Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fix-create-cmd
rfc-0008-implemented
dependabot/go_modules/github.com/go-git/go-git/v5-5.13.0
dependabot/go_modules/tests/integration/golang.org/x/net-0.33.0
main
dependabot/github_actions/ci-c96ae57a0b
dependabot/go_modules/tests/integration/github.com/golang-jwt/jwt/v4-4.5.1
release/v2.4.x
remove-notation-validation
release/v2.3.x
dependabot/go_modules/github.com/hashicorp/go-retryablehttp-0.7.7
dependabot/go_modules/github.com/Azure/azure-sdk-for-go/sdk/azidentity-1.6.0
rfc-flux-bootstrap-oci
release/v2.2.x
RFC
fix-commit-log
flux-audit
release/v2.1.x
context-ns
ksm-dashboard
rfc-passwordless-git-auth
release/v2.0.x
rfc-gating
release/v0.27.4
rfc-0003
rfc-0002
rfc-0001
prompt-for-tokens
encrypt-init-cmd
v2.4.0
v2.3.0
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.1
v2.0.0
v2.0.0-rc.5
v2.0.0-rc.4
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1
v0.41.2
v0.40.0
v0.39.0
v0.38.2
v0.38.1
v0.38.0
v0.37.0
v0.36.0
v0.35.0
v0.34.0
v0.33.0
v0.32.0
v0.31.3
v0.31.2
v0.31.1
v0.31.0
v0.30.1
v0.28.2
v0.27.2
v0.27.1
v0.27.0
v0.26.3
v0.26.2
v0.26.1
v0.26.0
v0.25.3
v0.0.1
v0.0.1-alpha.1
v0.0.1-beta.1
v0.0.1-beta.2
v0.0.1-beta.3
v0.0.1-beta.4
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.15
v0.0.16
v0.0.17
v0.0.18
v0.0.19
v0.0.2
v0.0.20
v0.0.21
v0.0.22
v0.0.23
v0.0.24
v0.0.25
v0.0.26
v0.0.27
v0.0.28
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.11.0
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.14.0
v0.14.1
v0.14.2
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.20.0
v0.20.1
v0.21.0
v0.21.1
v0.22.0
v0.22.1
v0.23.0
v0.24.0
v0.24.1
v0.25.0
v0.25.1
v0.25.2
v0.27.3
v0.27.4
v0.28.0
v0.28.1
v0.28.3
v0.28.4
v0.28.5
v0.29.0
v0.29.1
v0.29.2
v0.29.3
v0.29.4
v0.29.5
v0.3.0
v0.30.0
v0.30.2
v0.31.4
v0.31.5
v0.38.3
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.40.1
v0.40.2
v0.41.0
v0.41.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.8.0
v0.8.1
v0.8.2
v0.9.0
v0.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '97a7b4450f'
${ noResults }
flux2/internal/bootstrap/bootstrap_plain_git.go

393 lines
12 KiB
Go
Raw Normal View History Unescape Escape

Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
/*
Copyright 2021 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package bootstrap
import (
"context"
"fmt"
Allow pre-bootstrap customisation of Flux components Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
"os"
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
"path/filepath"
"strings"
"time"
Retry bootstrap operations on Git conflict errors When running bootstrap in-parallel for many clusters that target the same repository, the 2nd commit with the sync files fails with ` non-fast-forward update`. We now detect the conflict, and we retry the operations by creating a fresh clone from upstream. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
gogit "github.com/go-git/go-git/v5"
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/wait"
Use k8s.io/cli-runtime for kubernetes flags Signed-off-by: Jakob Schrettenbrunner <jakob.schrettenbrunner@telekom.de>
3 years ago
"k8s.io/cli-runtime/pkg/genericclioptions"
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
"sigs.k8s.io/cli-utils/pkg/object"
"sigs.k8s.io/controller-runtime/pkg/client"
Allow pre-bootstrap customisation of Flux components Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
"sigs.k8s.io/kustomize/api/konfig"
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
"sigs.k8s.io/yaml"
Update kustomize-controller API to v1beta2 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
kustomize: use FS from `fluxcd/pkg` This switches to a secure FS implementation in most places, except for where we can not make changes at this moment because it would break behavior. Not handled in this commit: - Allowing the root for `manifestgen` packages to be configured. - Allowing the user to define a working root while building locally. - Defaulting to the secure FS implementation in `kustomization.MakeDefaultOptions`. Problem here is that constructing the secure FS could result in an error, which we can not surface without signature changes to the constructor func. Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
"github.com/fluxcd/pkg/kustomize/filesys"
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
runclient "github.com/fluxcd/pkg/runtime/client"
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
"github.com/fluxcd/flux2/internal/bootstrap/git"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/log"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/manifestgen/kustomization"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/pkg/manifestgen/sync"
"github.com/fluxcd/flux2/pkg/status"
)
type PlainGitBootstrapper struct {
feat: enable bootstrap with custom CA locally When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes #1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
3 years ago
url string
branch string
caBundle []byte
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Provide option to add appendix to commit messages Using the `--commit-message-appendix` flag a string can be added to the commit messages made by the bootstrapper process to for example skip CI actions from executing using e.g. `[skip ci]`. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
