Merge pull request #204 from fluxcd/ghcr

Use GitHub Container Registry for AMD64/ARM64 images

.github/workflows/e2e.yaml

@@ -88,32 +88,41 @@ jobs:
       - name: gotk delete kustomization
         run: |
           ./bin/gotk delete kustomization podinfo --silent
-      - name: gotk delete source git
-        run: |
-          ./bin/gotk delete source git podinfo --silent
       - name: gotk create source helm
         run: |
           ./bin/gotk create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
-      - name: gotk create helmrelease
+      - name: gotk create helmrelease --source=HelmRepository/podinfo
         run: |
-          ./bin/gotk create hr podinfo \
+          ./bin/gotk create hr podinfo-helm \
             --target-namespace=default \
-            --source=podinfo \
+            --source=HelmRepository/podinfo \
-            --chart-name=podinfo \
+            --chart=podinfo \
             --chart-version=">4.0.0 <5.0.0"
+      - name: gotk create helmrelease --source=GitRepository/podinfo
+        run: |
+          ./bin/gotk create hr podinfo-git \
+            --target-namespace=default \
+            --source=GitRepository/podinfo \
+            --chart=./charts/podinfo
       - name: gotk get helmreleases
         run: |
           ./bin/gotk get helmreleases
       - name: gotk export helmrelease
         run: |
           ./bin/gotk export hr --all
-      - name: gotk delete helmrelease
+      - name: gotk delete helmrelease podinfo-helm
         run: |
-          ./bin/gotk delete hr podinfo --silent
+          ./bin/gotk delete hr podinfo-helm --silent
+      - name: gotk delete helmrelease podinfo-git
+        run: |
+          ./bin/gotk delete hr podinfo-git --silent
       - name: gotk delete source helm
         run: |
           ./bin/gotk delete source helm podinfo --silent
+      - name: gotk delete source git
+        run: |
+          ./bin/gotk delete source git podinfo --silent
       - name: gotk check
         run: |
           ./bin/gotk check

.goreleaser.yml

@@ -8,6 +8,7 @@ builds:
       - linux
     goarch:
       - amd64
+      - arm64
     env:
       - CGO_ENABLED=0
 archives:

cmd/gotk/bootstrap.go

@@ -23,7 +23,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"sigs.k8s.io/yaml"
 	"strings"
 	"time"
 
@@ -33,6 +32,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
 
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
@@ -49,6 +49,7 @@ var (
 	bootstrapComponents      []string
 	bootstrapRegistry        string
 	bootstrapImagePullSecret string
+	bootstrapArch            string
 )
 
 const (
@@ -63,10 +64,12 @@ func init() {
 		"toolkit version")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
 	rootCmd.AddCommand(bootstrapCmd)
 }
 
@@ -78,7 +81,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string) (string, err
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, gotkDir); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, bootstrapArch, gotkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 

cmd/gotk/bootstrap_github.go

@@ -93,6 +93,10 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitHubTokenName)
 	}
 
+	if !utils.containsItemString(supportedArch, bootstrapArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", bootstrapArch, supportedArch)
+	}
+
 	repository, err := git.NewRepository(ghRepository, ghOwner, ghHostname, ghToken, "gotk", ghOwner+"@users.noreply.github.com")
 	if err != nil {
 		return err

cmd/gotk/bootstrap_gitlab.go

@@ -86,6 +86,10 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitLabTokenName)
 	}
 
+	if !utils.containsItemString(supportedArch, bootstrapArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", bootstrapArch, supportedArch)
+	}
+
 	repository, err := git.NewRepository(glRepository, glOwner, glHostname, glToken, "gotk", glOwner+"@users.noreply.gitlab.com")
 	if err != nil {
 		return err

cmd/gotk/create_helmrelease.go

@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
+	"strings"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -41,29 +42,41 @@ var createHelmReleaseCmd = &cobra.Command{
 	Aliases: []string{"hr"},
 	Short:   "Create or update a HelmRelease resource",
 	Long:    "The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.",
-	Example: `  # Create a HelmRelease from a source
+	Example: `  # Create a HelmRelease with a chart from a HelmRepository source
   gotk create hr podinfo \
     --interval=10m \
-    --release-name=podinfo \
+    --source=HelmRepository/podinfo \
-    --target-namespace=default \
+    --chart=podinfo \
-    --source=podinfo \
-    --chart-name=podinfo \
     --chart-version=">4.0.0"
 
-  # Create a HelmRelease with values for a local YAML file
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
   gotk create hr podinfo \
     --target-namespace=default \
-    --source=podinfo \
+    --source=HelmRepository/podinfo \
-    --chart-name=podinfo \
+    --chart=podinfo
-    --chart-version=4.0.5 \
-    --values=./my-values.yaml
 
   # Create a HelmRelease definition on disk without applying it on the cluster
   gotk create hr podinfo \
-    --target-namespace=default \
+    --source=HelmRepository/podinfo \
-    --source=podinfo \
+    --chart=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
     --values=./values.yaml \
     --export > podinfo-release.yaml
 `,
@@ -74,17 +87,17 @@ var (
 	hrName            string
 	hrSource          string
 	hrDependsOn       []string
-	hrChartName       string
+	hrChart           string
 	hrChartVersion    string
 	hrTargetNamespace string
 	hrValuesFile      string
 )
 
 func init() {
-	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'")
+	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'")
-	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "HelmRepository name")
+	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "source that contains the chart (<kind>/<name>)")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartName, "chart-name", "", "Helm chart name")
+	createHelmReleaseCmd.Flags().StringVar(&hrChart, "chart", "", "Helm chart name or path")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts semver range")
+	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
 	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed")
 	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
 	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
@@ -100,11 +113,16 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	if hrSource == "" {
 		return fmt.Errorf("source is required")
 	}
-	if hrChartName == "" {
+	hrSourceElements := strings.Split(hrSource, "/")
-		return fmt.Errorf("chart name is required")
+	if len(hrSourceElements) != 2 {
+		return fmt.Errorf("source must be in format <kind>/<name>")
 	}
-	if hrChartVersion == "" {
+	hrSourceKind, hrSourceName := hrSourceElements[0], hrSourceElements[1]
-		return fmt.Errorf("chart version is required")
+	if hrSourceKind != sourcev1.HelmRepositoryKind && hrSourceKind != sourcev1.GitRepositoryKind {
+		return fmt.Errorf("source kind must be one of: %s", []string{sourcev1.HelmRepositoryKind, sourcev1.GitRepositoryKind})
+	}
+	if hrChart == "" {
+		return fmt.Errorf("chart name or path is required")
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
@@ -132,11 +150,13 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 			},
 			TargetNamespace: hrTargetNamespace,
 			Chart: helmv2.HelmChartTemplate{
-				Name:    hrChartName,
+				Spec: helmv2.HelmChartTemplateSpec{
-				Version: hrChartVersion,
+					Chart:   hrChart,
-				SourceRef: helmv2.CrossNamespaceObjectReference{
+					Version: hrChartVersion,
-					Kind: sourcev1.HelmRepositoryKind,
+					SourceRef: helmv2.CrossNamespaceObjectReference{
-					Name: hrSource,
+						Kind: hrSourceKind,
+						Name: hrSourceName,
+					},
 				},
 			},
 			Suspend: false,

cmd/gotk/install.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/pkg/untar"
 	"io/ioutil"
 	"net/http"
 	"os"
@@ -31,6 +30,8 @@ import (
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/kustomize/api/filesys"
 	"sigs.k8s.io/kustomize/api/krusty"
+
+	"github.com/fluxcd/pkg/untar"
 )
 
 var installCmd = &cobra.Command{
@@ -61,6 +62,7 @@ var (
 	installComponents      []string
 	installRegistry        string
 	installImagePullSecret string
+	installArch            string
 )
 
 func init() {
@@ -74,14 +76,20 @@ func init() {
 		"list of components, accepts comma-separated values")
 	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "",
 		"path to the manifest directory, dev only")
-	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
+	installCmd.Flags().StringVar(&installRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	installCmd.Flags().StringVar(&installArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
 	rootCmd.AddCommand(installCmd)
 }
 
 func installCmdRun(cmd *cobra.Command, args []string) error {
+	if !utils.containsItemString(supportedArch, installArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", installArch, supportedArch)
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
@@ -103,7 +111,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
+		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, installArch, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
@@ -192,6 +200,7 @@ fieldSpecs:
 var kustomizationTmpl = `---
 {{- $eventsAddr := .EventsAddr }}
 {{- $registry := .Registry }}
+{{- $arch := .Arch }}
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: {{.Namespace}}
@@ -231,7 +240,11 @@ patchesJson6902:
 images:
 {{- range $i, $component := .Components }}
   - name: fluxcd/{{$component}}
+{{- if eq $arch "amd64" }}
     newName: {{$registry}}/{{$component}}
+{{- else }}
+    newName: {{$registry}}/{{$component}}-{{$arch}}
+{{- end }}
 {{- end }}
 {{- end }}
 `
@@ -253,7 +266,7 @@ spec:
   template:
     spec:
       nodeSelector:
-        kubernetes.io/arch: amd64
+        kubernetes.io/arch: {{.Arch}}
         kubernetes.io/os: linux
 {{- if .ImagePullSecret }}
       imagePullSecrets:
@@ -295,7 +308,7 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, arch, tmpDir string) error {
 	eventsAddr := ""
 	if utils.containsItemString(components, defaultNotification) {
 		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
@@ -308,6 +321,7 @@ func genInstallManifests(version string, namespace string, components []string,
 		EventsAddr      string
 		Registry        string
 		ImagePullSecret string
+		Arch            string
 	}{
 		Version:         version,
 		Namespace:       namespace,
@@ -315,6 +329,7 @@ func genInstallManifests(version string, namespace string, components []string,
 		EventsAddr:      eventsAddr,
 		Registry:        registry,
 		ImagePullSecret: imagePullSecret,
+		Arch:            arch,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {

cmd/gotk/main.go

@@ -108,6 +108,7 @@ var (
 	defaultVersion      = "latest"
 	defaultNamespace    = "gitops-system"
 	defaultNotification = "notification-controller"
+	supportedArch       = []string{"arm64", "amd64"}
 )
 
 func init() {

cmd/gotk/reconcile_helmrelease.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"time"
 
