Merge pull request #310 from fluxcd/mod-cleanup

Use GitHub actions from fluxcd/pkg@main

.github/workflows/bootstrap.yaml

@@ -0,0 +1,78 @@
+name: bootstrap
+
+on:
+  push:
+    branches:
+      - '*'
+
+jobs:
+  github:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Restore Go cache
+        uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14.x
+      - name: Setup Kubernetes
+        uses: engineerd/setup-kind@v0.4.0
+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+      - name: Build
+        run: sudo go build -o ./bin/gotk ./cmd/gotk
+      - name: bootstrap init
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --branch=main \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: bootstrap no-op
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --branch=main \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: uninstall
+        run: |
+          ./bin/gotk suspend kustomization gotk-system
+          ./bin/gotk uninstall --resources --crds -s
+      - name: bootstrap reinstall
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --branch=main \
+          --path=test-cluster
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: delete repository
+        run: |
+          ./bin/gotk bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=gotk-test-${{ steps.vars.outputs.sha_short }} \
+          --branch=main \
+          --path=test-cluster \
+          --delete
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: Debug failure
+        if: failure()
+        run: |
+          kubectl -n gotk-system get all
+          kubectl -n gotk-system logs deploy/source-controller
+          kubectl -n gotk-system logs deploy/kustomize-controller

.github/workflows/docs.yaml

@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - docs*
-      - master
+      - main
 
 jobs:
   build:
@@ -13,6 +13,12 @@ jobs:
       - name: Checkout master
         uses: actions/checkout@v1
       - name: Copy assets
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SOURCE_VER: ${{ 'v0.1.0' }}
+          KUSTOMIZE_VER: ${{ 'v0.1.0' }}
+          HELM_VER: ${{ 'v0.1.1' }}
+          NOTIFICATION_VER: ${{ 'v0.1.0' }}
         run: |
           controller_version() {
             sed -n "s/\(.*$1\/.*?ref=\)//p;n" "manifests/bases/$1/kustomization.yaml"
@@ -20,35 +26,36 @@ jobs:
 
           {
             # source-controller CRDs
-            SOURCE_VER=$(controller_version source-controller)
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/gitrepositories.md" > docs/components/source/gitrepositories.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmrepositories.md" > docs/components/source/helmrepositories.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmcharts.md" > docs/components/source/helmcharts.md
+            # SOURCE_VER=$(controller_version source-controller)
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/gitrepositories.md" > docs/components/source/gitrepositories.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmrepositories.md" > docs/components/source/helmrepositories.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmcharts.md" > docs/components/source/helmcharts.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/buckets.md" > docs/components/source/buckets.md
           }
 
           {
             # kustomize-controller CRDs
-            KUSTOMIZE_VER=$(controller_version kustomize-controller)
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1alpha1/kustomization.md" > docs/components/kustomize/kustomization.md
+            # KUSTOMIZE_VER=$(controller_version kustomize-controller)
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1beta1/kustomization.md" > docs/components/kustomize/kustomization.md
           }
 
           {
             # helm-controller CRDs
-            HELM_VER=$(controller_version helm-controller)
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2alpha1/helmreleases.md" > docs/components/helm/helmreleases.md
+            # HELM_VER=$(controller_version helm-controller)
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2beta1/helmreleases.md" > docs/components/helm/helmreleases.md
           }
 
           {
             # notification-controller CRDs
-            NOTIFICATION_VER=$(controller_version notification-controller)
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/event.md" > docs/components/notification/event.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/alert.md" > docs/components/notification/alert.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/provider.md" > docs/components/notification/provider.md
-            curl -# -f "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/receiver.md" > docs/components/notification/receiver.md
+            # NOTIFICATION_VER=$(controller_version notification-controller)
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/event.md" > docs/components/notification/event.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/alert.md" > docs/components/notification/alert.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/provider.md" > docs/components/notification/provider.md
+            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/receiver.md" > docs/components/notification/receiver.md
           }
 
           {

.github/workflows/e2e.yaml

@@ -4,7 +4,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   kind:
@@ -20,9 +20,9 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-
       - name: Setup Go
-        uses: actions/setup-go@v2-beta
+        uses: actions/setup-go@v2
         with:
-          go-version: 1.14.x
+          go-version: 1.15.x
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.4.0
         with:
@@ -41,23 +41,27 @@ jobs:
       - name: gotk check --pre
         run: |
           ./bin/gotk check --pre
-      - name: gotk install --version
-        run: |
-          ./bin/gotk install --version=master --namespace=test --verbose --components="source-controller,kustomize-controller"
-      - name: gotk uninstall
-        run: |
-          ./bin/gotk uninstall --namespace=test --crds --silent
       - name: gotk install --manifests
         run: |
-          ./bin/gotk install --manifests ./manifests/install/ --version=""
+          ./bin/gotk install --manifests ./manifests/install/
       - name: gotk create source git
         run: |
           ./bin/gotk create source git podinfo \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=3.2.3"
+      - name: gotk create source git export apply
+        run: |
+          ./bin/gotk create source git podinfo-export \
+            --url https://github.com/stefanprodan/podinfo  \
+            --tag-semver=">=3.2.3" \
+            --export | kubectl apply -f -
+          ./bin/gotk delete source git podinfo-export --silent
       - name: gotk get sources git
         run: |
           ./bin/gotk get sources git
+      - name: gotk get sources git --all-namespaces
+        run: |
+          ./bin/gotk get sources git --all-namespaces
       - name: gotk create kustomization
         run: |
           ./bin/gotk create kustomization podinfo \
@@ -69,12 +73,15 @@ jobs:
             --health-check="Deployment/frontend.dev" \
             --health-check="Deployment/backend.dev" \
             --health-check-timeout=3m
-      - name: gotk sync kustomization --with-source
+      - name: gotk reconcile kustomization --with-source
         run: |
           ./bin/gotk reconcile kustomization podinfo --with-source
       - name: gotk get kustomizations
         run: |
           ./bin/gotk get kustomizations
+      - name: gotk get kustomizations --all-namespaces
+        run: |
+          ./bin/gotk get kustomizations --all-namespaces
       - name: gotk suspend kustomization
         run: |
           ./bin/gotk suspend kustomization podinfo
@@ -88,40 +95,58 @@ jobs:
       - name: gotk delete kustomization
         run: |
           ./bin/gotk delete kustomization podinfo --silent
-      - name: gotk delete source git
-        run: |
-          ./bin/gotk delete source git podinfo --silent
       - name: gotk create source helm
         run: |
           ./bin/gotk create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
-      - name: gotk create helmrelease
+      - name: gotk create helmrelease --source=HelmRepository/podinfo
         run: |
-          ./bin/gotk create hr podinfo \
+          ./bin/gotk create hr podinfo-helm \
             --target-namespace=default \
-            --source=podinfo \
-            --chart-name=podinfo \
+            --source=HelmRepository/podinfo \
+            --chart=podinfo \
             --chart-version=">4.0.0 <5.0.0"
+      - name: gotk create helmrelease --source=GitRepository/podinfo
+        run: |
+          ./bin/gotk create hr podinfo-git \
+            --target-namespace=default \
+            --source=GitRepository/podinfo \
+            --chart=./charts/podinfo
+      - name: gotk reconcile helmrelease --with-source
+        run: |
+          ./bin/gotk reconcile helmrelease podinfo-git --with-source
       - name: gotk get helmreleases
         run: |
           ./bin/gotk get helmreleases
+      - name: gotk get helmreleases --all-namespaces
+        run: |
+          ./bin/gotk get helmreleases --all-namespaces
       - name: gotk export helmrelease
         run: |
           ./bin/gotk export hr --all
-      - name: gotk delete helmrelease
+      - name: gotk delete helmrelease podinfo-helm
         run: |
-          ./bin/gotk delete hr podinfo --silent
+          ./bin/gotk delete hr podinfo-helm --silent
+      - name: gotk delete helmrelease podinfo-git
+        run: |
+          ./bin/gotk delete hr podinfo-git --silent
       - name: gotk delete source helm
         run: |
           ./bin/gotk delete source helm podinfo --silent
+      - name: gotk delete source git
+        run: |
+          ./bin/gotk delete source git podinfo --silent
       - name: gotk check
         run: |
           ./bin/gotk check
+      - name: gotk uninstall
+        run: |
+          ./bin/gotk uninstall --crds --silent
       - name: Debug failure
         if: failure()
         run: |
           kubectl version --client --short
-          kubectl -n gitops-system get all
-          kubectl -n gitops-system get kustomizations -oyaml
-          kubectl -n gitops-system logs deploy/source-controller
-          kubectl -n gitops-system logs deploy/kustomize-controller
+          kubectl -n gotk-system get all
+          kubectl -n gotk-system get kustomizations -oyaml
+          kubectl -n gotk-system logs deploy/source-controller
+          kubectl -n gotk-system logs deploy/kustomize-controller