author git.Author
commitMessageAppendix string
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Use proper GPG terminology Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
gpgKeyRingPath string
gpgPassphrase string
gpgKeyID string
Add gpg key path and passphrase as args Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
restClientGetter genericclioptions.RESTClientGetter
restClientOptions *runclient.Options
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
postGenerateSecret []PostGenerateSecretFunc
git git.Git
kube client.Client
logger log.Logger
}
type GitOption interface {
applyGit(b *PlainGitBootstrapper)
}
func WithRepositoryURL(url string) GitOption {
return repositoryURLOption(url)
}
type repositoryURLOption string
func (o repositoryURLOption) applyGit(b *PlainGitBootstrapper) {
b.url = string(o)
}
func WithPostGenerateSecretFunc(callback PostGenerateSecretFunc) GitOption {
return postGenerateSecret(callback)
}
type postGenerateSecret PostGenerateSecretFunc
func (o postGenerateSecret) applyGit(b *PlainGitBootstrapper) {
b.postGenerateSecret = append(b.postGenerateSecret, PostGenerateSecretFunc(o))
}
func NewPlainGitProvider(git git.Git, kube client.Client, opts ...GitOption) (*PlainGitBootstrapper, error) {
b := &PlainGitBootstrapper{
git: git,
kube: kube,
}
for _, opt := range opts {
opt.applyGit(b)
}
return b, nil
}
kustomize: use FS from `fluxcd/pkg` This switches to a secure FS implementation in most places, except for where we can not make changes at this moment because it would break behavior. Not handled in this commit: - Allowing the root for `manifestgen` packages to be configured. - Allowing the user to define a working root while building locally. - Defaulting to the secure FS implementation in `kustomization.MakeDefaultOptions`. Problem here is that constructing the secure FS could result in an error, which we can not surface without signature changes to the constructor func. Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
func (b *PlainGitBootstrapper) ReconcileComponents(ctx context.Context, manifestsBase string, options install.Options, _ sourcesecret.Options) error {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
// Clone if not already
if _, err := b.git.Status(); err != nil {
if err != git.ErrNoGitRepository {
return err
}
b.logger.Actionf("cloning branch %q from Git repository %q", b.branch, b.url)
Retry reconcile and clone actions once We have observed that the code at times outperforms GitHub mechanics, resulting in not found errors that are only true for a millisecond. Retrying those actions once with a 2 second delay should be more friendly to users. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
var cloned bool
if err = retry(1, 2*time.Second, func() (err error) {
feat: enable bootstrap with custom CA locally When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes #1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
3 years ago
cloned, err = b.git.Clone(ctx, b.url, b.branch, b.caBundle)
Retry reconcile and clone actions once We have observed that the code at times outperforms GitHub mechanics, resulting in not found errors that are only true for a millisecond. Retrying those actions once with a 2 second delay should be more friendly to users. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return
}); err != nil {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return fmt.Errorf("failed to clone repository: %w", err)
}
if cloned {
b.logger.Successf("cloned repository")
}
}
// Generate component manifests
b.logger.Actionf("generating component manifests")
manifests, err := install.Generate(options, manifestsBase)
if err != nil {
return fmt.Errorf("component manifest generation failed: %w", err)
}
b.logger.Successf("generated component manifests")
// Write manifest to Git repository
if err = b.git.Write(manifests.Path, strings.NewReader(manifests.Content)); err != nil {
return fmt.Errorf("failed to write manifest %q: %w", manifests.Path, err)
}
// Git commit generated
Use proper GPG terminology Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
gpgOpts := git.WithGpgSigningOption(b.gpgKeyRingPath, b.gpgPassphrase, b.gpgKeyID)
Provide option to add appendix to commit messages Using the `--commit-message-appendix` flag a string can be added to the commit messages made by the bootstrapper process to for example skip CI actions from executing using e.g. `[skip ci]`. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
commitMsg := fmt.Sprintf("Add Flux %s component manifests", options.Version)
if b.commitMessageAppendix != "" {
commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix
}
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
commit, err := b.git.Commit(git.Commit{
Author: b.author,
Provide option to add appendix to commit messages Using the `--commit-message-appendix` flag a string can be added to the commit messages made by the bootstrapper process to for example skip CI actions from executing using e.g. `[skip ci]`. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Message: commitMsg,
Add gpg key path and passphrase as args Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
}, gpgOpts)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
if err != nil && err != git.ErrNoStagedFiles {