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -81,7 +82,12 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if syncHrWithSource {
-		err := syncSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.SourceRef.Name})
+		switch helmRelease.Spec.Chart.Spec.SourceRef.Kind {
+		case sourcev1.HelmRepositoryKind:
+			err = syncSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		case sourcev1.GitRepositoryKind:
+			err = syncSourceGitCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		}
 		if err != nil {
 			return err
 		}

docs/cmd/gotk_bootstrap.md

@@ -9,10 +9,11 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 ### Options
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
   -h, --help                       help for bootstrap
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
 ```
 

docs/cmd/gotk_bootstrap_github.md

@@ -54,11 +54,12 @@ gotk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
       --namespace string           the namespace scope for this operation (default "gitops-system")
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects
   -v, --version string             toolkit version (default "latest")

docs/cmd/gotk_bootstrap_gitlab.md

@@ -51,11 +51,12 @@ gotk bootstrap gitlab [flags]
 ### Options inherited from parent commands
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
       --namespace string           the namespace scope for this operation (default "gitops-system")
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects
   -v, --version string             toolkit version (default "latest")

docs/cmd/gotk_create_helmrelease.md

@@ -13,29 +13,41 @@ gotk create helmrelease [name] [flags]
 ### Examples
 
 ```
-  # Create a HelmRelease from a source
+  # Create a HelmRelease with a chart from a HelmRepository source
   gotk create hr podinfo \
     --interval=10m \
-    --release-name=podinfo \
+    --source=HelmRepository/podinfo \
-    --target-namespace=default \
+    --chart=podinfo \
-    --source=podinfo \
-    --chart-name=podinfo \
     --chart-version=">4.0.0"
 
-  # Create a HelmRelease with values for a local YAML file
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
   gotk create hr podinfo \
     --target-namespace=default \
-    --source=podinfo \
+    --source=HelmRepository/podinfo \
-    --chart-name=podinfo \
+    --chart=podinfo
-    --chart-version=4.0.5 \
-    --values=./my-values.yaml
 
   # Create a HelmRelease definition on disk without applying it on the cluster
   gotk create hr podinfo \
-    --target-namespace=default \
+    --source=HelmRepository/podinfo \
-    --source=podinfo \
+    --chart=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
     --values=./values.yaml \
     --export > podinfo-release.yaml
 
@@ -44,12 +56,12 @@ gotk create helmrelease [name] [flags]
 ### Options
 
 ```
-      --chart-name string         Helm chart name
+      --chart string              Helm chart name or path
-      --chart-version string      Helm chart version, accepts semver range
+      --chart-version string      Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)
       --depends-on stringArray    HelmReleases that must be ready before this release can be installed
   -h, --help                      help for helmrelease
-      --release-name string       name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'
+      --release-name string       name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'
-      --source string             HelmRepository name
+      --source string             source that contains the chart (<kind>/<name>)
       --target-namespace string   namespace to install this release, defaults to the HelmRelease namespace
       --values string             local path to the values.yaml file
 ```

docs/cmd/gotk_install.md

@@ -31,13 +31,14 @@ gotk install [flags]
 ### Options
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --dry-run                    only print the object that would be applied
       --export                     write the install manifests to stdout and exit
   -h, --help                       help for install
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --manifests string           path to the manifest directory, dev only
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
 ```
 

docs/components/helm/controller.md

@@ -6,18 +6,20 @@ releases with Kubernetes manifests.
 ![](../../_files/helm-controller.png)
 
 The desired state of a Helm release is described through a Kubernetes Custom Resource named `HelmRelease`.
-Based on the creation, mutation or removal of a HelmRelease resource in the cluster,
+Based on the creation, mutation or removal of a `HelmRelease` resource in the cluster,
 Helm actions are performed by the controller.
 
 Features:
 
 - Watches for `HelmRelease` objects and generates `HelmChart` objects
+- Supports `HelmChart` artifacts produced from `HelmRepository` and `GitRepository` sources
 - Fetches artifacts produced by [source-controller](../source/controller.md) from `HelmChart` objects
-- Watches `HelmChart` objects for revision changes (semver ranges)
+- Watches `HelmChart` objects for revision changes (including semver ranges for charts from `HelmRepository` sources)
-- Performs Helm v3 actions including Helm tests as configured in the `HelmRelease` objects
+- Performs automated Helm actions, including Helm tests, rollbacks and uninstalls
-- Runs Helm install/upgrade in a specific order, taking into account the depends-on relationship
+- Offers extensive configuration options for automated remediation (rollback, uninstall, retry) on failed Helm install, upgrade or test actions
+- Runs Helm install/upgrade in a specific order, taking into account the depends-on relationship defined in a set of `HelmRelease` objects
 - Prunes Helm releases removed from cluster (garbage collection) 
-- Reports Helm releases status (alerting provided by [notification-controller](../notification/controller.md))
+- Reports Helm releases statuses (alerting provided by [notification-controller](../notification/controller.md))
 
 Links:
 

docs/faq/index.md

@@ -55,12 +55,14 @@ Support for custom commands and generators executed by fluxd in a POSIX shell |
 
 Flux v1                            | Toolkit component driven "Flux v2"
 ---------------------------------- | ----------------------------------
-Declarative config in a single Helm custom resource | Declarative config through `HelmRepository`, `HelmChart` and `HelmRelease` custom resources
+Declarative config in a single Helm custom resource | Declarative config through `HelmRepository`, `GitRepository`, `HelmChart` and `HelmRelease` custom resources
 Chart synchronisation embedded in the operator | Extensive release configuration options, and a reconciliation interval per source
 Support for fixed SemVer versions from Helm repositories | Support for SemVer ranges for `HelmChart` resources
 Git repository synchronisation on a global interval | Planned support for charts from GitRepository sources
 Limited observability via the status object of the HelmRelease resource | Better observability via the HelmRelease status object, Kubernetes events, and notifications
 Resource heavy, relatively slow | Better performance
+Chart changes from Git sources are determined from Git metadata | Chart changes must be accompanied by a version bump in `Chart.yaml` to produce a new artifact
+Chart dependencies for charts from Git sources are downloaded by the operator | Chart dependencies must be committed to Git
 
 #### Notifications, webhooks, observability
 

docs/get-started/index.md

@@ -26,7 +26,7 @@ curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
 ```
 
 The install script downloads the gotk binary to `/usr/local/bin`.
-Binaries for macOS and Linux AMD64 are available for download on the 
+Binaries for macOS and Linux AMD64/ARM64 are available for download on the 
 [release page](https://github.com/fluxcd/toolkit/releases).
 
 To configure your shell to load gotk completions add to your bash profile:

docs/guides/helmreleases.md

@@ -4,7 +4,7 @@ The [helm-controller](../components/helm/controller.md) allows you to
 declaratively manage Helm chart releases with Kubernetes manifests.
 It makes use of the artifacts produced by the
 [source-controller](../components/source/controller.md) from
-`HelmRepository` and `HelmChart` resources.
+`HelmRepository`, `GitRepository`, and `HelmChart` resources.
 The helm-controller is part of the default toolkit installation.
 
 ## Prerequisites
@@ -14,17 +14,28 @@ toolkit controllers installed on it.
 Please see the [get started guide](../get-started/index.md)
 or the [installation guide](installation.md).
 
-## Define a Helm repository
+## Define a chart source
 
-To be able to deploy a Helm chart, the Helm chart repository has to be
+To be able to release a Helm chart, the source that contains the chart
-known first to the source-controller, so that the `HelmRelease` can
+(either a `HelmRepository` or `GitRepository`) has to be known first to
-reference to it.
+the source-controller, so that the `HelmRelease` can reference to it.
 
 A cluster administrator should register trusted sources by creating
-`HelmRepository` resources in the `gitops-system` namespace.
+the resources in the `gitops-system` namespace. By default, the
-By default, the source-controller watches for sources only in the
+source-controller watches for sources only in the `gitops-system`
-`gitops-system` namespace, this way cluster admins can prevent
+namespace, this way cluster admins can prevent untrusted sources from
-untrusted sources from being registered by users.
+being registered by users.
+
+### Helm repository
+
+Helm repositories are the recommended source to retrieve Helm charts
+from, as they are lightweight in processing and make it possible to
+configure a semantic version selector for the chart version that should
+be released.
+
+They can be declared by creating a `HelmRepository` resource, the
+source-controller will fetch the Helm repository index for this
+resource on an interval and expose it as an artifact:
 
 ```yaml
 apiVersion: source.toolkit.fluxcd.io/v1alpha1
@@ -48,11 +59,73 @@ The `url` can be any HTTP/S Helm repository URL.
     HTTP/S basic and TLS authentication can be configured for private
     Helm repositories. See the [`HelmRepository` CRD docs](../components/source/helmrepositories.md)
     for more details.
+    
+### Git repository
+
+Charts from Git repositories can be released by declaring a
+`GitRepository`, the source-controller will fetch the contents
+of the repository on an interval and expose it as an artifact.
+
+The source-controller can build and expose Helm charts as
+artifacts from the contents of the `GitRepository` artifact
+(more about this later on in the guide).
+
+There are two caveats you should be aware of:
+
+* To make the source-controller produce a new chart artifact,
+  the `version` in the `Chart.yaml` of the chart **must** be
+  bumped.
+* Chart dependencies **must** be committed to Git, as the
+  source-controller does not attempt to download them. This
+  limitation may be removed in a future release.
+  
+An example `GitRepository`:
+
+```yaml
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
+kind: GitRepository
+metadata:
+  name: podinfo
+  namespace: gitops-system
+spec:
+  interval: 1m
+  url: https://github.com/stefanprodan/podinfo
+  ref:
+    branch: master
+  ignore: |
+    # exclude all
+    /*
+    # include charts directory
+    !/charts/
+```
+
+The `interval` defines at which interval the Git repository contents
+are fetched, and should be at least `1m`. Setting this to a higher
+value means newer chart versions will be detected at a slower pace,
+a push-based fetch can be introduced using [webhook receivers](webhook-receivers.md)
+
+The `url` can be any HTTP/S or SSH address (the latter requiring
+authentication).
+
+The `ref` defines the checkout strategy, and is set to follow the
+`master` branch in the above example. For other strategies like
+tags or commits, see the [`GitRepository` CRD docs](../components/source/gitrepositories.md).
+
+The `ignore` defines file and folder exclusion for the
+artifact produced, and follows the [`.gitignore` pattern
+format](https://git-scm.com/docs/gitignore#_pattern_format).
+The above example only includes the `charts` directory of the
+repository and omits all other files.
+
+!!! hint "Authentication"
+    HTTP/S basic and SSH authentication can be configured for private
+    Git repositories. See the [`GitRepository` CRD docs](../components/source/gitrepositories.md)
+    for more details.
 
 ## Define a Helm release
 
-With the `HelmRepository` created, define a new `HelmRelease` to deploy
+With the chart source created, define a new `HelmRelease` to release
-the Helm chart from the repository:
+the Helm chart:
 
 ```yaml
 apiVersion: helm.toolkit.fluxcd.io/v2alpha1
@@ -63,30 +136,37 @@ metadata:
 spec:
   interval: 5m
   chart:
-    name: podinfo
+    spec:
-    version: '^4.0.0'
+      chart: <name|path>
-    sourceRef:
+      version: '4.0.x'
-      kind: HelmRepository
+      sourceRef:
-      name: podinfo
+        kind: <HelmRepository|GitRepository>
-      namespace: gitops-system
+        name: podinfo
-    interval: 1m
+        namespace: gitops-system
+      interval: 1m
   values:
     replicaCount: 2
 ```
 
-The `chart.name` is the name of the chart as made available by the Helm
+The `chart.spec` values are used by the helm-controller as a template
-repository, and may not include any aliases.
+to create a new `HelmChart` resource in the same namespace as the
-
-The `chart.version` can be a fixed semver, or any semver range (i.e.
-`>=4.0.0 <4.0.2`).
-
-The `chart` values are used by the helm-controller as a template to
-create a new `HelmChart` resource in the same namespace as the
 `sourceRef`. The source-controller will then lookup the chart in the
-artifact of the referenced `HelmRepository`, fetch the chart, and make
+artifact of the referenced source, and either fetch the chart for a
-it available as a `HelmChart` artifact to be used by the
+`HelmRepository`, or build it from a `GitRepository`. It will then
+make it available as a `HelmChart` artifact to be used by the
 helm-controller.
 
+The `chart.spec.chart` can either contain:
+
+* The name of the chart as made available by the `HelmRepository`
+  (without any aliases), for example: `podinfo`
+* The relative path the chart can be found at in the `GitRepository`,
+  for example: `./charts/podinfo`
+
+The `chart.spec.version` can be a fixed semver, or any semver range
+(i.e. `>=4.0.0 <5.0.0`). It is ignored for `HelmRelease` resources
+that reference a `GitRepository` source.
+
 !!! hint "Advanced configuration"
     The `HelmRelease` offers an extensive set of configurable flags
     for finer grain control over how Helm actions are performed.

docs/guides/installation.md

@@ -15,7 +15,7 @@ curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
 ```
 
 The install script downloads the gotk binary to `/usr/local/bin`.
-Binaries for macOS and Linux AMD64 are available for download on the 
+Binaries for macOS and Linux AMD64/ARM64 are available for download on the 
 [release page](https://github.com/fluxcd/toolkit/releases).
 
 Verify that your cluster satisfies the prerequisites with:
@@ -47,6 +47,10 @@ gotk bootstrap <GIT-PROVIDER> \
   --version=latest
 ```
 
+!!! hint "ARM64"
+    When deploying to a Kubernetes cluster with ARM 64-bit architecture,
+    you can use `--arch=arm64` to pull the linux/arm64 toolkit container images.
+
 If you wish to install a specific version, use the toolkit 
 [release tag](https://github.com/fluxcd/toolkit/releases) e.g. `--version=v0.0.14`.
 
@@ -169,16 +173,17 @@ Generate the toolkit manifests with:
 
 ```sh
 gotk install --version=latest \
+  --arch=amd64 \ # on ARM64/AARCH64 clusters use --arch=arm64
   --export > ./my-cluster/gitops-system/toolkit-components.yaml
 ```
 
 If your cluster must pull images from a private container registry, first you should pull
-the toolkit images from Docker Hub and push them to your registry, for example:
+the toolkit images from GitHub Container Registry and push them to your registry, for example:
 
 ```sh
-docker pull fluxcd/source-controller:v0.0.7
+docker pull ghcr.io/fluxcd/source-controller:v0.0.14
-docker tag fluxcd/source-controller:v0.0.7 registry.internal/fluxcd/source-controller:v0.0.7
+docker tag ghcr.io/fluxcd/source-controller:v0.0.14 registry.internal/fluxcd/source-controller:v0.0.14
-docker push registry.internal/fluxcd/source-controller:v0.0.7
+docker push registry.internal/fluxcd/source-controller:v0.0.14
 ```
 
 Create the pull secret in the `gitops-system` namespace:
@@ -324,9 +329,9 @@ gotk create helmrelease sealed-secrets \
 --interval=1h \
 --release-name=sealed-secrets \
 --target-namespace=gitops-system \
---source=stable \
+--source=HelmRepository/stable \
---chart-name=sealed-secrets \
+--chart=sealed-secrets \
---chart-version="^1.10.0"
+--chart-version="1.10.x"
 ```
 
 ### Monitoring with Prometheus and Grafana

docs/guides/notifications.md

@@ -3,12 +3,12 @@
 When operating a cluster, different teams may wish to receive notifications about
 the status of their GitOps pipelines.
 For example, the on-call team would receive alerts about reconciliation
-failures in the cluster, while the dev team may wish to be alerted when a new version 
+failures in the cluster, while the dev team may wish to be alerted when a new version
 of an app was deployed and if the deployment is healthy.
 
 ## Prerequisites
 
-To follow this guide you'll need a Kubernetes cluster with the GitOps 
+To follow this guide you'll need a Kubernetes cluster with the GitOps
 toolkit controllers installed on it.
 Please see the [get started guide](../get-started/index.md)
 or the [installation guide](installation.md).
@@ -48,8 +48,8 @@ spec:
 The provider type can be `slack`, `msteams`, `discord`, `rocket` or `generic`.
 
 When type `generic` is specified, the notification controller will post the incoming
-[event](../components/notification/event.md) in JSON format to the webhook address. 
+[event](../components/notification/event.md) in JSON format to the webhook address.
-This way you can create custom handlers that can store the events in 
+This way you can create custom handlers that can store the events in
 Elasticsearch, CloudWatch, Stackdriver, etc.
 
 ## Define an alert
@@ -63,7 +63,7 @@ metadata:
   name: on-call-webapp
   namespace: gitops-system
 spec:
-  providerRef: 
+  providerRef:
     name: slack
   eventSeverity: info
   eventSources:
@@ -102,3 +102,58 @@ When the verbosity is set to `info`, the controller will alert if:
 * an error occurs
 
 ![info alert](../diagrams/slack-info-alert.png)
+
+## GitHub commit status
+
+The GitHub provider is a special kind of notification provider that based on the
+state of a Kustomization resource, will update the
+[commit status](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-status-checks) for the currently reconciled commit id.
+
+The resulting status will contain information from the event in the format `{{ .Kind }}/{{ .Name }} - {{ .Reason }}`.
+![github commit status](../diagrams/github-commit-status.png)
+
+It is important to note that the referenced provider needs to refer to the
+same GitHub repository as the Kustomization originates from. If these do
+not match the notification will fail as the commit id will not be present.
+
+```yaml
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
+kind: Provider
+metadata:
+  name: podinfo
+  namespace: gitops-system
+spec:
+  type: github
+  channel: general
+  address: https://github.com/stefanprodan/podinfo
+  secretRef:
+    name: github
+---
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
+kind: Alert
+metadata:
+  name: podinfo
+  namespace: gitops-system
+spec:
+  providerRef:
+    name: podinfo
+  eventSeverity: info
+  eventSources:
+    - kind: Kustomization
+      name: podinfo
+      namespace: gitops-system
+```
+
+The secret referenced in the provider is expected to contain a [personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)
+to authenticate with the GitHub API.
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: github
+  namespace: gitops-system
+data:
+  token: <token>
+```
+
+

docs/guides/sealed-secrets.md

@@ -50,13 +50,13 @@ gotk create helmrelease sealed-secrets \
 --interval=1h \
 --release-name=sealed-secrets \
 --target-namespace=gitops-system \
---source=stable \
+--source=HelmRepository/stable \
---chart-name=sealed-secrets \
+--chart=sealed-secrets \
---chart-version="^1.10.0"
+--chart-version="1.10.x"
 ```
 
-With chart version `^1.10.0` we configure helm-controller to automatically upgrade the release
+With chart version `1.10.x` we configure helm-controller to automatically upgrade the release
-when a new chart version is fetch by source-controller. 
+when a new chart patch version is fetched by source-controller.
 
 At startup, the sealed-secrets controller generates a 4096-bit RSA key pair and 
 persists the private and public keys as Kubernetes secrets in the `gitops-system` namespace.
@@ -102,7 +102,7 @@ kubectl apply -f basic-auth-sealed.yaml
 Verify that the sealed-secrets controller has created the `basic-auth` Kubernetes Secret:
 
 ```console
-$ kubectl -n default get secrets basic-auth 
+$ kubectl -n default get secrets basic-auth
 
 NAME         TYPE     DATA   AGE
 basic-auth   Opaque   2      1m43s
@@ -136,11 +136,12 @@ metadata:
   namespace: gitops-system
 spec:
   chart:
-    name: sealed-secrets
+    spec:
-    sourceRef:
+      chart: sealed-secrets
-      kind: HelmRepository
+      sourceRef:
-      name: stable
+        kind: HelmRepository
-    version: "^1.10.0"
+        name: stable
+      version: "1.10.x"
   interval: 1h0m0s
   releaseName: sealed-secrets
   targetNamespace: gitops-system

docs/roadmap/index.md

@@ -1,16 +1,18 @@
 # Roadmap
 
-!!! hint "Work in Progress"
+In our planning discussions for the GitOps Toolkit we identified largely three areas of work:
-    We will be building the roadmap together with the Flux community,
+
-    our end-users and everyone who is interested in integrating with us.
+- Feature parity with Flux v1 in read-only mode
-    So a lot of this is still TBD - read this as our shopping list of
+- Feature parity with the image-update functionality in Flux v1
-    ideas after some brainstorming as Flux maintainers.
+- Feature parity with Helm Operator v1
+
+All of the above will constitute "Flux v2".
 
 ## The road to Flux v2
 
 ### Flux read-only feature parity
 
-[= 80% "80%"]
+[= 90% "90%"]
 
 This would be the first stepping stone: we want the GitOps Toolkit to be on-par with today's Flux in
 [read-only mode](https://github.com/fluxcd/flux/blob/master/docs/faq.md#can-i-run-flux-with-readonly-git-access)
@@ -38,7 +40,7 @@ Tasks
 - [ ]  Review the git source and kustomize APIs
 - [ ]  Implement the migration command in gotk
 - [ ]  Create a migration guide for `flux.yaml` kustomize users
-- [ ]  Include [support for SOPS](https://github.com/fluxcd/toolkit/discussions/156)
+- [x]  <span style="color:grey">Include support for SOPS</span>
 
 ### Flux image update feature parity
 
@@ -65,7 +67,7 @@ Tasks
 
 ### Helm v3 feature parity
 
-[= 70% "70%"]
+[= 90% "90%"]
 
