
 	"time"
 	appsv1 "k8s.io/api/apps/v1"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/cli-utils/pkg/kstatus/polling"
 	"sigs.k8s.io/cli-utils/pkg/kstatus/polling/aggregator"
 	"sigs.k8s.io/cli-utils/pkg/kstatus/polling/collector"
 	"sigs.k8s.io/cli-utils/pkg/kstatus/polling/event"
 	"sigs.k8s.io/cli-utils/pkg/kstatus/status"
 	"sigs.k8s.io/cli-utils/pkg/object"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/pkg/apis/meta"
 )
@@ -39,6 +50,13 @@ type statusable interface {
 	GetStatusConditions() *[]metav1.Condition
 }
 type StatusChecker struct {
 	pollInterval time.Duration
 	timeout      time.Duration
 	client       client.Client
 	statusPoller *polling.StatusPoller
 }
 func isReady(ctx context.Context, kubeClient client.Client,
 	namespacedName types.NamespacedName, object statusable) wait.ConditionFunc {
 	return func() (bool, error) {
@@ -63,3 +81,99 @@ func isReady(ctx context.Context, kubeClient client.Client,
 		return false, nil
 	}
 }
 func NewStatusChecker(pollInterval time.Duration, timeout time.Duration) (*StatusChecker, error) {
 	kubeConfig, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return nil, err
 	}
 	restMapper, err := apiutil.NewDynamicRESTMapper(kubeConfig)
 	if err != nil {
 		return nil, err
 	}
 	client, err := client.New(kubeConfig, client.Options{Mapper: restMapper})
 	if err != nil {
 		return nil, err
 	}
 	return &StatusChecker{
 		pollInterval: pollInterval,
 		timeout:      timeout,
 		client:       client,
 		statusPoller: polling.NewStatusPoller(client, restMapper),
 	}, nil
 }
 func (sc *StatusChecker) Assess(components ...string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), sc.timeout)
 	defer cancel()
 	objRefs, err := sc.getObjectRefs(components)
 	if err != nil {
 		return err
 	}
 	opts := polling.Options{PollInterval: sc.pollInterval, UseCache: true}
 	eventsChan := sc.statusPoller.Poll(ctx, objRefs, opts)
 	coll := collector.NewResourceStatusCollector(objRefs)
 	done := coll.ListenWithObserver(eventsChan, collector.ObserverFunc(
 		func(statusCollector *collector.ResourceStatusCollector, e event.Event) {
 			var rss []*event.ResourceStatus
 			for _, rs := range statusCollector.ResourceStatuses {
 				rss = append(rss, rs)
 			}
 			desired := status.CurrentStatus
 			aggStatus := aggregator.AggregateStatus(rss, desired)
 			if aggStatus == desired {
 				cancel()
 				return
 			}
 		}),
 	)
 	<-done
 	if coll.Error != nil || ctx.Err() == context.DeadlineExceeded {
 		for _, rs := range coll.ResourceStatuses {
 			if rs.Status != status.CurrentStatus {
 				if !sc.deploymentExists(rs.Identifier) {
 					logger.Failuref("%s: deployment not found", rs.Identifier.Name)
 				} else {
 					logger.Failuref("%s: unhealthy (timed out waiting for rollout)", rs.Identifier.Name)
 				}
 			}
 		}
 		return fmt.Errorf("timed out waiting for condition")
 	}
 	return nil
 }
 func (sc *StatusChecker) getObjectRefs(components []string) ([]object.ObjMetadata, error) {
 	var objRefs []object.ObjMetadata
 	for _, deployment := range components {
 		objMeta, err := object.CreateObjMetadata(rootArgs.namespace, deployment, schema.GroupKind{Group: "apps", Kind: "Deployment"})
 		if err != nil {
 			return nil, err
 		}
 		objRefs = append(objRefs, objMeta)
 	}
 	return objRefs, nil
 }
 func (sc *StatusChecker) objMetadataToString(om object.ObjMetadata) string {
