From 998b763cf955ff47451a5ada64de8be223a9bee8 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Thu, 2 Jun 2022 16:10:31 +0300
Subject: [PATCH] Add `--kubeconfig-secret-ref` to `flux create ks|hr` Allow
 specifying the name of the Kubernetes Secret that contains a key with the
 kubeconfig file for connecting to a remote cluster.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 cmd/flux/.create_helmrelease.go.swp | Bin 16384 -> 0 bytes
 cmd/flux/create_helmrelease.go      |  36 +++++++++++-------
 cmd/flux/create_kustomization.go    |  57 ++++++++++++++++------------
 3 files changed, 56 insertions(+), 37 deletions(-)
 delete mode 100644 cmd/flux/.create_helmrelease.go.swp

diff --git a/cmd/flux/.create_helmrelease.go.swp b/cmd/flux/.create_helmrelease.go.swp
deleted file mode 100644
index d42c707c4f43f19c29f11e07724beb5f80e304ef..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 16384
zcmeI2U5q4E702%aq78yZj1N5Mr3ss!O?TDIEJhsch1p>ShMf<Xp4rVhY}lIW+ug;~
zM^m?|dzx{<7{iOk7=6J6MG{bgPm&0UM8F3gj7l&PjR`2e2>69xNEFHXKes-n`eSEU
z3?VVq+22lA-COsbd(OG%o_o7C#*fY~@~gB-hR+8XD_(!`#`s_E+xKRTG3hyhXSOWQ
z?TO8<@CDTw@u|i2WM$DX4}0Eb<tE?LY|k|8zS?&VHK;c|UHYcpw1QT+p_!heH|%iB
ztgAnhy6HsUbki3`AZ~35+wp}h3@Nmx*VlM{k!v8=z#ba7h#j1q7^g~?7cb+Nd}wWt
z`gw7#fm{Q*267GL8pt(}YarJ^u7O+w|4$kS+UK&nFrahdLCN^<zJb4|<Ikt#`@ul@
zx$*Vw@!w|#%HzxYPp*Mn1Gxrr4dfcgHIQo{*Fdg;Tm!iVat-7f$TjdTXuzm5b}{<>
zCvEug`+u_kfAa&3y#SsE_kwkB5KMw|!8zawJop)K5WIR3W6y%0f}emV!4u$n;9>AJ
z@D=by@C9IiPk;}DSKiOq%itOCIdBUY2m8Q_7c%xZ_!77S^uRQ@1{?yHfWKeB*ss6?
z;7ahj0%Jc0kAg3QJHQEW3%C@Vejj7M2Ty~Cz_)=7ZU&zM9|ijW15dvf@`KL<7c2q|
zRKTm}V|?HgSO*^m9|Nzwhp~Tvr@({YZg3LZ2<E{#;HC2z`w@5m+zD<27T6Ci1b@YW
z%9G$b;9;;1t_7EZ^T10uu=ydlAKVAN0qz1#a4pymE(T=R*OJ4W)V~U5%kYDv!k2it
zgX1Fu-*THQx=%OaPjbI5+QO~NWmOqv>nD;D>4m;2lKPxCY@;c)8}OpW4E0e{#jM~O
zPNq`YVbE&}PH%OrL~nJ>(bFVNXa;;6s%3?h(4C#)(F-8dY+Q53siUOKsOL&WY_&Z<
z;D>nIt6Ofvt0ZrU^bE&7nbhhSb|_?3)1xmM74lo+CX`C5@$>23Xn57A<F+TQ!1H^0
zwidmx5{t)Mej<Qs;Br2r-do`Y&q&VeqG7pKK&r>Tx+OPx7cangVZe=c+wQ><+zO~H
zXbEoGp$vr2Mu{2U+f_)71gyv&8gbHLkvU}BFhv!@7@-}glCvL5C`nj@$6nCzJqK5H
ztI@#gLT<p*e%`kDsmPHBR06|qilCA<T!pWQw9;^?kZ*TvQCn(!t_Mr_JEMVNjL15^
zh=x9Le5qKw8Yrz5`>YyU;)s>H=)lTnZyE9^n8Jkfz$S6iY6OX>(Ilvl&8js4^#;1r
zt4Q^&5*3c}xm4V}2c@L0xa8F%XGo!<dapDrTU0Z1vZ}X@prr@ikU(n6LaNPhLzsch
z`x}pB=S|@X-!l2&Xq4n<n3GCfkqA8Y;v?w8cSRr&kd#vT6^Af_4x&dU6S*iBMYpoW
z6Yo}}85)&(DUTnYUR>a$bgcFqpGqYPewwcS$|SzUg|VRzhvp`HBpdtaQOiYi!kDWQ
z<57Hh`@TvGMxy<ww>YqzjhNS4!HO6esoz0q`#K#Zbfpt5w$<XHE46WLyx6DsL7nbB
zwa#uVh1o5`Y1?9opX7YE8GwM1HA4TgmyD~h;JM8y_zf?vVu5Pyyp);Da=ggt7;Zh9
ziFk2S4y=Gl)Z`7%M^V%22sd6L6U)V&X~i-t)LK~Fsl#Htp5m#nT}Q)bXqO(Ewk^CS