.github/workflows/fossa.yml

@@ -0,0 +1,27 @@
+name: FOSSA
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.14.x"
+      - run: go version
+      # Runs a set of commands to initialize and analyze with FOSSA
+      - name: run FOSSA analysis
+        env:
+          # FOSSA Push-Only API Token
+          FOSSA_API_KEY: '5ee8bf422db1471e0bcf2bcb289185de'
+        run: |
+          export GOPATH=$HOME/go
+          export PATH=$PATH:$(go env GOPATH)/bin
+          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
+          fossa init
+          fossa analyze

.github/workflows/release.yaml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.14.x
+          go-version: 1.15.x
       - name: Download release notes utility
         env:
           GH_REL_URL: https://github.com/buchanae/github-release-notes/releases/download/0.2.0/github-release-notes-linux-amd64-0.2.0.tar.gz
@@ -25,8 +25,10 @@ jobs:
         run: |
           echo 'CHANGELOG' > /tmp/release.txt
           github-release-notes -org fluxcd -repo toolkit -since-latest-release -include-author >> /tmp/release.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup Kustomize
-        uses: fluxcd/pkg//actions/kustomize@master
+        uses: fluxcd/pkg//actions/kustomize@main
       - name: Generate manifests tarball
         run: |
           mkdir -p ./output
@@ -82,3 +84,4 @@ jobs:
           args: release --release-notes=/tmp/release.txt --skip-validate
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}

.github/workflows/update.yml

@@ -1,8 +1,9 @@
 name: Update Components
 
 on:
+  workflow_dispatch:
   schedule:
-    - cron: "*/10 * * * *"
+    - cron: "0 * * * *"
 
 jobs:
   update-components:
@@ -22,7 +23,7 @@ jobs:
 
             if [[ "${RELEASE_VERSION}" != "${CURRENT_VERSION}" ]]; then
               # bump kustomize
-              sed -i "s/\($1\/.*?ref=\).*/\1${RELEASE_VERSION}/g" "manifests/bases/$1/kustomization.yaml"
+              sed -i "s/\($1\/archive\/\)v.*\(.zip\/\/$1-\).*\(\/config.*\)/\1${RELEASE_VERSION}\2${RELEASE_VERSION/v}\3/g" "manifests/bases/$1/kustomization.yaml"
 
               if [[ ! -z $(go list -m all | grep "github.com/fluxcd/$1/api" | awk '{print $2}') ]]; then
                 # bump go mod
@@ -54,10 +55,10 @@ jobs:
         id: cpr
         uses: peter-evans/create-pull-request@v3
         with:
-            token: ${{ secrets.GITHUB_TOKEN }}
+            token: ${{ secrets.BOT_GITHUB_TOKEN }}
             commit-message: Update toolkit components
             committer: GitHub <noreply@github.com>
-            author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+            author: fluxcdbot <fluxcdbot@users.noreply.github.com>
             title: Update toolkit components
             body: |
               ${{ steps.update.outputs.pr_body }}

.goreleaser.yml

@@ -8,9 +8,27 @@ builds:
       - linux
     goarch:
       - amd64
+      - arm64
+      - arm
+    goarm:
+      - 7
     env:
       - CGO_ENABLED=0
 archives:
   - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     files:
       - none*
+brews:
+  - name: gotk
+    tap:
+      owner: fluxcd
+      name: homebrew-tap
+      token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+    folder: Formula
+    homepage: "https://toolkit.fluxcd.io/"
+    description: "GitOps Toolkit CLI"
+    dependencies:
+      - name: kubectl
+        type: optional
+    test: |
+      system "#{bin}/gotk --version"

CONTRIBUTING.md

@@ -29,7 +29,7 @@ For announcements we use a mailing list as well. Simply subscribe to
 [flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
 to join the conversation (there you can also add calendar invites
 to your Google calendar for our [Flux
-meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)).
+meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view)).
 
