Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This command makes it possible to bootstrap to a generic Git server
using the local SSH agent, or a given password or private key file.
If a private key is generated, the user is prompted to give the
generated key access to the repository.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes making a lot of things configurable (e.g. SSH key
algorithm, RSA bit size, etc.) that used to be static.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- change links in cli docs to be relative (making mkdocs AND hugo happy)
- run 'make docs'
- fix other links
Signed-off-by: Daniel Holbach <daniel@weave.works>
This commit adds support for supplying a path to an existing private
key file to both the `flux create secret git` and `flux create source
git` commands.
If a path is given, any private key generation configuration options
are ignored by the manifest generator. The SSH host will however still
be scanned for server keys.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit moves the `StatusChecker` to a separate package, while
making it more generic so that it is able to assess the status of any
given set of `object.ObjMetadata` identifiers.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit changes the way the build of manifests is triggered by
making smarter use of the capabilities of Make. The result should be
that the manifests are only regenerated if:
1. There is no `cmd/flux/manifests/` directory.
2. There have been made changes to the YAML files in the `manifests/`
directory that are newer than the files in `cmd/flux/manifests/`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This was removed by accident in the PR that introduced the new
`manifestgen` packages, and now restored in full glory.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This fixes a bug on Windows where the safe relative path would contain
'\' slashes, which are not compatible with the controller.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This is the first release that includes a patch of the
`CachingClusterReader` so that it continues on all list errors.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This ensures the advertised version from e.g. GKE or EKS (for example
`v1.17.15-gke.800`) do not trigger a false warning.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This prints a warning if the user has internet access and is running
an older version of the binary.
It also replaces the `blang/semver` package with `pkg/version` and
`Masterminds/semver` to align with controller dependencies.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- deletes Flux components (deployments and services)
- deletes Flux RBAC (service accounts, cluster roles and cluster role bindings)
- removes the Kubernetes finalizers from Flux custom resources
- deletes Flux custom resource definitions and custom resources
- deletes the namespace where Flux was installed
- preserves the Kubernetes objects and Helm releases that were reconciled on the cluster by Flux
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- add singular alias to get commands
- allow filtering the get commands result by resource name
- add the image commands to mkdocs index
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
ImageRepository objects can now refer to a secret containing
certificates to use for TLS. This adds the flag
flux create image repository --cert-secret-ref
for naming a secret to use. You can create such a secret with
flux create secret tls
Signed-off-by: Michael Bridgen <michael@weave.works>
This fixes a bug where the wrong type was displayed for various
`get source` commands.
```console
$ flux get sources helm --namespace default
✗ no Bucket objects found in default namespace
```
Signed-off-by: Hidde Beydals <hello@hidde.co>
The image-reflector controller now accepts a secret containing a
client certificate and key, and/or a CA certificate; so it's useful to
have a command for creating them.
`flux create secret helm` is close, but accepts username/password
(which would be ignored), and has the wrong name of course. Happily
though, much can be shared between the implementations.
Signed-off-by: Michael Bridgen <michael@weave.works>
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
as the API changed and the default is now defined in the Custom
Resource Definition.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
controller-runtime methods now accept `client.Object` and
`client.ObjectList` rather than `runtime.Object`. This means the
adapter interfaces need to change signature, but happily, little else.
Since the list adapter is now distinct to the object adapter, `len()`
can go there instead of the command-specific interfaces.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
It's a common pattern in the create commands to construct a value,
then (if not exporting it) upsert it and wait for it to
reconcile. This commit factors `upsert`, which does the update/insert
bit, and `upsertAndWait`, which does the whole thing.
Since these output messages, they are methods of `apiType` (previously
`names`), so that they have access to the name of the kind they are
operating on.
Signed-off-by: Michael Bridgen <michael@weave.works>
Stefan Prodan
Hidde Beydals
Frank Gu
Daniel Holbach
Somtochi Onyekwere
Lucas Servén Marín
Gábor Lipták
tvories
Dylan Arbour
Michael Bridgen
Jonathan Innis
Philip Laine
Alexei Ledenev
Léopold Jacquot