Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support providing TLS certs for helm source

Browse Source
pull/141/head
Hidde Beydals 5 years ago
parent 58619076ea
commit 123433c4ea
2 changed files with 63 additions and 23 deletions
Show Stats Download Patch File Download Diff File

68
cmd/tk/create_source_helm.go
Unescape Escape View File

@ -49,6 +49,13 @@ For private Helm repositories, the basic authentication credentials are stored i
--url=https://stefanprodan.github.io/podinfo \ --url=https://stefanprodan.github.io/podinfo \
--username=username \ --username=username \
--password=password --password=password
# Create a source from a Helm repository using TLS authentication
tk create source helm podinfo \
--url=https://stefanprodan.github.io/podinfo \
--cert-file=./cert.crt \
--key-file=./key.crt \
--ca-file=./ca.crt
`, `,
RunE: createSourceHelmCmdRun, RunE: createSourceHelmCmdRun,
} }
@ -57,12 +64,18 @@ var (
sourceHelmURL string sourceHelmURL string
sourceHelmUsername string sourceHelmUsername string
sourceHelmPassword string sourceHelmPassword string
sourceHelmCertFile string
sourceHelmKeyFile string
sourceHelmCAFile string
) )
func init() { func init() {
createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address") createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username") createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password") createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
createSourceCmd.AddCommand(createSourceHelmCmd) createSourceCmd.AddCommand(createSourceHelmCmd)
} }
@ -113,35 +126,52 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
return exportHelmRepository(helmRepository) return exportHelmRepository(helmRepository)
} }
withAuth := false logger.Generatef("generating source")
secret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: namespace,
},
StringData: map[string]string{},
}
if sourceHelmUsername != "" && sourceHelmPassword != "" { if sourceHelmUsername != "" && sourceHelmPassword != "" {
logger.Actionf("applying secret with basic auth credentials") secret.StringData["username"] = sourceHelmUsername
secret := corev1.Secret{ secret.StringData["password"] = sourceHelmPassword
ObjectMeta: metav1.ObjectMeta{ }
Name: secretName,
Namespace: namespace, if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
}, cert, err := ioutil.ReadFile(sourceHelmCertFile)
StringData: map[string]string{ if err != nil {
"username": sourceHelmUsername, return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
"password": sourceHelmPassword,
},
} }
if err := upsertSecret(ctx, kubeClient, secret); err != nil { secret.StringData["certFile"] = string(cert)
return err
key, err := ioutil.ReadFile(sourceHelmKeyFile)
if err != nil {
return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
} }
withAuth = true secret.StringData["keyFile"] = string(key)
} }
if withAuth { if sourceHelmCAFile != "" {
logger.Successf("authentication configured") ca, err := ioutil.ReadFile(sourceHelmCAFile)
if err != nil {
return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
}
secret.StringData["caFile"] = string(ca)
} }
logger.Generatef("generating source") if len(secret.StringData) > 0 {
logger.Actionf("applying secret with repository credentials")
if withAuth { if err := upsertSecret(ctx, kubeClient, secret); err != nil {
return err
}
helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{ helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
Name: secretName, Name: secretName,
} }
logger.Successf("authentication configured")
} }
logger.Actionf("applying source") logger.Actionf("applying source")

18
docs/cmd/tk_create_source_helm.md
Unescape Escape View File

@ -26,15 +26,25 @@ tk create source helm [name] [flags]
--username=username \ --username=username \
--password=password --password=password
# Create a source from a Helm repository using TLS authentication
tk create source helm podinfo \
--url=https://stefanprodan.github.io/podinfo \
--cert-file=./cert.crt \
--key-file=./key.crt \
--ca-file=./ca.crt
``` ```
### Options ### Options
``` ```
-h, --help help for helm --ca-file string TLS authentication CA file path
-p, --password string basic authentication password --cert-file string TLS authentication cert file path
--url string Helm repository address -h, --help help for helm
-u, --username string basic authentication username --key-file string TLS authentication key file path
-p, --password string basic authentication password
--url string Helm repository address
-u, --username string basic authentication username
``` ```
### Options inherited from parent commands ### Options inherited from parent commands

Write Preview
Loading…
Cancel
Save