Add an optional flag called `--registry-creds` to the bootstrap
command for generating an image pull secret for container images
stored in private registries.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use the OS package to write the generated files on disk instead of Flux secure FS package which is meant for read operations.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.
Not handled in this commit:
- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
`kustomization.MakeDefaultOptions`. Problem here is that constructing
the secure FS could result in an error, which we can not surface
without signature changes to the constructor func.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Add ending dot to the events address to be consistent with source controller address.
This will affect bootstrap and install by setting `--events-addr=http://notification-controller.flux-system.svc.cluster.local./`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
To be used in a future version of Flux to better select Flux components
in a namespace, as the namespace value for the
`app.kubernetes.io/instance` could be used by non Flux related
workloads.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- introduce manifestgen pkg, to be consumed by the CLI and Terraform provider
- consolidate defaults in manifestgen/install pkg
- introduce Manifest as the returning type of manifest generation
- add helper function to Manifest for writing multi-doc YAMLs on disk
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan
Hidde Beydals
Somtochi Onyekwere
Max Jonas Werner
Sanskar Jaiswal
Hidde Beydals
cuishuang
Paulo Gomes
Jack Evans
Pawel Rozlach
Dmitry Rybin
Léopold Jacquot
Sylvain Rabot