If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](https://github.com/fluxcd/flux2/issues/2825#issuecomment-1151355914)). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available.
This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`.
Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
I've noticed during CI, that the current command
already expected a configured Docker client to
push artifacts to authenticated registries.
Some users might not want to have the Docker client
in their process (like a CI job) or build an handcrafted
config.json file.
This would allow this kind of behavior:
```
flux push artifact oci://my-registry.dev/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--creds $TOKEN # Authenticate via "Bearer $TOKEN" Authorization header
```
Or via Autologin:
```
flux push artifact oci://012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--provider aws
```
This has been implemented for:
* flux push artifact
* flux list artifact
* flux tag artifact
* flux pull artifact
This will require another PR in https://github.com/fluxcd/pkg/pull/352
Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
* Added support for OCIRepositories to `flux trace`
* Changed indentation to compensate new, longer field name "Source
Revision"
* Added unit tests for the new output
closes#2970
Signed-off-by: Max Jonas Werner <max@e13.dev>
Implement build, push, pull and tag artifact commands.
For authentication purposes, all `flux <verb> artifact` commands are using the '~/.docker/config.json' config file and the Docker credential helpers.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This sets the container to `manager` which is used by all Flux
controllers as the container name.
The other options I thought about were selecting the first, or doing
something with image detection. But both can be sensitive to either
users adding their patch as a first entry, or e.g. mirroring the image
to a different name.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Allow specifying the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This change will allow user to bootstrap with http git urls
But user must explicitely set --allow-insecure-http=true
Signed-off-by: Vipul Newaskar <vipulnewaskar7@gmail.com>
A new --ignore-paths flag is added to following commands:
flux create source git --ignore-paths ...
flux create source bucket --ignore-paths ...
A StringSliceVar is used which supports specifying the flag multiple
times to populate a list or either a comma seperated string value
A unit test with a golden file is added to validate the flag
Signed-off-by: Tarun Gupta Akirala <takirala@users.noreply.github.com>
The output of `kubectl version` has changed with newer kubectl version
from
```
{
"serverVersion": ...,
"clientVersion": ...
}
```
to
```
{
"serverVersion": ...,
"clientVersion": ...,
"kustomizeVersion": ...
}
```
So the `kustomizeVersion` field is new which causes the JSON
unmarshaling to fail.
We now just unmarshal it to `map[string]interface{}` and peel the
server git version out of that map manually w/o unmarshalling the JSON
into a custom type.
Signed-off-by: Max Jonas Werner <mail@makk.es>
If implemented this fixes a bug where retrieving the groupVersion.Group
of a kustomization were returning an empty string.
Signed-off-by: Soule BA <soule@weave.works>
This ensures the command will wait for the object to report a Ready
Condition with an ObservedGeneration matching the Generation of the
resource. Ensuring that when a "create" is actually a mutation, it waits
instead of prematurely assuming the Source to be Ready.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The creation of oldConditions, statusableConditions and
reconcilableConditions is an adhoc solution to deal with the upstream
changes on `pkg/apis/meta`, which are yet to be replicated across other
Flux API components.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
If implemented, there will a common interface to print flux resource.
We are adding new way to print resource information e.g. diff of
objects.
Signed-off-by: Soule BA <soule@weave.works>
Add a template values check in the `assertGoldenTemplateFile()` function
to only update golden files if they aren't templates. A note is printed
when an update to a template golden file is needed and `-update` flag
can't update it.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Message content could be long compared to other fields. Moving it to
the end helps improve the visibility of the other fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit migrate to the last version of pkg/ssa v0.14.1 that contains a fix
for stringData secrets. The test case was changed accordingly to
validate a stringData drift.
A progress-bar flag option has also been added in order to be able to
disable it.