 ## Understanding the GitOps Toolkit
 

README.md

@@ -2,11 +2,84 @@
 
 [![e2e](https://github.com/fluxcd/toolkit/workflows/e2e/badge.svg)](https://github.com/fluxcd/toolkit/actions)
 [![report](https://goreportcard.com/badge/github.com/fluxcd/toolkit)](https://goreportcard.com/report/github.com/fluxcd/toolkit)
-[![license](https://img.shields.io/github/license/fluxcd/toolkit.svg)](https://github.com/fluxcd/toolkit/blob/master/LICENSE)
+[![license](https://img.shields.io/github/license/fluxcd/toolkit.svg)](https://github.com/fluxcd/toolkit/blob/main/LICENSE)
 [![release](https://img.shields.io/github/release/fluxcd/toolkit/all.svg)](https://github.com/fluxcd/toolkit/releases)
 
-Experimental toolkit for assembling CD pipelines the GitOps way.
-
 ![overview](docs/diagrams/gotk-feature.png)
 
-To get started with the toolkit please read the [docs](https://toolkit.fluxcd.io/).
+The GitOps Toolkit is a set of composable APIs and specialized tools
+that can be used to build a Continuous Delivery platform on top of Kubernetes.
+
+These tools are build with Kubernetes controller-runtime libraries, and they
+can be dynamically configured with Kubernetes custom resources either by
+cluster admins or by other automated tools.
+The GitOps Toolkit components interact with each other via Kubernetes
+events and are responsible for the reconciliation of their designated API objects.
+
+## `gotk` installation
+
+With Homebrew:
+
+```sh
+brew tap fluxcd/tap
+brew install gotk
+```
+
+With Bash:
+
+```sh
+curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
+
+# enable completions in ~/.bash_profile
+. <(gotk completion bash)
+```
+
+Binaries for macOS and Linux AMD64/ARM64 are available to download on the
+[release page](https://github.com/fluxcd/toolkit/releases).
+
+Verify that your cluster satisfies the prerequisites with:
+
+```sh
+gotk check --pre
+```
+
+## Get started
+
+To get started with the GitOps Toolkit, start [browsing the documentation](https://toolkit.fluxcd.io)
+or get started with one of the following guides:
+
+- [Get started with GitOps Toolkit (deep dive)](https://toolkit.fluxcd.io/get-started/)
+- [Installation](https://toolkit.fluxcd.io/guides/installation/)
+- [Manage Helm Releases](https://toolkit.fluxcd.io/guides/helmreleases/)
+- [Setup Notifications](https://toolkit.fluxcd.io/guides/notifications/)
+- [Setup Webhook Receivers](https://toolkit.fluxcd.io/guides/webhook-receivers/)
+
+## Components
+
+- [Toolkit CLI](https://toolkit.fluxcd.io/cmd/gotk/)
+- [Source Controller](https://toolkit.fluxcd.io/components/source/controller/)
+    - [GitRepository CRD](https://toolkit.fluxcd.io/components/source/gitrepositories/)
+    - [HelmRepository CRD](https://toolkit.fluxcd.io/components/source/helmrepositories/)
+    - [HelmChart CRD](https://toolkit.fluxcd.io/components/source/helmcharts/)
+    - [Bucket CRD](https://toolkit.fluxcd.io/components/source/buckets/)
+- [Kustomize Controller](https://toolkit.fluxcd.io/components/kustomize/controller/)
+    - [Kustomization CRD](https://toolkit.fluxcd.io/components/kustomize/kustomization/)
+- [Helm Controller](https://toolkit.fluxcd.io/components/helm/controller/)
+    - [HelmRelease CRD](https://toolkit.fluxcd.io/components/helm/helmreleases/)
+- [Notification Controller](https://toolkit.fluxcd.io/components/notification/controller/)
+    - [Provider CRD](https://toolkit.fluxcd.io/components/notification/provider/)
+    - [Alert CRD](https://toolkit.fluxcd.io/components/notification/alert/)
+    - [Receiver CRD](https://toolkit.fluxcd.io/components/notification/receiver/)
+
+## Community
+
+The GitOps Toolkit is always looking for new contributors and there are a multitude of ways to get involved. Depending on what you want to do, some of the following bits might be your first steps:
+
+- Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
+- Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
+- Join the [planning discussions](https://github.com/fluxcd/toolkit/discussions)
+- And if you are completely new to the GitOps Toolkit, take a look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
+- To be part of the conversation about Flux's development, [join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
+- Check out [how to contribute](CONTRIBUTING.md) to the project
+
+We are looking forward to seeing you with us!

cmd/gotk/bootstrap.go

@@ -23,7 +23,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"sigs.k8s.io/yaml"
 	"strings"
 	"time"
 
@@ -33,9 +32,10 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var bootstrapCmd = &cobra.Command{
@@ -45,14 +45,21 @@ var bootstrapCmd = &cobra.Command{
 }
 
 var (
-	bootstrapVersion         string
-	bootstrapComponents      []string
-	bootstrapRegistry        string
-	bootstrapImagePullSecret string
+	bootstrapVersion            string
+	bootstrapComponents         []string
+	bootstrapRegistry           string
+	bootstrapImagePullSecret    string
+	bootstrapArch               string
+	bootstrapBranch             string
+	bootstrapWatchAllNamespaces bool
+	bootstrapNetworkPolicy      bool
+	bootstrapLogLevel           string
+	bootstrapManifestsPath      string
+	bootstrapRequiredComponents = []string{"source-controller", "kustomize-controller"}
 )
 
 const (
-	bootstrapBranch                = "master"
+	bootstrapDefaultBranch         = "main"
 	bootstrapInstallManifest       = "toolkit-components.yaml"
 	bootstrapSourceManifest        = "toolkit-source.yaml"
 	bootstrapKustomizationManifest = "toolkit-kustomization.yaml"
@@ -63,14 +70,57 @@ func init() {
 		"toolkit version")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapBranch, "branch", bootstrapDefaultBranch,
+		"default branch (for GitHub this must match the default branch setting for the organization)")
 	rootCmd.AddCommand(bootstrapCmd)
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapWatchAllNamespaces, "watch-all-namespaces", true,
+		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+	bootstrapCmd.PersistentFlags().BoolVar(&bootstrapNetworkPolicy, "network-policy", true,
+		"deny ingress access to the toolkit controllers from other namespaces using network policies")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapLogLevel, "log-level", "info", "set the controllers log level")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapManifestsPath, "manifests", "", "path to the manifest directory")
+	bootstrapCmd.PersistentFlags().MarkHidden("manifests")
 }
 
-func generateInstallManifests(targetPath, namespace, tmpDir string) (string, error) {
+func bootstrapValidate() error {
+	if !utils.containsItemString(supportedArch, bootstrapArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", bootstrapArch, supportedArch)
+	}
+
+	if !utils.containsItemString(supportedLogLevels, bootstrapLogLevel) {
+		return fmt.Errorf("log level %s is not supported, can be %v", bootstrapLogLevel, supportedLogLevels)
+	}
+
+	for _, component := range bootstrapRequiredComponents {
+		if !utils.containsItemString(bootstrapComponents, component) {
+			return fmt.Errorf("component %s is required", component)
+		}
+	}
+
+	return nil
+}
+
+func generateInstallManifests(targetPath, namespace, tmpDir string, localManifests string) (string, error) {
+	manifestsDir := path.Join(tmpDir, targetPath, namespace)
+	if err := os.MkdirAll(manifestsDir, os.ModePerm); err != nil {
+		return "", fmt.Errorf("creating manifests dir failed: %w", err)
+	}
+	manifest := path.Join(manifestsDir, bootstrapInstallManifest)
+
+	if localManifests != "" {
+		if err := buildKustomization(localManifests, manifest); err != nil {
+			return "", fmt.Errorf("build kustomization failed: %w", err)
+		}
+
+		return manifest, nil
+	}
+
 	gotkDir := path.Join(tmpDir, ".gotk")
 	defer os.RemoveAll(gotkDir)
 
@@ -78,16 +128,12 @@ func generateInstallManifests(targetPath, namespace, tmpDir string) (string, err
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, gotkDir); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents,
+		bootstrapWatchAllNamespaces, bootstrapNetworkPolicy, bootstrapRegistry, bootstrapImagePullSecret,
+		bootstrapArch, bootstrapLogLevel, gotkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	manifestsDir := path.Join(tmpDir, targetPath, namespace)
-	if err := os.MkdirAll(manifestsDir, os.ModePerm); err != nil {
-		return "", fmt.Errorf("generating manifests failed: %w", err)
-	}
-
-	manifest := path.Join(manifestsDir, bootstrapInstallManifest)
 	if err := buildKustomization(gotkDir, manifest); err != nil {
 		return "", fmt.Errorf("build kustomization failed: %w", err)
 	}
@@ -111,8 +157,8 @@ func applyInstallManifests(ctx context.Context, manifestPath string, components
 	return nil
 }
 
-func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, interval time.Duration) error {
-	gvk := sourcev1.GroupVersion.WithKind("GitRepository")
+func generateSyncManifests(url, branch, name, namespace, targetPath, tmpDir string, interval time.Duration) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)
 	gitRepository := sourcev1.GitRepository{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       gvk.Kind,
@@ -128,7 +174,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 				Duration: interval,
 			},
 			Reference: &sourcev1.GitRepositoryRef{
-				Branch: "master",
+				Branch: branch,
 			},
 			SecretRef: &corev1.LocalObjectReference{
 				Name: name,
@@ -145,7 +191,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 		return err
 	}
 
-	gvk = kustomizev1.GroupVersion.WithKind("Kustomization")
+	gvk = kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)
 	kustomization := kustomizev1.Kustomization{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       gvk.Kind,
@@ -161,7 +207,7 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 			},
 			Path:  fmt.Sprintf("./%s", strings.TrimPrefix(targetPath, "./")),
 			Prune: true,
-			SourceRef: kustomizev1.CrossNamespaceObjectReference{
+			SourceRef: kustomizev1.CrossNamespaceSourceReference{
 				Kind: sourcev1.GitRepositoryKind,
 				Name: name,
 			},
@@ -177,11 +223,15 @@ func generateSyncManifests(url, name, namespace, targetPath, tmpDir string, inte
 		return err
 	}
 
+	if err := utils.generateKustomizationYaml(filepath.Join(tmpDir, targetPath, namespace)); err != nil {
+		return err
+	}
+
 	return nil
 }
 
 func applySyncManifests(ctx context.Context, kubeClient client.Client, name, namespace, targetPath, tmpDir string) error {
-	command := fmt.Sprintf("kubectl apply -f %s", filepath.Join(tmpDir, targetPath, namespace))
+	command := fmt.Sprintf("kubectl apply -k %s", filepath.Join(tmpDir, targetPath, namespace))
 	if _, err := utils.execCommand(ctx, ModeStderrOS, command); err != nil {
 		return err
 	}

cmd/gotk/bootstrap_github.go

@@ -55,6 +55,9 @@ the bootstrap command will perform an upgrade if needed.`,
 
   # Run bootstrap for a private repo hosted on GitHub Enterprise
   gotk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --branch=main
 `,
 	RunE: bootstrapGitHubCmdRun,
 }
@@ -68,6 +71,7 @@ var (
 	ghHostname   string
 	ghPath       string
 	ghTeams      []string
+	ghDelete     bool
 )
 
 const (
@@ -84,6 +88,9 @@ func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&ghHostname, "hostname", git.GitHubDefaultHostname, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().StringVar(&ghPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
 
+	bootstrapGitHubCmd.Flags().BoolVar(&ghDelete, "delete", false, "delete repository (used for testing only)")
+	bootstrapGitHubCmd.Flags().MarkHidden("delete")
+
 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
 }
 
@@ -93,6 +100,10 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitHubTokenName)
 	}
 
+	if err := bootstrapValidate(); err != nil {
+		return err
+	}
+
 	repository, err := git.NewRepository(ghRepository, ghOwner, ghHostname, ghToken, "gotk", ghOwner+"@users.noreply.github.com")
 	if err != nil {
 		return err
@@ -103,11 +114,6 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		IsPersonal: ghPersonal,
 	}
 