return fmt.Errorf("failed to commit sync manifests: %w", err)
}
if err == nil {
b.logger.Successf("committed sync manifests to %q (%q)", b.branch, commit)
b.logger.Actionf("pushing component manifests to %q", b.url)
feat: enable bootstrap with custom CA locally When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes #1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
3 years ago
if err = b.git.Push(ctx, b.caBundle); err != nil {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return fmt.Errorf("failed to push manifests: %w", err)
}
} else {
b.logger.Successf("component manifests are up to date")
}
// Conditionally install manifests
if mustInstallManifests(ctx, b.kube, options.Namespace) {
Allow pre-bootstrap customisation of Flux components Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
componentsYAML := filepath.Join(b.git.Path(), manifests.Path)
// Apply components using any existing customisations
kfile := filepath.Join(filepath.Dir(componentsYAML), konfig.DefaultKustomizationFileName())
if _, err := os.Stat(kfile); err == nil {
// Apply the components and their patches
b.logger.Actionf("installing components in %q namespace", options.Namespace)
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
if _, err := utils.Apply(ctx, b.restClientGetter, b.restClientOptions, kfile); err != nil {
Allow pre-bootstrap customisation of Flux components Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
return err
}
} else {
// Apply the CRDs and controllers
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
if _, err := utils.Apply(ctx, b.restClientGetter, b.restClientOptions, componentsYAML); err != nil {
Allow pre-bootstrap customisation of Flux components Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
return err
}
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
}
b.logger.Successf("installed components")
}
b.logger.Successf("reconciled components")
return nil
}
func (b *PlainGitBootstrapper) ReconcileSourceSecret(ctx context.Context, options sourcesecret.Options) error {
// Determine if there is an existing secret
secretKey := client.ObjectKey{Name: options.Name, Namespace: options.Namespace}
b.logger.Actionf("determining if source secret %q exists", secretKey)
ok, err := secretExists(ctx, b.kube, secretKey)
if err != nil {
return fmt.Errorf("failed to determine if deploy key secret exists: %w", err)
}
// Return early if exists and no custom config is passed
if ok && len(options.CAFilePath+options.PrivateKeyPath+options.Username+options.Password) == 0 {
b.logger.Successf("source secret up to date")
return nil
}
// Generate source secret
b.logger.Actionf("generating source secret")
manifest, err := sourcesecret.Generate(options)
if err != nil {
return err
}
var secret corev1.Secret
if err := yaml.Unmarshal([]byte(manifest.Content), &secret); err != nil {
return fmt.Errorf("failed to unmarshal generated source secret manifest: %w", err)
}
for _, callback := range b.postGenerateSecret {
if err = callback(ctx, secret, options); err != nil {
return err
}
}
// Apply source secret
b.logger.Actionf("applying source secret %q", secretKey)
if err = reconcileSecret(ctx, b.kube, secret); err != nil {
return err
}
b.logger.Successf("reconciled source secret")
return nil
}
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
func (b *PlainGitBootstrapper) ReconcileSyncConfig(ctx context.Context, options sync.Options) error {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
// Confirm that sync configuration does not overwrite existing config
if curPath, err := kustomizationPathDiffers(ctx, b.kube, client.ObjectKey{Name: options.Name, Namespace: options.Namespace}, options.TargetPath); err != nil {
return fmt.Errorf("failed to determine if sync configuration would overwrite existing Kustomization: %w", err)
} else if curPath != "" {
return fmt.Errorf("sync path configuration (%q) would overwrite path (%q) of existing Kustomization", options.TargetPath, curPath)
}
// Clone if not already
if _, err := b.git.Status(); err != nil {
if err == git.ErrNoGitRepository {
b.logger.Actionf("cloning branch %q from Git repository %q", b.branch, b.url)
Retry reconcile and clone actions once We have observed that the code at times outperforms GitHub mechanics, resulting in not found errors that are only true for a millisecond. Retrying those actions once with a 2 second delay should be more friendly to users. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
var cloned bool
if err = retry(1, 2*time.Second, func() (err error) {
feat: enable bootstrap with custom CA locally When a user provided the `--ca-file` flag to the `bootstrap` command, the given CA file wasn't taken into account for cloning the repository locally. It was just passed along to the CR that is created so Flux can make use of it when cloning the repository in-cluster. However, users may not want to add a custom CA to their local host's trust chain and may expect the `--ca-file` flag to be respected also for cloning the repository locally. This is what this commit accomplishes. closes #1775 Signed-off-by: Max Jonas Werner <mail@makk.es>
3 years ago
cloned, err = b.git.Clone(ctx, b.url, b.branch, b.caBundle)