 Goals
 
@@ -87,7 +89,7 @@ Tasks
 - [x]  <span style="color:grey">Implement events in Helm controller</span>
 - [x]  <span style="color:grey">Implement Prometheus metrics in Helm controller</span>
 - [x]  <span style="color:grey">Implement support for values from `Secret` and `ConfigMap` resources</span>
-- [ ]  [Implement conditional remediation on (failed) Helm actions](https://github.com/fluxcd/helm-controller/issues/41)
+- [x]  <span style="color:grey">Implement conditional remediation on (failed) Helm actions</span>
-- [ ]  [Implement support for Helm charts from Git](https://github.com/fluxcd/source-controller/issues/56)
+- [x]  <span style="color:grey">Implement support for Helm charts from Git</span>
 - [ ]  [Implement support for referring to an alternative chart values file](https://github.com/fluxcd/helm-controller/issues/4)
 - [ ]  Create a migration guide for Helm Operator users

go.mod

@@ -4,12 +4,12 @@ go 1.14
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/fluxcd/helm-controller/api v0.0.5
+	github.com/fluxcd/helm-controller/api v0.0.7
-	github.com/fluxcd/kustomize-controller/api v0.0.8
+	github.com/fluxcd/kustomize-controller/api v0.0.9
 	github.com/fluxcd/pkg/git v0.0.6
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
-	github.com/fluxcd/source-controller/api v0.0.10
+	github.com/fluxcd/source-controller/api v0.0.14
 	github.com/manifoldco/promptui v0.7.0
 	github.com/spf13/cobra v1.0.0
 	golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect
@@ -17,11 +17,11 @@ require (
 	golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
 	google.golang.org/appengine v1.6.6 // indirect
 	google.golang.org/protobuf v1.24.0 // indirect
-	k8s.io/api v0.18.4
+	k8s.io/api v0.18.8
-	k8s.io/apiextensions-apiserver v0.18.4
+	k8s.io/apiextensions-apiserver v0.18.8
-	k8s.io/apimachinery v0.18.4
+	k8s.io/apimachinery v0.18.8
-	k8s.io/client-go v0.18.4
+	k8s.io/client-go v0.18.8
-	sigs.k8s.io/controller-runtime v0.6.1
+	sigs.k8s.io/controller-runtime v0.6.2
 	sigs.k8s.io/kustomize/api v0.5.1
 	sigs.k8s.io/yaml v1.2.0
 )