-	kubeClient, err := utils.kubeClient(kubeconfig)
-	if err != nil {
-		return err
-	}
-
 	tmpDir, err := ioutil.TempDir("", namespace)
 	if err != nil {
 		return err
@@ -117,6 +123,14 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
+	if ghDelete {
+		if err := provider.DeleteRepository(ctx, repository); err != nil {
+			return err
+		}
+		logger.Successf("repository deleted")
+		return nil
+	}
+
 	// create GitHub repository if doesn't exists
 	logger.Actionf("connecting to %s", ghHostname)
 	changed, err := provider.CreateRepository(ctx, repository)
@@ -148,7 +162,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	manifest, err := generateInstallManifests(ghPath, namespace, tmpDir)
+	manifest, err := generateInstallManifests(ghPath, namespace, tmpDir, bootstrapManifestsPath)
 	if err != nil {
 		return err
 	}
@@ -169,6 +183,11 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("components are up to date")
 	}
 
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	// determine if repo synchronization is working
 	isInstall := shouldInstallManifests(ctx, kubeClient, namespace)
 
@@ -207,28 +226,25 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// configure repo synchronization
-	if isInstall {
-		// generate source and kustomization manifests
-		logger.Actionf("generating sync manifests")
-		if err := generateSyncManifests(repository.GetSSH(), namespace, namespace, ghPath, tmpDir, ghInterval); err != nil {
-			return err
-		}
+	logger.Actionf("generating sync manifests")
+	if err := generateSyncManifests(repository.GetSSH(), bootstrapBranch, namespace, namespace, ghPath, tmpDir, ghInterval); err != nil {
+		return err
+	}
 
-		// commit and push manifests
-		if changed, err = repository.Commit(ctx, path.Join(ghPath, namespace), "Add manifests"); err != nil {
+	// commit and push manifests
+	if changed, err = repository.Commit(ctx, path.Join(ghPath, namespace), "Add manifests"); err != nil {
+		return err
+	} else if changed {
+		if err := repository.Push(ctx); err != nil {
 			return err
-		} else if changed {
-			if err := repository.Push(ctx); err != nil {
-				return err
-			}
-			logger.Successf("sync manifests pushed")
 		}
+		logger.Successf("sync manifests pushed")
+	}
 
-		// apply manifests and waiting for sync
-		logger.Actionf("applying sync manifests")
-		if err := applySyncManifests(ctx, kubeClient, namespace, namespace, ghPath, tmpDir); err != nil {
-			return err
-		}
+	// apply manifests and waiting for sync
+	logger.Actionf("applying sync manifests")
+	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, ghPath, tmpDir); err != nil {
+		return err
 	}
 
 	if withErrors {

cmd/gotk/bootstrap_gitlab.go

@@ -52,6 +52,9 @@ the bootstrap command will perform an upgrade if needed.`,
 
   # Run bootstrap for a private repo hosted on a GitLab server 
   gotk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap gitlab --owner=<organization> --repository=<repo name> --branch=main
 `,
 	RunE: bootstrapGitLabCmdRun,
 }
@@ -86,6 +89,10 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("%s environment variable not found", git.GitLabTokenName)
 	}
 
+	if err := bootstrapValidate(); err != nil {
+		return err
+	}
+
 	repository, err := git.NewRepository(glRepository, glOwner, glHostname, glToken, "gotk", glOwner+"@users.noreply.gitlab.com")
 	if err != nil {
 		return err
@@ -132,7 +139,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 
 	// generate install manifests
 	logger.Generatef("generating manifests")
-	manifest, err := generateInstallManifests(glPath, namespace, tmpDir)
+	manifest, err := generateInstallManifests(glPath, namespace, tmpDir, bootstrapManifestsPath)
 	if err != nil {
 		return err
 	}
@@ -191,28 +198,25 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// configure repo synchronization
-	if isInstall {
-		// generate source and kustomization manifests
-		logger.Actionf("generating sync manifests")
-		if err := generateSyncManifests(repository.GetSSH(), namespace, namespace, glPath, tmpDir, glInterval); err != nil {
-			return err
-		}
+	logger.Actionf("generating sync manifests")
+	if err := generateSyncManifests(repository.GetSSH(), bootstrapBranch, namespace, namespace, glPath, tmpDir, glInterval); err != nil {
+		return err
+	}
 
