Merge pull request #281 from fluxcd/meta-reconciler-improv

Update docs for git notifiers

.github/actions/kustomize/Dockerfile

@@ -1,6 +0,0 @@
-FROM giantswarm/tiny-tools
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

.github/actions/kustomize/action.yml

@@ -1,9 +0,0 @@
-name: 'kustomize'
-description: 'A GitHub Action to run kustomize commands'
-author: 'Stefan Prodan'
-branding:
-  icon: 'command'
-  color: 'blue'
-runs:
-  using: 'docker'
-  image: 'Dockerfile'

.github/actions/kustomize/entrypoint.sh

@@ -1,12 +0,0 @@
-#!/bin/sh -l
-
-VERSION=3.5.4
-curl -sL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${VERSION}/kustomize_v${VERSION}_linux_amd64.tar.gz | tar xz
-
-mkdir -p $GITHUB_WORKSPACE/bin
-cp ./kustomize $GITHUB_WORKSPACE/bin
-chmod +x $GITHUB_WORKSPACE/bin/kustomize
-ls -lh $GITHUB_WORKSPACE/bin
-
-echo "::add-path::$GITHUB_WORKSPACE/bin"
-echo "::add-path::$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin"

.github/workflows/bootstrap.yaml

@@ -0,0 +1,74 @@
+name: bootstrap
+
+on:
+  push:
+    branches:
+      - '*'
+
+jobs:
+  github:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Restore Go cache
+        uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14.x
+      - name: Setup Kubernetes
+        uses: engineerd/setup-kind@v0.4.0
+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: Build
+        run: sudo go build -o ./bin/gotk ./cmd/gotk
+      - name: bootstrap init
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: bootstrap no-op
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: uninstall
+        run: |
+          ./bin/gotk suspend kustomization gotk-system
+          ./bin/gotk uninstall --resources --crds -s
+      - name: bootstrap reinstall
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: delete repository
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --path=test-cluster \
+          --delete
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: Debug failure
+        if: failure()
+        run: |
+          kubectl -n gotk-system get all
+          kubectl -n gotk-system logs deploy/source-controller
+          kubectl -n gotk-system logs deploy/kustomize-controller

.github/workflows/docs.yaml

@@ -3,7 +3,8 @@ on:
   push:
     branches:
       - docs*
-      - master
+    tags:
+      - '*'
 
 jobs:
   build:
@@ -14,29 +15,48 @@ jobs:
         uses: actions/checkout@v1
       - name: Copy assets
         run: |
-          # source-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/api/source.md > docs/components/source/api.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/gitrepositories.md > docs/components/source/gitrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmrepositories.md > docs/components/source/helmrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmcharts.md > docs/components/source/helmcharts.md
+          controller_version() {
+            sed -n "s/\(.*$1\/.*?ref=\)//p;n" "manifests/bases/$1/kustomization.yaml"
+          }
 
-          # kustomize-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/api/kustomize.md > docs/components/kustomize/api.md
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/spec/v1alpha1/kustomization.md > docs/components/kustomize/kustomization.md
+          {
+            # source-controller CRDs
+            SOURCE_VER=$(controller_version source-controller)
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/gitrepositories.md" > docs/components/source/gitrepositories.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmrepositories.md" > docs/components/source/helmrepositories.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmcharts.md" > docs/components/source/helmcharts.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/buckets.md" > docs/components/source/buckets.md
+          }
 
-          # helm-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/api/helmrelease.md > docs/components/helm/api.md
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/spec/v2alpha1/helmreleases.md > docs/components/helm/helmreleases.md
+          {
+            # kustomize-controller CRDs
+            KUSTOMIZE_VER=$(controller_version kustomize-controller)
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1beta1/kustomization.md" > docs/components/kustomize/kustomization.md
+          }
 
-          # notification-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/api/notification.md > docs/components/notification/api.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/event.md > docs/components/notification/event.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/alert.md > docs/components/notification/alert.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/provider.md > docs/components/notification/provider.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/receiver.md > docs/components/notification/receiver.md
+          {
+            # helm-controller CRDs
+            HELM_VER=$(controller_version helm-controller)
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2beta1/helmreleases.md" > docs/components/helm/helmreleases.md
+          }
 
-          # install script
-          cp install/tk.sh docs/install.sh
+          {
+            # notification-controller CRDs
+            NOTIFICATION_VER=$(controller_version notification-controller)
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/event.md" > docs/components/notification/event.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/alert.md" > docs/components/notification/alert.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/provider.md" > docs/components/notification/provider.md
+            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/receiver.md" > docs/components/notification/receiver.md
+          }
+
+          {
+            # install script
+            cp install/gotk.sh docs/install.sh
+          }
       - name: Deploy docs
         uses: mhausenblas/mkdocs-deploy-gh-pages@master
         env:

.github/workflows/e2e.yaml

@@ -37,30 +37,24 @@ jobs:
             exit 1
           fi
       - name: Build
-        run: sudo go build -o ./bin/tk ./cmd/tk
-      - name: tk check --pre
+        run: sudo go build -o ./bin/gotk ./cmd/gotk
+      - name: gotk check --pre
         run: |
-          ./bin/tk check --pre
-      - name: tk install --version
+          ./bin/gotk check --pre
+      - name: gotk install --manifests
         run: |
-          ./bin/tk install --version=master --namespace=test --verbose --components="source-controller,kustomize-controller"
-      - name: tk uninstall
+          ./bin/gotk install --manifests ./manifests/install/
+      - name: gotk create source git
         run: |
-          ./bin/tk uninstall --namespace=test --crds --silent
-      - name: tk install --manifests
-        run: |
-          ./bin/tk install --manifests ./manifests/install/ --version=""
-      - name: tk create source git
-        run: |
-          ./bin/tk create source git podinfo \
+          ./bin/gotk create source git podinfo \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=3.2.3"
-      - name: tk get sources git
+      - name: gotk get sources git
         run: |
-          ./bin/tk get sources git
-      - name: tk create kustomization
+          ./bin/gotk get sources git
+      - name: gotk create kustomization
         run: |
-          ./bin/tk create kustomization podinfo \
+          ./bin/gotk create kustomization podinfo \
             --source=podinfo \
             --path="./deploy/overlays/dev" \
             --prune=true \
@@ -69,59 +63,74 @@ jobs:
             --health-check="Deployment/frontend.dev" \
             --health-check="Deployment/backend.dev" \
             --health-check-timeout=3m
-      - name: tk sync kustomization --with-source
+      - name: gotk reconcile kustomization --with-source
         run: |
-          ./bin/tk reconcile kustomization podinfo --with-source
-      - name: tk get kustomizations
+          ./bin/gotk reconcile kustomization podinfo --with-source
+      - name: gotk get kustomizations
         run: |
-          ./bin/tk get kustomizations
-      - name: tk suspend kustomization
+          ./bin/gotk get kustomizations
+      - name: gotk suspend kustomization
         run: |
-          ./bin/tk suspend kustomization podinfo
-      - name: tk resume kustomization
+          ./bin/gotk suspend kustomization podinfo
+      - name: gotk resume kustomization
         run: |
-          ./bin/tk resume kustomization podinfo
-      - name: tk export
+          ./bin/gotk resume kustomization podinfo
+      - name: gotk export
         run: |
-          ./bin/tk export source git --all
-          ./bin/tk export kustomization --all
-      - name: tk delete kustomization
+          ./bin/gotk export source git --all
+          ./bin/gotk export kustomization --all
+      - name: gotk delete kustomization
         run: |
-          ./bin/tk delete kustomization podinfo --silent
-      - name: tk delete source git
+          ./bin/gotk delete kustomization podinfo --silent
+      - name: gotk create source helm
         run: |
-          ./bin/tk delete source git podinfo --silent
-      - name: tk create source helm
-        run: |
-          ./bin/tk create source helm podinfo \
+          ./bin/gotk create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
-      - name: tk create helmrelease
+      - name: gotk create helmrelease --source=HelmRepository/podinfo
         run: |
-          ./bin/tk create hr podinfo \
+          ./bin/gotk create hr podinfo-helm \
             --target-namespace=default \
-            --source=podinfo \
-            --chart-name=podinfo \
+            --source=HelmRepository/podinfo \
+            --chart=podinfo \
             --chart-version=">4.0.0 <5.0.0"
-      - name: tk get helmreleases
+      - name: gotk create helmrelease --source=GitRepository/podinfo
         run: |
-          ./bin/tk get helmreleases
-      - name: tk export helmrelease
+          ./bin/gotk create hr podinfo-git \
+            --target-namespace=default \
+            --source=GitRepository/podinfo \
+            --chart=./charts/podinfo
+      - name: gotk reconcile helmrelease --with-source
         run: |
-          ./bin/tk export hr --all
-      - name: tk delete helmrelease
+          ./bin/gotk reconcile helmrelease podinfo-git --with-source
+      - name: gotk get helmreleases
         run: |
-          ./bin/tk delete hr podinfo --silent
-      - name: tk delete source helm
+          ./bin/gotk get helmreleases
+      - name: gotk export helmrelease
         run: |
-          ./bin/tk delete source helm podinfo --silent
-      - name: tk check
+          ./bin/gotk export hr --all
+      - name: gotk delete helmrelease podinfo-helm
         run: |
-          ./bin/tk check
+          ./bin/gotk delete hr podinfo-helm --silent
+      - name: gotk delete helmrelease podinfo-git
+        run: |
+          ./bin/gotk delete hr podinfo-git --silent
+      - name: gotk delete source helm
+        run: |
+          ./bin/gotk delete source helm podinfo --silent
+      - name: gotk delete source git
+        run: |
+          ./bin/gotk delete source git podinfo --silent
+      - name: gotk check
+        run: |
+          ./bin/gotk check
+      - name: gotk uninstall
+        run: |
+          ./bin/gotk uninstall --crds --silent
       - name: Debug failure
         if: failure()
         run: |
           kubectl version --client --short
-          kubectl -n gitops-system get all
-          kubectl -n gitops-system get kustomizations -oyaml
-          kubectl -n gitops-system logs deploy/source-controller
-          kubectl -n gitops-system logs deploy/kustomize-controller
+          kubectl -n gotk-system get all
+          kubectl -n gotk-system get kustomizations -oyaml
+          kubectl -n gotk-system logs deploy/source-controller
+          kubectl -n gotk-system logs deploy/kustomize-controller

.github/workflows/fossa.yml

@@ -0,0 +1,27 @@
+name: FOSSA
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.14.x"
+      - run: go version
+      # Runs a set of commands to initialize and analyze with FOSSA
+      - name: run FOSSA analysis
+        env:
+          # FOSSA Push-Only API Token
+          FOSSA_API_KEY: '5ee8bf422db1471e0bcf2bcb289185de'
+        run: |
+          export GOPATH=$HOME/go
+          export PATH=$PATH:$(go env GOPATH)/bin
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
+          fossa init
+          fossa analyze

.github/workflows/release.yaml

@@ -24,9 +24,9 @@ jobs:
       - name: Generate release notes
         run: |
           echo 'CHANGELOG' > /tmp/release.txt
-          github-release-notes -org fluxcd -repo toolkit -since-latest-release >> /tmp/release.txt
+          github-release-notes -org fluxcd -repo toolkit -since-latest-release -include-author >> /tmp/release.txt
       - name: Setup Kustomize
-        uses: ./.github/actions/kustomize
+        uses: fluxcd/pkg//actions/kustomize@master
       - name: Generate manifests tarball
         run: |
           mkdir -p ./output
@@ -82,3 +82,4 @@ jobs:
           args: release --release-notes=/tmp/release.txt --skip-validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}

.github/workflows/update.yml

@@ -0,0 +1,74 @@
+name: Update Components
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 * * * *"
+
+jobs:
+  update-components:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Update component versions
+        id: update
+        run: |
+          PR_BODY=""
+
+          bump_version() {
+            local RELEASE_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
+            local CURRENT_VERSION=$(sed -n "s/\(.*$1\/.*?ref=\)//p;n" "manifests/bases/$1/kustomization.yaml")
+
+            if [[ "${RELEASE_VERSION}" != "${CURRENT_VERSION}" ]]; then
+              # bump kustomize
+              sed -i "s/\($1\/archive\/\)v.*\(.zip\/\/$1-\).*\(\/config.*\)/\1${RELEASE_VERSION}\2${RELEASE_VERSION/v}\3/g" "manifests/bases/$1/kustomization.yaml"
+
+              if [[ ! -z $(go list -m all | grep "github.com/fluxcd/$1/api" | awk '{print $2}') ]]; then
+                # bump go mod
+                go mod edit -require="github.com/fluxcd/$1/api@${RELEASE_VERSION}"
+              fi
+
+              PR_BODY="$PR_BODY- $1 to ${RELEASE_VERSION}%0A"
+            fi
+          }
+
+          {
+            # bump controller versions
+            bump_version helm-controller
+            bump_version kustomize-controller
+            bump_version source-controller
+            bump_version notification-controller
+
+            # add missing and remove unused modules
+            go mod tidy
+
+            # diff change
+            git diff
+
+            # export PR_BODY for PR
+            echo "::set-output name=pr_body::$PR_BODY"
+          }
+
+      - name: Create Pull Request
+        id: cpr
+        uses: peter-evans/create-pull-request@v3
+        with:
+            token: ${{ secrets.BOT_GITHUB_TOKEN }}
+            commit-message: Update toolkit components
+            committer: GitHub <noreply@github.com>
+            author: fluxcdbot <fluxcdbot@users.noreply.github.com>
+            title: Update toolkit components
+            body: |
+              ${{ steps.update.outputs.pr_body }}
+
+              Auto-generated by [create-pull-request][1]
+
+              [1]: https://github.com/peter-evans/create-pull-request
+            branch: update-components
+            reviewers: ${{ secrets.ASSIGNEES }}
+
+      - name: Check output
+        run: |
+          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"

.goreleaser.yml

@@ -1,16 +1,34 @@
 builds:
-  - main: ./cmd/tk
+  - main: ./cmd/gotk
     ldflags:
       - -s -w -X main.VERSION={{ .Version }}
-    binary: tk
+    binary: gotk
     goos:
       - darwin
       - linux
     goarch:
       - amd64
+      - arm64
+      - arm
+    goarm:
+      - 7
     env:
       - CGO_ENABLED=0
 archives:
   - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     files:
       - none*
+brews:
+  - name: gotk
+    tap:
+      owner: fluxcd
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+    folder: Formula
+    homepage: "https://toolkit.fluxcd.io/"
+    description: "GitOps Toolkit CLI"
+    dependencies:
+      - name: kubectl
+        type: optional
+    test: |
+      system "#{bin}/gotk --version"

CONTRIBUTING.md

@@ -18,15 +18,38 @@ organization.
 
 ## Communications
 
-The project uses Slack: To join the conversation, simply join the
-[CNCF](https://slack.cncf.io/) Slack workspace and use the
+For realtime communications we use Slack: To join the conversation, simply
+join the [CNCF](https://slack.cncf.io/) Slack workspace and use the
 [#flux-dev](https://cloud-native.slack.com/messages/flux-dev/) channel.
 
-The developers use a mailing list to discuss development as well.
-Simply subscribe to [flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
-to join the conversation (this will also add an invitation to your
-Google calendar for our [Flux
-meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)).
+To discuss ideas and specifications we use [Github
+Discussions](https://github.com/fluxcd/toolkit/discussions).
+
+For announcements we use a mailing list as well. Simply subscribe to
+[flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
+to join the conversation (there you can also add calendar invites
+to your Google calendar for our [Flux
+meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view)).
+
+## Understanding the GitOps Toolkit
+
+If you are entirely new to the GitOps Toolkit,
+you might want to take a look at the [introductory talk and demo](https://www.youtube.com/watch?v=qQBtSkgl7tI).
+
+This project is composed of:
+
+- [/f/toolkit](https://github.com/fluxcd/toolkit): The GitOps Toolkit CLI
+- [/f/source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources
+- [/f/kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
+- [/f/helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
+- [/f/notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events
+
+### Understanding the code
+
+To get started with developing controllers, you might want to review
+[our guide](https://toolkit.fluxcd.io/dev-guides/source-watcher/) which
+walks you through writing a short and concise controller that watches out
+for source changes.
 
 ### How to run the test suite
 
@@ -66,16 +89,3 @@ For the GitOps Toolkit controllers we prefer the following rules for good commit
 
 The [following article](https://chris.beams.io/posts/git-commit/#seven-rules)
 has some more helpful advice on documenting your work.
-
-## Understanding the GitOps Toolkit
-
-If you are entirely new to the GitOps Toolkit,
-you might want to take a look at the [introductory talk and demo](https://www.youtube.com/watch?v=qQBtSkgl7tI).
-
-This project is composed of:
-
-- [/f/toolkit](https://github.com/fluxcd/toolkit): The GitOps Toolkit CLI
-- [/f/source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources
-- [/f/kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
-- [/f/helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
-- [/f/notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events

Makefile

@@ -1,4 +1,4 @@
-VERSION?=$(shell grep 'VERSION' cmd/tk/main.go | awk '{ print $$4 }' | tr -d '"')
+VERSION?=$(shell grep 'VERSION' cmd/gotk/main.go | awk '{ print $$4 }' | tr -d '"')
 
 all: test build
 
@@ -15,14 +15,14 @@ test: tidy fmt vet docs
 	go test ./... -coverprofile cover.out
 
 build:
-	CGO_ENABLED=0 go build -o ./bin/tk ./cmd/tk
+	CGO_ENABLED=0 go build -o ./bin/gotk ./cmd/gotk
 
 install:
-	go install cmd/tk
+	go install cmd/gotk
 
 .PHONY: docs
 docs:
-	mkdir -p ./docs/cmd && go run ./cmd/tk/ docgen
+	mkdir -p ./docs/cmd && go run ./cmd/gotk/ docgen
 
 install-dev:
-	CGO_ENABLED=0 go build -o /usr/local/bin ./cmd/tk
+	CGO_ENABLED=0 go build -o /usr/local/bin ./cmd/gotk

README.md

@@ -5,8 +5,80 @@
 [![license](https://img.shields.io/github/license/fluxcd/toolkit.svg)](https://github.com/fluxcd/toolkit/blob/master/LICENSE)
 [![release](https://img.shields.io/github/release/fluxcd/toolkit/all.svg)](https://github.com/fluxcd/toolkit/releases)
 
-Experimental toolkit for assembling CD pipelines the GitOps way.
+![overview](docs/diagrams/gotk-feature.png)
 
-![overview](docs/diagrams/tk-feature.png)
+The GitOps Toolkit is a set of composable APIs and specialized tools
+that can be used to build a Continuous Delivery platform on top of Kubernetes.
 
-To get started with the toolkit please read the [docs](https://toolkit.fluxcd.io/).
+These tools are build with Kubernetes controller-runtime libraries, and they
+can be dynamically configured with Kubernetes custom resources either by
+cluster admins or by other automated tools.
+The GitOps Toolkit components interact with each other via Kubernetes
+events and are responsible for the reconciliation of their designated API objects.
+
+## `gotk` installation
+
+With Homebrew:
+
+```sh
+brew tap fluxcd/tap
+brew install gotk
+```
+
+With Bash:
+
+```sh
+curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
+
+# enable completions in ~/.bash_profile
+. <(gotk completion)
+```
+
+Binaries for macOS and Linux AMD64/ARM64 are available to download on the
+[release page](https://github.com/fluxcd/toolkit/releases).
+
+Verify that your cluster satisfies the prerequisites with:
+
+```sh
+gotk check --pre
+```
+
+## Get started
+
+To get started with the GitOps Toolkit, start [browsing the documentation](https://toolkit.fluxcd.io)
+or get started with one of the following guides:
+
+- [Get started with GitOps Toolkit (deep dive)](https://toolkit.fluxcd.io/get-started/)
+- [Installation](https://toolkit.fluxcd.io/guides/installation/)
+- [Manage Helm Releases](https://toolkit.fluxcd.io/guides/helmreleases/)
+- [Setup Notifications](https://toolkit.fluxcd.io/guides/notifications/)
+- [Setup Webhook Receivers](https://toolkit.fluxcd.io/guides/webhook-receivers/)
+
+## Components
+
+- [Toolkit CLI](https://toolkit.fluxcd.io/cmd/gotk/)
+- [Source Controller](https://toolkit.fluxcd.io/components/source/controller/)
+    - [GitRepository CRD](https://toolkit.fluxcd.io/components/source/gitrepositories/)
+    - [HelmRepository CRD](https://toolkit.fluxcd.io/components/source/helmrepositories/)
+    - [HelmChart CRD](https://toolkit.fluxcd.io/components/source/helmcharts/)
+- [Kustomize Controller](https://toolkit.fluxcd.io/components/kustomize/controller/)
+    - [Kustomization CRD](https://toolkit.fluxcd.io/components/kustomize/kustomization/)
+- [Helm Controller](https://toolkit.fluxcd.io/components/helm/controller/)
+    - [HelmRelease CRD](https://toolkit.fluxcd.io/components/helm/helmreleases/)
+- [Notification Controller](https://toolkit.fluxcd.io/components/notification/controller/)
+    - [Provider CRD](https://toolkit.fluxcd.io/components/notification/provider/)
+    - [Alert CRD](https://toolkit.fluxcd.io/components/notification/alert/)
+    - [Receiver CRD](https://toolkit.fluxcd.io/components/notification/receiver/)
+
+## Community
+
+The GitOps Toolkit is always looking for new contributors and there are a multitude of ways to get involved. Depending on what you want to do, some of the following bits might be your first steps:
+
+- Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
+- Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
+- Join the [planning discussions](https://github.com/fluxcd/toolkit/discussions)
+- And if you are completely new to the GitOps Toolkit, take a look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
+- To be part of the conversation about Flux's development, [join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
+- Check out [how to contribute](contributing/index.md) to the project
+
+We are looking forward to seeing you with us!

cmd/gotk/bootstrap.go

@@ -23,7 +23,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"sigs.k8s.io/yaml"
 	"strings"
 	"time"
 
@@ -33,9 +32,10 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var bootstrapCmd = &cobra.Command{
@@ -45,14 +45,20 @@ var bootstrapCmd = &cobra.Command{
 }
 
 var (
-	bootstrapVersion         string
-	bootstrapComponents      []string
-	bootstrapRegistry        string
-	bootstrapImagePullSecret string
+	bootstrapVersion            string
+	bootstrapComponents         []string
+	bootstrapRegistry           string
+	bootstrapImagePullSecret    string
+	bootstrapArch               string
+	bootstrapBranch             string
+	bootstrapWatchAllNamespaces bool
+	bootstrapLogLevel           string
+	bootstrapManifestsPath      string
+	bootstrapRequiredComponents = []string{"source-controller", "kustomize-controller"}
 )
 
 const (
-	bootstrapBranch                = "master"
+	bootstrapDefaultBranch         = "master"
 	bootstrapInstallManifest       = "toolkit-components.yaml"
 	bootstrapSourceManifest        = "toolkit-source.yaml"
 	bootstrapKustomizationManifest = "toolkit-kustomization.yaml"
@@ -63,32 +69,69 @@ func init() {
 		"toolkit version")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapBranch, "branch", bootstrapDefaultBranch,
+		"default branch (for GitHub this must match the default branch setting for the organization)")
 	rootCmd.AddCommand(bootstrapCmd)
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapWatchAllNamespaces, "watch-all-namespaces", true,
+		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapLogLevel, "log-level", "info", "set the controllers log level")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapManifestsPath, "manifests", "", "path to the manifest directory")
+	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
 }
 
-func generateInstallManifests(targetPath, namespace, tmpDir string) (string, error) {
-	tkDir := path.Join(tmpDir, ".tk")
-	defer os.RemoveAll(tkDir)
-
-	if err := os.MkdirAll(tkDir, os.ModePerm); err != nil {
-		return "", fmt.Errorf("generating manifests failed: %w", err)
+func bootstrapValidate() error {
+	if !utils.containsItemString(supportedArch, bootstrapArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", bootstrapArch, supportedArch)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, tkDir); err != nil {
-		return "", fmt.Errorf("generating manifests failed: %w", err)
+	if !utils.containsItemString(supportedLogLevels, bootstrapLogLevel) {
+		return fmt.Errorf("log level %s is not supported, can be %v", bootstrapLogLevel, supportedLogLevels)
 	}
 
+	for _, component := range bootstrapRequiredComponents {
+		if !utils.containsItemString(bootstrapComponents, component) {
+			return fmt.Errorf("component %s is required", component)
+		}
+	}
+
+	return nil
+}
+
+func generateInstallManifests(targetPath, namespace, tmpDir string, localManifests string) (string, error) {
 	manifestsDir := path.Join(tmpDir, targetPath, namespace)
 	if err := os.MkdirAll(manifestsDir, os.ModePerm); err != nil {
+		return "", fmt.Errorf("creating manifests dir failed: %w", err)
+	}
+	manifest := path.Join(manifestsDir, bootstrapInstallManifest)
+
+	if localManifests != "" {
+		if err := buildKustomization(localManifests, manifest); err != nil {
+			return "", fmt.Errorf("build kustomization failed: %w", err)
+		}
+
+		return manifest, nil
+	}
+
+	gotkDir := path.Join(tmpDir, ".gotk")
+	defer os.RemoveAll(gotkDir)
+
+	if err := os.MkdirAll(gotkDir, os.ModePerm); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	manifest := path.Join(manifestsDir, bootstrapInstallManifest)
-	if err := buildKustomization(tkDir, manifest); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents,
+		bootstrapWatchAllNamespaces, bootstrapRegistry, bootstrapImagePullSecret,
+		bootstrapArch, bootstrapLogLevel, gotkDir); err != nil {
+		return "", fmt.Errorf("generating manifests failed: %w", err)
+	}
+
+	if err := buildKustomization(gotkDir, manifest); err != nil {
 		return "", fmt.Errorf("build kustomization failed: %w", err)
 	}
 
@@ -111,8 +154,8 @@ func applyInstallManifests(ctx context.Context, manifestPath string, components
 	return nil
 }
 
-func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, interval time.Duration) error {
-	gvk := sourcev1.GroupVersion.WithKind("GitRepository")
+func generateSyncManifests(url, branch, name, namespace, targetPath, tmpDir string, interval time.Duration) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)
 	gitRepository := sourcev1.GitRepository{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       gvk.Kind,
@@ -128,7 +171,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 				Duration: interval,
 			},
 			Reference: &sourcev1.GitRepositoryRef{
-				Branch: "master",
+				Branch: branch,
 			},
 			SecretRef: &corev1.LocalObjectReference{
 				Name: name,
@@ -145,7 +188,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 		return err
 	}
 
-	gvk = kustomizev1.GroupVersion.WithKind("Kustomization")
+	gvk = kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)
 	kustomization := kustomizev1.Kustomization{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       gvk.Kind,
@@ -161,7 +204,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 			},
 			Path:  fmt.Sprintf("./%s", strings.TrimPrefix(targetPath, "./")),
 			Prune: true,
-			SourceRef: kustomizev1.CrossNamespaceObjectReference{
+			SourceRef: kustomizev1.CrossNamespaceSourceReference{
 				Kind: sourcev1.GitRepositoryKind,
 				Name: name,
 			},
@@ -177,11 +220,15 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 		return err
 	}
 
+	if err := utils.generateKustomizationYaml(filepath.Join(tmpDir, targetPath, namespace)); err != nil {
+		return err
+	}
+
 	return nil
 }
 
 func applySyncManifests(ctx context.Context, kubeClient client.Client, name, namespace, targetPath, tmpDir string) error {
-	command := fmt.Sprintf("kubectl apply -f %s", filepath.Join(tmpDir, targetPath, namespace))
+	command := fmt.Sprintf("kubectl apply -k %s", filepath.Join(tmpDir, targetPath, namespace))
 	if _, err := utils.execCommand(ctx, ModeStderrOS, command); err != nil {
 		return err
 	}

cmd/gotk/bootstrap_github.go

@@ -42,19 +42,22 @@ the bootstrap command will perform an upgrade if needed.`,
   export GITHUB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitHub organization
-  tk bootstrap github --owner=<organization> --repository=<repo name>
+  gotk bootstrap github --owner=<organization> --repository=<repo name>
 
   # Run bootstrap for a private repo and assign organization teams to it
-  tk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
 
   # Run bootstrap for a repository path
-  tk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  tk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
+  gotk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on GitHub Enterprise
-  tk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --branch=main
 `,
 	RunE: bootstrapGitHubCmdRun,
 }
@@ -68,6 +71,7 @@ var (
 	ghHostname   string
 	ghPath       string
 	ghTeams      []string
+	ghDelete     bool
 )
 
 const (
@@ -84,6 +88,9 @@ func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&ghHostname, "hostname", git.GitHubDefaultHostname, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().StringVar(&ghPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
 
+	bootstrapGitHubCmd.Flags().BoolVar(&ghDelete, "delete", false, "delete repository (used for testing only)")
+	bootstrapGitHubCmd.Flags().MarkHidden("delete")
+
 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
 }
 
@@ -93,7 +100,11 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitHubTokenName)
 	}
 
-	repository, err := git.NewRepository(ghRepository, ghOwner, ghHostname, ghToken, "tk", ghOwner+"@users.noreply.github.com")
+	if err := bootstrapValidate(); err != nil {
+		return err
+	}
+
+	repository, err := git.NewRepository(ghRepository, ghOwner, ghHostname, ghToken, "gotk", ghOwner+"@users.noreply.github.com")
 	if err != nil {
 		return err
 	}
@@ -103,11 +114,6 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		IsPersonal: ghPersonal,
 	}
 
-	kubeClient, err := utils.kubeClient(kubeconfig)
-	if err != nil {
-		return err
-	}
-
 	tmpDir, err := ioutil.TempDir("", namespace)
 	if err != nil {
 		return err
@@ -117,6 +123,14 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
+	if ghDelete {
+		if err := provider.DeleteRepository(ctx, repository); err != nil {
+			return err
+		}
+		logger.Successf("repository deleted")
+		return nil
+	}
+
 	// create GitHub repository if doesn't exists
 	logger.Actionf("connecting to %s", ghHostname)
 	changed, err := provider.CreateRepository(ctx, repository)
@@ -148,7 +162,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	manifest, err := generateInstallManifests(ghPath, namespace, tmpDir)
+	manifest, err := generateInstallManifests(ghPath, namespace, tmpDir, bootstrapManifestsPath)
 	if err != nil {
 		return err
 	}
@@ -169,6 +183,11 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("components are up to date")
 	}
 
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	// determine if repo synchronization is working
 	isInstall := shouldInstallManifests(ctx, kubeClient, namespace)
 
@@ -194,9 +213,9 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("generating deploy key failed: %w", err)
 		}
 
-		keyName := "tk"
+		keyName := "gotk"
 		if ghPath != "" {
-			keyName = fmt.Sprintf("tk-%s", ghPath)
+			keyName = fmt.Sprintf("gotk-%s", ghPath)
 		}
 
 		if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
@@ -207,28 +226,25 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// configure repo synchronization
-	if isInstall {
-		// generate source and kustomization manifests
-		logger.Actionf("generating sync manifests")
-		if err := generateSyncManifests(repository.GetSSH(), namespace, namespace, ghPath, tmpDir, ghInterval); err != nil {
-			return err
-		}
+	logger.Actionf("generating sync manifests")
+	if err := generateSyncManifests(repository.GetSSH(), bootstrapBranch, namespace, namespace, ghPath, tmpDir, ghInterval); err != nil {
+		return err
+	}
 
-		// commit and push manifests
-		if changed, err = repository.Commit(ctx, path.Join(ghPath, namespace), "Add manifests"); err != nil {
+	// commit and push manifests
+	if changed, err = repository.Commit(ctx, path.Join(ghPath, namespace), "Add manifests"); err != nil {
+		return err
+	} else if changed {
+		if err := repository.Push(ctx); err != nil {
 			return err
-		} else if changed {
-			if err := repository.Push(ctx); err != nil {
-				return err
-			}
-			logger.Successf("sync manifests pushed")
 		}
+		logger.Successf("sync manifests pushed")
+	}
 
-		// apply manifests and waiting for sync
-		logger.Actionf("applying sync manifests")
-		if err := applySyncManifests(ctx, kubeClient, namespace, namespace, ghPath, tmpDir); err != nil {
-			return err
-		}
+	// apply manifests and waiting for sync
+	logger.Actionf("applying sync manifests")
+	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, ghPath, tmpDir); err != nil {
+		return err
 	}
 
 	if withErrors {

cmd/gotk/bootstrap_gitlab.go

@@ -42,28 +42,32 @@ the bootstrap command will perform an upgrade if needed.`,
   export GITLAB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitLab group
-  tk bootstrap gitlab --owner=<group> --repository=<repo name>
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name>
 
   # Run bootstrap for a repository path
-  tk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  tk bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
+  gotk bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on a GitLab server 
-  tk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap gitlab --owner=<organization> --repository=<repo name> --branch=main
 `,
 	RunE: bootstrapGitLabCmdRun,
 }
 
 var (
-	glOwner      string
-	glRepository string
-	glInterval   time.Duration
-	glPersonal   bool
-	glPrivate    bool
-	glHostname   string
-	glPath       string
+	glOwner       string
+	glRepository  string
+	glInterval    time.Duration
+	glPersonal    bool
+	glPrivate     bool
+	glHostname    string
+	glSSHHostname string
+	glPath        string
 )
 
 func init() {
@@ -73,6 +77,7 @@ func init() {
 	bootstrapGitLabCmd.Flags().BoolVar(&glPrivate, "private", true, "is private repository")
 	bootstrapGitLabCmd.Flags().DurationVar(&glInterval, "interval", time.Minute, "sync interval")
 	bootstrapGitLabCmd.Flags().StringVar(&glHostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
+	bootstrapGitLabCmd.Flags().StringVar(&glSSHHostname, "ssh-hostname", "", "GitLab SSH hostname, defaults to hostname if not specified")
 	bootstrapGitLabCmd.Flags().StringVar(&glPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
 
 	bootstrapCmd.AddCommand(bootstrapGitLabCmd)
@@ -84,11 +89,19 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitLabTokenName)
 	}
 
-	repository, err := git.NewRepository(glRepository, glOwner, glHostname, glToken, "tk", glOwner+"@users.noreply.gitlab.com")
+	if err := bootstrapValidate(); err != nil {
+		return err
+	}
+
+	repository, err := git.NewRepository(glRepository, glOwner, glHostname, glToken, "gotk", glOwner+"@users.noreply.gitlab.com")
 	if err != nil {
 		return err
 	}
 
+	if glSSHHostname != "" {
+		repository.SSHHost = glSSHHostname
+	}
+
 	provider := &git.GitLabProvider{
 		IsPrivate:  glPrivate,
 		IsPersonal: glPersonal,
@@ -126,7 +139,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	manifest, err := generateInstallManifests(glPath, namespace, tmpDir)
+	manifest, err := generateInstallManifests(glPath, namespace, tmpDir, bootstrapManifestsPath)
 	if err != nil {
 		return err
 	}
@@ -172,9 +185,9 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("generating deploy key failed: %w", err)
 		}
 
-		keyName := "tk"
+		keyName := "gotk"
 		if glPath != "" {
-			keyName = fmt.Sprintf("tk-%s", glPath)
+			keyName = fmt.Sprintf("gotk-%s", glPath)
 		}
 
 		if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
@@ -185,28 +198,25 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// configure repo synchronization
-	if isInstall {
-		// generate source and kustomization manifests
-		logger.Actionf("generating sync manifests")
-		if err := generateSyncManifests(repository.GetSSH(), namespace, namespace, glPath, tmpDir, glInterval); err != nil {
-			return err
-		}
+	logger.Actionf("generating sync manifests")
+	if err := generateSyncManifests(repository.GetSSH(), bootstrapBranch, namespace, namespace, glPath, tmpDir, glInterval); err != nil {
+		return err
+	}
 
-		// commit and push manifests
-		if changed, err = repository.Commit(ctx, path.Join(glPath, namespace), "Add manifests"); err != nil {
+	// commit and push manifests
+	if changed, err = repository.Commit(ctx, path.Join(glPath, namespace), "Add manifests"); err != nil {
+		return err
+	} else if changed {
+		if err := repository.Push(ctx); err != nil {
 			return err
-		} else if changed {
-			if err := repository.Push(ctx); err != nil {
-				return err
-			}
-			logger.Successf("sync manifests pushed")
 		}
+		logger.Successf("sync manifests pushed")
+	}
 