zDyPz1WxLq&i>FYsCZPx=epd8#T2fBn$&TTVOgDIy?>D^--_T~F;UPa6V+CrXGs%m?
z@32xy#q`|3_iS7Ey3w}u&g6y&jEN#+g`%{ODQ#XQHOtc}6)6tf+j+F&hi+gwLT_(2
zb<?)6v{L2xS+wgIcuyBm52*=ign?!2UBlY75~W@etvHaUGr`Z;7+RM)Rnj{UyFi`c
zV%Per`fdV}CWP;MJ_&#eu@wlHa#7hY$<F->iGer+HPQ&_ivHWF5J{J{f^0V?4(iHc
zO5MW-qLvcP2EO4+xT8aIkFKgZrNNJ`LUC_WSK-h#Y-I!*-iXEqYO0i3iRh^Z8jdoY
za7{{PoBD0ibEzTn2MoB#EJtO#CB~4#Z5mC%9m8@NJD@Y$a;(6h+*0z;ts`ln9CE=j
zp<kh~nh@C=YW`6L*%qeNz?x|rZZo77n;vxSQufmpzGF#c9ga!Oj?J&$u)Ma)k4>+v
zOfRj@&(`?z3ZGeCx^8}Tet8L3b9{Q~I6pGKbX}PX<ROp(2|6ad<e0gT9v)oR7&2dM
zJ2t{V)Q4r|mZa1;t$=J8DOYj2#^-BAet5bzUn{dU7i*YAc5{1Z`DkUMr!r{EG&XF3
zv2>|Fqv;Ej1s=Ct-u01qyUjAfOC#tS^iDfPf>sc;r*ysB?P>;e+7g=QH+4Hwo75NP
zXJ(gbvz18=FV7zLLg>54y^R1`ryR>`<Eqi8SR-J)xE_*69!k<XhD56_lwpc?K;j@!
zLK%jO9h6$D`-~M^EvuYqC0t_9GEcT}5R8}T;bQzyaqMcwW+0evHCq9n9G@KLt0<qN
z-HH)nx8X~sA7HfqKZ*Sz?Ja5lpZtD*8vFa_z(b$|j)CjIKJXvx_ul}|f*$}6+y*Rg
z2%N^A{xR?f_%65ubU+A>fKP(c*xSDW{tdnl9s`epyTK7~8F(Fg`@ex#!Jok|z&F9y
z!M)%na4n#-fD6FCu=oEXcm=!+o&sIa0LQ^mum&y#KgT)1XMqH5a0pbvpRniuE%*)i
zHMj>H1r=}}coF;l7r^u2aX{w+60CubfY-7A{{wgm+z;*r_keA%1-js7paVK1_$7D_
zJPy7Jx*!ArsDPj0EZ`Ba1sdRHum~2w`GC#{=zQQ?;6X484g<31H6Z`Ivl_qw1^yMV
zc?x~n=%~d}o0l~N;ZV+aZe4BkSFuSgQ9cl#UT9G{GKsi?EOS~}v=w30d+FV=GIuQ-
zxq|8>>7`-VQbZ+%g4M{LpJ><9-bclMep$7zB<^u}LoK8AOvP=quj?GWHZ0#!VN61N
zge2rwzCfU(M`$Ua0EUQ4fyNAdwZm7NE!E)}#Kby}_8}&|kW3g5PId|fx}2)2o!pGd
zXdrt~GJ`FQEIFO1FX3A`I}9XTv924TYnH}%X~XkuEHji%j8Vh=4|A2~Xw;56?-*{8
zABZwIb!HWtXN*(!v}2t)^o6#mOX%Q+9Xl#>k<f_bYH_A#Xpt^w28JUX%Gk7Mm}PaU
z6%V3c*x07F*K7)3tA(bC)vZw~W;%@X-g+_4JY#_=Hx*l0E@7oUj~whkStB+^zxLNu
zLLC_(ZENi60kb8YXf<RE=(W$Maf=nw8VkmTu;oCV=q6kxGiyf57<oL^N@v$#J(?O+
zysN&VV<V+6%pwkngmS+#wyHFgI&8m=qU}edqs+*Mv=qBL)>wpsB`=uskc*YjvhvWO
zxqyPVIu&*-!wR%fNwlpD(V5ITajfJexPG+V=`$848<mvCupuhYH#I$`M%7Uzs$#zd
zNaj(~3zIOToYC{EH0r_3G*(kBY$Nal8SnpJW*Rxmkf+djD{@g}kR3~%g<m0yeeos<
z)C-0TrlZO$aosT}c&NdQu>1;10TU;{^&T1}-C@#Z{66xu(eWf3KZXP1{)~RdhP-cQ
zdaEdQ6Lz2Tjw9+8VtUE<ykOeL#<NYg<FlJGPjAyU6DQH|ig;|t5D5`g5QeBVS_Nnc
z$d1z&2!5u8JeKwyh)lzy9CG=7Pf~^_cN%H&eqHp9J(Y6Wq`o0!dV-#j@U4kNXNqx%
zRzZ)%!A4qYbPyO7l+?K+t&>gCA&nI0=h)tul)~F3*jFuJ(IpKiSr(3A8?+j!wv^mE
zjLloqSD^t5{h$Q~)Y!%kG{LO;nWGf_+L0MxsZS}80{V^upE7m)>j=&(l>41hQI+O=
z-*i`1qr=NNoC&KnlY&Fxh~?IItw|NAX2vVk`k)<EKe$k9SO(TlP&r~$ba#amhdr*?
zM!bN$nTH1@si|M5u-GGgC>9aEqj6-O$aY6-Vc*d}XF|KNw!E~xVsxiCZKm<%6xxWE
zm?WKW0&SL(2>6g=__Af#<m-_>c*DTH4NAD8i<wMu98VAVbRlj#^=7)(7Nf>WQA>+P
zn+zLuo!)}T>G^}UDDVph>dBo)%1Z3y+34Xk56TE0x+6p<?IRTR4WW~cA{hpJRf)Tn
zG*P0<!#y0{mHB@9PTdct0|hl^l#s7G#-=DaMthxh?QZjgItppvN2cvlYRqSr8#4l@
z4Jx?A3de4pY!;mc?=5{MuT&Dna>olR9j<9~=)LMuqa~ai8hc1YQ9En@x2D9b7}QDX
z37%A${T#fg)FJ1g7<y}&cSvtIdBTB9#+$SLPp9-MVcBt(y;MymwS}AAZw$6LhM!8u
HX(Ig>3(~gr

