Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support providing TLS certs for helm source

Browse Source
pull/141/head
Hidde Beydals 5 years ago
parent 58619076ea
commit 123433c4ea
2 changed files with 63 additions and 23 deletions
Show Stats Download Patch File Download Diff File

58
cmd/tk/create_source_helm.go
Unescape Escape View File

@ -49,6 +49,13 @@ For private Helm repositories, the basic authentication credentials are stored i
--url=https://stefanprodan.github.io/podinfo \ --url=https://stefanprodan.github.io/podinfo \
--username=username \ --username=username \
--password=password --password=password
# Create a source from a Helm repository using TLS authentication
tk create source helm podinfo \
--url=https://stefanprodan.github.io/podinfo \
--cert-file=./cert.crt \
--key-file=./key.crt \
--ca-file=./ca.crt
`, `,
RunE: createSourceHelmCmdRun, RunE: createSourceHelmCmdRun,
} }
@ -57,12 +64,18 @@ var (
sourceHelmURL string sourceHelmURL string
sourceHelmUsername string sourceHelmUsername string
sourceHelmPassword string sourceHelmPassword string
sourceHelmCertFile string
sourceHelmKeyFile string
sourceHelmCAFile string
) )
func init() { func init() {
createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address") createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username") createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password") createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
createSourceCmd.AddCommand(createSourceHelmCmd) createSourceCmd.AddCommand(createSourceHelmCmd)
} }
@ -113,35 +126,52 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
return exportHelmRepository(helmRepository) return exportHelmRepository(helmRepository)
} }
withAuth := false logger.Generatef("generating source")
if sourceHelmUsername != "" && sourceHelmPassword != "" {
logger.Actionf("applying secret with basic auth credentials")
secret := corev1.Secret{ secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: secretName, Name: secretName,
Namespace: namespace, Namespace: namespace,
}, },
StringData: map[string]string{ StringData: map[string]string{},
"username": sourceHelmUsername,
"password": sourceHelmPassword,
},
} }
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
return err if sourceHelmUsername != "" && sourceHelmPassword != "" {
secret.StringData["username"] = sourceHelmUsername
secret.StringData["password"] = sourceHelmPassword
} }
withAuth = true
if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
cert, err := ioutil.ReadFile(sourceHelmCertFile)
if err != nil {
return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
} }
secret.StringData["certFile"] = string(cert)
if withAuth { key, err := ioutil.ReadFile(sourceHelmKeyFile)
logger.Successf("authentication configured") if err != nil {
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
}
secret.StringData["keyFile"] = string(key)
} }
logger.Generatef("generating source") if sourceHelmCAFile != "" {
ca, err := ioutil.ReadFile(sourceHelmCAFile)
if err != nil {
return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
}
secret.StringData["caFile"] = string(ca)
}
if withAuth { if len(secret.StringData) > 0 {
logger.Actionf("applying secret with repository credentials")
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
return err
}
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{ helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName, Name: secretName,
} }
logger.Successf("authentication configured")
} }
logger.Actionf("applying source") logger.Actionf("applying source")

10
docs/cmd/tk_create_source_helm.md
Unescape Escape View File

@ -26,12 +26,22 @@ tk create source helm [name] [flags]
--username=username \ --username=username \
--password=password --password=password
# Create a source from a Helm repository using TLS authentication
tk create source helm podinfo \
--url=https://stefanprodan.github.io/podinfo \
--cert-file=./cert.crt \
--key-file=./key.crt \
--ca-file=./ca.crt
``` ```
### Options ### Options
``` ```
--ca-file string TLS authentication CA file path
--cert-file string TLS authentication cert file path
-h, --help help for helm -h, --help help for helm
--key-file string TLS authentication key file path
-p, --password string basic authentication password -p, --password string basic authentication password
--url string Helm repository address --url string Helm repository address
-u, --username string basic authentication username -u, --username string basic authentication username

Write Preview
Loading…
Cancel
Save