Merge pull request #2050 from fluxcd/do-not-edit-warn

Add `DO NOT EDIT` warn to bootstrap sync manifests
Add DO NOT EDIT warn to bootstrap sync manifests
2026-03-01 11:16:56 +00:00 · 2021-11-04 18:47:50 +02:00 · 2021-11-04 18:03:40 +02:00 · 2021-11-04 21:31:17 +05:30 · 2021-11-04 14:07:27 +00:00 · 2021-11-04 11:43:47 +02:00
14 changed files with 29 additions and 51 deletions
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}
--- a/cmd/flux/bootstrap_github.go
+++ b/cmd/flux/bootstrap_github.go
@@ -111,11 +111,7 @@ func init() {
 func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ghToken := os.Getenv(ghTokenEnvVar)
 	if ghToken == "" {
-		var err error
-		ghToken, err = readPasswordFromStdin("Please enter your GitHub personal access token (PAT): ")
-		if err != nil {
-			return fmt.Errorf("could not read token: %w", err)
-		}
+		return fmt.Errorf("%s environment variable not found", ghTokenEnvVar)
 	}

 	if err := bootstrapValidate(); err != nil {
--- a/cmd/flux/bootstrap_gitlab.go
+++ b/cmd/flux/bootstrap_gitlab.go
@@ -108,11 +108,7 @@ func init() {
 func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	glToken := os.Getenv(glTokenEnvVar)
 	if glToken == "" {
-		var err error
-		glToken, err = readPasswordFromStdin("Please enter your GitLab personal access token (PAT): ")
-		if err != nil {
-			return fmt.Errorf("could not read token: %w", err)
-		}
+		return fmt.Errorf("%s environment variable not found", glTokenEnvVar)
 	}

 	if projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, gitlabArgs.repository); err != nil || !projectNameIsValid {
--- a/cmd/flux/create_secret_git.go
+++ b/cmd/flux/create_secret_git.go
@@ -105,7 +105,7 @@ func init() {

 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@@ -143,7 +143,7 @@ func init() {

 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
--- a/cmd/flux/main.go
+++ b/cmd/flux/main.go
@@ -17,15 +17,12 @@ limitations under the License.
 package main

 import (
-	"bufio"
-	"fmt"
 	"log"
 	"os"
 	"path/filepath"
 	"time"

 	"github.com/spf13/cobra"
-	"golang.org/x/term"
 	corev1 "k8s.io/api/core/v1"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"