-		// apply manifests and waiting for sync
-		logger.Actionf("applying sync manifests")
-		if err := applySyncManifests(ctx, kubeClient, namespace, namespace, glPath, tmpDir); err != nil {
-			return err
-		}
+	// apply manifests and waiting for sync
+	logger.Actionf("applying sync manifests")
+	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, glPath, tmpDir); err != nil {
+		return err
 	}
 
 	logger.Successf("bootstrap finished")

cmd/gotk/check.go

@@ -35,10 +35,10 @@ var checkCmd = &cobra.Command{
 	Long: `The check command will perform a series of checks to validate that
 the local environment is configured correctly and if the installed components are healthy.`,
 	Example: `  # Run pre-installation checks
-  tk check --pre
+  gotk check --pre
 
   # Run installation checks
-  tk check
+  gotk check
 `,
 	RunE: runCheckCmd,
 }

cmd/gotk/completion.go

@@ -17,24 +17,15 @@ limitations under the License.
 package main
 
 import (
-	"time"
-
 	"github.com/spf13/cobra"
 )
 
-var createCmd = &cobra.Command{
-	Use:   "create",
-	Short: "Create or update sources and resources",
-	Long:  "The create sub-commands generate sources and resources.",
+var completionCmd = &cobra.Command{
+	Use:   "completion",
+	Short: "Generates completion scripts for various shells",
+	Long:  "The completion sub-command generates completion scripts for various shells",
 }
 
-var (
-	interval time.Duration
-	export   bool
-)
-
 func init() {
-	createCmd.PersistentFlags().DurationVarP(&interval, "interval", "", time.Minute, "source sync interval")
-	createCmd.PersistentFlags().BoolVar(&export, "export", false, "export in YAML format to stdout")
-	rootCmd.AddCommand(createCmd)
+	rootCmd.AddCommand(completionCmd)
 }

cmd/gotk/completion_bash.go

@@ -22,17 +22,17 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var completionCmd = &cobra.Command{
-	Use:   "completion",
+var completionBashCmd = &cobra.Command{
+	Use:   "bash",
 	Short: "Generates bash completion scripts",
 	Example: `To load completion run
 
-. <(tk completion)
+. <(gotk completion bash)
 
 To configure your bash shell to load completions for each session add to your bashrc
 
 # ~/.bashrc or ~/.profile
-. <(tk completion)
+command -v gotk >/dev/null && . <(gotk completion bash)
 `,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenBashCompletion(os.Stdout)
@@ -40,5 +40,5 @@ To configure your bash shell to load completions for each session add to your ba
 }
 
 func init() {
-	rootCmd.AddCommand(completionCmd)
+	completionCmd.AddCommand(completionBashCmd)
 }

cmd/gotk/completion_fish.go

@@ -0,0 +1,45 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionFishCmd = &cobra.Command{
+	Use:   "fish",
+	Short: "Generates fish completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion fish)
+
+To configure your fish shell to load completions for each session write this script to your completions dir:
+
+gotk completion fish > ~/.config/fish/completions/gotk
+
+See http://fishshell.com/docs/current/index.html#completion-own for more details
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenFishCompletion(os.Stdout, true)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionFishCmd)
+}

cmd/gotk/completion_powershell.go

@@ -0,0 +1,51 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionPowerShellCmd = &cobra.Command{
+	Use:   "powershell",
+	Short: "Generates powershell completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion powershell)
+
+To configure your powershell shell to load completions for each session add to your powershell profile
+
+Windows:
+
+cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
+gotk completion >> gotk-completion.ps1
+
+Linux:
+
+cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
+gotk completion >> gotk-completions.ps1
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenPowerShellCompletion(os.Stdout)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionPowerShellCmd)
+}

cmd/gotk/completion_zsh.go

@@ -0,0 +1,52 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionZshCmd = &cobra.Command{
+	Use:   "zsh",
+	Short: "Generates zsh completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion zsh) && compdef _gotk gotk
+
+To configure your zsh shell to load completions for each session add to your zshrc
+
+# ~/.zshrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion zsh) && compdef _gotk gotk
+
+or write a cached file in one of the completion directories in your ${fpath}:
+
+echo "${fpath// /\n}" | grep -i completion
+gotk completions zsh > _gotk
+
+mv _gotk ~/.oh-my-zsh/completions  # oh-my-zsh
+mv _gotk ~/.zprezto/modules/completion/external/src/  # zprezto
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenZshCompletion(os.Stdout)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionZshCmd)
+}

cmd/gotk/create.go

@@ -0,0 +1,72 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"k8s.io/apimachinery/pkg/util/validation"
+
+	"github.com/spf13/cobra"
+)
+
+var createCmd = &cobra.Command{
+	Use:   "create",
+	Short: "Create or update sources and resources",
+	Long:  "The create sub-commands generate sources and resources.",
+}
+
+var (
+	interval time.Duration
+	export   bool
+	labels   []string
+)
+
+func init() {
+	createCmd.PersistentFlags().DurationVarP(&interval, "interval", "", time.Minute, "source sync interval")
+	createCmd.PersistentFlags().BoolVar(&export, "export", false, "export in YAML format to stdout")
+	createCmd.PersistentFlags().StringSliceVar(&labels, "label", nil,
+		"set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)")
+	rootCmd.AddCommand(createCmd)
+}
+
+func parseLabels() (map[string]string, error) {
+	result := make(map[string]string)
+	for _, label := range labels {
+		// validate key value pair
+		parts := strings.Split(label, "=")
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid label format '%s', must be key=value", label)
+		}
+
+		// validate label name
+		if errors := validation.IsQualifiedName(parts[0]); len(errors) > 0 {
+			return nil, fmt.Errorf("invalid label '%s': %v", parts[0], errors)
+		}
+
+		// validate label value
+		if errors := validation.IsValidLabelValue(parts[1]); len(errors) > 0 {
+			return nil, fmt.Errorf("invalid label value '%s': %v", parts[1], errors)
+		}
+
+		result[parts[0]] = parts[1]
+	}
+
+	return result, nil
+}

cmd/gotk/create_helmrelease.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"io/ioutil"
 
 	"github.com/spf13/cobra"
@@ -32,8 +33,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createHelmReleaseCmd = &cobra.Command{
@@ -41,29 +42,47 @@ var createHelmReleaseCmd = &cobra.Command{
 	Aliases: []string{"hr"},
 	Short:   "Create or update a HelmRelease resource",
 	Long:    "The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.",
-	Example: `  # Create a HelmRelease from a source
-  tk create hr podinfo \
+	Example: `  # Create a HelmRelease with a chart from a HelmRepository source
+  gotk create hr podinfo \
     --interval=10m \
-    --release-name=podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --chart-version=">4.0.0"
 
-  # Create a HelmRelease with values for a local YAML file
-  tk create hr podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with a chart from a Bucket source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=Bucket/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --values=./my-values.yaml
 
-  # Create a HelmRelease definition on disk without applying it on the cluster
-  tk create hr podinfo \
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
+  gotk create hr podinfo \
     --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo
+
+  # Create a HelmRelease definition on disk without applying it on the cluster
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --values=./values.yaml \
     --export > podinfo-release.yaml
 `,
@@ -74,18 +93,18 @@ var (
 	hrName            string
 	hrSource          string
 	hrDependsOn       []string
-	hrChartName       string
+	hrChart           string
 	hrChartVersion    string
 	hrTargetNamespace string
 	hrValuesFile      string
 )
 
 func init() {
-	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'")
-	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "HelmRepository name")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartName, "chart-name", "", "Helm chart name")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts semver range")
-	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed")
+	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'")
+	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "source that contains the chart (<kind>/<name>)")
+	createHelmReleaseCmd.Flags().StringVar(&hrChart, "chart", "", "Helm chart name or path")
+	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
+	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
 	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
 	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
 	createCmd.AddCommand(createHelmReleaseCmd)
@@ -100,17 +119,19 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	if hrSource == "" {
 		return fmt.Errorf("source is required")
 	}
-	if hrChartName == "" {
-		return fmt.Errorf("chart name is required")
+	sourceKind, sourceName := utils.parseObjectKindName(hrSource)
+	if sourceKind == "" {
+		return fmt.Errorf("invalid source '%s', must be in format <kind>/<name>", hrSource)
 	}
-	if hrChartVersion == "" {
-		return fmt.Errorf("chart version is required")
+	if !utils.containsItemString(supportedHelmChartSourceKinds, sourceKind) {
+		return fmt.Errorf("source kind %s is not supported, can be %v",
+			sourceKind, supportedHelmChartSourceKinds)
+	}
+	if hrChart == "" {
+		return fmt.Errorf("chart name or path is required")
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-
-	kubeClient, err := utils.kubeClient(kubeconfig)
+	sourceLabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
@@ -123,20 +144,23 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: helmv2.HelmReleaseSpec{
 			ReleaseName: hrName,
-			DependsOn:   hrDependsOn,
+			DependsOn:   utils.makeDependsOn(hrDependsOn),
 			Interval: metav1.Duration{
 				Duration: interval,
 			},
 			TargetNamespace: hrTargetNamespace,
 			Chart: helmv2.HelmChartTemplate{
-				Name:    hrChartName,
-				Version: hrChartVersion,
-				SourceRef: helmv2.CrossNamespaceObjectReference{
-					Kind: sourcev1.HelmRepositoryKind,
-					Name: hrSource,
+				Spec: helmv2.HelmChartTemplateSpec{
+					Chart:   hrChart,
+					Version: hrChartVersion,
+					SourceRef: helmv2.CrossNamespaceObjectReference{
+						Kind: sourceKind,
+						Name: sourceName,
+					},
 				},
 			},
 			Suspend: false,
@@ -154,13 +178,21 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("converting values to JSON from %s failed: %w", hrValuesFile, err)
 		}
 
-		helmRelease.Spec.Values = apiextensionsv1.JSON{Raw: json}
+		helmRelease.Spec.Values = &apiextensionsv1.JSON{Raw: json}
 	}
 
 	if export {
 		return exportHelmRelease(helmRelease)
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	logger.Actionf("applying release")
 	if err := upsertHelmRelease(ctx, kubeClient, helmRelease); err != nil {
 		return err
@@ -217,6 +249,7 @@ func upsertHelmRelease(ctx context.Context, kubeClient client.Client, helmReleas
 		return err
 	}
 
+	existing.Labels = helmRelease.Labels
 	existing.Spec = helmRelease.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -242,13 +275,37 @@ func isHelmChartReady(ctx context.Context, kubeClient client.Client, name, names
 			return false, err
 		}
 
-		for _, condition := range helmChart.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(helmChart.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
+			}
+		}
+		return false, nil
+	}
+}
+
+func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var helmRelease helmv2.HelmRelease
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &helmRelease)
+		if err != nil {
+			return false, err
+		}
+
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_kustomization.go

@@ -30,17 +30,19 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	"github.com/fluxcd/pkg/apis/meta"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createKsCmd = &cobra.Command{
 	Use:     "kustomization [name]",
 	Aliases: []string{"ks"},
 	Short:   "Create or update a Kustomization resource",
-	Long:    "The kustomization source create command generates a Kustomize resource for a given GitRepository source.",
+	Long:    "The kustomization source create command generates a Kustomize resource for a given source.",
 	Example: `  # Create a Kustomization resource from a source at a given path
-  tk create kustomization contour \
+  gotk create kustomization contour \
     --source=contour \
     --path="./examples/contour/" \
     --prune=true \
@@ -51,7 +53,7 @@ var createKsCmd = &cobra.Command{
     --health-check-timeout=3m
 
   # Create a Kustomization resource that depends on the previous one
-  tk create kustomization webapp \
+  gotk create kustomization webapp \
     --depends-on=contour \
     --source=webapp \
     --path="./deploy/overlays/dev" \
@@ -59,41 +61,42 @@ var createKsCmd = &cobra.Command{
     --interval=5m \
     --validation=client
 
-  # Create a Kustomization resource that runs under a service account
-  tk create kustomization webapp \
-    --source=webapp \
-    --path="./deploy/overlays/staging" \
+  # Create a Kustomization resource that references a Bucket
+  gotk create kustomization secrets \
+    --source=Bucket/secrets \
     --prune=true \
-    --interval=5m \
-    --validation=client \
-    --sa-name=reconclier \
-    --sa-namespace=staging
+    --interval=5m
 `,
 	RunE: createKsCmdRun,
 }
 
 var (
-	ksSource        string
-	ksPath          string
-	ksPrune         bool
-	ksDependsOn     []string
-	ksValidation    string
-	ksHealthCheck   []string
-	ksHealthTimeout time.Duration
-	ksSAName        string
-	ksSANamespace   string
+	ksSource             string
+	ksPath               string
+	ksPrune              bool
+	ksDependsOn          []string
+	ksValidation         string
+	ksHealthCheck        []string
+	ksHealthTimeout      time.Duration
+	ksSAName             string
+	ksSANamespace        string
+	ksDecryptionProvider string
+	ksDecryptionSecret   string
 )
 
 func init() {
-	createKsCmd.Flags().StringVar(&ksSource, "source", "", "GitRepository name")
+	createKsCmd.Flags().StringVar(&ksSource, "source", "",
+		"source that contains the Kubernetes manifests in the format '[<kind>/]<name>', where kind can be GitRepository or Bucket, if kind is not specified it defaults to GitRepository")
 	createKsCmd.Flags().StringVar(&ksPath, "path", "./", "path to the directory containing the Kustomization file")
 	createKsCmd.Flags().BoolVar(&ksPrune, "prune", false, "enable garbage collection")
 	createKsCmd.Flags().StringArrayVar(&ksHealthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
 	createKsCmd.Flags().DurationVar(&ksHealthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
 	createKsCmd.Flags().StringVar(&ksValidation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
-	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied")
+	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
 	createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
 	createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace")
+	createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'")
+	createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createCmd.AddCommand(createKsCmd)
 }
 
@@ -106,6 +109,16 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	if ksSource == "" {
 		return fmt.Errorf("source is required")
 	}
+
+	sourceKind, sourceName := utils.parseObjectKindName(ksSource)
+	if sourceKind == "" {
+		sourceKind = sourcev1.GitRepositoryKind
+	}
+	if !utils.containsItemString(supportedKustomizationSourceKinds, sourceKind) {
+		return fmt.Errorf("source kind %s is not supported, can be %v",
+			sourceKind, supportedKustomizationSourceKinds)
+	}
+
 	if ksPath == "" {
 		return fmt.Errorf("path is required")
 	}
@@ -113,33 +126,31 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("path must begin with ./")
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-
-	kubeClient, err := utils.kubeClient(kubeconfig)
-	if err != nil {
-		return err
-	}
-
 	if !export {
 		logger.Generatef("generating kustomization")
 	}
 
+	ksLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
 	kustomization := kustomizev1.Kustomization{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    ksLabels,
 		},
 		Spec: kustomizev1.KustomizationSpec{
-			DependsOn: ksDependsOn,
+			DependsOn: utils.makeDependsOn(hrDependsOn),
 			Interval: metav1.Duration{
 				Duration: interval,
 			},
 			Path:  ksPath,
 			Prune: ksPrune,
-			SourceRef: kustomizev1.CrossNamespaceObjectReference{
-				Kind: sourcev1.GitRepositoryKind,
-				Name: ksSource,
+			SourceRef: kustomizev1.CrossNamespaceSourceReference{
+				Kind: sourceKind,
+				Name: sourceName,
 			},
 			Suspend:    false,
 			Validation: ksValidation,
@@ -147,31 +158,39 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if len(ksHealthCheck) > 0 {
-		healthChecks := make([]kustomizev1.WorkloadReference, 0)
+		healthChecks := make([]kustomizev1.CrossNamespaceObjectReference, 0)
 		for _, w := range ksHealthCheck {
 			kindObj := strings.Split(w, "/")
 			if len(kindObj) != 2 {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace' %v", w, kindObj)
 			}
 			kind := kindObj[0]
+
+			//TODO: (stefan) extend this list with all the kstatus builtin kinds
 			kinds := map[string]bool{
-				"Deployment":  true,
-				"DaemonSet":   true,
-				"StatefulSet": true,
+				"Deployment":           true,
+				"DaemonSet":            true,
+				"StatefulSet":          true,
+				helmv2.HelmReleaseKind: true,
 			}
 			if !kinds[kind] {
-				return fmt.Errorf("invalid health check kind '%s' can be Deployment, DaemonSet or StatefulSet", kind)
+				return fmt.Errorf("invalid health check kind '%s' can be HelmRelease, Deployment, DaemonSet or StatefulSet", kind)
 			}
 			nameNs := strings.Split(kindObj[1], ".")
 			if len(nameNs) != 2 {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace'", w)
 			}
 
-			healthChecks = append(healthChecks, kustomizev1.WorkloadReference{
+			check := kustomizev1.CrossNamespaceObjectReference{
 				Kind:      kind,
 				Name:      nameNs[0],
 				Namespace: nameNs[1],
-			})
+			}
+
+			if kind == helmv2.HelmReleaseKind {
+				check.APIVersion = helmv2.GroupVersion.String()
+			}
+			healthChecks = append(healthChecks, check)
 		}
 		kustomization.Spec.HealthChecks = healthChecks
 		kustomization.Spec.Timeout = &metav1.Duration{
@@ -186,10 +205,33 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	if ksDecryptionProvider != "" {
+		if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) {
+			return fmt.Errorf("decryption provider %s is not supported, can be %v",
+				ksDecryptionProvider, supportedDecryptionProviders)
+		}
+
+		kustomization.Spec.Decryption = &kustomizev1.Decryption{
+			Provider: ksDecryptionProvider,
+		}
+
+		if ksDecryptionSecret != "" {
+			kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
+		}
+	}
+
 	if export {
 		return exportKs(kustomization)
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	logger.Actionf("applying kustomization")
 	if err := upsertKustomization(ctx, kubeClient, kustomization); err != nil {
 		return err
@@ -241,6 +283,7 @@ func upsertKustomization(ctx context.Context, kubeClient client.Client, kustomiz
 		return err
 	}
 
+	existing.Labels = kustomization.Labels
 	existing.Spec = kustomization.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -263,13 +306,12 @@ func isKustomizationReady(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_source_bucket.go

@@ -0,0 +1,230 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var createSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Create or update a Bucket source",
+	Long: `
+The create source bucket command generates a Bucket resource and waits for it to be downloaded.
+For Buckets with static authentication, the credentials are stored in a Kubernetes secret.`,
+	Example: `  # Create a source from a Buckets using static authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+    --endpoint=minio.minio.svc.cluster.local:9000 \
+	--insecure=true \
+	--access-key=myaccesskey \
+	--secret-key=mysecretkey \
+    --interval=10m
+
+  # Create a source from an Amazon S3 Bucket using IAM authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+	--provider=aws \
+    --endpoint=s3.amazonaws.com \
+	--region=us-east-1 \
+    --interval=10m
+`,
+	RunE: createSourceBucketCmdRun,
+}
+
+var (
+	sourceBucketName      string
+	sourceBucketProvider  string
+	sourceBucketEndpoint  string
+	sourceBucketAccessKey string
+	sourceBucketSecretKey string
+	sourceBucketRegion    string
+	sourceBucketInsecure  bool
+)
+
+func init() {
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketProvider, "provider", sourcev1.GenericBucketProvider, "the S3 compatible storage provider name, can be 'generic' or 'aws'")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketName, "bucket-name", "", "the bucket name")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketEndpoint, "endpoint", "", "the bucket endpoint address")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketAccessKey, "access-key", "", "the bucket access key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
+	createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
+
+	createSourceCmd.AddCommand(createSourceBucketCmd)
+}
+
+func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("source name is required")
+	}
+	name := args[0]
+	secretName := fmt.Sprintf("bucket-%s", name)
+
+	if !utils.containsItemString(supportedSourceBucketProviders, sourceBucketProvider) {
+		return fmt.Errorf("bucket provider %s is not supported, can be %v",
+			sourceBucketProvider, supportedSourceBucketProviders)
+	}
+
+	if sourceBucketName == "" {
+		return fmt.Errorf("bucket-name is required")
+	}
+
+	if sourceBucketEndpoint == "" {
+		return fmt.Errorf("endpoint is required")
+	}
+
+	sourceLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
+	tmpDir, err := ioutil.TempDir("", name)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	bucket := sourcev1.Bucket{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+			Labels:    sourceLabels,
+		},
+		Spec: sourcev1.BucketSpec{
+			BucketName: sourceBucketName,
+			Provider:   sourceBucketProvider,
+			Insecure:   sourceBucketInsecure,
+			Endpoint:   sourceBucketEndpoint,
+			Region:     sourceBucketRegion,
+			Interval: metav1.Duration{
+				Duration: interval,
+			},
+		},
+	}
+
+	if export {
+		return exportBucket(bucket)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	logger.Generatef("generating source")
+
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: namespace,
+		},
+		StringData: map[string]string{},
+	}
+
+	if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
+		secret.StringData["accesskey"] = sourceBucketAccessKey
+		secret.StringData["secretkey"] = sourceBucketSecretKey
+	}
+
+	if len(secret.StringData) > 0 {
+		logger.Actionf("applying secret with the bucket credentials")
+		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			return err
+		}
+		bucket.Spec.SecretRef = &corev1.LocalObjectReference{
+			Name: secretName,
+		}
+		logger.Successf("authentication configured")
+	}
+
+	logger.Actionf("applying source")
+	if err := upsertBucket(ctx, kubeClient, bucket); err != nil {
+		return err
+	}
+
+	logger.Waitingf("waiting for download")
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isBucketReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("download completed")
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return fmt.Errorf("could not retrieve bucket: %w", err)
+	}
+
+	if bucket.Status.Artifact != nil {
+		logger.Successf("fetched revision: %s", bucket.Status.Artifact.Revision)
+	} else {
+		return fmt.Errorf("download failed, artifact not found")
+	}
+
+	return nil
+}
+
+func upsertBucket(ctx context.Context, kubeClient client.Client, bucket sourcev1.Bucket) error {
+	namespacedName := types.NamespacedName{
+		Namespace: bucket.GetNamespace(),
+		Name:      bucket.GetName(),
+	}
+
+	var existing sourcev1.Bucket
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &bucket); err != nil {
+				return err
+			} else {
+				logger.Successf("source created")
+				return nil
+			}
+		}
+		return err
+	}
+
+	existing.Labels = bucket.Labels
+	existing.Spec = bucket.Spec
+	if err := kubeClient.Update(ctx, &existing); err != nil {
+		return err
+	}
+
+	logger.Successf("source updated")
+	return nil
+}

cmd/gotk/create_source_git.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"crypto/elliptic"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"io/ioutil"
 	"net/url"
 	"os"
 	"time"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -46,35 +47,35 @@ The create source git command generates a GitRepository resource and waits for i
 For Git over SSH, host and SSH keys are automatically generated and stored in a Kubernetes secret.
 For private Git repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
 	Example: `  # Create a source from a public Git repository master branch
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository pinned to specific git tag
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag="3.2.3"
 
   # Create a source from a public Git repository tag that matches a semver range
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag-semver=">=3.2.0 <3.3.0"
 
   # Create a source from a Git repository using SSH authentication
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository using SSH authentication and an
   # ECDSA P-521 curve public key
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master \
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
   # Create a source from a Git repository using basic authentication
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
     --password=password
@@ -129,10 +130,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-
-	kubeClient, err := utils.kubeClient(kubeconfig)
+	sourceLabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
@@ -141,6 +139,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.GitRepositorySpec{
 			URL: sourceGitURL,
@@ -163,6 +162,14 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return exportGit(gitRepository)
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	withAuth := false
 	// TODO(hidde): move all auth prep to separate func?
 	if u.Scheme == "ssh" {
@@ -343,6 +350,7 @@ func upsertGitRepository(ctx context.Context, kubeClient client.Client, gitRepos
 		return err
 	}
 
+	existing.Labels = gitRepository.Labels
 	existing.Spec = gitRepository.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -365,13 +373,12 @@ func isGitRepositoryReady(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range gitRepository.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(gitRepository.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_source_helm.go

@@ -19,18 +19,19 @@ package main
 import (
 	"context"
 	"fmt"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
-	"github.com/spf13/cobra"
 	"io/ioutil"
+	"net/url"
+	"os"
+
+	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"net/url"
-	"os"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createSourceHelmCmd = &cobra.Command{
@@ -40,15 +41,22 @@ var createSourceHelmCmd = &cobra.Command{
 The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
 For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
 	Example: `  # Create a source from a public Helm repository
-  tk create source helm podinfo \
+  gotk create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \
     --interval=10m
 
   # Create a source from a Helm repository using basic authentication
-  tk create source helm podinfo \
+  gotk create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \
     --username=username \
     --password=password
+
+  # Create a source from a Helm repository using TLS authentication
+  gotk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
 `,
 	RunE: createSourceHelmCmdRun,
 }
@@ -57,12 +65,18 @@ var (
 	sourceHelmURL      string
 	sourceHelmUsername string
 	sourceHelmPassword string
+	sourceHelmCertFile string
+	sourceHelmKeyFile  string
+	sourceHelmCAFile   string
 )
 
 func init() {
 	createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
 	createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
 	createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
 
 	createSourceCmd.AddCommand(createSourceHelmCmd)
 }
@@ -78,6 +92,11 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("url is required")
 	}
 
+	sourceLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
 	tmpDir, err := ioutil.TempDir("", name)
 	if err != nil {
 		return err
@@ -88,18 +107,11 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("url parse failed: %w", err)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-
-	kubeClient, err := utils.kubeClient(kubeconfig)
-	if err != nil {
-		return err
-	}
-
 	helmRepository := sourcev1.HelmRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.HelmRepositorySpec{
 			URL: sourceHelmURL,
@@ -113,35 +125,60 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return exportHelmRepository(helmRepository)
 	}
 
-	withAuth := false
-	if sourceHelmUsername != "" && sourceHelmPassword != "" {
-		logger.Actionf("applying secret with basic auth credentials")
-		secret := corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      secretName,
-				Namespace: namespace,
-			},
-			StringData: map[string]string{
-				"username": sourceHelmUsername,
-				"password": sourceHelmPassword,
-			},
-		}
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
-			return err
-		}
-		withAuth = true
-	}
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
 
-	if withAuth {
-		logger.Successf("authentication configured")
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
 	}
 
 	logger.Generatef("generating source")
 
-	if withAuth {
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: namespace,
+		},
+		StringData: map[string]string{},
+	}
+
+	if sourceHelmUsername != "" && sourceHelmPassword != "" {
+		secret.StringData["username"] = sourceHelmUsername
+		secret.StringData["password"] = sourceHelmPassword
+	}
+
+	if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
+		cert, err := ioutil.ReadFile(sourceHelmCertFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
+		}
+		secret.StringData["certFile"] = string(cert)
+
+		key, err := ioutil.ReadFile(sourceHelmKeyFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
+		}
+		secret.StringData["keyFile"] = string(key)
+	}
+
+	if sourceHelmCAFile != "" {
+		ca, err := ioutil.ReadFile(sourceHelmCAFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
+		}
+		secret.StringData["caFile"] = string(ca)
+	}
+
+	if len(secret.StringData) > 0 {
+		logger.Actionf("applying secret with repository credentials")
+		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			return err
+		}
 		helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
 			Name: secretName,
 		}
+		logger.Successf("authentication configured")
 	}
 
 	logger.Actionf("applying source")
@@ -195,6 +232,7 @@ func upsertHelmRepository(ctx context.Context, kubeClient client.Client, helmRep
 		return err
 	}
 
+	existing.Labels = helmRepository.Labels
 	existing.Spec = helmRepository.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -203,27 +241,3 @@ func upsertHelmRepository(ctx context.Context, kubeClient client.Client, helmRep
 	logger.Successf("source updated")
 	return nil
 }
-
-func exportHelmRepository(source sourcev1.HelmRepository) error {
-	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
-	export := sourcev1.HelmRepository{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       gvk.Kind,
-			APIVersion: gvk.GroupVersion().String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      source.Name,
-			Namespace: source.Namespace,
-		},
-		Spec: source.Spec,
-	}
-
-	data, err := yaml.Marshal(export)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(string(data))
-	return nil
-}

cmd/gotk/create_tenant.go

@@ -0,0 +1,257 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/equality"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/validation"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+)
+
+var createTenantCmd = &cobra.Command{
+	Use:   "tenant",
+	Short: "Create or update a tenant",
+	Long: `
+The create tenant command generates namespaces and role bindings to limit the
+reconcilers scope to the tenant namespaces.`,
+	Example: `  # Create a tenant with access to a namespace 
+  gotk create tenant dev-team \
+    --with-namespace=frontend \
+    --label=environment=dev
+
+  # Generate tenant namespaces and role bindings in YAML format
+  gotk create tenant dev-team \
+    --with-namespace=frontend \
+    --with-namespace=backend \
+	--export > dev-team.yaml
+`,
+	RunE: createTenantCmdRun,
+}
+
+const (
+	tenantLabel       = "toolkit.fluxcd.io/tenant"
+	tenantRoleBinding = "gotk-reconciler"
+)
+
+var (
+	tenantNamespaces  []string
+	tenantClusterRole string
+)
+
+func init() {
+	createTenantCmd.Hidden = true
+	createTenantCmd.Flags().StringSliceVar(&tenantNamespaces, "with-namespace", nil, "namespace belonging to this tenant")
+	createTenantCmd.Flags().StringVar(&tenantClusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding")
+	createCmd.AddCommand(createTenantCmd)
+}
+
+func createTenantCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("tenant name is required")
+	}
+	tenant := args[0]
+	if err := validation.IsQualifiedName(tenant); len(err) > 0 {
+		return fmt.Errorf("invalid tenant name '%s': %v", tenant, err)
+	}
+
+	if tenantClusterRole == "" {
+		return fmt.Errorf("cluster-role is required")
+	}
+
+	if tenantNamespaces == nil {
+		return fmt.Errorf("with-namespace is required")
+	}
+
+	var namespaces []corev1.Namespace
+	var roleBindings []rbacv1.RoleBinding
+
+	for _, ns := range tenantNamespaces {
+		if err := validation.IsQualifiedName(ns); len(err) > 0 {
+			return fmt.Errorf("invalid namespace '%s': %v", ns, err)
+		}
+
+		objLabels, err := parseLabels()
+		if err != nil {
+			return err
+		}
+
+		objLabels[tenantLabel] = tenant
+
+		namespace := corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   ns,
+				Labels: objLabels,
+			},
+		}
+		namespaces = append(namespaces, namespace)
+
+		roleBinding := rbacv1.RoleBinding{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      tenantRoleBinding,
+				Namespace: ns,
+				Labels:    objLabels,
+			},
+			Subjects: []rbacv1.Subject{
+				{
+					APIGroup: "rbac.authorization.k8s.io",
+					Kind:     "User",
+					Name:     fmt.Sprintf("gotk:%s:reconciler", ns),
+				},
+			},
+			RoleRef: rbacv1.RoleRef{
+				APIGroup: "rbac.authorization.k8s.io",
+				Kind:     "ClusterRole",
+				Name:     tenantClusterRole,
+			},
+		}
+		roleBindings = append(roleBindings, roleBinding)
+	}
+
+	if export {
+		for i, _ := range tenantNamespaces {
+			if err := exportTenant(namespaces[i], roleBindings[1]); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	for i, _ := range tenantNamespaces {
+		logger.Actionf("applying namespace %s", namespaces[i].Name)
+		if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil {
+			return err
+		}
+
+		logger.Actionf("applying role binding %s", roleBindings[i].Name)
+		if err := upsertRoleBinding(ctx, kubeClient, roleBindings[i]); err != nil {
+			return err
+		}
+	}
+
+	logger.Successf("tenant setup completed")
+	return nil
+}
+
+func upsertNamespace(ctx context.Context, kubeClient client.Client, namespace corev1.Namespace) error {
+	namespacedName := types.NamespacedName{
+		Namespace: namespace.GetNamespace(),
+		Name:      namespace.GetName(),
+	}
+
+	var existing corev1.Namespace
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &namespace); err != nil {
+				return err
+			} else {
+				return nil
+			}
+		}
+		return err
+	}
+
+	if !equality.Semantic.DeepDerivative(namespace.Labels, existing.Labels) {
+		existing.Labels = namespace.Labels
+		if err := kubeClient.Update(ctx, &existing); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func upsertRoleBinding(ctx context.Context, kubeClient client.Client, roleBinding rbacv1.RoleBinding) error {
+	namespacedName := types.NamespacedName{
+		Namespace: roleBinding.GetNamespace(),
+		Name:      roleBinding.GetName(),
+	}
+
+	var existing rbacv1.RoleBinding
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &roleBinding); err != nil {
+				return err
+			} else {
+				return nil
+			}
+		}
+		return err
+	}
+
+	if !equality.Semantic.DeepDerivative(roleBinding.Subjects, existing.Subjects) ||
+		!equality.Semantic.DeepDerivative(roleBinding.RoleRef, existing.RoleRef) ||
+		!equality.Semantic.DeepDerivative(roleBinding.Labels, existing.Labels) {
+		if err := kubeClient.Delete(ctx, &existing); err != nil {
+			return err
+		}
+		if err := kubeClient.Create(ctx, &roleBinding); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func exportTenant(namespace corev1.Namespace, roleBinding rbacv1.RoleBinding) error {
+	namespace.TypeMeta = metav1.TypeMeta{
+		APIVersion: "v1",
+		Kind:       "Namespace",
+	}
+	data, err := yaml.Marshal(namespace)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	data = bytes.Replace(data, []byte("spec: {}\n"), []byte(""), 1)
+	fmt.Println(resourceToString(data))
+
+	roleBinding.TypeMeta = metav1.TypeMeta{
+		APIVersion: "rbac.authorization.k8s.io/v1",
+		Kind:       "RoleBinding",
+	}
+	data, err = yaml.Marshal(roleBinding)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+
+	return nil
+}

cmd/gotk/delete_helmrelease.go

@@ -24,7 +24,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var deleteHelmReleaseCmd = &cobra.Command{
@@ -33,7 +33,7 @@ var deleteHelmReleaseCmd = &cobra.Command{
 	Short:   "Delete a HelmRelease resource",
 	Long:    "The delete helmrelease command removes the given HelmRelease from the cluster.",
 	Example: `  # Delete a Helm release and the Kubernetes resources created by it
-  tk delete hr podinfo
+  gotk delete hr podinfo
 `,
 	RunE: deleteHelmReleaseCmdRun,
 }

cmd/gotk/delete_kustomization.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
@@ -32,7 +32,7 @@ var deleteKsCmd = &cobra.Command{
 	Short:   "Delete a Kustomization resource",
 	Long:    "The delete kustomization command deletes the given Kustomization from the cluster.",
 	Example: `  # Delete a kustomization and the Kubernetes resources created by it
-  tk delete kustomization podinfo
+  gotk delete kustomization podinfo
 `,
 	RunE: deleteKsCmdRun,
 }

cmd/gotk/delete_source_bucket.go

@@ -0,0 +1,86 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/manifoldco/promptui"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+var deleteSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Delete a Bucket source",
+	Long:  "The delete source bucket command deletes the given Bucket from the cluster.",
+	Example: `  # Delete a Bucket source
+  gotk delete source bucket podinfo
+`,
+	RunE: deleteSourceBucketCmdRun,
+}
+
+func init() {
+	deleteSourceCmd.AddCommand(deleteSourceBucketCmd)
+}
+
+func deleteSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	var bucket sourcev1.Bucket
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if !deleteSilent {
+		prompt := promptui.Prompt{
+			Label:     "Are you sure you want to delete this source",
+			IsConfirm: true,
+		}
+		if _, err := prompt.Run(); err != nil {
+			return fmt.Errorf("aborting")
+		}
+	}
+
+	logger.Actionf("deleting source %s in %s namespace", name, namespace)
+	err = kubeClient.Delete(ctx, &bucket)
+	if err != nil {
+		return err
+	}
+	logger.Successf("source deleted")
+
+	return nil
+}

cmd/gotk/delete_source_git.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
@@ -31,7 +31,7 @@ var deleteSourceGitCmd = &cobra.Command{
 	Short: "Delete a GitRepository source",
 	Long:  "The delete source git command deletes the given GitRepository from the cluster.",
 	Example: `  # Delete a Git repository
-  tk delete source git podinfo
+  gotk delete source git podinfo
 `,
 	RunE: deleteSourceGitCmdRun,
 }

cmd/gotk/delete_source_helm.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
@@ -31,7 +31,7 @@ var deleteSourceHelmCmd = &cobra.Command{
 	Short: "Delete a HelmRepository source",
 	Long:  "The delete source helm command deletes the given HelmRepository from the cluster.",
 	Example: `  # Delete a Helm repository
-  tk delete source helm podinfo
+  gotk delete source helm podinfo
 `,
 	RunE: deleteSourceHelmCmdRun,
 }

cmd/gotk/export.go

@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"bytes"
+
 	"github.com/spf13/cobra"
 )
 
@@ -35,3 +37,9 @@ func init() {
 
 	rootCmd.AddCommand(exportCmd)
 }
+
+func resourceToString(data []byte) string {
+	data = bytes.Replace(data, []byte("creationTimestamp: null\n"), []byte(""), 1)
+	data = bytes.Replace(data, []byte("status: {}\n"), []byte(""), 1)
+	return string(data)
+}

cmd/gotk/export_helmrelease.go

@@ -26,7 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var exportHelmReleaseCmd = &cobra.Command{
@@ -35,10 +35,10 @@ var exportHelmReleaseCmd = &cobra.Command{
 	Short:   "Export HelmRelease resources in YAML format",
 	Long:    "The export helmrelease command exports one or all HelmRelease resources in YAML format.",
 	Example: `  # Export all HelmRelease resources
-  tk export helmrelease --all > kustomizations.yaml
+  gotk export helmrelease --all > kustomizations.yaml
 
   # Export a HelmRelease
-  tk export hr my-app > app-release.yaml
+  gotk export hr my-app > app-release.yaml
 `,
 	RunE: exportHelmReleaseCmdRun,
 }
@@ -68,7 +68,7 @@ func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		}
 
 		if len(list.Items) == 0 {
-			logger.Failuref("no kustomizations found in %s namespace", namespace)
+			logger.Failuref("no helmrelease found in %s namespace", namespace)
 			return nil
 		}
 
@@ -101,8 +101,10 @@ func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      helmRelease.Name,
-			Namespace: helmRelease.Namespace,
+			Name:        helmRelease.Name,
+			Namespace:   helmRelease.Namespace,
+			Labels:      helmRelease.Labels,
+			Annotations: helmRelease.Annotations,
 		},
 		Spec: helmRelease.Spec,
 	}
@@ -113,6 +115,6 @@ func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }

cmd/gotk/export_kustomization.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"fmt"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 )
 
 var exportKsCmd = &cobra.Command{
@@ -34,10 +35,10 @@ var exportKsCmd = &cobra.Command{
 	Short:   "Export Kustomization resources in YAML format",
 	Long:    "The export kustomization command exports one or all Kustomization resources in YAML format.",
 	Example: `  # Export all Kustomization resources
-  tk export kustomization --all > kustomizations.yaml
+  gotk export kustomization --all > kustomizations.yaml
 
   # Export a Kustomization
-  tk export kustomization my-app > kustomization.yaml
+  gotk export kustomization my-app > kustomization.yaml
 `,
 	RunE: exportKsCmdRun,
 }
@@ -100,8 +101,10 @@ func exportKs(kustomization kustomizev1.Kustomization) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      kustomization.Name,
-			Namespace: kustomization.Namespace,
+			Name:        kustomization.Name,
+			Namespace:   kustomization.Namespace,
+			Labels:      kustomization.Labels,
+			Annotations: kustomization.Annotations,
 		},
 		Spec: kustomization.Spec,
 	}
@@ -112,6 +115,6 @@ func exportKs(kustomization kustomizev1.Kustomization) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }

cmd/gotk/export_source_bucket.go

@@ -0,0 +1,166 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var exportSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Export Bucket sources in YAML format",
+	Long:  "The export source git command exports on or all Bucket sources in YAML format.",
+	Example: `  # Export all Bucket sources
+  gotk export source bucket --all > sources.yaml
+
+  # Export a Bucket source including the static credentials
+  gotk export source bucket my-bucket --with-credentials > source.yaml
+`,
+	RunE: exportSourceBucketCmdRun,
+}
+
+func init() {
+	exportSourceCmd.AddCommand(exportSourceBucketCmd)
+}
+
+func exportSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if !exportAll && len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	if exportAll {
+		var list sourcev1.BucketList
+		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		if err != nil {
+			return err
+		}
+
+		if len(list.Items) == 0 {
+			logger.Failuref("no source found in %s namespace", namespace)
+			return nil
+		}
+
+		for _, bucket := range list.Items {
+			if err := exportBucket(bucket); err != nil {
+				return err
+			}
+			if exportSourceWithCred {
+				if err := exportBucketCredentials(ctx, kubeClient, bucket); err != nil {
+					return err
+				}
+			}
+		}
+	} else {
+		name := args[0]
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+		var bucket sourcev1.Bucket
+		err = kubeClient.Get(ctx, namespacedName, &bucket)
+		if err != nil {
+			return err
+		}
+		if err := exportBucket(bucket); err != nil {
+			return err
+		}
+		if exportSourceWithCred {
+			return exportBucketCredentials(ctx, kubeClient, bucket)
+		}
+	}
+	return nil
+}
+
+func exportBucket(source sourcev1.Bucket) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)
+	export := sourcev1.Bucket{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
+		},
+		Spec: source.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+	return nil
+}
+
+func exportBucketCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.Bucket) error {
+	if source.Spec.SecretRef != nil {
+		namespacedName := types.NamespacedName{
+			Namespace: source.Namespace,
+			Name:      source.Spec.SecretRef.Name,
+		}
+		var cred corev1.Secret
+		err := kubeClient.Get(ctx, namespacedName, &cred)
+		if err != nil {
+			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
+		}
+
+		exported := corev1.Secret{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "Secret",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      namespacedName.Name,
+				Namespace: namespacedName.Namespace,
+			},
+			Data: cred.Data,
+			Type: cred.Type,
+		}
+
+		data, err := yaml.Marshal(exported)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println("---")
+		fmt.Println(resourceToString(data))
+	}
+	return nil
+}

cmd/gotk/export_source_git.go

@@ -20,13 +20,14 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceGitCmd = &cobra.Command{
@@ -34,10 +35,10 @@ var exportSourceGitCmd = &cobra.Command{
 	Short: "Export GitRepository sources in YAML format",
 	Long:  "The export source git command exports on or all GitRepository sources in YAML format.",
 	Example: `  # Export all GitRepository sources
-  tk export source git --all > sources.yaml
+  gotk export source git --all > sources.yaml
 
   # Export a GitRepository source including the SSH key pair or basic auth credentials
-  tk export source git my-private-repo --with-credentials > source.yaml
+  gotk export source git my-private-repo --with-credentials > source.yaml
 `,
 	RunE: exportSourceGitCmdRun,
 }
@@ -110,8 +111,10 @@ func exportGit(source sourcev1.GitRepository) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      source.Name,
-			Namespace: source.Namespace,
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
 		},
 		Spec: source.Spec,
 	}
@@ -122,7 +125,7 @@ func exportGit(source sourcev1.GitRepository) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }
 
@@ -157,7 +160,7 @@ func exportGitCredentials(ctx context.Context, kubeClient client.Client, source
 		}
 
 		fmt.Println("---")
-		fmt.Println(string(data))
+		fmt.Println(resourceToString(data))
 	}
 	return nil
 }

cmd/gotk/export_source_helm.go

@@ -20,13 +20,14 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceHelmCmd = &cobra.Command{
@@ -34,10 +35,10 @@ var exportSourceHelmCmd = &cobra.Command{
 	Short: "Export HelmRepository sources in YAML format",
 	Long:  "The export source git command exports on or all HelmRepository sources in YAML format.",
 	Example: `  # Export all HelmRepository sources
-  tk export source helm --all > sources.yaml
+  gotk export source helm --all > sources.yaml
 
   # Export a HelmRepository source including the basic auth credentials
-  tk export source helm my-private-repo --with-credentials > source.yaml
+  gotk export source helm my-private-repo --with-credentials > source.yaml
 `,
 	RunE: exportSourceHelmCmdRun,
 }
@@ -102,6 +103,32 @@ func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+func exportHelmRepository(source sourcev1.HelmRepository) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
+	export := sourcev1.HelmRepository{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
+		},
+		Spec: source.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+	return nil
+}
+
 func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.HelmRepository) error {
 	if source.Spec.SecretRef != nil {
 		namespacedName := types.NamespacedName{
@@ -133,7 +160,7 @@ func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source
 		}
 
 		fmt.Println("---")
-		fmt.Println(string(data))
+		fmt.Println(resourceToString(data))
 	}
 	return nil
 }

cmd/gotk/get_helmrelease.go

@@ -18,12 +18,13 @@ package main
 
 import (
 	"context"
+	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var getHelmReleaseCmd = &cobra.Command{
@@ -32,7 +33,7 @@ var getHelmReleaseCmd = &cobra.Command{
 	Short:   "Get HelmRelease statuses",
 	Long:    "The get helmreleases command prints the statuses of the resources.",
 	Example: `  # List all Helm releases and their status
-  tk get helmreleases
+  gotk get helmreleases
 `,
 	RunE: getHelmReleaseCmdRun,
 }
@@ -67,20 +68,17 @@ func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 			continue
 		}
 		isInitialized := false
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					if helmRelease.Status.LastAppliedRevision != "" {
-						logger.Successf("%s last applied revision %s", helmRelease.GetName(), helmRelease.Status.LastAppliedRevision)
-					} else {
-						logger.Successf("%s reconciling", helmRelease.GetName())
-					}
-				} else {
-					logger.Failuref("%s %s", helmRelease.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				logger.Successf("%s last applied revision %s", helmRelease.GetName(), helmRelease.Status.LastAppliedRevision)
+			case corev1.ConditionUnknown:
+				logger.Successf("%s reconciling", helmRelease.GetName())
+			default:
+				logger.Failuref("%s %s", helmRelease.GetName(), c.Message)
 			}
+			isInitialized = true
+			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", helmRelease.GetName())

cmd/gotk/get_kustomization.go

@@ -18,8 +18,9 @@ package main
 
 import (
 	"context"
+	"github.com/fluxcd/pkg/apis/meta"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -31,7 +32,7 @@ var getKsCmd = &cobra.Command{
 	Short:   "Get Kustomization statuses",
 	Long:    "The get kustomizations command prints the statuses of the resources.",
 	Example: `  # List all kustomizations and their status
-  tk get kustomizations
+  gotk get kustomizations
 `,
 	RunE: getKsCmdRun,
 }
@@ -66,20 +67,17 @@ func getKsCmdRun(cmd *cobra.Command, args []string) error {
 			continue
 		}
 		isInitialized := false
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == kustomizev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					if kustomization.Status.LastAppliedRevision != "" {
-						logger.Successf("%s last applied revision %s", kustomization.GetName(), kustomization.Status.LastAppliedRevision)
-					} else {
-						logger.Successf("%s reconciling", kustomization.GetName())
-					}
-				} else {
-					logger.Failuref("%s %s", kustomization.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				logger.Successf("%s last applied revision %s", kustomization.GetName(), kustomization.Status.LastAppliedRevision)
+			case corev1.ConditionUnknown:
+				logger.Successf("%s reconciling", kustomization.GetName())
+			default:
+				logger.Failuref("%s %s", kustomization.GetName(), c.Message)
 			}
+			isInitialized = true
+			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", kustomization.GetName())

cmd/gotk/get_source_bucket.go

@@ -0,0 +1,85 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"github.com/fluxcd/pkg/apis/meta"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var getSourceBucketCmd = &cobra.Command{
+	Use:   "bucket",
+	Short: "Get Bucket source statuses",
+	Long:  "The get sources bucket command prints the status of the Bucket sources.",
+	Example: `  # List all Buckets and their status
+  gotk get sources bucket
+`,
+	RunE: getSourceBucketCmdRun,
+}
+
+func init() {
+	getSourceCmd.AddCommand(getSourceBucketCmd)
+}
+
+func getSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	var list sourcev1.BucketList
+	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	if err != nil {
+		return err
+	}
+
+	if len(list.Items) == 0 {
+		logger.Failuref("no sources found in %s namespace", namespace)
+		return nil
+	}
+
+	// TODO(hidde): this should print a table, and should produce better output
+	//  for items that have an artifact attached while they are in a reconciling
+	//  'Unknown' state.
+	for _, source := range list.Items {
+		isInitialized := false
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				logger.Successf("%s last fetched revision: %s", source.GetName(), source.GetArtifact().Revision)
+			case corev1.ConditionUnknown:
+				logger.Successf("%s reconciling", source.GetName())
+			default:
+				logger.Failuref("%s %s", source.GetName(), c.Message)
+			}
+			isInitialized = true
+			break
+		}
+		if !isInitialized {
+			logger.Failuref("%s is not ready", source.GetName())
+		}
+	}
+	return nil
+}

cmd/gotk/get_source_git.go

@@ -18,8 +18,9 @@ package main
 
 import (
 	"context"
+	"github.com/fluxcd/pkg/apis/meta"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -30,7 +31,7 @@ var getSourceGitCmd = &cobra.Command{
 	Short: "Get GitRepository source statuses",
 	Long:  "The get sources git command prints the status of the GitRepository sources.",
 	Example: `  # List all Git repositories and their status
-  tk get sources git
+  gotk get sources git
 `,
 	RunE: getSourceGitCmdRun,
 }
@@ -59,18 +60,22 @@ func getSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
+	// TODO(hidde): this should print a table, and should produce better output
+	//  for items that have an artifact attached while they are in a reconciling
+	//  'Unknown' state.
 	for _, source := range list.Items {
 		isInitialized := false
-		for _, condition := range source.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					logger.Successf("%s last fetched revision: %s", source.GetName(), source.Status.Artifact.Revision)
-				} else {
-					logger.Failuref("%s %s", source.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				logger.Successf("%s last fetched revision: %s", source.GetName(), source.GetArtifact().Revision)
+			case corev1.ConditionUnknown:
+				logger.Successf("%s reconciling", source.GetName())
+			default:
+				logger.Failuref("%s %s", source.GetName(), c.Message)
 			}
+			isInitialized = true
+			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", source.GetName())

cmd/gotk/get_source_helm.go

@@ -18,8 +18,9 @@ package main
 
 import (
 	"context"
+	"github.com/fluxcd/pkg/apis/meta"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -30,7 +31,7 @@ var getSourceHelmCmd = &cobra.Command{
 	Short: "Get HelmRepository source statuses",
 	Long:  "The get sources helm command prints the status of the HelmRepository sources.",
 	Example: `  # List all Helm repositories and their status
-  tk get sources helm
+  gotk get sources helm
 `,
 	RunE: getSourceHelmCmdRun,
 }
@@ -59,18 +60,22 @@ func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
+	// TODO(hidde): this should print a table, and should produce better output
+	//  for items that have an artifact attached while they are in a reconciling
+	//  'Unknown' state.
 	for _, source := range list.Items {
 		isInitialized := false
-		for _, condition := range source.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					logger.Successf("%s last fetched revision: %s", source.GetName(), source.Status.Artifact.Revision)
-				} else {
-					logger.Failuref("%s %s", source.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				logger.Successf("%s last fetched revision: %s", source.GetName(), source.GetArtifact().Revision)
+			case corev1.ConditionUnknown:
+				logger.Successf("%s reconciling", source.GetName())
+			default:
+				logger.Failuref("%s %s", source.GetName(), c.Message)
 			}
+			isInitialized = true
+			break
 		}
 		if !isInitialized {
 			logger.Failuref("%s is not ready", source.GetName())

cmd/gotk/install.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/pkg/untar"
 	"io/ioutil"
 	"net/http"
 	"os"
@@ -31,6 +30,8 @@ import (
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/kustomize/api/filesys"
 	"sigs.k8s.io/kustomize/api/krusty"
+
+	"github.com/fluxcd/pkg/untar"
 )
 
 var installCmd = &cobra.Command{
@@ -38,29 +39,32 @@ var installCmd = &cobra.Command{
 	Short: "Install the toolkit components",
 	Long: `The install command deploys the toolkit components in the specified namespace.
 If a previous version is installed, then an in-place upgrade will be performed.`,
-	Example: `  # Install the latest version in the gitops-systems namespace
-  tk install --version=latest --namespace=gitops-systems
+	Example: `  # Install the latest version in the gotk-system namespace
+  gotk install --version=latest --namespace=gotk-system
 
   # Dry-run install for a specific version and a series of components
-  tk install --dry-run --version=v0.0.7 --components="source-controller,kustomize-controller"
+  gotk install --dry-run --version=v0.0.7 --components="source-controller,kustomize-controller"
 
   # Dry-run install with manifests preview 
-  tk install --dry-run --verbose
+  gotk install --dry-run --verbose
 
   # Write install manifests to file 
-  tk install --export > gitops-system.yaml
+  gotk install --export > gotk-system.yaml
 `,
 	RunE: installCmdRun,
 }
 
 var (
-	installExport          bool
-	installDryRun          bool
-	installManifestsPath   string
-	installVersion         string
-	installComponents      []string
-	installRegistry        string
-	installImagePullSecret string
+	installExport             bool
+	installDryRun             bool
+	installManifestsPath      string
+	installVersion            string
+	installComponents         []string
+	installRegistry           string
+	installImagePullSecret    string
+	installArch               string
+	installWatchAllNamespaces bool
+	installLogLevel           string
 )
 
 func init() {
@@ -72,27 +76,32 @@ func init() {
 		"toolkit version")
 	installCmd.Flags().StringSliceVar(&installComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "",
-		"path to the manifest directory, dev only")
-	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
+	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "", "path to the manifest directory")
+	installCmd.Flags().MarkHidden("manifests")
+	installCmd.Flags().StringVar(&installRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	installCmd.Flags().StringVar(&installArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
+	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", true,
+		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+	installCmd.Flags().StringVar(&installLogLevel, "log-level", "info", "set the controllers log level")
 	rootCmd.AddCommand(installCmd)
 }
 
 func installCmdRun(cmd *cobra.Command, args []string) error {
+	if !utils.containsItemString(supportedArch, installArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", installArch, supportedArch)
+	}
+
+	if !utils.containsItemString(supportedLogLevels, installLogLevel) {
+		return fmt.Errorf("log level %s is not supported, can be %v", bootstrapLogLevel, installLogLevel)
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
-	var kustomizePath string
-	if installVersion == "" && !strings.HasPrefix(installManifestsPath, "github.com/") {
-		if _, err := os.Stat(installManifestsPath); err != nil {
-			return fmt.Errorf("manifests not found: %w", err)
-		}
-		kustomizePath = installManifestsPath
-	}
-
 	tmpDir, err := ioutil.TempDir("", namespace)
 	if err != nil {
 		return err
@@ -102,16 +111,18 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	if !installExport {
 		logger.Generatef("generating manifests")
 	}
-	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
+	if installManifestsPath == "" {
+		err = genInstallManifests(installVersion, namespace, installComponents,
+			installWatchAllNamespaces, installRegistry, installImagePullSecret,
+			installArch, installLogLevel, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
-		kustomizePath = tmpDir
+		installManifestsPath = tmpDir
 	}
 
 	manifest := path.Join(tmpDir, fmt.Sprintf("%s.yaml", namespace))
-	if err := buildKustomization(kustomizePath, manifest); err != nil {
+	if err := buildKustomization(installManifestsPath, manifest); err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
 
@@ -191,7 +202,10 @@ fieldSpecs:
 
 var kustomizationTmpl = `---
 {{- $eventsAddr := .EventsAddr }}
+{{- $watchAllNamespaces := .WatchAllNamespaces }}
 {{- $registry := .Registry }}
+{{- $arch := .Arch }}
+{{- $logLevel := .LogLevel }}
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: {{.Namespace}}
@@ -214,7 +228,20 @@ patches:
 
 patchesJson6902:
 {{- range $i, $component := .Components }}
-{{- if ne $component "notification-controller" }}
+{{- if eq $component "notification-controller" }}
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: {{$component}}
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/args/0
+      value: --watch-all-namespaces={{$watchAllNamespaces}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/1
+      value: --log-level={{$logLevel}}
+{{- else }}
 - target:
     group: apps
     version: v1
@@ -224,6 +251,12 @@ patchesJson6902:
     - op: replace
       path: /spec/template/spec/containers/0/args/0
       value: --events-addr={{$eventsAddr}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/1
+      value: --watch-all-namespaces={{$watchAllNamespaces}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/2
+      value: --log-level={{$logLevel}}
 {{- end }}
 {{- end }}
 
@@ -231,7 +264,11 @@ patchesJson6902:
 images:
 {{- range $i, $component := .Components }}
   - name: fluxcd/{{$component}}
+{{- if eq $arch "amd64" }}
     newName: {{$registry}}/{{$component}}
+{{- else }}
+    newName: {{$registry}}/{{$component}}-arm64
+{{- end }}
 {{- end }}
 {{- end }}
 `
@@ -253,7 +290,7 @@ spec:
   template:
     spec:
       nodeSelector:
-        kubernetes.io/arch: amd64
+        kubernetes.io/arch: {{.Arch}}
         kubernetes.io/os: linux
 {{- if .ImagePullSecret }}
       imagePullSecrets:
@@ -295,26 +332,33 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string,
+	watchAllNamespaces bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
 	eventsAddr := ""
 	if utils.containsItemString(components, defaultNotification) {
 		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
 	}
 
 	model := struct {
-		Version         string
-		Namespace       string
-		Components      []string
-		EventsAddr      string
-		Registry        string
-		ImagePullSecret string
+		Version            string
+		Namespace          string
+		Components         []string
+		EventsAddr         string
+		Registry           string
+		ImagePullSecret    string
+		Arch               string
+		WatchAllNamespaces bool
+		LogLevel           string
 	}{
-		Version:         version,
-		Namespace:       namespace,
-		Components:      components,
-		EventsAddr:      eventsAddr,
-		Registry:        registry,
-		ImagePullSecret: imagePullSecret,
+		Version:            version,
+		Namespace:          namespace,
+		Components:         components,
+		EventsAddr:         eventsAddr,
+		Registry:           registry,
+		ImagePullSecret:    imagePullSecret,
+		Arch:               arch,
+		WatchAllNamespaces: watchAllNamespaces,
+		LogLevel:           logLevel,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {

cmd/gotk/main.go

@@ -26,41 +26,43 @@ import (
 	"github.com/spf13/cobra/doc"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
-	tklog "github.com/fluxcd/toolkit/pkg/log"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+
+	gotklog "github.com/fluxcd/toolkit/pkg/log"
 )
 
 var VERSION = "0.0.0-dev.0"
 
 var rootCmd = &cobra.Command{
-	Use:           "tk",
+	Use:           "gotk",
 	Version:       VERSION,
 	SilenceUsage:  true,
 	SilenceErrors: true,
 	Short:         "Command line utility for assembling Kubernetes CD pipelines",
 	Long:          `Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
-	Example: `  # Check prerequisites 
-  tk check --pre
+	Example: `  # Check prerequisites
+  gotk check --pre
 
   # Install the latest version of the toolkit
-  tk install --version=master
+  gotk install --version=master
 
   # Create a source from a public Git repository
-  tk create source git webapp-latest \
+  gotk create source git webapp-latest \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master \
     --interval=3m
 
   # List GitRepository sources and their status
-  tk get sources git
+  gotk get sources git
 
-  # Trigger a GitRepository source sync
-  tk sync source git webapp-latest
+  # Trigger a GitRepository source reconciliation
+  gotk reconcile source git gotk-system
 
   # Export GitRepository sources in YAML format
-  tk export source git --all > sources.yaml
+  gotk export source git --all > sources.yaml
 
   # Create a Kustomization for deploying a series of microservices
-  tk create kustomization webapp-dev \
+  gotk create kustomization webapp-dev \
     --source=webapp-latest \
     --path="./deploy/webapp/" \
     --prune=true \
@@ -71,25 +73,25 @@ var rootCmd = &cobra.Command{
     --health-check-timeout=2m
 
   # Trigger a git sync of the Kustomization's source and apply changes
-  tk reconcile kustomization webapp-dev --with-source
+  gotk reconcile kustomization webapp-dev --with-source
 
   # Suspend a Kustomization reconciliation
-  tk suspend kustomization webapp-dev
+  gotk suspend kustomization webapp-dev
 
   # Export Kustomizations in YAML format
-  tk export kustomization --all > kustomizations.yaml
+  gotk export kustomization --all > kustomizations.yaml
 
   # Resume a Kustomization reconciliation
-  tk resume kustomization webapp-dev
+  gotk resume kustomization webapp-dev
 
   # Delete a Kustomization
-  tk delete kustomization webapp-dev
+  gotk delete kustomization webapp-dev
 
   # Delete a GitRepository source
-  tk delete source git webapp-latest
+  gotk delete source git webapp-latest
 
   # Uninstall the toolkit and delete CRDs
-  tk uninstall --crds
+  gotk uninstall --crds
 `,
 }
 
@@ -99,24 +101,27 @@ var (
 	timeout      time.Duration
 	verbose      bool
 	utils        Utils
-	pollInterval              = 2 * time.Second
-	logger       tklog.Logger = printLogger{}
+	pollInterval                = 2 * time.Second
+	logger       gotklog.Logger = printLogger{}
 )
 
 var (
-	defaultComponents   = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
-	defaultVersion      = "latest"
-	defaultNamespace    = "gitops-system"
-	defaultNotification = "notification-controller"
+	defaultComponents                 = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+	defaultVersion                    = "latest"
+	defaultNamespace                  = "gotk-system"
+	defaultNotification               = "notification-controller"
+	supportedLogLevels                = []string{"debug", "info", "error"}
+	supportedArch                     = []string{"amd64", "arm", "arm64"}
+	supportedDecryptionProviders      = []string{"sops"}
+	supportedKustomizationSourceKinds = []string{sourcev1.GitRepositoryKind, sourcev1.BucketKind}
+	supportedHelmChartSourceKinds     = []string{sourcev1.HelmRepositoryKind, sourcev1.GitRepositoryKind, sourcev1.BucketKind}
+	supportedSourceBucketProviders    = []string{sourcev1.GenericBucketProvider, sourcev1.AmazonBucketProvider}
 )
 
 func init() {
-	rootCmd.PersistentFlags().StringVar(&namespace, "namespace", defaultNamespace,
-		"the namespace scope for this operation")
-	rootCmd.PersistentFlags().DurationVarP(&timeout, "timeout", "", 5*time.Minute,
-		"timeout for this operation")
-	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "", false,
-		"print generated objects")
+	rootCmd.PersistentFlags().StringVarP(&namespace, "namespace", "n", defaultNamespace, "the namespace scope for this operation")
+	rootCmd.PersistentFlags().DurationVar(&timeout, "timeout", 5*time.Minute, "timeout for this operation")
+	rootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "print generated objects")
 }
 
 func main() {

cmd/gotk/reconcile_helmrelease.go

@@ -21,13 +21,16 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/spf13/cobra"
+	"github.com/fluxcd/pkg/apis/meta"
 	corev1 "k8s.io/api/core/v1"
+
+	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileHrCmd = &cobra.Command{
@@ -37,10 +40,10 @@ var reconcileHrCmd = &cobra.Command{
 	Long: `
 The reconcile kustomization command triggers a reconciliation of a HelmRelease resource and waits for it to finish.`,
 	Example: `  # Trigger a HelmRelease apply outside of the reconciliation interval
-  tk reconcile hr podinfo
+  gotk reconcile hr podinfo
 
   # Trigger a reconciliation of the HelmRelease's source and apply changes
-  tk reconcile hr podinfo --with-source
+  gotk reconcile hr podinfo --with-source
 `,
 	RunE: reconcileHrCmdRun,
 }
@@ -81,28 +84,36 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if syncHrWithSource {
-		err := syncSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.SourceRef.Name})
+		switch helmRelease.Spec.Chart.Spec.SourceRef.Kind {
+		case sourcev1.HelmRepositoryKind:
+			err = reconcileSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		case sourcev1.GitRepositoryKind:
+			err = reconcileSourceGitCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		case sourcev1.BucketKind:
+			err = reconcileSourceBucketCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		}
 		if err != nil {
 			return err
 		}
-	} else {
-		logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
-		if helmRelease.Annotations == nil {
-			helmRelease.Annotations = map[string]string{
-				helmv2.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-			}
-		} else {
-			helmRelease.Annotations[helmv2.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-		}
-		if err := kubeClient.Update(ctx, &helmRelease); err != nil {
-			return err
-		}
-		logger.Successf("HelmRelease annotated")
 	}
 
+	logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
+	if helmRelease.Annotations == nil {
+		helmRelease.Annotations = map[string]string{
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+		}
+	} else {
+		helmRelease.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+	}
+	if err := kubeClient.Update(ctx, &helmRelease); err != nil {
+		return err
+	}
+	logger.Successf("HelmRelease annotated")
+
 	logger.Waitingf("waiting for HelmRelease reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
-		isHelmReleaseReady(ctx, kubeClient, name, namespace)); err != nil {
+		helmReleaseReconciliationHandled(ctx, kubeClient, name, namespace, helmRelease.Status.LastHandledReconcileAt),
+	); err != nil {
 		return err
 	}
 
@@ -112,16 +123,19 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
-	if helmRelease.Status.LastAppliedRevision != "" {
-		logger.Successf("reconciled revision %s", helmRelease.Status.LastAppliedRevision)
-	} else {
-		return fmt.Errorf("HelmRelease reconciliation failed")
+	if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+		switch c.Status {
+		case corev1.ConditionFalse:
+			return fmt.Errorf("HelmRelease reconciliation failed")
+		default:
+			logger.Successf("reconciled revision %s", helmRelease.Status.LastAppliedRevision)
+		}
 	}
 	return nil
 }
 
-func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+func helmReleaseReconciliationHandled(ctx context.Context, kubeClient client.Client,
+	name, namespace, lastHandledReconcileAt string) wait.ConditionFunc {
 	return func() (bool, error) {
 		var helmRelease helmv2.HelmRelease
 		namespacedName := types.NamespacedName{
@@ -134,15 +148,6 @@ func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, nam
 			return false, err
 		}
 
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
-			}
-		}
-		return false, nil
+		return helmRelease.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }

cmd/gotk/reconcile_kustomization.go

@@ -21,10 +21,16 @@ import (
 	"fmt"
 	"time"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileKsCmd = &cobra.Command{
@@ -34,10 +40,10 @@ var reconcileKsCmd = &cobra.Command{
 	Long: `
 The reconcile kustomization command triggers a reconciliation of a Kustomization resource and waits for it to finish.`,
 	Example: `  # Trigger a Kustomization apply outside of the reconciliation interval
-  tk reconcile kustomization podinfo
+  gotk reconcile kustomization podinfo
 
   # Trigger a sync of the Kustomization's source and apply changes
-  tk reconcile kustomization podinfo --with-source
+  gotk reconcile kustomization podinfo --with-source
 `,
 	RunE: reconcileKsCmdRun,
 }
@@ -78,28 +84,35 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if syncKsWithSource {
-		err := syncSourceGitCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		switch kustomization.Spec.SourceRef.Kind {
+		case sourcev1.GitRepositoryKind:
+			err = reconcileSourceGitCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		case sourcev1.BucketKind:
+			err = reconcileSourceBucketCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		}
 		if err != nil {
 			return err
 		}
-	} else {
-		logger.Actionf("annotating kustomization %s in %s namespace", name, namespace)
-		if kustomization.Annotations == nil {
-			kustomization.Annotations = map[string]string{
-				kustomizev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-			}
-		} else {
-			kustomization.Annotations[kustomizev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-		}
-		if err := kubeClient.Update(ctx, &kustomization); err != nil {
-			return err
-		}
-		logger.Successf("kustomization annotated")
 	}
 
+	logger.Actionf("annotating kustomization %s in %s namespace", name, namespace)
+	if kustomization.Annotations == nil {
+		kustomization.Annotations = map[string]string{
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+		}
+	} else {
+		kustomization.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+	}
+	if err := kubeClient.Update(ctx, &kustomization); err != nil {
+		return err
+	}
+	logger.Successf("kustomization annotated")
+
 	logger.Waitingf("waiting for kustomization reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
-		isKustomizationReady(ctx, kubeClient, name, namespace)); err != nil {
+	if err := wait.PollImmediate(
+		pollInterval, timeout,
+		kustomizeReconciliationHandled(ctx, kubeClient, name, namespace, kustomization.Status.LastHandledReconcileAt),
+	); err != nil {
 		return err
 	}
 
@@ -109,11 +122,31 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
-	if kustomization.Status.LastAppliedRevision != "" {
-		logger.Successf("reconciled revision %s", kustomization.Status.LastAppliedRevision)
-	} else {
-		return fmt.Errorf("kustomization sync failed")
+	if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+		switch c.Status {
+		case corev1.ConditionFalse:
+			return fmt.Errorf("kustomization reconciliation failed")
+		default:
+			logger.Successf("reconciled revision %s", kustomization.Status.LastAppliedRevision)
+		}
 	}
 	return nil
 }
+
+func kustomizeReconciliationHandled(ctx context.Context, kubeClient client.Client,
+	name, namespace, lastHandledReconcileAt string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var kustomize kustomizev1.Kustomization
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &kustomize)
+		if err != nil {
+			return false, err
+		}
+
+		return kustomize.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
+	}
+}

cmd/gotk/reconcile_source_bucket.go

@@ -0,0 +1,130 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
+	"time"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var reconcileSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Reconcile a Bucket source",
+	Long:  `The reconcile source command triggers a reconciliation of a Bucket resource and waits for it to finish.`,
+	Example: `  # Trigger a reconciliation for an existing source
+  gotk reconcile source bucket podinfo
+`,
+	RunE: reconcileSourceBucketCmdRun,
+}
+
+func init() {
+	reconcileSourceCmd.AddCommand(reconcileSourceBucketCmd)
+}
+
+func reconcileSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("source name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	logger.Actionf("annotating source %s in %s namespace", name, namespace)
+	var bucket sourcev1.Bucket
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if bucket.Annotations == nil {
+		bucket.Annotations = map[string]string{
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+		}
+	} else {
+		bucket.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+	}
+	if err := kubeClient.Update(ctx, &bucket); err != nil {
+		return err
+	}
+	logger.Successf("source annotated")
+
+	logger.Waitingf("waiting for reconciliation")
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isBucketReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("bucket reconciliation completed")
+
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if bucket.Status.Artifact != nil {
+		logger.Successf("fetched revision %s", bucket.Status.Artifact.Revision)
+	} else {
+		return fmt.Errorf("bucket reconciliation failed, artifact not found")
+	}
+	return nil
+}
+
+func isBucketReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var bucket sourcev1.Bucket
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &bucket)
+		if err != nil {
+			return false, err
+		}
+
+		if c := meta.GetCondition(bucket.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
+			}
+		}
+		return false, nil
+	}
+}

cmd/gotk/reconcile_source_git.go

@@ -19,11 +19,14 @@ package main
 import (
 	"context"
 	"fmt"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+	"time"
+
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"time"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileSourceGitCmd = &cobra.Command{
@@ -31,16 +34,16 @@ var reconcileSourceGitCmd = &cobra.Command{
 	Short: "Reconcile a GitRepository source",
 	Long:  `The reconcile source command triggers a reconciliation of a GitRepository resource and waits for it to finish.`,
 	Example: `  # Trigger a git pull for an existing source
-  tk reconcile source git podinfo
+  gotk reconcile source git podinfo
 `,
-	RunE: syncSourceGitCmdRun,
+	RunE: reconcileSourceGitCmdRun,
 }
 
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceGitCmd)
 }
 
-func syncSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func reconcileSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("source name is required")
 	}
@@ -68,10 +71,10 @@ func syncSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 
 	if gitRepository.Annotations == nil {
 		gitRepository.Annotations = map[string]string{
-			sourcev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
 		}
 	} else {
-		gitRepository.Annotations[sourcev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		gitRepository.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
 	}
 	if err := kubeClient.Update(ctx, &gitRepository); err != nil {
 		return err

cmd/gotk/reconcile_source_helm.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -27,7 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileSourceHelmCmd = &cobra.Command{
@@ -35,16 +36,16 @@ var reconcileSourceHelmCmd = &cobra.Command{
 	Short: "Reconcile a HelmRepository source",
 	Long:  `The reconcile source command triggers a reconciliation of a HelmRepository resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing source
-  tk reconcile source helm podinfo
+  gotk reconcile source helm podinfo
 `,
-	RunE: syncSourceHelmCmdRun,
+	RunE: reconcileSourceHelmCmdRun,
 }
 
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceHelmCmd)
 }
 
-func syncSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func reconcileSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("source name is required")
 	}
@@ -72,10 +73,10 @@ func syncSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 
 	if helmRepository.Annotations == nil {
 		helmRepository.Annotations = map[string]string{
-			sourcev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
 		}
 	} else {
-		helmRepository.Annotations[sourcev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		helmRepository.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
 	}
 	if err := kubeClient.Update(ctx, &helmRepository); err != nil {
 		return err
@@ -116,13 +117,12 @@ func isHelmRepositoryReady(ctx context.Context, kubeClient client.Client, name,
 			return false, err
 		}
 
-		for _, condition := range helmRepository.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(helmRepository.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/resume_helmrelease.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -26,7 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var resumeHrCmd = &cobra.Command{
@@ -36,7 +37,7 @@ var resumeHrCmd = &cobra.Command{
 	Long: `The resume command marks a previously suspended HelmRelease resource for reconciliation and waits for it to
 finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Helm release
-  tk resume hr podinfo
+  gotk resume hr podinfo
 `,
 	RunE: resumeHrCmdRun,
 }
@@ -111,17 +112,15 @@ func isHelmReleaseResumed(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					if condition.Reason == helmv2.SuspendedReason {
-						return false, nil
-					}
-
-					return false, fmt.Errorf(condition.Message)
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				if c.Reason == meta.SuspendedReason {
+					return false, nil
 				}
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/resume_kustomization.go

@@ -19,9 +19,9 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -36,7 +36,7 @@ var resumeKsCmd = &cobra.Command{
 	Long: `The resume command marks a previously suspended Kustomization resource for reconciliation and waits for it to
 finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Kustomization
-  tk resume ks podinfo
+  gotk resume ks podinfo
 `,
 	RunE: resumeKsCmdRun,
 }
@@ -111,17 +111,15 @@ func isKustomizationResumed(ctx context.Context, kubeClient client.Client, name,
 			return false, err
 		}
 
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					if condition.Reason == kustomizev1.SuspendedReason {
-						return false, nil
-					}
-
-					return false, fmt.Errorf(condition.Message)
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				if c.Reason == meta.SuspendedReason {
+					return false, nil
 				}
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/suspend_helmrelease.go

@@ -23,7 +23,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var suspendHrCmd = &cobra.Command{
@@ -32,7 +32,7 @@ var suspendHrCmd = &cobra.Command{
 	Short:   "Suspend reconciliation of HelmRelease",
 	Long:    "The suspend command disables the reconciliation of a HelmRelease resource.",
 	Example: `  # Suspend reconciliation for an existing Helm release
-  tk suspend hr podinfo
+  gotk suspend hr podinfo
 `,
 	RunE: suspendHrCmdRun,
 }

cmd/gotk/suspend_kustomization.go

@@ -19,7 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )
@@ -30,7 +30,7 @@ var suspendKsCmd = &cobra.Command{
 	Short:   "Suspend reconciliation of Kustomization",
 	Long:    "The suspend command disables the reconciliation of a Kustomization resource.",
 	Example: `  # Suspend reconciliation for an existing Kustomization
-  tk suspend ks podinfo
+  gotk suspend ks podinfo
 `,
 	RunE: suspendKsCmdRun,
 }

cmd/gotk/uninstall.go

@@ -22,9 +22,10 @@ import (
 
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var uninstallCmd = &cobra.Command{
@@ -32,10 +33,10 @@ var uninstallCmd = &cobra.Command{
 	Short: "Uninstall the toolkit components",
 	Long:  "The uninstall command removes the namespace, cluster roles, cluster role bindings and CRDs from the cluster.",
 	Example: `  # Dry-run uninstall of all components
-  tk uninstall --dry-run --namespace=gitops-system
+  gotk uninstall --dry-run --namespace=gotk-system
 
   # Uninstall all components and delete custom resource definitions
-  tk uninstall --resources --crds --namespace=gitops-system
+  gotk uninstall --resources --crds --namespace=gotk-system
 `,
 	RunE: uninstallCmdRun,
 }
@@ -48,7 +49,7 @@ var (
 )
 
 func init() {
-	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", false,
+	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", true,
 		"removes custom resources such as Kustomizations, GitRepositories and HelmRepositories")
 	uninstallCmd.Flags().BoolVar(&uninstallCRDs, "crds", false,
 		"removes all CRDs previously installed")
@@ -64,6 +65,11 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	dryRun := ""
 	if uninstallDryRun {
 		dryRun = "--dry-run=client"
@@ -77,7 +83,20 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	if uninstallResources {
+	// suspend bootstrap kustomization if it exists
+	kustomizationName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      namespace,
+	}
+	var kustomization kustomizev1.Kustomization
+	if err := kubeClient.Get(ctx, kustomizationName, &kustomization); err == nil {
+		kustomization.Spec.Suspend = true
+		if err := kubeClient.Update(ctx, &kustomization); err != nil {
+			return fmt.Errorf("unable to suspend kustomization '%s': %w", kustomizationName.String(), err)
+		}
+	}
+
+	if uninstallResources || uninstallCRDs {
 		logger.Actionf("uninstalling custom resources")
 		for _, kind := range []string{
 			kustomizev1.KustomizationKind,

cmd/gotk/utils.go

@@ -22,18 +22,28 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
+	"path/filepath"
+	"strings"
 	"text/template"
 
 	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
+	"sigs.k8s.io/kustomize/api/konfig"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	"github.com/fluxcd/pkg/runtime/dependency"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 type Utils struct {
@@ -118,6 +128,7 @@ func (*Utils) kubeClient(config string) (client.Client, error) {
 
 	scheme := runtime.NewScheme()
 	_ = corev1.AddToScheme(scheme)
+	_ = rbacv1.AddToScheme(scheme)
 	_ = sourcev1.AddToScheme(scheme)
 	_ = kustomizev1.AddToScheme(scheme)
 	_ = helmv2.AddToScheme(scheme)
@@ -175,3 +186,114 @@ func (*Utils) containsItemString(s []string, e string) bool {
 	}
 	return false
 }
+
+func (*Utils) parseObjectKindName(input string) (string, string) {
+	kind := ""
+	name := input
+	parts := strings.Split(input, "/")
+	if len(parts) == 2 {
+		kind, name = parts[0], parts[1]
+	}
+
+	return kind, name
+}
+
+func (*Utils) makeDependsOn(deps []string) []dependency.CrossNamespaceDependencyReference {
+	refs := []dependency.CrossNamespaceDependencyReference{}
+	for _, dep := range deps {
+		parts := strings.Split(dep, "/")
+		depNamespace := ""
+		depName := ""
+		if len(parts) > 1 {
+			depNamespace = parts[0]
+			depName = parts[1]
+		} else {
+			depName = parts[0]
+		}
+		refs = append(refs, dependency.CrossNamespaceDependencyReference{
+			Namespace: depNamespace,
+			Name:      depName,
+		})
+	}
+	return refs
+}
+
+// generateKustomizationYaml is the equivalent of running
+// 'kustomize create --autodetect' in the specified dir
+func (*Utils) generateKustomizationYaml(dirPath string) error {
+	fs := filesys.MakeFsOnDisk()
+	kfile := filepath.Join(dirPath, "kustomization.yaml")
+
+	scan := func(base string) ([]string, error) {
+		var paths []string
+		uf := kunstruct.NewKunstructuredFactoryImpl()
+		err := fs.Walk(base, func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			if path == base {
+				return nil
+			}
+			if info.IsDir() {
+				// If a sub-directory contains an existing kustomization file add the
+				// directory as a resource and do not decend into it.
+				for _, kfilename := range konfig.RecognizedKustomizationFileNames() {
+					if fs.Exists(filepath.Join(path, kfilename)) {
+						paths = append(paths, path)
+						return filepath.SkipDir
+					}
+				}
+				return nil
+			}
+			fContents, err := fs.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			if _, err := uf.SliceFromBytes(fContents); err != nil {
+				return nil
+			}
+			paths = append(paths, path)
+			return nil
+		})
+		return paths, err
+	}
+
+	if _, err := os.Stat(kfile); err != nil {
+		abs, err := filepath.Abs(dirPath)
+		if err != nil {
+			return err
+		}
+
+		files, err := scan(abs)
+		if err != nil {
+			return err
+		}
+
+		f, err := fs.Create(kfile)
+		if err != nil {
+			return err
+		}
+		f.Close()
+
+		kus := kustypes.Kustomization{
+			TypeMeta: kustypes.TypeMeta{
+				APIVersion: kustypes.KustomizationVersion,
+				Kind:       kustypes.KustomizationKind,
+			},
+		}
+
+		var resources []string
+		for _, file := range files {
+			resources = append(resources, strings.Replace(file, abs, ".", 1))
+		}
+
+		kus.Resources = resources
+		kd, err := yaml.Marshal(kus)
+		if err != nil {
+			return err
+		}
+
+		return ioutil.WriteFile(kfile, kd, os.ModePerm)
+	}
+	return nil
+}

docs/_static/custom.css

@@ -22,3 +22,76 @@ body {
 .md-header-nav__title {
     font-size: .85rem;
 }
+
+.check-bullet {
+  color:#07bfa5;
+  background-color: white;
+  margin-left:-22px;
+}
+
+/* Progress bar styling */
+
+.progress-label {
+    position: absolute;
+    text-align: center;
+    font-weight: 700;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0 ! important; */
+    margin-top: -0.4rem ! important;
+    line-height: 1.2rem;
+    white-space: nowrap;
+    overflow: hidden;
+  }
+  
+  .progress-bar {
+    /*remove original styling for thin styling
+    height: 1.2rem; */
+    height: 0.4rem;
+    float: left;
+    background: repeating-linear-gradient(
+        45deg,
+        rgba(255, 255, 255, 0.2),
+        rgba(255, 255, 255, 0.2) 10px,
+        rgba(255, 255, 255, 0.3) 10px,
+        rgba(255, 255, 255, 0.3) 20px
+      ) #2979ff;
+      border-radius: 2px;
+  }
+  
+  .progress {
+    display: block;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0.5rem 0;
+    height: 1.2rem; */
+    margin-top: 0.9rem;
+    height: 0.4rem;
+    background-color: #eeeeee;
+    position: relative;
+    border-radius: 2px;
+  }
+
+  .progress-100plus .progress-bar {
+    background-color: #00c853;
+  }
+  
+  .progress-80plus .progress-bar {
+    background-color: #64dd17;
+  }
+  
+  .progress-60plus .progress-bar {
+    background-color: #fbc02d;
+  }
+  
+  .progress-40plus .progress-bar {
+    background-color: #ff9100;
+  }
+  
+  .progress-20plus .progress-bar {
+    background-color: #ff5252;
+  }
+  
+  .progress-0plus .progress-bar {
+    background-color: #ff1744;
+  }

docs/cmd/gotk.md

@@ -0,0 +1,91 @@
+## gotk
+
+Command line utility for assembling Kubernetes CD pipelines
+
+### Synopsis
+
+Command line utility for assembling Kubernetes CD pipelines the GitOps way.
+
+### Examples
+
+```
+  # Check prerequisites
+  gotk check --pre
+
+  # Install the latest version of the toolkit
+  gotk install --version=master
+
+  # Create a source from a public Git repository
+  gotk create source git webapp-latest \
+    --url=https://github.com/stefanprodan/podinfo \
+    --branch=master \
+    --interval=3m
+
+  # List GitRepository sources and their status
+  gotk get sources git
+
+  # Trigger a GitRepository source reconciliation
+  gotk reconcile source git gotk-system
+
+  # Export GitRepository sources in YAML format
+  gotk export source git --all > sources.yaml
+
+  # Create a Kustomization for deploying a series of microservices
+  gotk create kustomization webapp-dev \
+    --source=webapp-latest \
+    --path="./deploy/webapp/" \
+    --prune=true \
+    --interval=5m \
+    --validation=client \
+    --health-check="Deployment/backend.webapp" \
+    --health-check="Deployment/frontend.webapp" \
+    --health-check-timeout=2m
+
+  # Trigger a git sync of the Kustomization's source and apply changes
+  gotk reconcile kustomization webapp-dev --with-source
+
+  # Suspend a Kustomization reconciliation
+  gotk suspend kustomization webapp-dev
+
+  # Export Kustomizations in YAML format
+  gotk export kustomization --all > kustomizations.yaml
+
+  # Resume a Kustomization reconciliation
+  gotk resume kustomization webapp-dev
+
+  # Delete a Kustomization
+  gotk delete kustomization webapp-dev
+
+  # Delete a GitRepository source
+  gotk delete source git webapp-latest
+
+  # Uninstall the toolkit and delete CRDs
+  gotk uninstall --crds
+
+```
+
+### Options
+
+```
+  -h, --help                help for gotk
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk bootstrap](gotk_bootstrap.md)	 - Bootstrap toolkit components
+* [gotk check](gotk_check.md)	 - Check requirements and installation
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+* [gotk create](gotk_create.md)	 - Create or update sources and resources
+* [gotk delete](gotk_delete.md)	 - Delete sources and resources
+* [gotk export](gotk_export.md)	 - Export resources in YAML format
+* [gotk get](gotk_get.md)	 - Get sources and resources
+* [gotk install](gotk_install.md)	 - Install the toolkit components
+* [gotk reconcile](gotk_reconcile.md)	 - Reconcile sources and resources
+* [gotk resume](gotk_resume.md)	 - Resume suspended resources
+* [gotk suspend](gotk_suspend.md)	 - Suspend resources
+* [gotk uninstall](gotk_uninstall.md)	 - Uninstall the toolkit components
+

docs/cmd/gotk_bootstrap.md

@@ -0,0 +1,37 @@
+## gotk bootstrap
+
+Bootstrap toolkit components
+
+### Synopsis
+
+The bootstrap sub-commands bootstrap the toolkit components on the targeted Git provider.
+
+### Options
+
+```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+  -h, --help                       help for bootstrap
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --log-level string           set the controllers log level (default "info")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk bootstrap github](gotk_bootstrap_github.md)	 - Bootstrap toolkit components in a GitHub repository
+* [gotk bootstrap gitlab](gotk_bootstrap_gitlab.md)	 - Bootstrap toolkit components in a GitLab repository
+

docs/cmd/gotk_bootstrap_github.md

@@ -1,4 +1,4 @@
-## tk bootstrap github
+## gotk bootstrap github
 
 Bootstrap toolkit components in a GitHub repository
 
@@ -11,7 +11,7 @@ If the toolkit components are present on the cluster,
 the bootstrap command will perform an upgrade if needed.
 
 ```
-tk bootstrap github [flags]
+gotk bootstrap github [flags]
 ```
 
 ### Examples
@@ -21,19 +21,22 @@ tk bootstrap github [flags]
   export GITHUB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitHub organization
-  tk bootstrap github --owner=<organization> --repository=<repo name>
+  gotk bootstrap github --owner=<organization> --repository=<repo name>
 
   # Run bootstrap for a private repo and assign organization teams to it
-  tk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
 
   # Run bootstrap for a repository path
-  tk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  tk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
+  gotk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on GitHub Enterprise
-  tk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --branch=main
 
 ```
 
@@ -54,17 +57,21 @@ tk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
-      --namespace string           the namespace scope for this operation (default "gitops-system")
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --log-level string           set the controllers log level (default "info")
+  -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects
   -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
 ```
 
 ### SEE ALSO
 
-* [tk bootstrap](tk_bootstrap.md)	 - Bootstrap toolkit components
+* [gotk bootstrap](gotk_bootstrap.md)	 - Bootstrap toolkit components
 

docs/cmd/gotk_bootstrap_gitlab.md

@@ -0,0 +1,74 @@
+## gotk bootstrap gitlab
+
+Bootstrap toolkit components in a GitLab repository
+
+### Synopsis
+
+The bootstrap gitlab command creates the GitLab repository if it doesn't exists and
+commits the toolkit components manifests to the master branch.
+Then it configures the target cluster to synchronize with the repository.
+If the toolkit components are present on the cluster,
+the bootstrap command will perform an upgrade if needed.
+
+```
+gotk bootstrap gitlab [flags]
+```
+
+### Examples
+
+```
+  # Create a GitLab API token and export it as an env var
+  export GITLAB_TOKEN=<my-token>
+
+  # Run bootstrap for a private repo owned by a GitLab group
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name>
+
+  # Run bootstrap for a repository path
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
+
+  # Run bootstrap for a public repository on a personal account
+  gotk bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
+
+  # Run bootstrap for a private repo hosted on a GitLab server 
+  gotk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap gitlab --owner=<organization> --repository=<repo name> --branch=main
+
+```
+
+### Options
+
+```
+  -h, --help                  help for gitlab
+      --hostname string       GitLab hostname (default "gitlab.com")
+      --interval duration     sync interval (default 1m0s)
+      --owner string          GitLab user or group name
+      --path string           repository path, when specified the cluster sync will be scoped to this path
+      --personal              is personal repository
+      --private               is private repository (default true)
+      --repository string     GitLab repository name
+      --ssh-hostname string   GitLab SSH hostname, defaults to hostname if not specified
+```
+
+### Options inherited from parent commands
+
+```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "master")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
+      --log-level string           set the controllers log level (default "info")
+  -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
+      --timeout duration           timeout for this operation (default 5m0s)
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
+```
+
+### SEE ALSO
+
+* [gotk bootstrap](gotk_bootstrap.md)	 - Bootstrap toolkit components
+

docs/cmd/gotk_check.md

@@ -1,4 +1,4 @@
-## tk check
+## gotk check
 
 Check requirements and installation
 
@@ -8,17 +8,17 @@ The check command will perform a series of checks to validate that
 the local environment is configured correctly and if the installed components are healthy.
 
 ```
-tk check [flags]
+gotk check [flags]
 ```
 
 ### Examples
 
 ```
   # Run pre-installation checks
-  tk check --pre
+  gotk check --pre
 
   # Run installation checks
-  tk check
+  gotk check
 
 ```
 
@@ -34,12 +34,12 @@ tk check [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
 

docs/cmd/gotk_completion.md

@@ -0,0 +1,31 @@
+## gotk completion
+
+Generates completion scripts for various shells
+
+### Synopsis
+
+The completion sub-command generates completion scripts for various shells
+
+### Options
+
+```
+  -h, --help   help for completion
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk completion bash](gotk_completion_bash.md)	 - Generates bash completion scripts
+* [gotk completion fish](gotk_completion_fish.md)	 - Generates fish completion scripts
+* [gotk completion powershell](gotk_completion_powershell.md)	 - Generates powershell completion scripts
+* [gotk completion zsh](gotk_completion_zsh.md)	 - Generates zsh completion scripts
+

docs/cmd/gotk_completion_bash.md

@@ -1,4 +1,4 @@
-## tk completion
+## gotk completion bash
 
 Generates bash completion scripts
 
@@ -7,7 +7,7 @@ Generates bash completion scripts
 Generates bash completion scripts
 
 ```
-tk completion [flags]
+gotk completion bash [flags]
 ```
 
 ### Examples
@@ -15,31 +15,31 @@ tk completion [flags]
 ```
 To load completion run
 
-. <(tk completion)
+. <(gotk completion bash)
 
 To configure your bash shell to load completions for each session add to your bashrc
 
 # ~/.bashrc or ~/.profile
-. <(tk completion)
+command -v gotk >/dev/null && . <(gotk completion bash)
 
