This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.
Not handled in this commit:
- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
`kustomization.MakeDefaultOptions`. Problem here is that constructing
the secure FS could result in an error, which we can not surface
without signature changes to the constructor func.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The creation of oldConditions, statusableConditions and
reconcilableConditions is an adhoc solution to deal with the upstream
changes on `pkg/apis/meta`, which are yet to be replicated across other
Flux API components.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
When running bootstrap in-parallel for many clusters that target the same repository, the 2nd commit with the sync files fails with ` non-fast-forward update`. We now detect the conflict, and we retry the operations by creating a fresh clone from upstream.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If implemented, there will a common interface to print flux resource.
We are adding new way to print resource information e.g. diff of
objects.
Signed-off-by: Soule BA <soule@weave.works>
This commit migrate to the last version of pkg/ssa v0.14.1 that contains a fix
for stringData secrets. The test case was changed accordingly to
validate a stringData drift.
A progress-bar flag option has also been added in order to be able to
disable it.
Signed-off-by: Soule BA <soule@weave.works>
- in `flux bootstrap` and `flux create kustomization` etc.
- E.g. for example `--path=.flux` should work now
- Previous behaviour is to strip off any leading "." and leave you with
"./flux" in the kustomizations / folder structure generated by `flux
bootstrap`
Signed-off-by: Simon Howe <footless@gmail.com>
If implemented, flux diff kustomization will managed correctly sops
managed dockerconfigjson secrets.
Sops encrypted secret with stringData maps are supported too.
Signed-off-by: Soule BA <soule@weave.works>
If implemented, when an error happens when dry-running an object, we
return early. This match pkg ssa implementation
Signed-off-by: Soule BA <soule@weave.works>
If implemented, calling the diff command on kustomization will return 0,
1(if changes are identified), >1 for errors.
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build the overlay.
It will then ssa-dry-run apply and output the diff using homeport/dyff
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build
the overlay.
Signed-off-by: Soule BA <soule@weave.works>
The new command set is:
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
There is a parity in the capabilities with the other providers.
Signed-off-by: Soule BA <soule@weave.works>
The `flux tree kustomization` command prints the resources reconciled by the given Kustomization.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
When a user provided the `--ca-file` flag to the `bootstrap` command,
the given CA file wasn't taken into account for cloning the repository
locally. It was just passed along to the CR that is created so Flux
can make use of it when cloning the repository in-cluster.
However, users may not want to add a custom CA to their local host's
trust chain and may expect the `--ca-file` flag to be respected also
for cloning the repository locally. This is what this commit
accomplishes.
closes#1775
Signed-off-by: Max Jonas Werner <mail@makk.es>
Remove use of the fake client, and replace with a real client connected to the
testEnv.
This required fixes to the yaml files as the testEnv has stricter verifcation
of objects. This also meant it was not possible to test a GitRepository with
a missing artifact since that is not a valid state.
The tests are slower than before, taking around 7-10 seconds each because the
testEnv is setup and destroyed for every test. These will be sped up in a
follow up PR.
Signed-off-by: Allen Porter <allen@thebends.org>
The new flag fetch and display the request ressource and then continue
watching the ressource until timeout or cancellation.
A single ressource/ressource type is supported.
Signed-off-by: Soule BA <soule@weave.works>