@@ -170,22 +167,3 @@ func homeDir() string {
 	}
 	return os.Getenv("USERPROFILE") // windows
 }
-
-func readPasswordFromStdin(prompt string) (string, error) {
-	var out string
-	var err error
-	fmt.Fprint(os.Stdout, prompt)
-	stdinFD := int(os.Stdin.Fd())
-	if term.IsTerminal(stdinFD) {
-		var inBytes []byte
-		inBytes, err = term.ReadPassword(int(os.Stdin.Fd()))
-		out = string(inBytes)
-	} else {
-		out, err = bufio.NewReader(os.Stdin).ReadString('\n')
-	}
-	if err != nil {
-		return "", fmt.Errorf("could not read from stdin: %w", err)
-	}
-	fmt.Println()
-	return out, nil
-}
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/fluxcd/go-git-providers v0.1.1
 	github.com/fluxcd/helm-controller/api v0.12.1
-	github.com/fluxcd/image-automation-controller/api v0.16.0
+	github.com/fluxcd/image-automation-controller/api v0.16.1
 	github.com/fluxcd/image-reflector-controller/api v0.13.0
 	github.com/fluxcd/kustomize-controller/api v0.16.0
 	github.com/fluxcd/notification-controller/api v0.18.1
@@ -18,7 +18,7 @@ require (
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
 	github.com/fluxcd/pkg/version v0.0.1
-	github.com/fluxcd/source-controller/api v0.17.1
+	github.com/fluxcd/source-controller/api v0.17.2
 	github.com/go-errors/errors v1.4.0 // indirect
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/google/go-cmp v0.5.6
@@ -29,7 +29,6 @@ require (
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
-	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
 	k8s.io/api v0.22.2
 	k8s.io/apiextensions-apiserver v0.22.2
 	k8s.io/apimachinery v0.22.2
--- a/go.sum
+++ b/go.sum
@@ -227,8 +227,8 @@ github.com/fluxcd/go-git-providers v0.1.1 h1:R4VafMOo1IlfEZcImApCeElge/HajhFvRzD
 github.com/fluxcd/go-git-providers v0.1.1/go.mod h1:nRgNpHZmZhrsyNSma1JcAhjUG9xrqMGJcIUr9K7M7vk=
 github.com/fluxcd/helm-controller/api v0.12.1 h1:rDyhMPvbhCxslqiNNG4nlfDCeYgrk6D+1ZKLsBS/Irs=
 github.com/fluxcd/helm-controller/api v0.12.1/go.mod h1:zWmzV0s2SU4rEIGLPTt+dsaMs40OsNQgSgOATgJmxB0=
-github.com/fluxcd/image-automation-controller/api v0.16.0 h1:pPvEdb8Q7LgNVfugF3+/z2JQdUZ4ecYWrXiezLPov0w=
-github.com/fluxcd/image-automation-controller/api v0.16.0/go.mod h1:tEQCFKGgxii7zfXti2MxixwFbxhEXnVJqLGM2x9zlGw=
+github.com/fluxcd/image-automation-controller/api v0.16.1 h1:EUiqALeUQY9zeOZNnviGZgKvbfmmhlMbaEuDath6/fc=
+github.com/fluxcd/image-automation-controller/api v0.16.1/go.mod h1:wn6XjTpUnrQ2bakHhgJNAUj53snw50J0/+36pY4zXSE=
 github.com/fluxcd/image-reflector-controller/api v0.13.0 h1:5kq0Jqh+ndZIye+4csfEbuos5GaXIiK77Gpx+ojo+f8=
 github.com/fluxcd/image-reflector-controller/api v0.13.0/go.mod h1:lgQHGFz29OHmDU5Jwg689C/M+P/f9ujt6NS0zCLT0BQ=
 github.com/fluxcd/kustomize-controller/api v0.16.0 h1:L/LRxS6oroGZe1AdElP3k1mnNIKGCpi0ntgHwJzdNYY=
@@ -250,9 +250,8 @@ github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7g
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
 github.com/fluxcd/pkg/version v0.0.1 h1:/8asQoDXSThz3csiwi4Qo8Zb6blAxLXbtxNgeMJ9bCg=
 github.com/fluxcd/pkg/version v0.0.1/go.mod h1:WAF4FEEA9xyhngF8TDxg3UPu5fA1qhEYV8Pmi2Il01Q=
-github.com/fluxcd/source-controller/api v0.17.0/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
-github.com/fluxcd/source-controller/api v0.17.1 h1:bsYMc/6U2sYXLfxcZtDavsqUYGDHFycqVEAEGW3NiPs=
-github.com/fluxcd/source-controller/api v0.17.1/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
+github.com/fluxcd/source-controller/api v0.17.2 h1:noePJGsevuvxWols6ErbowujuAHGWb/ZO8irtRHcVAc=
+github.com/fluxcd/source-controller/api v0.17.2/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
--- a/manifests/bases/image-automation-controller/kustomization.yaml
+++ b/manifests/bases/image-automation-controller/kustomization.yaml
@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.0/image-automation-controller.crds.yaml
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.0/image-automation-controller.deployment.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.1/image-automation-controller.crds.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.1/image-automation-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:
--- a/manifests/bases/source-controller/kustomization.yaml
+++ b/manifests/bases/source-controller/kustomization.yaml
@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- https://github.com/fluxcd/source-controller/releases/download/v0.17.1/source-controller.crds.yaml
- https://github.com/fluxcd/source-controller/releases/download/v0.17.1/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:
--- a/manifests/crds/kustomization.yaml
+++ b/manifests/crds/kustomization.yaml
@@ -1,9 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- https://github.com/fluxcd/source-controller/releases/download/v0.17.1/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.crds.yaml
 - https://github.com/fluxcd/kustomize-controller/releases/download/v0.16.0/kustomize-controller.crds.yaml
 - https://github.com/fluxcd/helm-controller/releases/download/v0.12.1/helm-controller.crds.yaml
 - https://github.com/fluxcd/notification-controller/releases/download/v0.18.1/notification-controller.crds.yaml
 - https://github.com/fluxcd/image-reflector-controller/releases/download/v0.13.0/image-reflector-controller.crds.yaml
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.0/image-automation-controller.crds.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.16.1/image-automation-controller.crds.yaml
--- a/pkg/manifestgen/install/manifests.go
+++ b/pkg/manifestgen/install/manifests.go
@@ -65,7 +65,15 @@ func fetch(ctx context.Context, url, version, dir string) error {