go.sum

@@ -106,22 +106,23 @@ github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller/api v0.0.5 h1:rB4IycwXjeN6h3te7WFW5XDJ0oP59fV+RiM6/TJucjM=
+github.com/fluxcd/helm-controller/api v0.0.7 h1:aidjXvcklClH8omhYqiKswZ+MS6t8knOpUacsuESue8=
-github.com/fluxcd/helm-controller/api v0.0.5/go.mod h1:YCQhNz7LkYyBGxDdMGSRK78nvhuHV2x/lrn2vuRlBNE=
+github.com/fluxcd/helm-controller/api v0.0.7/go.mod h1:KlzwTkpphQxulgWBwCl/uxfBU0QxK/X+w4YcJqGy/1c=
-github.com/fluxcd/kustomize-controller/api v0.0.8 h1:Yi5/MZuS2jXiRV73fuUkBCyRTuG0yx2HJTpWZaM+WHA=
+github.com/fluxcd/kustomize-controller/api v0.0.9 h1:hHhKT+YZUFgw/lWa44++8t0OO+ScXhrzn33Pt/1OJe0=
-github.com/fluxcd/kustomize-controller/api v0.0.8/go.mod h1:c4035rZrt2p3RExpLe64ASVEvePm7FjiY4PzHKpRJXI=
+github.com/fluxcd/kustomize-controller/api v0.0.9/go.mod h1:88m3p6xY3J2pjh5OsL3ANy7PkyA93KiqAJE58JMQyoc=
 github.com/fluxcd/pkg/git v0.0.6 h1:4qktw8M3zj98MAs4ny6qSi36sYvTiI1czif5FqlQl4o=
 github.com/fluxcd/pkg/git v0.0.6/go.mod h1:9AI9yPkb2ruIcE70moVG3WhunA2/RAMJPc3rtoH8QFE=
 github.com/fluxcd/pkg/ssh v0.0.5 h1:rnbFZ7voy2JBlUfMbfyqArX2FYaLNpDhccGFC3qW83A=
 github.com/fluxcd/pkg/ssh v0.0.5/go.mod h1:7jXPdXZpc0ttMNz2kD9QuMi3RNn/e0DOFbj0Tij/+Hs=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
-github.com/fluxcd/source-controller/api v0.0.10 h1:j4ldVKx/ACq5eP98at71DzD9wSNqCE2018skIdkaamE=
+github.com/fluxcd/source-controller/api v0.0.14 h1:iNG6AGnr44z4T6F0JC2M82ekyxzJ29c3m+DVC7FwSHQ=
-github.com/fluxcd/source-controller/api v0.0.10/go.mod h1:Q0bjU4/O1C4FoQT/O2YgGtJnoRWtrw4R/MowywCaDNg=
+github.com/fluxcd/source-controller/api v0.0.14/go.mod h1:PUe+EYQ/s+KPnz2iOCgdf+L6clM0SWkyvdXIpbfpkQE=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -725,19 +726,26 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
-k8s.io/api v0.18.4 h1:8x49nBRxuXGUlDlwlWd3RMY1SayZrzFfxea3UZSkFw4=
+k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI=
-k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4=
+k8s.io/api v0.18.8 h1:aIKUzJPb96f3fKec2lxtY7acZC9gQNDLVhfSGpxBAC4=
-k8s.io/apiextensions-apiserver v0.18.4 h1:Y3HGERmS8t9u12YNUFoOISqefaoGRuTc43AYCLzWmWE=
+k8s.io/api v0.18.8/go.mod h1:d/CXqwWv+Z2XEG1LgceeDmHQwpUJhROPx16SlxJgERY=
-k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio=
+k8s.io/apiextensions-apiserver v0.18.6/go.mod h1:lv89S7fUysXjLZO7ke783xOwVTm6lKizADfvUM/SS/M=
+k8s.io/apiextensions-apiserver v0.18.8 h1:pkqYPKTHa0/3lYwH7201RpF9eFm0lmZDFBNzhN+k/sA=
+k8s.io/apiextensions-apiserver v0.18.8/go.mod h1:7f4ySEkkvifIr4+BRrRWriKKIJjPyg9mb/p63dJKnlM=
 k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/apimachinery v0.18.4 h1:ST2beySjhqwJoIFk6p7Hp5v5O0hYY6Gngq/gUYXTPIA=
+k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
-k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
+k8s.io/apimachinery v0.18.8 h1:jimPrycCqgx2QPearX3to1JePz7wSbVLq+7PdBTTwQ0=
-k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8=
+k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig=
+k8s.io/apiserver v0.18.6/go.mod h1:Zt2XvTHuaZjBz6EFYzpp+X4hTmgWGy8AthNVnTdm3Wg=
+k8s.io/apiserver v0.18.8/go.mod h1:12u5FuGql8Cc497ORNj79rhPdiXQC4bf53X/skR/1YM=
 k8s.io/client-go v0.17.0/go.mod h1:TYgR6EUHs6k45hb6KWjVD6jFZvJV4gHDikv/It0xz+k=
-k8s.io/client-go v0.18.4 h1:un55V1Q/B3JO3A76eS0kUSywgGK/WR3BQ8fHQjNa6Zc=
+k8s.io/client-go v0.18.6/go.mod h1:/fwtGLjYMS1MaM5oi+eXhKwG+1UHidUEXRh6cNsdO0Q=
-k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g=
+k8s.io/client-go v0.18.8 h1:SdbLpIxk5j5YbFr1b7fq8S7mDgDjYmUxSbszyoesoDM=
-k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
+k8s.io/client-go v0.18.8/go.mod h1:HqFqMllQ5NnQJNwjro9k5zMyfhZlOwpuTLVrxjkYSxU=
-k8s.io/component-base v0.18.4/go.mod h1:7jr/Ef5PGmKwQhyAz/pjByxJbC58mhKAhiaDu0vXfPk=
+k8s.io/code-generator v0.18.6/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
+k8s.io/code-generator v0.18.8/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
+k8s.io/component-base v0.18.6/go.mod h1:knSVsibPR5K6EW2XOjEHik6sdU5nCvKMrzMt2D4In14=
+k8s.io/component-base v0.18.8/go.mod h1:00frPRDas29rx58pPCxNkhUfPbwajlyyvu8ruNgSErU=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
@@ -757,8 +765,8 @@ mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIa
 mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
 mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
-sigs.k8s.io/controller-runtime v0.6.1 h1:LcK2+nk0kmaOnKGN+vBcWHqY5WDJNJNB/c5pW+sU8fc=
+sigs.k8s.io/controller-runtime v0.6.2 h1:jkAnfdTYBpFwlmBn3pS5HFO06SfxvnTZ1p5PeEF/zAA=
-sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A=
+sigs.k8s.io/controller-runtime v0.6.2/go.mod h1:vhcq/rlnENJ09SIRp3EveTaZ0yqH526hjf9iJdbUJ/E=
 sigs.k8s.io/kustomize/api v0.5.1 h1:iHGTs5LcnJGqHstUSxWD/kX6XZgmd82x79LLlZwDU0I=
 sigs.k8s.io/kustomize/api v0.5.1/go.mod h1:LGqJ9ZWOnWDqlECqrFgNUyEqSJc6ooA9ZiWZ4KFZv+I=
 sigs.k8s.io/kustomize/kyaml v0.4.1 h1:NEqA/35upoAjb+I5vh1ODUqxoX4DOrezeQa9BhhG5Co=

install/gotk.sh

@@ -42,6 +42,9 @@ setup_verify_arch() {
         ARCH=$(uname -m)
     fi
     case ${ARCH} in
+        arm64)
+            ARCH=arm64
+            ;;
         amd64)
             ARCH=amd64
             ;;

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.5
+- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.7
-- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.5
+- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.7
 patchesJson6902:
 - target:
     group: apps

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.8
+- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.9
-- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.8
+- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.9
 patchesJson6902:
 - target:
     group: apps

manifests/bases/notification-controller/kustomization.yaml

@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.8
-- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.7
+- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.8

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/source-controller/config//crd?ref=v0.0.10
+- github.com/fluxcd/source-controller/config//crd?ref=v0.0.14
-- github.com/fluxcd/source-controller/config//manager?ref=v0.0.10
+- github.com/fluxcd/source-controller/config//manager?ref=v0.0.14
 patchesJson6902:
 - target:
     group: apps