UX changes:
- Only print an error when a pod doesn't have a matching container
instead of exiting early.
- Return a non-zero status code when no pod is found at all.
Details:
In certain situations there might be 3rd-party pods running in the
Flux namespace that cause the command to fail streaming logs, e.g.
when they have multiple containers but none of them is called
`manager` (which all Flux-maintained pods do). An example of such a
situation is when Flux is installed with the 3rd-party Flux extension
on AKS.
The `logs` command is now more forgiving and merely logs an error in
these situations instead of completely bailing out. It still returns a
non-zero exit code.
For the parallel log streaming with `-f` the code is now a little more
complex so that errors are now written to stderr in parallel with all
other logs written to stdout. That's what `asyncCopy` is for.
refs #3944
Signed-off-by: Max Jonas Werner <mail@makk.es>
This is required because controller-runtime expects its consumers to
set a logger through log.SetLogger within 30 seconds of the program's
initalization. If not set, the entire debug stack is printed as an
error. Ref: https://github.com/kubernetes-sigs/controller-runtime/blob/ed8be90/pkg/log/log.go#L59
Since we have our own logging and don't care about controller-runtime's
logger, we configure it's logger to do nothing.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
- When there's an error stat'ing the output directory flux now prints
the error:
Before:
```
✗ invalid output path ./ro-dir/foo
```
After:
```
✗ invalid output path "./ro-dir/foo": stat ./ro-dir/foo: permission denied
```
- When no output directory is provided flux now explicitly says so in
the error:
Before:
```
✗ invalid output path
```
After:
```
✗ output path cannot be empty
```
Signed-off-by: Max Jonas Werner <mail@makk.es>
If implemented, user will be able to ignore files when using `build
kustomization` and `diff kustomization` both with .sourceignore and
`ignore-paths` flag.
Signed-off-by: Soule BA <bah.soule@gmail.com>
This change set implements support for the `--deploy-token-auth` option
in the `flux bootstrap gitlab` command.
That option will reconcile a GitLab Project Deploy Token to use for the
authentication of the GitLab git repository.
A GitLab Project Deploy Token can be used the same way as a Personal
Access Token which is already supported via `--token-auth`.
The difference with the GitLab Project Deploy Token is that the token is
managed (created, updated, deleted) by Flux and not provided by the
user.
This change is transparent to the source-controller.
A prerequisite for this change is the
`fluxcd/go-git-providers` change here:
* https://github.com/fluxcd/go-git-providers/pull/191
See related discussion here: https://github.com/fluxcd/flux2/discussions/3595
GitLab Issue here: https://gitlab.com/gitlab-org/gitlab/-/issues/392605
Signed-off-by: Timo Furrer <tuxtimo@gmail.com>
This adds a command to Flux which behaves similarly as `kubectl events`,
including the Flux sources events when showing events for top level
objects, thus making debugging easy for Flux users.
For example, `flux events --for kustomization/<name>` includes the
events of its source (e.g. a `GitRepository`, `OCIRepository` or
`Bucket`).
In addition, `flux events --for helmrelease/<name>` includes events of
the `HelmChart` and `HelmRepository`. While `flux events --for
alerts/<name>` includes the events of the `Provider`.
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
This is a backwards compatible change in terms of "YAML API", as they
spec still equals the previous one. Object type has just changed.
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
The `\b` in the regular expression ensures we only match with a
hexadecimal notation as awhole, while still allowing to match with
e.g. `sha1:...` which would not have been possible by using `\W`
as this includes `_`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
As the other version has a different signature, but exists for a
different build tag. Resulting in my IDE becoming absolutely confused
when I tried to enable both at the same time. Opted for "exec" because
this one shells out.
Signed-off-by: Hidde Beydals <hello@hidde.co>
As otherwise the `.golden` values can not be automatically updated using
`-update` as documented in `CONTRIBUTING.md`.
Also ensure we do not use `defer` but rather `t.Cleanup` in tests, as
this will always be called even if e.g. `t.Fatal` absruptly stops the
test.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Before:
```
$ flux get source git -A
✗ no GitRepository objects found in flux-system namespace
```
After:
```
$ flux get source git -A
✗ no GitRepository objects found in any namespace
```
Signed-off-by: Max Jonas Werner <max@e13.dev>
If this is implemented, it will not assume that access to a kubeconfig
is guaranteed even if just for retrieving configured namespace.
Signed-off-by: Soule BA <soule@weave.works>
Use default known_hosts and ssh configuration when no private key file
is provided while bootstraping using ssh.
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](https://github.com/fluxcd/flux2/issues/2825#issuecomment-1151355914)). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available.
This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`.
Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
I've noticed during CI, that the current command
already expected a configured Docker client to
push artifacts to authenticated registries.
Some users might not want to have the Docker client
in their process (like a CI job) or build an handcrafted
config.json file.
This would allow this kind of behavior:
```
flux push artifact oci://my-registry.dev/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--creds $TOKEN # Authenticate via "Bearer $TOKEN" Authorization header
```
Or via Autologin:
```
flux push artifact oci://012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--provider aws
```
This has been implemented for:
* flux push artifact
* flux list artifact
* flux tag artifact
* flux pull artifact
This will require another PR in https://github.com/fluxcd/pkg/pull/352
Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
* Added support for OCIRepositories to `flux trace`
* Changed indentation to compensate new, longer field name "Source
Revision"
* Added unit tests for the new output
closes#2970
Signed-off-by: Max Jonas Werner <max@e13.dev>
Max Jonas Werner
Sanskar Jaiswal
Somtochi Onyekwere
Horacio Granillo
Raffael Sahli
Stefan Prodan
fluxcdbot
Vincent Gillet
Matheus Pimenta
cui fliter
Soule BA
Santosh Kaluskar
Yiannis
Timo Furrer
Hidde Beydals
Hidde Beydals
Sunny
Max Jonas Werner
Kingdon Barrett
Soule BA
Boris Kreitchman
Philip Laine
Batuhan Apaydın
Carlos Nunez
Adrien Fillon
Daniel Holbach
Sven Nebel