Commit Graph

71 Commits (db0920ba32d8e2777936d16f63aca231ef9548c1)

Author SHA1 Message Date
Somtochi Onyekwere 41aac68193
Add link to kubectl repo
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Somtochi Onyekwere fe4b65972a
Update cli description
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Somtochi Onyekwere 4c576bf599
Add create oci secret command
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
3 years ago
Stefan Prodan 3f0efc9435
Update dependencies
- Update Kubernetes packages to v1.24
- Update go-yaml to v3.0.0 (fix CVE-2022-28948)
- Update fluxcd/pkg/runtime to v0.15.1

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Hidde Beydals 5130a154e4 Ensure proper FS root is set while bootstrapping
This ensures relative paths to e.g. bases can be used.

Signed-off-by: Hidde Beydals <hello@hidde.co>
3 years ago
Sanskar Jaiswal 7232ff9ea0 modify tmp dir generation to be absolute on all OSes
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
4 years ago
Stefan Prodan b9fbdfc9a4
Fix bootstrap manifest generation
Use the OS package to write the generated files on disk instead of Flux  secure FS package which is meant for read operations.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Hidde Beydals 57442e8faa kustomize: use FS from `fluxcd/pkg`
This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.

Not handled in this commit:

- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
  `kustomization.MakeDefaultOptions`. Problem here is that constructing
  the secure FS could result in an error, which we can not surface
  without signature changes to the constructor func.

Signed-off-by: Hidde Beydals <hello@hidde.co>
4 years ago
Paulo Gomes e5ede275f8 Update Source API to v1beta2
The creation of oldConditions, statusableConditions and
reconcilableConditions is an adhoc solution to deal with the upstream
changes on `pkg/apis/meta`, which are yet to be replicated across other
Flux API components.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
4 years ago
Stefan Prodan 139bbbb87c
Use absolute domain name for the events address
Add ending dot to the events address to be consistent with source controller address.
This will affect bootstrap and install by setting `--events-addr=http://notification-controller.flux-system.svc.cluster.local./`.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Soule BA 7359e63960
Introduce a printer interface for flux resource
If implemented, there will a common interface to print flux resource.

We are adding new way to print resource information e.g. diff of
objects.

Signed-off-by: Soule BA <soule@weave.works>
4 years ago
cuishuang 1fda202cf9 all: fix some typos
Signed-off-by: cuishuang <imcusg@gmail.com>
4 years ago
Soule BA 32ad462ebe
Fix stringData Secret issue
This commit migrate to the last version of pkg/ssa v0.14.1 that contains a fix
for stringData secrets. The test case was changed accordingly to
    validate a stringData drift.

A progress-bar flag option has also been added in order to be able to
disable it.

Signed-off-by: Soule BA <soule@weave.works>
4 years ago
Paulo Gomes f7853c4ddf
Enable pod security warnings for flux-system
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
4 years ago
Stefan Prodan 8c67708829
Update dependencies
- sigs.k8s.io/cli-utils v0.27.0
- github.com/fluxcd/pkg/ssa v0.10.0

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Aurel Canciu f3d143e5ee
Update Go to v1.17
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
4 years ago
Jack Evans 923a5882de
make flux bootstrap and install generation more consistent
Signed-off-by: Jack Evans <jack.evans1@ibm.com>
4 years ago
Stefan Prodan 04faba95cd
Add DO NOT EDIT warn to bootstrap sync manifests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Pawel Rozlach 8ec5492d87
fix: use full domain name for notification-controller
Signed-off-by: Pawel Rozlach <vespian@users.noreply.github.com>
4 years ago
Stefan Prodan d5d8c340c8
Switch to app.kubernetes.io/part-of label selector
Use `app.kubernetes.io/part-of: flux` label instead of `app.kubernetes.io/instance` to select the in-cluster objects used in flux version, check, logs and uninstall commands.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 3d4ca831dc
Add missing copyright headers
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 0b659e3f09
Update kustomize-controller API to v1beta2
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 83c3e8c2fc
Replace kubectl with Go server-side apply
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Phil Nichol ac7ccf7b94 added tag,semver,commit to manifestgen
Signed-off-by: Phil Nichol <35630607+philnichol@users.noreply.github.com>
4 years ago
Chanwit Kaewkasi 8f78263455 implement testEnv for e2e tests
Signed-off-by: Chanwit Kaewkasi <chanwit@gmail.com>
4 years ago
Dmitry Rybin 7f425efa6b chore: remove deprecated io/ioutil
Signed-off-by: Dmitry Rybin <ayrowa@yandex.ru>
4 years ago
Stefan Prodan a6620e478a
Update to Kustomize v4
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Somtochi Onyekwere 328d403507 Set password in secret
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Hidde Beydals 5f9dd7a5a5 Correctly load private key by not decoding PEM 2x
Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan 74feda73af
Add Warningf to logger interface amd impl
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan b872e595ae
Add recurse submodules arg to bootstrap cmd
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals 9055e753a9 Add `app.kubernetes.io/part-of: flux` label
To be used in a future version of Flux to better select Flux components
in a namespace, as the namespace value for the
`app.kubernetes.io/instance` could be used by non Flux related
workloads.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals e7725911a7 Move `StatusChecker` to separate and generic pkg
This commit moves the `StatusChecker` to a separate package, while
making it more generic so that it is able to assess the status of any
given set of `object.ObjMetadata` identifiers.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals 8a5bba80bf Add `sourcesecret` and `kustomization` manifestgen
This includes a change to the `sync` generator to make the deploy
secret name configurable.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan 6003d11156
Embed the install manifests in flux binary
- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals 9b649f6c72 Check if targeted bootstrap/install version exists
Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Stefan Prodan bc9cbc387c
Add flux version to bootstrap commit messages
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 37f5587085
Allow Flux to be deployed on tainted Kubernetes nodes
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 4c29a1ca27
Replace SA namespace in RBAC
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 8f8c7cccc6
Add SA namespace to RBAC
Fix flux install when not all controllers have been selected

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Hidde Beydals ac6c6e3a30 Incorporate required API changes
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
  from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
  as the API changed and the default is now defined in the Custom
  Resource Definition.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals a260403334 Remove GitImplementation default
As the field in the CRD is optional.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Hidde Beydals 207c50ceac Deprecate arch flags in favor of multi-arch images
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.

Summary of changes:

* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
  of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
  removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
  `manifestgen/install`.
* Documentation references have been changed to highlight existence
  of multi-arch images and supported architectures.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Philip Laine 3b249dfe69 Change default to use const
Signed-off-by: Philip Laine <philip.laine@gmail.com>
5 years ago
Philip Laine d236a9af57 Add git implementation to generate sync options
Signed-off-by: Philip Laine <philip.laine@gmail.com>
5 years ago
Somtochi Onyekwere daeb41c31b Uses path instead of filepath
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Somtochi Onyekwere dd0b807fe4 Validates components set
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>

Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
5 years ago
Hidde Beydals 5ea4e814f5 Add safe guards for relative paths
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.

The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.

The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.

Signed-off-by: Hidde Beydals <hello@hidde.co>
5 years ago
Léopold Jacquot 4d7df52dbe Add cluster-domain option for bootstrap command
Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>
5 years ago
Stefan Prodan 6280fbce17
Update kustomize/api to v0.7.0
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago