If you're using an HTTP-based Git server with Flux, you need to provide `--token-auth` to avoid triggering an SSH host key check (see [here](https://github.com/fluxcd/flux2/issues/2825#issuecomment-1151355914)). Unfortunately, doing this forces the URL in the `GitRepository` resource created during bootstrapping to always use `https`. This will cause Kustomization reconcile errors for servers that do not have HTTPS enabled or do not have the appropriate certs installed or available.
This pull request fixes this by keeping the repository URL scheme intact when using `--token-auth`.
Signed-off-by: Carlos Nunez <75340335+carlosonunez-vmw@users.noreply.github.com>
Label each controller deployment, service, service account and CRDs with `app.kubernetes.io/component: <controller-name>`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
I've noticed during CI, that the current command
already expected a configured Docker client to
push artifacts to authenticated registries.
Some users might not want to have the Docker client
in their process (like a CI job) or build an handcrafted
config.json file.
This would allow this kind of behavior:
```
flux push artifact oci://my-registry.dev/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--creds $TOKEN # Authenticate via "Bearer $TOKEN" Authorization header
```
Or via Autologin:
```
flux push artifact oci://012345678901.dkr.ecr.us-east-1.amazonaws.com/foo:v1 \
--source xxx \
--revision xxx \
--path . \
--provider aws
```
This has been implemented for:
* flux push artifact
* flux list artifact
* flux tag artifact
* flux pull artifact
This will require another PR in https://github.com/fluxcd/pkg/pull/352
Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
Add workflow to build and push the install manifests to:
- ghcr.io/fluxcd/flux-manifests
- docker.io/fluxcd/flux-manifests
The OCI artifacts are signed with Cosign and GitHub OIDC (keyless).
The manifests pushed to GHCR have the container images set to ghcr.io/fluxcd/<controller-name> while the manifests pushed to DockerHub have the controller images set to docker.io/fluxcd/<controller-name>.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Prometheus job generated by the PodMonitor does not exclude non-running pods. All the "completed" Pods are still going to be listed as targets in Prometheus and marked as down. This issue is related to PodMonitor implementation and is discussed in prometheus-operator/prometheus-operator#4816
Signed-off-by: Arcadie Condrat <arcadie.condrat@gmail.com>
- update `k8s.io` packages to match the Kubernetes v1.25.0 release
- update `kubectl` to v1.25.0 in the flux-cli container image
- update `go.mod` to Go 1.18
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Stefan Prodan
Somtochi Onyekwere
fluxcdbot
Santosh Kaluskar
Carlos Nunez
Adrien Fillon
Soule BA
Daniel Holbach
Arcadie Condrat