Commit Graph

56 Commits (3d1173a2cd3e050d2384694b892007d4dfcb9e2e)

Author SHA1 Message Date
Max Jonas Werner 52acac1a37
Add /v2 suffix to module name in preparation of 2.0.0 release
Signed-off-by: Max Jonas Werner <mail@makk.es>
3 years ago
Somtochi Onyekwere 24452ecd37
Update GitRepository Receiver, and Kustomization to v1
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Santosh Kaluskar 5a45d2b127
Create secret with bearer-token
Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com>
3 years ago
Stefan Prodan b44a3d36ba
Remove deprecated flags
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Sanskar Jaiswal 0a5048a56b refactor bootstrap process to use fluxcd/pkg/git
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
3 years ago
Philip Laine a4734d7e30 Remove file reading from bootstrap package
Signed-off-by: Philip Laine <philip.laine@gmail.com>
3 years ago
Somtochi Onyekwere 41aac68193
Add link to kubectl repo
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Somtochi Onyekwere fe4b65972a
Update cli description
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Somtochi Onyekwere 4c576bf599
Add create oci secret command
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Stefan Prodan 3f0efc9435
Update dependencies
- Update Kubernetes packages to v1.24
- Update go-yaml to v3.0.0 (fix CVE-2022-28948)
- Update fluxcd/pkg/runtime to v0.15.1

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Hidde Beydals 5130a154e4 Ensure proper FS root is set while bootstrapping
This ensures relative paths to e.g. bases can be used.

Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
Sanskar Jaiswal 7232ff9ea0 modify tmp dir generation to be absolute on all OSes
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
4 years ago
Stefan Prodan b9fbdfc9a4
Fix bootstrap manifest generation
Use the OS package to write the generated files on disk instead of Flux  secure FS package which is meant for read operations.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Hidde Beydals 57442e8faa kustomize: use FS from `fluxcd/pkg`
This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.

Not handled in this commit:

- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
  `kustomization.MakeDefaultOptions`. Problem here is that constructing
  the secure FS could result in an error, which we can not surface
  without signature changes to the constructor func.

Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Paulo Gomes e5ede275f8 Update Source API to v1beta2
The creation of oldConditions, statusableConditions and
reconcilableConditions is an adhoc solution to deal with the upstream
changes on `pkg/apis/meta`, which are yet to be replicated across other
Flux API components.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
4 years ago
Stefan Prodan 139bbbb87c
Use absolute domain name for the events address
Add ending dot to the events address to be consistent with source controller address.
This will affect bootstrap and install by setting `--events-addr=http://notification-controller.flux-system.svc.cluster.local./`.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
cuishuang 1fda202cf9 all: fix some typos
Signed-off-by: cuishuang <imcusg@gmail.com>
4 years ago
Paulo Gomes f7853c4ddf
Enable pod security warnings for flux-system
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
4 years ago
Aurel Canciu f3d143e5ee
Update Go to v1.17
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
4 years ago
Jack Evans 923a5882de
make flux bootstrap and install generation more consistent
Signed-off-by: Jack Evans <jack.evans1@ibm.com>
4 years ago
Stefan Prodan 04faba95cd
Add DO NOT EDIT warn to bootstrap sync manifests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Pawel Rozlach 8ec5492d87
fix: use full domain name for notification-controller
Signed-off-by: Pawel Rozlach <vespian@users.noreply.github.com>
4 years ago
Stefan Prodan d5d8c340c8
Switch to app.kubernetes.io/part-of label selector
Use `app.kubernetes.io/part-of: flux` label instead of `app.kubernetes.io/instance` to select the in-cluster objects used in flux version, check, logs and uninstall commands.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 0b659e3f09
Update kustomize-controller API to v1beta2
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 83c3e8c2fc
Replace kubectl with Go server-side apply
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Phil Nichol ac7ccf7b94 added tag,semver,commit to manifestgen
Signed-off-by: Phil Nichol <35630607+philnichol@users.noreply.github.com>
4 years ago
Chanwit Kaewkasi 8f78263455 implement testEnv for e2e tests
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
4 years ago
Dmitry Rybin 7f425efa6b chore: remove deprecated io/ioutil
Signed-off-by: Dmitry Rybin <ayrowa@yandex.ru>
4 years ago
Stefan Prodan a6620e478a
Update to Kustomize v4
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Somtochi Onyekwere 328d403507 Set password in secret
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Hidde Beydals 5f9dd7a5a5 Correctly load private key by not decoding PEM 2x
Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan b872e595ae
Add recurse submodules arg to bootstrap cmd
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals 9055e753a9 Add `app.kubernetes.io/part-of: flux` label
To be used in a future version of Flux to better select Flux components
in a namespace, as the namespace value for the
`app.kubernetes.io/instance` could be used by non Flux related
workloads.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals 8a5bba80bf Add `sourcesecret` and `kustomization` manifestgen
This includes a change to the `sync` generator to make the deploy
secret name configurable.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan 6003d11156
Embed the install manifests in flux binary
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals 9b649f6c72 Check if targeted bootstrap/install version exists
Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan bc9cbc387c
Add flux version to bootstrap commit messages
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 37f5587085
Allow Flux to be deployed on tainted Kubernetes nodes
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 4c29a1ca27
Replace SA namespace in RBAC
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 8f8c7cccc6
Add SA namespace to RBAC
Fix flux install when not all controllers have been selected

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals ac6c6e3a30 Incorporate required API changes
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
  from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
  as the API changed and the default is now defined in the Custom
  Resource Definition.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals a260403334 Remove GitImplementation default
As the field in the CRD is optional.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals 207c50ceac Deprecate arch flags in favor of multi-arch images
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.

Summary of changes:

* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
  of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
  removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
  `manifestgen/install`.
* Documentation references have been changed to highlight existence
  of multi-arch images and supported architectures.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Philip Laine 3b249dfe69 Change default to use const
Signed-off-by: Philip Laine <philip.laine@gmail.com>
5 years ago
Philip Laine d236a9af57 Add git implementation to generate sync options
Signed-off-by: Philip Laine <philip.laine@gmail.com>
5 years ago
Somtochi Onyekwere daeb41c31b Uses path instead of filepath
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Somtochi Onyekwere dd0b807fe4 Validates components set
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Hidde Beydals 5ea4e814f5 Add safe guards for relative paths
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.

The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.

The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Léopold Jacquot 4d7df52dbe Add cluster-domain option for bootstrap command
Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
5 years ago
Stefan Prodan 6280fbce17
Update kustomize/api to v0.7.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago