Commit Graph

254 Commits (431815214116ddf6cad448fb53a030299f7e8815)

Author SHA1 Message Date
Hidde Beydals b903cd5b68 Check for new Flux binary version
This prints a warning if the user has internet access and is running
an older version of the binary.

It also replaces the `blang/semver` package with `pkg/version` and
`Masterminds/semver` to align with controller dependencies.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals 890b5c5202 Use label selector to check components
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals 73b8a26850 Validate if only 1 image policy selector is given
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan aa533b28fb
Add caFile to create source/secret git commands
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Hidde Beydals 9d70e09a57 Add numeric selector to create image policy cmd
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan 0f1d27f1e6
Remove network policies on uninstall
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 850ab0942b
Implement uninstall dry run
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan f5ae8f44b4
Refactor flux uninstall command
- deletes Flux components (deployments and services)
- deletes Flux RBAC (service accounts, cluster roles and cluster role bindings)
- removes the Kubernetes finalizers from Flux custom resources
- deletes Flux custom resource definitions and custom resources
- deletes the namespace where Flux was installed
- preserves the Kubernetes objects and Helm releases that were reconciled on the cluster by Flux

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Michael Bridgen bc45a79b92 Give more explanation for --personal flag
Signed-off-by: Michael Bridgen <michael@weave.works>
Stefan Prodan bc9cbc387c
Add flux version to bootstrap commit messages
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 37f5587085
Allow Flux to be deployed on tainted Kubernetes nodes
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 1256bbfbaf
Fix bootstrap status check timeout
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Jonathan Innis eb7102ecac
Adding extract pattern validation
Signed-off-by: Jonathan Innis <jonathan.innis.ji@gmail.com>
jonathan-innis 3f0cb1637c
Add select-alpha and extract to create policy
Signed-off-by: jonathan-innis <jonathan.innis.ji@gmail.com>
Stefan Prodan a5fa731545
Add support for getting resources by name
- add singular alias to get commands
- allow filtering the get commands result by resource name
- add the image commands to mkdocs index

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 3dd574ee51
Add support for multiple values files to create hr
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Michael Bridgen cc7b7b0689 Give examples of create image repository
Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 5df8e05d1a Give image repository a cert-secret-ref flag
ImageRepository objects can now refer to a secret containing
certificates to use for TLS. This adds the flag

    flux create image repository --cert-secret-ref

for naming a secret to use. You can create such a secret with

    flux create secret tls

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 75ab28ee5d Rename flux delete auto to flux delete image
This slipped through the auto->image change made in the course of
preparing .

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 1e6be99c36 Correct spelling of repository in error
Signed-off-by: Michael Bridgen <michael@weave.works>
Stefan Prodan e055c9ddc1
Refactor components status check
- run install/bootstrap checks in parallel (1m timeout)
- list not found components

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
jonathan-innis d5ad26c934
Change failed message for bootstrap
Signed-off-by: jonathan-innis <jonathan.innis.ji@gmail.com>
jonathan-innis 144b7cd922
Update errors returned to user
Signed-off-by: jonathan-innis <jonathan.innis.ji@gmail.com>
jonathan-innis b528428d02
Add kstatus to install and check commands
Signed-off-by: jonathan-innis <jonathan.innis.ji@gmail.com>
jonathan-innis b3d7730e79
Use status polling in bootstrap command
Signed-off-by: jonathan-innis <jonathan.innis.ji@gmail.com>
Stefan Prodan 4fd5684277
Fix create secret commands
Regression bug introduced in https://github.com/fluxcd/flux2/pull/788

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Somtochi Onyekwere b8a215230c refactor resume command
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere 5df8f7313c Refactor reconcile commands
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere ef579fe596 Refactor suspend commands
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere 1f1c8286a5 Refactor delete command for kustomizations, sources and helmreleases
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Hidde Beydals 69294ef56d Use correct type in various get source commands
This fixes a bug where the wrong type was displayed for various
`get source` commands.

```console
$ flux get sources helm --namespace default
✗ no Bucket objects found in default namespace
```

Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals 68d0be3818 Set source namespace when reconciling with source
Signed-off-by: Hidde Beydals <hello@hidde.co>
Michael Bridgen 263c664acd Factor out more common secrets command code
Making the secret without data is always the same, so factor that out.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen b12c4c22fb Add command for creating TLS secrets
The image-reflector controller now accepts a secret containing a
client certificate and key, and/or a CA certificate; so it's useful to
have a command for creating them.

`flux create secret helm` is close, but accepts username/password
(which would be ignored), and has the wrong name of course. Happily
though, much can be shared between the implementations.

Signed-off-by: Michael Bridgen <michael@weave.works>
Somtochi Onyekwere 65a2c87b5a Refactor get cmd for kustomization and helmrelease
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere 584f0eea58 Refactor get source commands
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Hidde Beydals ac6c6e3a30 Incorporate required API changes
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
  from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
  as the API changed and the default is now defined in the Custom
  Resource Definition.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Somtochi Onyekwere a7586e69fd Refactor cmd global variables into structs
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Hidde Beydals 9e1db06936 Move Git implementation validation to custom flag
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals a260403334 Remove GitImplementation default
As the field in the CRD is optional.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan bcdce02b78
Add image tags regex filter arg to policy command
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 2f0835b655
Make branch arg required for image updates
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan f6fa468acb
Use reconcile request annotation
Replace deprecated `ReconcileAtAnnotation` annotation with `ReconcileRequestAnnotation`

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Hidde Beydals 207c50ceac Deprecate arch flags in favor of multi-arch images
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.

Summary of changes:

* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
  of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
  removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
  `manifestgen/install`.
* Documentation references have been changed to highlight existence
  of multi-arch images and supported architectures.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Somtochi Onyekwere 406601eead Update pkg/git to v0.2.2
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Philip Laine d236a9af57 Add git implementation to generate sync options
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Michael Bridgen cafce536bb Rename asRuntime* -> asClient*
For the avoidance of misdirection.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen d03280a12f Update to controller-runtime 0.7.0
controller-runtime methods now accept `client.Object` and
`client.ObjectList` rather than `runtime.Object`. This means the
adapter interfaces need to change signature, but happily, little else.

Since the list adapter is now distinct to the object adapter, `len()`
can go there instead of the command-specific interfaces.

Signed-off-by: Michael Bridgen <michael@weave.works>
Somtochi Onyekwere 4fcf93306a Gets actual path for owner
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Stefan Prodan 331ac3f031
Add create secret helm command
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan febedaad8f
Map ecdsa/ed25519 args to create secret
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Somtochi Onyekwere 3a4a2002d4 Corrects typo
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere b8d4af5538 Inform user of path being used
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere 0646538cef Checks if bootstrap path differs
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere 61129c6b6a Coverts backward slash to forward slash in path flag
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere f1cfae8f26 Validates project name for gitlab
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Somtochi Onyekwere dd0b807fe4 Validates components set
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Alexei Ledenev 69387fd2a4 Support check command with multiple config files
Resolves: 
Signed-off-by: Alexei Ledenev <alexei.led@gmail.com>
Hidde Beydals 22e26efec1 Fix zsh completion command example
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals 5ea4e814f5 Add safe guards for relative paths
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.

The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.

The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan 8efe053ffa
Fix cluster domain mapping
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Léopold Jacquot 4d7df52dbe Add cluster-domain option for bootstrap command
Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
Michael Bridgen 0e35c209d9 Factor out upsert and upsertAndWait
It's a common pattern in the create commands to construct a value,
then (if not exporting it) upsert it and wait for it to
reconcile. This commit factors `upsert`, which does the update/insert
bit, and `upsertAndWait`, which does the whole thing.

Since these output messages, they are methods of `apiType` (previously
`names`), so that they have access to the name of the kind they are
operating on.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 3b9b2cbe9f Reuse isReady from create_image commands
I implemented the isReady procedure for adapters for resume -- use it
in create too.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 45240bdb71 Rename "auto" subcommands to "image"
This means all the sub-subcommands can drop the `image-` prefix,
making them shorter and more fluent.

E.g.,

    flux create image policy

rather than

    flux create auto image-policy

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 22a5ac7f0f Standardise the names of types
Most commands use either a kind, or a more readable spelling of a
kind, in their output. To make this easier, this centralises the
definition of those names in one place, and lets the command
implementations choose whichever they need.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen d55d185044 Implement suspend, resume, reconcile image-update
.. and refactor. These are all amenable to the adapter refactoring
that has served well so far.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 2bb09697ce Centralise adapter types
Since the generic commands tend to share a few of the methods they
need -- at least AsClientObject -- it's worth having just one wrapper
struct for each API type, and adding methods to it where necessary.

For the automation types, I put these in auto.go.

While doing this I also did some tidying:

 - I changed the name of the wrappers to `<type>Adapter`, and the
   generic adapter to `universalAdapter` (it's only needed for delete,
   so far).

 - I de-exported and renamed some interface methods e.g.,
   `exportItem`. They aren't needed outside the package.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen f316aff2d3 Add delete, export, get image-update
This uses the established abstractions to implement the usual
subcommands for the ImageUpdateAutomation type.

I've called the sub-subcommand in each case `image-update`, as a
fairly safe shorthand for the much longer `image-update-automation`.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 433628791b Add create auto image-update command
This adds the create subcommand, without attempting any refactoring.

NB the TODO: the image/v1alpha1 API does not yet export a const for
the name of the kind. The field `RunInterval` will likely be changed
to `Interval` (with a value field), at some point, too.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 4f52b77563 Factor out export command control flow
The export command works the same way for most (all?) types. I have
made it generic and moved it into export.go, then ported
{export,create}_auto_image{repository,policy}.go to use it.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 52145c045d Add delete image-policy and refactor
This adds a command for deleting ImagePolicy objects. Since the
control flow for the command needs only a runtime.Object (and a name
for the type), it can be factored out.

I have made the argument (field in the deleteCommand struct) an
interface `objectContainer`, through which the command code gets a
`runtime.Object` to deserialise into (and delete). It could be simply
a `runtime.Object` here; however things like `getCommand` require
other methods, so it's convenient to have an interface for it.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 512761080e Add get auto image-policy and refactor
This factors the get command implementation so that the control flow
is generic and relies on a handful of methods, then uses that to add
`get auto image-policy` and to rewrite `get auto image-repository`.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 037a5b71fd Add {create,export} auto image-policy
Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen b66bdec61a Add subcommands for image-repository
This adds all the standard subcommands for the ImageRepository type.

Following `source`, I have put them under a namespace: `auto`,
referring to automation.

NB For `create` I use controllerutil.CreateOrUpdate, which looks to me
like a slightly more rounded version of the upsert* funcs.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 4abe69f90a Give flux bootstrap the extra components flag
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.

Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.

Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.

Signed-off-by: Michael Bridgen <michael@weave.works>
Michael Bridgen 75023011d3 Add argument for adding to default install
If you want to install the default set of controllers and the image-*
controllers, at present you have to list every single one of them.

An improvement on this is to let people specify what they want _in
addition_ to the default controllers. This commit adds an argument
`--extra-components` which appends to the (most likely, default value)
slice of `--components`.

Signed-off-by: Michael Bridgen <michael@weave.works>
Philip Laine 82b74d8689 Add git implementation flag and note about Azure DevOps
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Hidde Beydals 88a890d717 Log to stderr
This commit refactors the `printLogger` into a `stderrLogger` that
properly logs to `os.stderr` instead of `os.stdout`.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan cd87fbba0d
Fix create secret for Git over HTTP/S
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 9867c4baf0
Add create secret git command
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan af0c939302
Add labels to generated secrets
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan c813eaf6d1
Do not try to reconcile a suspended object
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan ffdaa9dfe9
Fix tenant service account binding
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan d2df9ccf33
Add service account arg to create commands
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 567ce7f987
Add suspend status to get sources commands
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan e7ff319685
Add resume source commands
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 072138deff
Add suspend source commands
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan c02fbc2794
Set kubecontext and kubeconfig for kubectl exec
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan a8e5876b2e
Add create tenant to CLI docs
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 8273851b73
Add service accounts to tenant command
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 48bed79439
Add values-from arg to create helmrelease cmd
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Hidde Beydals 3c8716f6ac Utilize LastHandledReconcileAt for reconcile cmds
Signed-off-by: Hidde Beydals <hello@hidde.co>
Aurel Canciu 53a1db0703
Adjustments to support new sa name in kustomize
Supporting changes in 

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
Aurel Canciu 2a789ec705
Refactor to adopt k8s standardized Condition type
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
RossyWhite 02bcb4ff3c Fix --dry-run option
Signed-off-by: RossyWhite <daikishiroi@gmail.com>
Stefan Prodan ba34a6d401
Fix GitHub bootstrap with token auth
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 7792cd6a10
Add token authentication option to bootstrap
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Sebastian Karasek c41487598e
Fix create tenant command export
Signed-off-by: Sebastian Karasek <sebastian@karasek.io>
Stefan Prodan e6b84c4cfc
List components images in check cmd
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan 9f7835d818
Add target namespace to create ks cmd
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Sylvain Rabot 78d7dca985
Add a --context option
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
Hidde Beydals 0bf52f4746 Change `fluxcd/toolkit` to `fluxcd/flux2`
Signed-off-by: Hidde Beydals <hello@hidde.co>
Hidde Beydals e2752e4508 Rename `gotk` binary to `flux`
Signed-off-by: Hidde Beydals <hello@hidde.co>