 ```
 
 ### Options
 
 ```
-  -h, --help   help for completion
+  -h, --help   help for bash
 ```
 
 ### Options inherited from parent commands
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
 

docs/cmd/gotk_completion_fish.md

@@ -0,0 +1,46 @@
+## gotk completion fish
+
+Generates fish completion scripts
+
+### Synopsis
+
+Generates fish completion scripts
+
+```
+gotk completion fish [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion fish)
+
+To configure your fish shell to load completions for each session write this script to your completions dir:
+
+gotk completion fish > ~/.config/fish/completions/gotk
+
+See http://fishshell.com/docs/current/index.html#completion-own for more details
+
+```
+
+### Options
+
+```
+  -h, --help   help for fish
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_completion_powershell.md

@@ -0,0 +1,52 @@
+## gotk completion powershell
+
+Generates powershell completion scripts
+
+### Synopsis
+
+Generates powershell completion scripts
+
+```
+gotk completion powershell [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion powershell)
+
+To configure your powershell shell to load completions for each session add to your powershell profile
+
+Windows:
+
+cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
+gotk completion >> gotk-completion.ps1
+
+Linux:
+
+cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
+gotk completion >> gotk-completions.ps1
+
+```
+
+### Options
+
+```
+  -h, --help   help for powershell
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_completion_zsh.md

@@ -0,0 +1,53 @@
+## gotk completion zsh
+
+Generates zsh completion scripts
+
+### Synopsis
+
+Generates zsh completion scripts
+
+```
+gotk completion zsh [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion zsh) && compdef _gotk gotk
+
+To configure your zsh shell to load completions for each session add to your zshrc
+
+# ~/.zshrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion zsh) && compdef _gotk gotk
+
+or write a cached file in one of the completion directories in your ${fpath}:
+
+echo "${fpath// /\n}" | grep -i completion
+gotk completions zsh > _gotk
+
+mv _gotk ~/.oh-my-zsh/completions  # oh-my-zsh
+mv _gotk ~/.zprezto/modules/completion/external/src/  # zprezto
+
+```
+
+### Options
+
+```
+  -h, --help   help for zsh
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_create.md

@@ -0,0 +1,33 @@
+## gotk create
+
+Create or update sources and resources
+
+### Synopsis
+
+The create sub-commands generate sources and resources.
+
+### Options
+
+```
+      --export              export in YAML format to stdout
+  -h, --help                help for create
+      --interval duration   source sync interval (default 1m0s)
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk create helmrelease](gotk_create_helmrelease.md)	 - Create or update a HelmRelease resource
+* [gotk create kustomization](gotk_create_kustomization.md)	 - Create or update a Kustomization resource
+* [gotk create source](gotk_create_source.md)	 - Create or update sources
+

docs/cmd/gotk_create_helmrelease.md

@@ -0,0 +1,90 @@
+## gotk create helmrelease
+
+Create or update a HelmRelease resource
+
+### Synopsis
+
+The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.
+
+```
+gotk create helmrelease [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a HelmRelease with a chart from a HelmRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --chart-version=">4.0.0"
+
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with a chart from a Bucket source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=Bucket/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
+  gotk create hr podinfo \
+    --target-namespace=default \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo
+
+  # Create a HelmRelease definition on disk without applying it on the cluster
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./values.yaml \
+    --export > podinfo-release.yaml
+
+```
+
+### Options
+
+```
+      --chart string              Helm chart name or path
+      --chart-version string      Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)
+      --depends-on stringArray    HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'
+  -h, --help                      help for helmrelease
+      --release-name string       name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'
+      --source string             source that contains the chart (<kind>/<name>)
+      --target-namespace string   namespace to install this release, defaults to the HelmRelease namespace
+      --values string             local path to the values.yaml file
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk create](gotk_create.md)	 - Create or update sources and resources
+

docs/cmd/gotk_create_kustomization.md

@@ -1,20 +1,20 @@
-## tk create kustomization
+## gotk create kustomization
 
 Create or update a Kustomization resource
 
 ### Synopsis
 
-The kustomization source create command generates a Kustomize resource for a given GitRepository source.
+The kustomization source create command generates a Kustomize resource for a given source.
 
 ```
-tk create kustomization [name] [flags]
+gotk create kustomization [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Create a Kustomization resource from a source at a given path
-  tk create kustomization contour \
+  gotk create kustomization contour \
     --source=contour \
     --path="./examples/contour/" \
     --prune=true \
@@ -25,7 +25,7 @@ tk create kustomization [name] [flags]
     --health-check-timeout=3m
 
   # Create a Kustomization resource that depends on the previous one
-  tk create kustomization webapp \
+  gotk create kustomization webapp \
     --depends-on=contour \
     --source=webapp \
     --path="./deploy/overlays/dev" \
@@ -33,22 +33,20 @@ tk create kustomization [name] [flags]
     --interval=5m \
     --validation=client
 
-  # Create a Kustomization resource that runs under a service account
-  tk create kustomization webapp \
-    --source=webapp \
-    --path="./deploy/overlays/staging" \
+  # Create a Kustomization resource that references a Bucket
+  gotk create kustomization secrets \
+    --source=Bucket/secrets \
     --prune=true \
-    --interval=5m \
-    --validation=client \
-    --sa-name=reconclier \
-    --sa-namespace=staging
+    --interval=5m
 
 ```
 
 ### Options
 
 ```
-      --depends-on stringArray          Kustomization that must be ready before this Kustomization can be applied
+      --decryption-provider string      enables secrets decryption, provider can be 'sops'
+      --decryption-secret string        set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption
+      --depends-on stringArray          Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'
       --health-check stringArray        workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'
       --health-check-timeout duration   timeout of health checking operations (default 2m0s)
   -h, --help                            help for kustomization
@@ -56,7 +54,7 @@ tk create kustomization [name] [flags]
       --prune                           enable garbage collection
       --sa-name string                  service account name
       --sa-namespace string             service account namespace
-      --source string                   GitRepository name
+      --source string                   source that contains the Kubernetes manifests in the format '[<kind>/]<name>', where kind can be GitRepository or Bucket, if kind is not specified it defaults to GitRepository
       --validation string               validate the manifests before applying them on the cluster, can be 'client' or 'server'
 ```
 
@@ -66,12 +64,13 @@ tk create kustomization [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk create](tk_create.md)	 - Create or update sources and resources
+* [gotk create](gotk_create.md)	 - Create or update sources and resources
 

docs/cmd/gotk_create_source.md

@@ -0,0 +1,33 @@
+## gotk create source
+
+Create or update sources
+
+### Synopsis
+
+The create source sub-commands generate sources.
+
+### Options
+
+```
+  -h, --help   help for source
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk create](gotk_create.md)	 - Create or update sources and resources
+* [gotk create source bucket](gotk_create_source_bucket.md)	 - Create or update a Bucket source
+* [gotk create source git](gotk_create_source_git.md)	 - Create or update a GitRepository source
+* [gotk create source helm](gotk_create_source_helm.md)	 - Create or update a HelmRepository source
+

docs/cmd/gotk_create_source_bucket.md

@@ -0,0 +1,65 @@
+## gotk create source bucket
+
+Create or update a Bucket source
+
+### Synopsis
+
+
+The create source bucket command generates a Bucket resource and waits for it to be downloaded.
+For Buckets with static authentication, the credentials are stored in a Kubernetes secret.
+
+```
+gotk create source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a source from a Buckets using static authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+    --endpoint=minio.minio.svc.cluster.local:9000 \
+	--insecure=true \
+	--access-key=myaccesskey \
+	--secret-key=mysecretkey \
+    --interval=10m
+
+  # Create a source from an Amazon S3 Bucket using IAM authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+	--provider=aws \
+    --endpoint=s3.amazonaws.com \
+	--region=us-east-1 \
+    --interval=10m
+
+```
+
+### Options
+
+```
+      --access-key string    the bucket access key
+      --bucket-name string   the bucket name
+      --endpoint string      the bucket endpoint address
+  -h, --help                 help for bucket
+      --insecure             for when connecting to a non-TLS S3 HTTP endpoint
+      --provider string      the S3 compatible storage provider name, can be 'generic' or 'aws' (default "generic")
+      --region string        the bucket region
+      --secret-key string    the bucket secret key
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk create source](gotk_create_source.md)	 - Create or update sources
+

docs/cmd/gotk_create_source_git.md

@@ -1,4 +1,4 @@
-## tk create source git
+## gotk create source git
 
 Create or update a GitRepository source
 
@@ -10,42 +10,42 @@ For Git over SSH, host and SSH keys are automatically generated and stored in a
 For private Git repositories, the basic authentication credentials are stored in a Kubernetes secret.
 
 ```
-tk create source git [name] [flags]
+gotk create source git [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Create a source from a public Git repository master branch
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository pinned to specific git tag
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag="3.2.3"
 
   # Create a source from a public Git repository tag that matches a semver range
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag-semver=">=3.2.0 <3.3.0"
 
   # Create a source from a Git repository using SSH authentication
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository using SSH authentication and an
   # ECDSA P-521 curve public key
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master \
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
   # Create a source from a Git repository using basic authentication
-  tk create source git podinfo \
+  gotk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
     --password=password
@@ -73,12 +73,13 @@ tk create source git [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk create source](tk_create_source.md)	 - Create or update sources
+* [gotk create source](gotk_create_source.md)	 - Create or update sources
 

docs/cmd/gotk_create_source_helm.md

@@ -0,0 +1,65 @@
+## gotk create source helm
+
+Create or update a HelmRepository source
+
+### Synopsis
+
+
+The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
+For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.
+
+```
+gotk create source helm [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a source from a public Helm repository
+  gotk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --interval=10m
+
+  # Create a source from a Helm repository using basic authentication
+  gotk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --username=username \
+    --password=password
+
+  # Create a source from a Helm repository using TLS authentication
+  gotk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
+
+```
+
+### Options
+
+```
+      --ca-file string     TLS authentication CA file path
+      --cert-file string   TLS authentication cert file path
+  -h, --help               help for helm
+      --key-file string    TLS authentication key file path
+  -p, --password string    basic authentication password
+      --url string         Helm repository address
+  -u, --username string    basic authentication username
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk create source](gotk_create_source.md)	 - Create or update sources
+

docs/cmd/gotk_delete.md

@@ -1,4 +1,4 @@
-## tk delete
+## gotk delete
 
 Delete sources and resources
 
@@ -17,15 +17,15 @@ The delete sub-commands delete sources and resources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
-* [tk delete helmrelease](tk_delete_helmrelease.md)	 - Delete a HelmRelease resource
-* [tk delete kustomization](tk_delete_kustomization.md)	 - Delete a Kustomization resource
-* [tk delete source](tk_delete_source.md)	 - Delete sources
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk delete helmrelease](gotk_delete_helmrelease.md)	 - Delete a HelmRelease resource
+* [gotk delete kustomization](gotk_delete_kustomization.md)	 - Delete a Kustomization resource
+* [gotk delete source](gotk_delete_source.md)	 - Delete sources
 

docs/cmd/gotk_delete_helmrelease.md

@@ -1,4 +1,4 @@
-## tk delete helmrelease
+## gotk delete helmrelease
 
 Delete a HelmRelease resource
 
@@ -7,14 +7,14 @@ Delete a HelmRelease resource
 The delete helmrelease command removes the given HelmRelease from the cluster.
 
 ```
-tk delete helmrelease [name] [flags]
+gotk delete helmrelease [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Delete a Helm release and the Kubernetes resources created by it
-  tk delete hr podinfo
+  gotk delete hr podinfo
 
 ```
 
@@ -28,7 +28,7 @@ tk delete helmrelease [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -36,5 +36,5 @@ tk delete helmrelease [name] [flags]
 
 ### SEE ALSO
 
-* [tk delete](tk_delete.md)	 - Delete sources and resources
+* [gotk delete](gotk_delete.md)	 - Delete sources and resources
 

docs/cmd/gotk_delete_kustomization.md

@@ -1,4 +1,4 @@
-## tk delete kustomization
+## gotk delete kustomization
 
 Delete a Kustomization resource
 
@@ -7,14 +7,14 @@ Delete a Kustomization resource
 The delete kustomization command deletes the given Kustomization from the cluster.
 
 ```
-tk delete kustomization [name] [flags]
+gotk delete kustomization [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Delete a kustomization and the Kubernetes resources created by it
-  tk delete kustomization podinfo
+  gotk delete kustomization podinfo
 
 ```
 
@@ -28,7 +28,7 @@ tk delete kustomization [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -36,5 +36,5 @@ tk delete kustomization [name] [flags]
 
 ### SEE ALSO
 
-* [tk delete](tk_delete.md)	 - Delete sources and resources
+* [gotk delete](gotk_delete.md)	 - Delete sources and resources
 

docs/cmd/gotk_delete_source.md

@@ -1,4 +1,4 @@
-## tk delete source
+## gotk delete source
 
 Delete sources
 
@@ -16,7 +16,7 @@ The delete source sub-commands delete sources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -24,7 +24,8 @@ The delete source sub-commands delete sources.
 
 ### SEE ALSO
 
-* [tk delete](tk_delete.md)	 - Delete sources and resources
-* [tk delete source git](tk_delete_source_git.md)	 - Delete a GitRepository source
-* [tk delete source helm](tk_delete_source_helm.md)	 - Delete a HelmRepository source
+* [gotk delete](gotk_delete.md)	 - Delete sources and resources
+* [gotk delete source bucket](gotk_delete_source_bucket.md)	 - Delete a Bucket source
+* [gotk delete source git](gotk_delete_source_git.md)	 - Delete a GitRepository source
+* [gotk delete source helm](gotk_delete_source_helm.md)	 - Delete a HelmRepository source
 

docs/cmd/gotk_delete_source_bucket.md

@@ -0,0 +1,40 @@
+## gotk delete source bucket
+
+Delete a Bucket source
+
+### Synopsis
+
+The delete source bucket command deletes the given Bucket from the cluster.
+
+```
+gotk delete source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Delete a Bucket source
+  gotk delete source bucket podinfo
+
+```
+
+### Options
+
+```
+  -h, --help   help for bucket
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+  -s, --silent              delete resource without asking for confirmation
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk delete source](gotk_delete_source.md)	 - Delete sources
+

docs/cmd/gotk_delete_source_git.md

@@ -1,4 +1,4 @@
-## tk delete source git
+## gotk delete source git
 
 Delete a GitRepository source
 
@@ -7,14 +7,14 @@ Delete a GitRepository source
 The delete source git command deletes the given GitRepository from the cluster.
 
 ```
-tk delete source git [name] [flags]
+gotk delete source git [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Delete a Git repository
-  tk delete source git podinfo
+  gotk delete source git podinfo
 
 ```
 
@@ -28,7 +28,7 @@ tk delete source git [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -36,5 +36,5 @@ tk delete source git [name] [flags]
 
 ### SEE ALSO
 
-* [tk delete source](tk_delete_source.md)	 - Delete sources
+* [gotk delete source](gotk_delete_source.md)	 - Delete sources
 

docs/cmd/gotk_delete_source_helm.md

@@ -1,4 +1,4 @@
-## tk delete source helm
+## gotk delete source helm
 
 Delete a HelmRepository source
 
@@ -7,14 +7,14 @@ Delete a HelmRepository source
 The delete source helm command deletes the given HelmRepository from the cluster.
 
 ```
-tk delete source helm [name] [flags]
+gotk delete source helm [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Delete a Helm repository
-  tk delete source helm podinfo
+  gotk delete source helm podinfo
 
 ```
 
@@ -28,7 +28,7 @@ tk delete source helm [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -36,5 +36,5 @@ tk delete source helm [name] [flags]
 
 ### SEE ALSO
 
-* [tk delete source](tk_delete_source.md)	 - Delete sources
+* [gotk delete source](gotk_delete_source.md)	 - Delete sources
 

docs/cmd/gotk_export.md

@@ -1,4 +1,4 @@
-## tk export
+## gotk export
 
 Export resources in YAML format
 
@@ -17,15 +17,15 @@ The export sub-commands export resources in YAML format.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
-* [tk export helmrelease](tk_export_helmrelease.md)	 - Export HelmRelease resources in YAML format
-* [tk export kustomization](tk_export_kustomization.md)	 - Export Kustomization resources in YAML format
-* [tk export source](tk_export_source.md)	 - Export sources
+* [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk export helmrelease](gotk_export_helmrelease.md)	 - Export HelmRelease resources in YAML format
+* [gotk export kustomization](gotk_export_kustomization.md)	 - Export Kustomization resources in YAML format
+* [gotk export source](gotk_export_source.md)	 - Export sources
 

docs/cmd/gotk_export_helmrelease.md

@@ -1,4 +1,4 @@
-## tk export helmrelease
+## gotk export helmrelease
 
 Export HelmRelease resources in YAML format
 
@@ -7,17 +7,17 @@ Export HelmRelease resources in YAML format
 The export helmrelease command exports one or all HelmRelease resources in YAML format.
 
 ```
-tk export helmrelease [name] [flags]
+gotk export helmrelease [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Export all HelmRelease resources
-  tk export helmrelease --all > kustomizations.yaml
+  gotk export helmrelease --all > kustomizations.yaml
 
   # Export a HelmRelease
-  tk export hr my-app > app-release.yaml
+  gotk export hr my-app > app-release.yaml
 
 ```
 
@@ -32,12 +32,12 @@ tk export helmrelease [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk export](tk_export.md)	 - Export resources in YAML format
+* [gotk export](gotk_export.md)	 - Export resources in YAML format
 

docs/cmd/gotk_export_kustomization.md

@@ -1,4 +1,4 @@
-## tk export kustomization
+## gotk export kustomization
 
 Export Kustomization resources in YAML format
 
@@ -7,17 +7,17 @@ Export Kustomization resources in YAML format
 The export kustomization command exports one or all Kustomization resources in YAML format.
 
 ```
-tk export kustomization [name] [flags]
+gotk export kustomization [name] [flags]
 ```
 
 ### Examples
 
 ```
   # Export all Kustomization resources
-  tk export kustomization --all > kustomizations.yaml
+  gotk export kustomization --all > kustomizations.yaml
 
   # Export a Kustomization
-  tk export kustomization my-app > kustomization.yaml
+  gotk export kustomization my-app > kustomization.yaml
 
 ```
 
@@ -32,12 +32,12 @@ tk export kustomization [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
 
 ### SEE ALSO
 
-* [tk export](tk_export.md)	 - Export resources in YAML format
+* [gotk export](gotk_export.md)	 - Export resources in YAML format