The trace command allows Flux users to point the CLI to a Kubernetes object in-cluster and get a detailed report about the GitOps pipeline that manages that particular object.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This includes an introduction of a `--pass-credentials` flag for the
`flux create source helm` command to allow configuring the new
option introduced.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This changes the logic for the parsing of private keys, as already
done for the source-controller, so that it is able to recognize and
work with a wider range of key formats instead of returning a vague
error:
```console
$ flux bootstrap git [..]
✗ ssh: this private key is passphrase protected
```
A patch for this was already submitted and merged in `go-git/go-git`,
but is not made available in a release yet:
https://github.com/go-git/go-git/pull/298
Signed-off-by: Hidde Beydals <hello@hidde.co>
This removes the usage of Hostname() which does not honor configured SSH
port to be used.
Resolves: #1377
See also: #1101, #1102
Signed-off-by: Tobias Jakobsson <jakobsson.tobias@gmail.com>
Remove the default branch value from `flux create source git` and validate that one of the ref options are specified.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
StringSliceVar allows for more flexibility when passing vars to list
flags.
Both formats will be supported:
- '--foo=one --foo=two'
- '--foo=one,two'
Signed-off-by: Claudia Beresford <claudiaberesford@gmail.com>
As otherwise (comparisons to) cluster configuration will fail due to
Separator differences. Was already fixed for provider implementations.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The behavior introduced during the introduction of go-git-providers
was more strict, and has proven pretty quickly to not be useful to
all users. Therefore, the reconciliation behavior for repository
configuration has been put behind an opt-in flag, so that it does
not overwrite people their configs by accident.
Signed-off-by: Hidde Beydals <hello@hidde.co>
To highlight the fact that it configures the repository as defined,
which was not _really_ clear to some users and has resulted in public
repositories accidentally being changed to private (losing important
goodies like stars and linked forks).
Discussion on this is ongoing and there will likely be other
improvements in the near future to protect users against this.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This command makes it possible to bootstrap to a generic Git server
using the local SSH agent, or a given password or private key file.
If a private key is generated, the user is prompted to give the
generated key access to the repository.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes making a lot of things configurable (e.g. SSH key
algorithm, RSA bit size, etc.) that used to be static.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- change links in cli docs to be relative (making mkdocs AND hugo happy)
- run 'make docs'
- fix other links
Signed-off-by: Daniel Holbach <daniel@weave.works>
This commit adds support for supplying a path to an existing private
key file to both the `flux create secret git` and `flux create source
git` commands.
If a path is given, any private key generation configuration options
are ignored by the manifest generator. The SSH host will however still
be scanned for server keys.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit moves the `StatusChecker` to a separate package, while
making it more generic so that it is able to assess the status of any
given set of `object.ObjMetadata` identifiers.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit changes the way the build of manifests is triggered by
making smarter use of the capabilities of Make. The result should be
that the manifests are only regenerated if:
1. There is no `cmd/flux/manifests/` directory.
2. There have been made changes to the YAML files in the `manifests/`
directory that are newer than the files in `cmd/flux/manifests/`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This was removed by accident in the PR that introduced the new
`manifestgen` packages, and now restored in full glory.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This fixes a bug on Windows where the safe relative path would contain
'\' slashes, which are not compatible with the controller.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This is the first release that includes a patch of the
`CachingClusterReader` so that it continues on all list errors.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This ensures the advertised version from e.g. GKE or EKS (for example
`v1.17.15-gke.800`) do not trigger a false warning.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This prints a warning if the user has internet access and is running
an older version of the binary.
It also replaces the `blang/semver` package with `pkg/version` and
`Masterminds/semver` to align with controller dependencies.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- deletes Flux components (deployments and services)
- deletes Flux RBAC (service accounts, cluster roles and cluster role bindings)
- removes the Kubernetes finalizers from Flux custom resources
- deletes Flux custom resource definitions and custom resources
- deletes the namespace where Flux was installed
- preserves the Kubernetes objects and Helm releases that were reconciled on the cluster by Flux
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- add singular alias to get commands
- allow filtering the get commands result by resource name
- add the image commands to mkdocs index
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
ImageRepository objects can now refer to a secret containing
certificates to use for TLS. This adds the flag
flux create image repository --cert-secret-ref
for naming a secret to use. You can create such a secret with
flux create secret tls
Signed-off-by: Michael Bridgen <michael@weave.works>
This fixes a bug where the wrong type was displayed for various
`get source` commands.