Retry reconcile and clone actions once We have observed that the code at times outperforms GitHub mechanics, resulting in not found errors that are only true for a millisecond. Retrying those actions once with a 2 second delay should be more friendly to users. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return
}); err != nil {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return fmt.Errorf("failed to clone repository: %w", err)
}
if cloned {
Retry reconcile and clone actions once We have observed that the code at times outperforms GitHub mechanics, resulting in not found errors that are only true for a millisecond. Retrying those actions once with a 2 second delay should be more friendly to users. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
b.logger.Successf("cloned repository")
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
}
}
return err
}
// Generate sync manifests and write to Git repository
b.logger.Actionf("generating sync manifests")
manifests, err := sync.Generate(options)
if err != nil {
return fmt.Errorf("sync manifests generation failed: %w", err)
}
if err = b.git.Write(manifests.Path, strings.NewReader(manifests.Content)); err != nil {
return fmt.Errorf("failed to write manifest %q: %w", manifests.Path, err)
}
kustomize: use FS from `fluxcd/pkg` This switches to a secure FS implementation in most places, except for where we can not make changes at this moment because it would break behavior. Not handled in this commit: - Allowing the root for `manifestgen` packages to be configured. - Allowing the user to define a working root while building locally. - Defaulting to the secure FS implementation in `kustomization.MakeDefaultOptions`. Problem here is that constructing the secure FS could result in an error, which we can not surface without signature changes to the constructor func. Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
// Create secure Kustomize FS
fs, err := filesys.MakeFsOnDiskSecureBuild(b.git.Path())
if err != nil {
return fmt.Errorf("failed to initialize Kustomize file system: %w", err)
}
// Generate Kustomization
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
kusManifests, err := kustomization.Generate(kustomization.Options{
kustomize: use FS from `fluxcd/pkg` This switches to a secure FS implementation in most places, except for where we can not make changes at this moment because it would break behavior. Not handled in this commit: - Allowing the root for `manifestgen` packages to be configured. - Allowing the user to define a working root while building locally. - Defaulting to the secure FS implementation in `kustomization.MakeDefaultOptions`. Problem here is that constructing the secure FS could result in an error, which we can not surface without signature changes to the constructor func. Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
FileSystem: fs,
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
BaseDir: b.git.Path(),
TargetPath: filepath.Dir(manifests.Path),
})
if err != nil {
kustomize: use FS from `fluxcd/pkg` This switches to a secure FS implementation in most places, except for where we can not make changes at this moment because it would break behavior. Not handled in this commit: - Allowing the root for `manifestgen` packages to be configured. - Allowing the user to define a working root while building locally. - Defaulting to the secure FS implementation in `kustomization.MakeDefaultOptions`. Problem here is that constructing the secure FS could result in an error, which we can not surface without signature changes to the constructor func. Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
return fmt.Errorf("%s generation failed: %w", konfig.DefaultKustomizationFileName(), err)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
}
if err = b.git.Write(kusManifests.Path, strings.NewReader(kusManifests.Content)); err != nil {
return fmt.Errorf("failed to write manifest %q: %w", kusManifests.Path, err)
}
b.logger.Successf("generated sync manifests")
// Git commit generated
Use proper GPG terminology Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
gpgOpts := git.WithGpgSigningOption(b.gpgKeyRingPath, b.gpgPassphrase, b.gpgKeyID)
Provide option to add appendix to commit messages Using the `--commit-message-appendix` flag a string can be added to the commit messages made by the bootstrapper process to for example skip CI actions from executing using e.g. `[skip ci]`. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
commitMsg := fmt.Sprintf("Add Flux sync manifests")
if b.commitMessageAppendix != "" {
commitMsg = commitMsg + "\n\n" + b.commitMessageAppendix
}
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
commit, err := b.git.Commit(git.Commit{
Author: b.author,
Provide option to add appendix to commit messages Using the `--commit-message-appendix` flag a string can be added to the commit messages made by the bootstrapper process to for example skip CI actions from executing using e.g. `[skip ci]`. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Message: commitMsg,
Add gpg key path and passphrase as args Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
}, gpgOpts)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
if err != nil && err != git.ErrNoStagedFiles {
return fmt.Errorf("failed to commit sync manifests: %w", err)
}