Signed-off-by: Soule BA <soule@weave.works>
The TestTrace/Deployment and TestTrace/HelmRelease test cases fail in
environments where the timezone isn't UTC, because they compare a local time
string to the golden file, which has time in UTC. Here is an example:
```
--- FAIL: TestTrace (0.12s)
--- FAIL: TestTrace/Deployment (0.08s)
main_test.go:337: Mismatch from golden file 'testdata/trace/deployment.golden': Mismatch from expected value (-want +got):
strings.Join({
... // 88 identical bytes
" Flux\n---\nHelmRelease: podinfo\nNamespace: podinfo-8\nRevi",
"sion: 6.0.0\nStatus: Last reconciled at 2021-07-16 ",
- "15:42:20 +0000 UTC",
+ "09:42:20 -0600 MDT",
"\nMessage: Release reconciliation succeeded\n---\nHelmChart:",
" podinfo-podinfo\nNamespace: flux-system-9\nChart: ",
" podinfo\nVersion: 6.0.0\nRevision: 6.0.0\nStatus: ",
" Last reconciled at 2021-07-16 ",
- "15:32:09 +0000 UTC",
+ "09:32:09 -0600 MDT",
"\nMessage: Fetched revision: 6.0.0\n---\nHelmRepository: pod",
"info\nNamespace: flux-system-9\nURL: https://stefa",
"nprodan.github.io/podinfo\nRevision: 8411f23d07d3701f0e96e7",
"d9e503b7936d7e1d56\nStatus: Last reconciled at 2021-07-",
- "1",
"1",
- " 00:25:46 +0000 UTC",
+ "0 18:25:46 -0600 MDT",
"\nMessage: Fetched revision: 8411f23d07d3701f0e96e7d9e503b",
"7936d7e1d56\n",
}, "")
```
This commit fixes the issue by converting the golden test times to local
time before comparing. The utility function toLocalTime() is added to
trace_test.go, and then it is used to provide localized times as
template parameters to the golden files.
Signed-off-by: Andrew Jenkins <andrew@aspenmesh.io>
If implemented, flux diff kustomization will managed correctly sops
managed dockerconfigjson secrets.
Sops encrypted secret with stringData maps are supported too.
Signed-off-by: Soule BA <soule@weave.works>
If implemented, calling the diff command on kustomization will return 0,
1(if changes are identified), >1 for errors.
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build the overlay.
It will then ssa-dry-run apply and output the diff using homeport/dyff
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build
the overlay.
Signed-off-by: Soule BA <soule@weave.works>
It now accepts arguments in the forms <resource>/<name>
and <resource> <name> instead of requiring api version and
kind as flags.
Signed-off-by: Jakob Schrettenbrunner <jakob.schrettenbrunner@telekom.de>
Remove the overwrite of the repositoryURL.Host variable to include Git
servers deployed on non-standard https ports
Co-authored-by: Sebastián Vargas <develolux@gmail.com>
Signed-off-by: Alby Hernández <me@achetronic.com>
Signed-off-by: Alby Hernández <alby.hernandez@system73.com>
This fixes a styling issue:
```
$ flux --help
Command line utility for assembling Kubernetes CD pipelines the GitOps
way.
Usage:
flux [command]
...
Available Commands:
...
suspend Suspend resources
trace trace an in-cluster object throughout the GitOps delivery
pipeline
uninstall Uninstall Flux and its custom resource definitions
...
```
Signed-off-by: Hidde Beydals <hello@hidde.co>
The new command set is:
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
There is a parity in the capabilities with the other providers.
Signed-off-by: Soule BA <soule@weave.works>
bufio's reader.ReadString includes any CRLF characters and we don't
want these in the resulting token because this leads to errors in the
authentication like this:
```
✗ failed to get Git repository
"https://github.com/kingdon-ci/jenkins-infra": Get
"https://api.github.com/repos/kingdon-ci/jenkins-infra": net/http:
invalid header field value "Bearer gho_NNNNNsecrettokenMMMMM\n" for
key Authorization
```
Signed-off-by: Max Jonas Werner <mail@makk.es>
This change adds functionality to both, `bootstrap github` and
`bootstrap gitlab` to prompt the user for the personal access tokens
if those can't be derived from the shell environment. Echoing is
turned off for better privacy.
Instead of having to interactively type the token or manually paste it
from the clipboard, users can also pipe it to Flux which comes in
handy e.g. when executing Flux remotely over an SSH connection:
```
$ echo 'asdf' | flux bootstrap github
```
Otherwise, Flux will prompt the user:
```
$ flux bootstrap github
Please type your GitHub personal access token:
```
closes#2011
Signed-off-by: Max Jonas Werner <mail@makk.es>
Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/.
Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use `app.kubernetes.io/part-of: flux` label instead of `app.kubernetes.io/instance` to select the in-cluster objects used in flux version, check, logs and uninstall commands.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
While fixing an unrelated issue, I noticed:
✗ GitRepository reconciliation failed: ''PGP public keys secret error: expected pointer, but got nil
the single quote should surround the readyCond.Message
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
The `flux tree kustomization` command prints the resources reconciled by the given Kustomization.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>