 func generate(base string, options Options) error {
 	if containsItemString(options.Components, options.NotificationController) {
-		options.EventsAddr = fmt.Sprintf("http://%s/", options.NotificationController)
+		// We need to use full domain name here, as some users may deploy flux
+		// in environments that use http proxy.
+		//
+		// In such environments they normally add `.cluster.local` and `.local`
+		// suffixes to `no_proxy` variable in order to prevent cluster-local
+		// traffic from going through http proxy. Without fully specified
+		// domain they need to mention `notifications-controller` explicity in
+		// `no_proxy` variable after debugging http proxy logs.
+		options.EventsAddr = fmt.Sprintf("http://%s.%s.svc.%s/", options.NotificationController, options.Namespace, options.ClusterDomain)
 	}

 	if err := execTemplate(options, namespaceTmpl, path.Join(base, "namespace.yaml")); err != nil {
--- a/pkg/manifestgen/manifest.go
+++ b/pkg/manifestgen/manifest.go
@@ -24,6 +24,8 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 )

+const GenWarning = "# This manifest was generated by flux bootstrap. DO NOT EDIT."
+
 // Manifest holds the data of a multi-doc YAML
 type Manifest struct {
 	// Relative path to the YAML file
--- a/pkg/manifestgen/sync/sync.go
+++ b/pkg/manifestgen/sync/sync.go
@@ -107,7 +107,7 @@ func Generate(options Options) (*manifestgen.Manifest, error) {

 	return &manifestgen.Manifest{
 		Path:    path.Join(options.TargetPath, options.Namespace, options.ManifestFile),
-		Content: fmt.Sprintf("---\n%s---\n%s", resourceToString(gitData), resourceToString(ksData)),
+		Content: fmt.Sprintf("%s\n---\n%s---\n%s", manifestgen.GenWarning, resourceToString(gitData), resourceToString(ksData)),
 	}, nil
 }
Author	SHA1	Message	Date
Stefan Prodan	4bc4aa1397	Merge pull request #2050 from fluxcd/do-not-edit-warn Add `DO NOT EDIT` warn to bootstrap sync manifests	2021-11-04 18:47:50 +02:00
Stefan Prodan	04faba95cd	Add DO NOT EDIT warn to bootstrap sync manifests Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-04 18:03:40 +02:00
Sunny	f712dadab5	Merge pull request #2051 from fluxcd/update-components Update toolkit components	2021-11-04 21:31:17 +05:30
fluxcdbot	58b3150ce3	Update toolkit components - source-controller to v0.17.2 https://github.com/fluxcd/source-controller/blob/v0.17.2/CHANGELOG.md - image-automation-controller to v0.16.1 https://github.com/fluxcd/image-automation-controller/blob/v0.16.1/CHANGELOG.md Signed-off-by: GitHub <noreply@github.com>	2021-11-04 14:07:27 +00:00
Stefan Prodan	e7225db397	Merge pull request #2046 from vespian/prozlach/support_http_proxy_envs Use full domain name for notification-controller	2021-11-04 11:43:47 +02:00
Pawel Rozlach	8ec5492d87	fix: use full domain name for notification-controller Signed-off-by: Pawel Rozlach <vespian@users.noreply.github.com>	2021-11-03 10:37:29 +01:00
Stefan Prodan	c2c64a70c4	Merge pull request #2042 from fluxcd/ecdsa-default Set ECDSA as the default algorithm for `flux create source git`	2021-11-02 17:42:49 +02:00
Stefan Prodan	4621576f40	Set ECDSA as the default algorithm for `flux create source git` Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 17:21:10 +02:00
Stefan Prodan	3b609e9b03	Merge pull request #2041 from fluxcd/bootstrap-ecdsa-default bootstrap: Set ECDSA as the default SSH key algorithm	2021-11-02 17:15:57 +02:00
Stefan Prodan	4f2ebd78be	Set ECDSA as the default algorithm for `flux create secret git` Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 16:49:17 +02:00
Stefan Prodan	88dacebc94	bootstrap: Set ECDSA as the default SSH key algorithm Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/. Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 16:22:16 +02:00