diff --git a/cmd/flux/create_helmrelease.go b/cmd/flux/create_helmrelease.go
index 5a5f2c84..b4fdcdf1 100644
--- a/cmd/flux/create_helmrelease.go
+++ b/cmd/flux/create_helmrelease.go
@@ -109,19 +109,20 @@ var createHelmReleaseCmd = &cobra.Command{
 }
 
 type helmReleaseFlags struct {
-	name              string
-	source            flags.HelmChartSource
-	dependsOn         []string
-	chart             string
-	chartVersion      string
-	targetNamespace   string
-	createNamespace   bool
-	valuesFiles       []string
-	valuesFrom        flags.HelmReleaseValuesFrom
-	saName            string
-	crds              flags.CRDsPolicy
-	reconcileStrategy string
-	chartInterval     time.Duration
+	name                string
+	source              flags.HelmChartSource
+	dependsOn           []string
+	chart               string
+	chartVersion        string
+	targetNamespace     string
+	createNamespace     bool
+	valuesFiles         []string
+	valuesFrom          flags.HelmReleaseValuesFrom
+	saName              string
+	crds                flags.CRDsPolicy
+	reconcileStrategy   string
+	chartInterval       time.Duration
+	kubeConfigSecretRef string
 }
 
 var helmReleaseArgs helmReleaseFlags
@@ -140,6 +141,7 @@ func init() {
 	createHelmReleaseCmd.Flags().StringSliceVar(&helmReleaseArgs.valuesFiles, "values", nil, "local path to values.yaml files, also accepts comma-separated values")
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.valuesFrom, "values-from", helmReleaseArgs.valuesFrom.Description())
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.crds, "crds", helmReleaseArgs.crds.Description())
+	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.kubeConfigSecretRef, "kubeconfig-secret-ref", "", "the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster")
 	createCmd.AddCommand(createHelmReleaseCmd)
 }
 