Retry bootstrap operations on Git conflict errors When running bootstrap in-parallel for many clusters that target the same repository, the 2nd commit with the sync files fails with ` non-fast-forward update`. We now detect the conflict, and we retry the operations by creating a fresh clone from upstream. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
if err == nil {
b.logger.Successf("committed sync manifests to %q (%q)", b.branch, commit)
b.logger.Actionf("pushing sync manifests to %q", b.url)
Retry bootstrap operations on Git conflict errors When running bootstrap in-parallel for many clusters that target the same repository, the 2nd commit with the sync files fails with ` non-fast-forward update`. We now detect the conflict, and we retry the operations by creating a fresh clone from upstream. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
err = b.git.Push(ctx, b.caBundle)
if err != nil {
if strings.HasPrefix(err.Error(), gogit.ErrNonFastForwardUpdate.Error()) {
b.logger.Waitingf("git conflict detected, retrying with a fresh clone")
if err := os.RemoveAll(b.git.Path()); err != nil {
return fmt.Errorf("failed to remove tmp dir: %w", err)
}
if err := os.Mkdir(b.git.Path(), 0o700); err != nil {
return fmt.Errorf("failed to recreate tmp dir: %w", err)
}
if err = retry(1, 2*time.Second, func() (err error) {
_, err = b.git.Clone(ctx, b.url, b.branch, b.caBundle)
return
}); err != nil {
return fmt.Errorf("failed to clone repository: %w", err)
}
return b.ReconcileSyncConfig(ctx, options)
}
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return fmt.Errorf("failed to push sync manifests: %w", err)
}
} else {
b.logger.Successf("sync manifests are up to date")
}
// Apply to cluster
b.logger.Actionf("applying sync manifests")
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
if _, err := utils.Apply(ctx, b.restClientGetter, b.restClientOptions, filepath.Join(b.git.Path(), kusManifests.Path)); err != nil {
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return err
}
Replace kubectl with Go server-side apply Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
b.logger.Successf("reconciled sync configuration")
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return nil
}
func (b *PlainGitBootstrapper) ReportKustomizationHealth(ctx context.Context, options sync.Options, pollInterval, timeout time.Duration) error {
head, err := b.git.Head()
if err != nil {
return err
}
objKey := client.ObjectKey{Name: options.Name, Namespace: options.Namespace}
b.logger.Waitingf("waiting for Kustomization %q to be reconciled", objKey.String())
expectRevision := fmt.Sprintf("%s/%s", options.Branch, head)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
var k kustomizev1.Kustomization
if err := wait.PollImmediate(pollInterval, timeout, kustomizationReconciled(
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
ctx, b.kube, objKey, &k, expectRevision),
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
); err != nil {
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
b.logger.Failuref(err.Error())
return err
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
}
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
b.logger.Successf("Kustomization reconciled successfully")
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
return nil
}
Always report components health in bootstrap This is useful in case the `Kustomization` does not reconcile successfully because for example the controller(s) are in a crash loop, which is not visible in the resource itself. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
func (b *PlainGitBootstrapper) ReportComponentsHealth(ctx context.Context, install install.Options, timeout time.Duration) error {
Add the kube client qps and burst to the global args Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
cfg, err := utils.KubeConfig(b.restClientGetter, b.restClientOptions)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
if err != nil {
return err
}
Add poll interval flag to flux check cmd Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
checker, err := status.NewStatusChecker(cfg, 5*time.Second, timeout, b.logger)
Factor bootstrap logic into `bootstrap` package This commit factors out the bootstrap logic into a new `bootstrap` package, while also moving to `go-git-providers` to handle things around Git providers (e.g. repository creation, deploy key upsertions). The `GitProviderBootstrapper` is a superset of the `PlainGitBootstrapper` that besides `Reconciler` also implements the `RepositoryReconciler`. The Git actions rely on an interface, making it easier to support other implementations than `go-git` at a later moment, to for example support bootstrapping to Git servers that only support the v2 protocol. Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
if err != nil {
return err
}
var components = install.Components
components = append(components, install.ComponentsExtra...)
var identifiers []object.ObjMetadata
for _, component := range components {
identifiers = append(identifiers, object.ObjMetadata{
Namespace: install.Namespace,
Name: component,
GroupKind: schema.GroupKind{Group: "apps", Kind: "Deployment"},
})
}
b.logger.Actionf("confirming components are healthy")
if err := checker.Assess(identifiers...); err != nil {
return err
}
b.logger.Successf("all components are healthy")
return nil
}