Allow configuring the list of host key algorithms to use for
SSH connections initialized by the CLI during bootstrap.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Signed-off-by: toomaj <toomaj@tuta.io>
Set tokenAuth to true with withBearerToken
Signed-off-by: toomaj <toomaj@tuta.io>
Set breaderToken if tokenAuth & withBearerToken were set
Signed-off-by: toomaj <toomaj@tuta.io>
Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use default known_hosts and ssh configuration when no private key file
is provided while bootstraping using ssh.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](https://github.com/fluxcd/flux2/issues/2825#issuecomment-1151355914)). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available.
This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`.
Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
This change will allow user to bootstrap with http git urls
But user must explicitely set --allow-insecure-http=true
Signed-off-by: Vipul Newaskar <vipulnewaskar7@gmail.com>
Remove the overwrite of the repositoryURL.Host variable to include Git
servers deployed on non-standard https ports
Co-authored-by: Sebastián Vargas <develolux@gmail.com>
Signed-off-by: Alby Hernández <me@achetronic.com>
Signed-off-by: Alby Hernández <alby.hernandez@system73.com>
When a user provided the `--ca-file` flag to the `bootstrap` command,
the given CA file wasn't taken into account for cloning the repository
locally. It was just passed along to the CR that is created so Flux
can make use of it when cloning the repository in-cluster.
However, users may not want to add a custom CA to their local host's
trust chain and may expect the `--ca-file` flag to be respected also
for cloning the repository locally. This is what this commit
accomplishes.
closes#1775
Signed-off-by: Max Jonas Werner <mail@makk.es>
This changes the logic for the parsing of private keys, as already
done for the source-controller, so that it is able to recognize and
work with a wider range of key formats instead of returning a vague
error:
```console
$ flux bootstrap git [..]
✗ ssh: this private key is passphrase protected
```
A patch for this was already submitted and merged in `go-git/go-git`,
but is not made available in a release yet:
https://github.com/go-git/go-git/pull/298
Signed-off-by: Hidde Beydals <hello@hidde.co>
This removes the usage of Hostname() which does not honor configured SSH
port to be used.
Resolves: #1377
See also: #1101, #1102
Signed-off-by: Tobias Jakobsson <jakobsson.tobias@gmail.com>
As otherwise (comparisons to) cluster configuration will fail due to
Separator differences. Was already fixed for provider implementations.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This command makes it possible to bootstrap to a generic Git server
using the local SSH agent, or a given password or private key file.
If a private key is generated, the user is prompted to give the
generated key access to the repository.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan
toomaj
Somtochi Onyekwere
cui fliter
Max Jonas Werner
Sanskar Jaiswal
Boris Kreitchman
Philip Laine
Carlos Nunez
Vipul Newaskar
Chen Anidam
Alby Hernández
Jakob Schrettenbrunner
Hidde Beydals
Dmitry Rybin
Tobias Jakobsson