Ensure also pods contain the relevant labels inherited from pared
Deployment object, this makes it easier to select and filter the pods
using the labels eg. when scraping for metrics.
Signed-off-by: Jiří Pinkava <j-pi@seznam.cz>
Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use the OS package to write the generated files on disk instead of Flux secure FS package which is meant for read operations.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.
Not handled in this commit:
- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
`kustomization.MakeDefaultOptions`. Problem here is that constructing
the secure FS could result in an error, which we can not surface
without signature changes to the constructor func.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Add ending dot to the events address to be consistent with source controller address.
This will affect bootstrap and install by setting `--events-addr=http://notification-controller.flux-system.svc.cluster.local./`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
To be used in a future version of Flux to better select Flux components
in a namespace, as the namespace value for the
`app.kubernetes.io/instance` could be used by non Flux related
workloads.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- introduce manifestgen pkg, to be consumed by the CLI and Terraform provider
- consolidate defaults in manifestgen/install pkg
- introduce Manifest as the returning type of manifest generation
- add helper function to Manifest for writing multi-doc YAMLs on disk
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Jiří Pinkava
Stefan Prodan
Hidde Beydals
Somtochi Onyekwere
Max Jonas Werner
Sanskar Jaiswal
Hidde Beydals
cuishuang
Paulo Gomes
Jack Evans
Pawel Rozlach
Dmitry Rybin
Léopold Jacquot
Sylvain Rabot