 	return fmt.Sprintf("%s '%s/%s'", om.GroupKind.Kind, om.Namespace, om.Name)
 }
 func (sc *StatusChecker) deploymentExists(om object.ObjMetadata) bool {
 	ctx, cancel := context.WithTimeout(context.Background(), sc.timeout)
 	defer cancel()
 	namespacedName := types.NamespacedName{
 		Namespace: om.Namespace,
 		Name:      om.Name,
 	}
 	var existing appsv1.Deployment
 	err := sc.client.Get(ctx, namespacedName, &existing)
 	return err == nil
 }
--- a/cmd/flux/suspend.go
+++ b/cmd/flux/suspend.go
@@ -53,16 +53,16 @@ func (suspend suspendCommand) run(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	err = kubeClient.Get(ctx, namespacedName, suspend.object.asClientObject())
@@ -70,7 +70,7 @@ func (suspend suspendCommand) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("suspending %s %s in %s namespace", suspend.humanKind, name, namespace)
+	logger.Actionf("suspending %s %s in %s namespace", suspend.humanKind, name, rootArgs.namespace)
 	suspend.object.setSuspended()
 	if err := kubeClient.Update(ctx, suspend.object.asClientObject()); err != nil {
 		return err
--- a/cmd/flux/suspend_alert.go
+++ b/cmd/flux/suspend_alert.go
@@ -47,16 +47,16 @@ func suspendAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	var alert notificationv1.Alert
@@ -65,7 +65,7 @@ func suspendAlertCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("suspending Alert %s in %s namespace", name, namespace)
+	logger.Actionf("suspending Alert %s in %s namespace", name, rootArgs.namespace)
 	alert.Spec.Suspend = true
 	if err := kubeClient.Update(ctx, &alert); err != nil {
 		return err
--- a/cmd/flux/suspend_helmrelease.go
+++ b/cmd/flux/suspend_helmrelease.go
@@ -17,14 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"github.com/fluxcd/flux2/internal/utils"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"github.com/spf13/cobra"
 )
 var suspendHrCmd = &cobra.Command{
@@ -35,43 +29,20 @@ var suspendHrCmd = &cobra.Command{
 	Example: `  # Suspend reconciliation for an existing Helm release
  flux suspend hr podinfo
 `,
-	RunE: suspendHrCmdRun,
+	RunE: suspendCommand{
 		apiType: helmReleaseType,
 		object:  &helmReleaseAdapter{&helmv2.HelmRelease{}},
 	}.run,
 }
 func init() {
 	suspendCmd.AddCommand(suspendHrCmd)
 }
-func suspendHrCmdRun(cmd *cobra.Command, args []string) error {
+func (obj helmReleaseAdapter) isSuspended() bool {
-	if len(args) < 1 {
+	return obj.HelmRelease.Spec.Suspend
-		return fmt.Errorf("HelmRelease name is required")
+}
-	}
+
-	name := args[0]
+func (obj helmReleaseAdapter) setSuspended() {
-
+	obj.HelmRelease.Spec.Suspend = true
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var helmRelease helmv2.HelmRelease
 	err = kubeClient.Get(ctx, namespacedName, &helmRelease)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("suspending HelmRelease %s in %s namespace", name, namespace)
 	helmRelease.Spec.Suspend = true
 	if err := kubeClient.Update(ctx, &helmRelease); err != nil {
 		return err
 	}
 	logger.Successf("HelmRelease suspended")
 	return nil
 }
--- a/cmd/flux/suspend_kustomization.go
+++ b/cmd/flux/suspend_kustomization.go
@@ -17,13 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	"github.com/fluxcd/flux2/internal/utils"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
 var suspendKsCmd = &cobra.Command{
@@ -34,43 +29,20 @@ var suspendKsCmd = &cobra.Command{
 	Example: `  # Suspend reconciliation for an existing Kustomization
