- add make target for generating the install manifests using kustomize
- embed the generated manifests in flux binary
- the install and bootstrap commands default to using the embedded manifests
- download the install manifests from GitHub only if the install/bootstrap version arg is set
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This ensures the advertised version from e.g. GKE or EKS (for example
`v1.17.15-gke.800`) do not trigger a false warning.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This prints a warning if the user has internet access and is running
an older version of the binary.
It also replaces the `blang/semver` package with `pkg/version` and
`Masterminds/semver` to align with controller dependencies.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- deletes Flux components (deployments and services)
- deletes Flux RBAC (service accounts, cluster roles and cluster role bindings)
- removes the Kubernetes finalizers from Flux custom resources
- deletes Flux custom resource definitions and custom resources
- deletes the namespace where Flux was installed
- preserves the Kubernetes objects and Helm releases that were reconciled on the cluster by Flux
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- add singular alias to get commands
- allow filtering the get commands result by resource name
- add the image commands to mkdocs index
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
ImageRepository objects can now refer to a secret containing
certificates to use for TLS. This adds the flag
flux create image repository --cert-secret-ref
for naming a secret to use. You can create such a secret with
flux create secret tls
Signed-off-by: Michael Bridgen <michael@weave.works>
This fixes a bug where the wrong type was displayed for various
`get source` commands.
```console
$ flux get sources helm --namespace default
✗ no Bucket objects found in default namespace
```
Signed-off-by: Hidde Beydals <hello@hidde.co>
The image-reflector controller now accepts a secret containing a
client certificate and key, and/or a CA certificate; so it's useful to
have a command for creating them.
`flux create secret helm` is close, but accepts username/password
(which would be ignored), and has the wrong name of course. Happily
though, much can be shared between the implementations.
Signed-off-by: Michael Bridgen <michael@weave.works>
* Use `LocalObjectReference` and `NamespacedObjectKindReference`
from `meta` package, as required by controller API changes.
* Remove `Update` field from created `ImageUpdateAutomation`,
as the API changed and the default is now defined in the Custom
Resource Definition.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit deprecates the architecture flag (`--arch`) for the install
and bootstrap commands, in favor of the bundled multi-arch images that
will be available for the next MINOR range of GOTK controller releases.
Summary of changes:
* `*Arch` variables have been marked as deprecated for both commands.
* `-arm64` suffix is no longer selectively added to the image definition
of a component's `Deployment`.
* `kubernetes.io/arch` node selector with the defined value has been
removed from the components' `Deployment`s.
* `Arch` has been removed from the available `Options` in
`manifestgen/install`.
* Documentation references have been changed to highlight existence
of multi-arch images and supported architectures.
Signed-off-by: Hidde Beydals <hello@hidde.co>
controller-runtime methods now accept `client.Object` and
`client.ObjectList` rather than `runtime.Object`. This means the
adapter interfaces need to change signature, but happily, little else.
Since the list adapter is now distinct to the object adapter, `len()`
can go there instead of the command-specific interfaces.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
It's a common pattern in the create commands to construct a value,
then (if not exporting it) upsert it and wait for it to
reconcile. This commit factors `upsert`, which does the update/insert
bit, and `upsertAndWait`, which does the whole thing.
Since these output messages, they are methods of `apiType` (previously
`names`), so that they have access to the name of the kind they are
operating on.
Signed-off-by: Michael Bridgen <michael@weave.works>
This means all the sub-subcommands can drop the `image-` prefix,
making them shorter and more fluent.
E.g.,
flux create image policy
rather than
flux create auto image-policy
Signed-off-by: Michael Bridgen <michael@weave.works>
Most commands use either a kind, or a more readable spelling of a
kind, in their output. To make this easier, this centralises the
definition of those names in one place, and lets the command
implementations choose whichever they need.
Signed-off-by: Michael Bridgen <michael@weave.works>
Since the generic commands tend to share a few of the methods they
need -- at least AsClientObject -- it's worth having just one wrapper
struct for each API type, and adding methods to it where necessary.
For the automation types, I put these in auto.go.
While doing this I also did some tidying:
- I changed the name of the wrappers to `<type>Adapter`, and the
generic adapter to `universalAdapter` (it's only needed for delete,
so far).
- I de-exported and renamed some interface methods e.g.,
`exportItem`. They aren't needed outside the package.
Signed-off-by: Michael Bridgen <michael@weave.works>
This uses the established abstractions to implement the usual
subcommands for the ImageUpdateAutomation type.
I've called the sub-subcommand in each case `image-update`, as a
fairly safe shorthand for the much longer `image-update-automation`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds the create subcommand, without attempting any refactoring.
NB the TODO: the image/v1alpha1 API does not yet export a const for
the name of the kind. The field `RunInterval` will likely be changed
to `Interval` (with a value field), at some point, too.
Signed-off-by: Michael Bridgen <michael@weave.works>
The export command works the same way for most (all?) types. I have
made it generic and moved it into export.go, then ported
{export,create}_auto_image{repository,policy}.go to use it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds a command for deleting ImagePolicy objects. Since the
control flow for the command needs only a runtime.Object (and a name
for the type), it can be factored out.
I have made the argument (field in the deleteCommand struct) an
interface `objectContainer`, through which the command code gets a
`runtime.Object` to deserialise into (and delete). It could be simply
a `runtime.Object` here; however things like `getCommand` require
other methods, so it's convenient to have an interface for it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This factors the get command implementation so that the control flow
is generic and relies on a handful of methods, then uses that to add
`get auto image-policy` and to rewrite `get auto image-repository`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds all the standard subcommands for the ImageRepository type.
Following `source`, I have put them under a namespace: `auto`,
referring to automation.
NB For `create` I use controllerutil.CreateOrUpdate, which looks to me
like a slightly more rounded version of the upsert* funcs.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.
Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.
Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.
Signed-off-by: Michael Bridgen <michael@weave.works>
If you want to install the default set of controllers and the image-*
controllers, at present you have to list every single one of them.
An improvement on this is to let people specify what they want _in
addition_ to the default controllers. This commit adds an argument
`--extra-components` which appends to the (most likely, default value)
slice of `--components`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit refactors the `printLogger` into a `stderrLogger` that
properly logs to `os.stderr` instead of `os.stdout`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
- introduce manifestgen pkg, to be consumed by the CLI and Terraform provider
- consolidate defaults in manifestgen/install pkg
- introduce Manifest as the returning type of manifest generation
- add helper function to Manifest for writing multi-doc YAMLs on disk
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
* Take ObservedGeneration into account in readiness checks where
applicable
* Reduce amount of code (and duplicate GETs) by working with pointers
where possible
* Improve logged messages to properly take resource names into account
and better describe processes
- ignore not found errors when deleting objects
- remove the CR/CRDs before deleting the cluster role binding
- capture kubectl exist code
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Includes a change to an empty revision string if the reconciler has not
produced an artifact yet, as this will otherwise result in a nil
pointer dereference.