Allow configuring the list of host key algorithms to use for
SSH connections initialized by the CLI during bootstrap.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/.
Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes making a lot of things configurable (e.g. SSH key
algorithm, RSA bit size, etc.) that used to be static.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit moves the `StatusChecker` to a separate package, while
making it more generic so that it is able to assess the status of any
given set of `object.ObjMetadata` identifiers.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.
Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.
Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.
Signed-off-by: Michael Bridgen <michael@weave.works>
Stefan Prodan
Rishikesh Nair
Somtochi Onyekwere
Max Jonas Werner
Sanskar Jaiswal
Hidde Beydals
Dmitry Rybin
jonathan-innis
Philip Laine
Léopold Jacquot
Michael Bridgen