```console
$ flux get sources helm --namespace default
✗ no Bucket objects found in default namespace
```
Signed-off-by: Hidde Beydals <hello@hidde.co>
The image-reflector controller now accepts a secret containing a
client certificate and key, and/or a CA certificate; so it's useful to
have a command for creating them.
`flux create secret helm` is close, but accepts username/password
(which would be ignored), and has the wrong name of course. Happily
though, much can be shared between the implementations.
Signed-off-by: Michael Bridgen <michael@weave.works>
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
as the API changed and the default is now defined in the Custom
Resource Definition.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
controller-runtime methods now accept `client.Object` and
`client.ObjectList` rather than `runtime.Object`. This means the
adapter interfaces need to change signature, but happily, little else.
Since the list adapter is now distinct to the object adapter, `len()`
can go there instead of the command-specific interfaces.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
It's a common pattern in the create commands to construct a value,
then (if not exporting it) upsert it and wait for it to
reconcile. This commit factors `upsert`, which does the update/insert
bit, and `upsertAndWait`, which does the whole thing.
Since these output messages, they are methods of `apiType` (previously
`names`), so that they have access to the name of the kind they are
operating on.
Signed-off-by: Michael Bridgen <michael@weave.works>
This means all the sub-subcommands can drop the `image-` prefix,
making them shorter and more fluent.
E.g.,
flux create image policy
rather than
flux create auto image-policy
Signed-off-by: Michael Bridgen <michael@weave.works>
Most commands use either a kind, or a more readable spelling of a
kind, in their output. To make this easier, this centralises the
definition of those names in one place, and lets the command
implementations choose whichever they need.
Signed-off-by: Michael Bridgen <michael@weave.works>
Since the generic commands tend to share a few of the methods they
need -- at least AsClientObject -- it's worth having just one wrapper
struct for each API type, and adding methods to it where necessary.
For the automation types, I put these in auto.go.
While doing this I also did some tidying:
- I changed the name of the wrappers to `<type>Adapter`, and the
generic adapter to `universalAdapter` (it's only needed for delete,
so far).
- I de-exported and renamed some interface methods e.g.,
`exportItem`. They aren't needed outside the package.
Signed-off-by: Michael Bridgen <michael@weave.works>
This uses the established abstractions to implement the usual
subcommands for the ImageUpdateAutomation type.
I've called the sub-subcommand in each case `image-update`, as a
fairly safe shorthand for the much longer `image-update-automation`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds the create subcommand, without attempting any refactoring.
NB the TODO: the image/v1alpha1 API does not yet export a const for
the name of the kind. The field `RunInterval` will likely be changed
to `Interval` (with a value field), at some point, too.
Signed-off-by: Michael Bridgen <michael@weave.works>
The export command works the same way for most (all?) types. I have
made it generic and moved it into export.go, then ported
{export,create}_auto_image{repository,policy}.go to use it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds a command for deleting ImagePolicy objects. Since the
control flow for the command needs only a runtime.Object (and a name
for the type), it can be factored out.
I have made the argument (field in the deleteCommand struct) an
interface `objectContainer`, through which the command code gets a
`runtime.Object` to deserialise into (and delete). It could be simply
a `runtime.Object` here; however things like `getCommand` require
other methods, so it's convenient to have an interface for it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This factors the get command implementation so that the control flow
is generic and relies on a handful of methods, then uses that to add
`get auto image-policy` and to rewrite `get auto image-repository`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds all the standard subcommands for the ImageRepository type.
Following `source`, I have put them under a namespace: `auto`,
referring to automation.
NB For `create` I use controllerutil.CreateOrUpdate, which looks to me
like a slightly more rounded version of the upsert* funcs.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.
Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.
Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.
Signed-off-by: Michael Bridgen <michael@weave.works>
If you want to install the default set of controllers and the image-*
controllers, at present you have to list every single one of them.
An improvement on this is to let people specify what they want _in
addition_ to the default controllers. This commit adds an argument
`--extra-components` which appends to the (most likely, default value)
slice of `--components`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit refactors the `printLogger` into a `stderrLogger` that
properly logs to `os.stderr` instead of `os.stdout`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
- introduce manifestgen pkg, to be consumed by the CLI and Terraform provider
- consolidate defaults in manifestgen/install pkg
- introduce Manifest as the returning type of manifest generation
- add helper function to Manifest for writing multi-doc YAMLs on disk
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
* Take ObservedGeneration into account in readiness checks where
applicable
* Reduce amount of code (and duplicate GETs) by working with pointers
where possible
* Improve logged messages to properly take resource names into account
and better describe processes
- ignore not found errors when deleting objects
- remove the CR/CRDs before deleting the cluster role binding
- capture kubectl exist code
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>