@@ -194,6 +196,14 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if helmReleaseArgs.kubeConfigSecretRef != "" {
+		helmRelease.Spec.KubeConfig = &helmv2.KubeConfig{
+			SecretRef: meta.SecretKeyReference{
+				Name: helmReleaseArgs.kubeConfigSecretRef,
+			},
+		}
+	}
+
 	if helmReleaseArgs.chartInterval != 0 {
 		helmRelease.Spec.Chart.Spec.Interval = &metav1.Duration{
 			Duration: helmReleaseArgs.chartInterval,
diff --git a/cmd/flux/create_kustomization.go b/cmd/flux/create_kustomization.go
index ef55c23c..f808a99f 100644
--- a/cmd/flux/create_kustomization.go
+++ b/cmd/flux/create_kustomization.go
@@ -42,22 +42,21 @@ var createKsCmd = &cobra.Command{
 	Use:     "kustomization [name]",
 	Aliases: []string{"ks"},
 	Short:   "Create or update a Kustomization resource",
-	Long:    "The kustomization source create command generates a Kustomize resource for a given source.",
+	Long:    "The create command generates a Kustomization resource for a given source.",
 	Example: `  # Create a Kustomization resource from a source at a given path
-  flux create kustomization contour \
-    --source=GitRepository/contour \
-    --path="./examples/contour/" \
+  flux create kustomization kyverno \
+    --source=GitRepository/kyverno \
+    --path="./config/release" \
     --prune=true \
-    --interval=10m \
-    --health-check="Deployment/contour.projectcontour" \
-    --health-check="DaemonSet/envoy.projectcontour" \
+    --interval=60m \
+    --wait=true \
     --health-check-timeout=3m
 
   # Create a Kustomization resource that depends on the previous one
-  flux create kustomization webapp \
-    --depends-on=contour \
-    --source=GitRepository/webapp \
-    --path="./deploy/overlays/dev" \
+  flux create kustomization kyverno-policies \
+    --depends-on=kyverno \
+    --source=GitRepository/kyverno-policies \
+    --path="./policies/flux" \
     --prune=true \
     --interval=5m
 
@@ -65,7 +64,7 @@ var createKsCmd = &cobra.Command{
   flux create kustomization podinfo \
     --namespace=default \
     --source=GitRepository/podinfo.flux-system \
-    --path="./deploy/overlays/dev" \
+    --path="./kustomize" \
     --prune=true \
     --interval=5m
 
@@ -78,18 +77,19 @@ var createKsCmd = &cobra.Command{
 }
 
 type kustomizationFlags struct {
-	source             flags.KustomizationSource
-	path               flags.SafeRelativePath
-	prune              bool
-	dependsOn          []string
-	validation         string
-	healthCheck        []string
-	healthTimeout      time.Duration
-	saName             string
-	decryptionProvider flags.DecryptionProvider
-	decryptionSecret   string
-	targetNamespace    string
-	wait               bool
+	source              flags.KustomizationSource
+	path                flags.SafeRelativePath
+	prune               bool
+	dependsOn           []string
+	validation          string
+	healthCheck         []string
+	healthTimeout       time.Duration
+	saName              string
+	decryptionProvider  flags.DecryptionProvider
+	decryptionSecret    string
+	targetNamespace     string
+	wait                bool
+	kubeConfigSecretRef string
 }
 
 var kustomizationArgs = NewKustomizationFlags()
@@ -107,6 +107,7 @@ func init() {
 	createKsCmd.Flags().Var(&kustomizationArgs.decryptionProvider, "decryption-provider", kustomizationArgs.decryptionProvider.Description())
 	createKsCmd.Flags().StringVar(&kustomizationArgs.decryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createKsCmd.Flags().StringVar(&kustomizationArgs.targetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")
+	createKsCmd.Flags().StringVar(&kustomizationArgs.kubeConfigSecretRef, "kubeconfig-secret-ref", "", "the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster")
 	createKsCmd.Flags().MarkDeprecated("validation", "this arg is no longer used, all resources are validated using server-side apply dry-run")
 
 	createCmd.AddCommand(createKsCmd)
@@ -160,6 +161,14 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if kustomizationArgs.kubeConfigSecretRef != "" {
+		kustomization.Spec.KubeConfig = &kustomizev1.KubeConfig{
+			SecretRef: meta.SecretKeyReference{
+				Name: kustomizationArgs.kubeConfigSecretRef,
+			},
+		}
+	}
+
 	if len(kustomizationArgs.healthCheck) > 0 && !kustomizationArgs.wait {
 		healthChecks := make([]meta.NamespacedObjectKindReference, 0)
 		for _, w := range kustomizationArgs.healthCheck {