  flux suspend ks podinfo
 `,
-	RunE: suspendKsCmdRun,
+	RunE: suspendCommand{
 		apiType: kustomizationType,
 		object:  kustomizationAdapter{&kustomizev1.Kustomization{}},
 	}.run,
 }
 func init() {
 	suspendCmd.AddCommand(suspendKsCmd)
 }
-func suspendKsCmdRun(cmd *cobra.Command, args []string) error {
+func (obj kustomizationAdapter) isSuspended() bool {
-	if len(args) < 1 {
+	return obj.Kustomization.Spec.Suspend
-		return fmt.Errorf("kustomization name is required")
+}
-	}
+
-	name := args[0]
+func (obj kustomizationAdapter) setSuspended() {
-
+	obj.Kustomization.Spec.Suspend = true
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var kustomization kustomizev1.Kustomization
 	err = kubeClient.Get(ctx, namespacedName, &kustomization)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("suspending kustomization %s in %s namespace", name, namespace)
 	kustomization.Spec.Suspend = true
 	if err := kubeClient.Update(ctx, &kustomization); err != nil {
 		return err
 	}
 	logger.Successf("kustomization suspended")
 	return nil
 }
--- a/cmd/flux/suspend_receiver.go
+++ b/cmd/flux/suspend_receiver.go
@@ -47,16 +47,16 @@ func suspendReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	name := args[0]
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
-		Namespace: namespace,
+		Namespace: rootArgs.namespace,
 		Name:      name,
 	}
 	var receiver notificationv1.Receiver
@@ -65,7 +65,7 @@ func suspendReceiverCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
-	logger.Actionf("suspending Receiver %s in %s namespace", name, namespace)
+	logger.Actionf("suspending Receiver %s in %s namespace", name, rootArgs.namespace)
 	receiver.Spec.Suspend = true
 	if err := kubeClient.Update(ctx, &receiver); err != nil {
 		return err
--- a/cmd/flux/suspend_source_bucket.go
+++ b/cmd/flux/suspend_source_bucket.go
@@ -17,13 +17,8 @@ limitations under the License.
 package main
 import (
 	"context"
 	"fmt"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
 var suspendSourceBucketCmd = &cobra.Command{
@@ -33,43 +28,20 @@ var suspendSourceBucketCmd = &cobra.Command{
 	Example: `  # Suspend reconciliation for an existing Bucket
  flux suspend source bucket podinfo
 `,
-	RunE: suspendSourceBucketCmdRun,
+	RunE: suspendCommand{
 		apiType: bucketType,
 		object:  bucketAdapter{&sourcev1.Bucket{}},
 	}.run,
 }
 func init() {
 	suspendSourceCmd.AddCommand(suspendSourceBucketCmd)
 }
-func suspendSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+func (obj bucketAdapter) isSuspended() bool {
-	if len(args) < 1 {
+	return obj.Bucket.Spec.Suspend
-		return fmt.Errorf("source name is required")
+}
-	}
+
-	name := args[0]
+func (obj bucketAdapter) setSuspended() {
-
+	obj.Bucket.Spec.Suspend = true
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 	kubeClient, err := utils.KubeClient(kubeconfig, kubecontext)
 	if err != nil {
 		return err
 	}
 	namespacedName := types.NamespacedName{
 		Namespace: namespace,
 		Name:      name,
 	}
 	var bucket sourcev1.Bucket
 	err = kubeClient.Get(ctx, namespacedName, &bucket)
 	if err != nil {
 		return err
 	}
 	logger.Actionf("suspending source %s in %s namespace", name, namespace)
 	bucket.Spec.Suspend = true
 	if err := kubeClient.Update(ctx, &bucket); err != nil {
 		return err
 	}
 	logger.Successf("source suspended")
 	return nil
 }
--- a/Show More
+++ b/Show More