-		// commit and push manifests
-		if changed, err = repository.Commit(ctx, path.Join(glPath, namespace), "Add manifests"); err != nil {
+	// commit and push manifests
+	if changed, err = repository.Commit(ctx, path.Join(glPath, namespace), "Add manifests"); err != nil {
+		return err
+	} else if changed {
+		if err := repository.Push(ctx); err != nil {
 			return err
-		} else if changed {
-			if err := repository.Push(ctx); err != nil {
-				return err
-			}
-			logger.Successf("sync manifests pushed")
 		}
+		logger.Successf("sync manifests pushed")
+	}
 
-		// apply manifests and waiting for sync
-		logger.Actionf("applying sync manifests")
-		if err := applySyncManifests(ctx, kubeClient, namespace, namespace, glPath, tmpDir); err != nil {
-			return err
-		}
+	// apply manifests and waiting for sync
+	logger.Actionf("applying sync manifests")
+	if err := applySyncManifests(ctx, kubeClient, namespace, namespace, glPath, tmpDir); err != nil {
+		return err
 	}
 
 	logger.Successf("bootstrap finished")

cmd/gotk/check.go

@@ -23,7 +23,7 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/blang/semver"
+	"github.com/blang/semver/v4"
 	"github.com/spf13/cobra"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"

cmd/gotk/completion.go

@@ -17,26 +17,13 @@ limitations under the License.
 package main
 
 import (
-	"os"
-
 	"github.com/spf13/cobra"
 )
 
 var completionCmd = &cobra.Command{
 	Use:   "completion",
-	Short: "Generates bash completion scripts",
-	Example: `To load completion run
-
-. <(gotk completion)
-
-To configure your bash shell to load completions for each session add to your bashrc
-
-# ~/.bashrc or ~/.profile
-. <(gotk completion)
-`,
-	Run: func(cmd *cobra.Command, args []string) {
-		rootCmd.GenBashCompletion(os.Stdout)
-	},
+	Short: "Generates completion scripts for various shells",
+	Long:  "The completion sub-command generates completion scripts for various shells",
 }
 
 func init() {

cmd/gotk/completion_bash.go

@@ -0,0 +1,44 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionBashCmd = &cobra.Command{
+	Use:   "bash",
+	Short: "Generates bash completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion bash)
+
+To configure your bash shell to load completions for each session add to your bashrc
+
+# ~/.bashrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion bash)
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenBashCompletion(os.Stdout)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionBashCmd)
+}

cmd/gotk/completion_fish.go

@@ -0,0 +1,45 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionFishCmd = &cobra.Command{
+	Use:   "fish",
+	Short: "Generates fish completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion fish)
+
+To configure your fish shell to load completions for each session write this script to your completions dir:
+
+gotk completion fish > ~/.config/fish/completions/gotk
+
+See http://fishshell.com/docs/current/index.html#completion-own for more details
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenFishCompletion(os.Stdout, true)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionFishCmd)
+}

cmd/gotk/completion_powershell.go

@@ -0,0 +1,51 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionPowerShellCmd = &cobra.Command{
+	Use:   "powershell",
+	Short: "Generates powershell completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion powershell)
+
+To configure your powershell shell to load completions for each session add to your powershell profile
+
+Windows:
+
+cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
+gotk completion >> gotk-completion.ps1
+
+Linux:
+
+cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
+gotk completion >> gotk-completions.ps1
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenPowerShellCompletion(os.Stdout)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionPowerShellCmd)
+}

cmd/gotk/completion_zsh.go

@@ -0,0 +1,52 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var completionZshCmd = &cobra.Command{
+	Use:   "zsh",
+	Short: "Generates zsh completion scripts",
+	Example: `To load completion run
+
+. <(gotk completion zsh) && compdef _gotk gotk
+
+To configure your zsh shell to load completions for each session add to your zshrc
+
+# ~/.zshrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion zsh) && compdef _gotk gotk
+
+or write a cached file in one of the completion directories in your ${fpath}:
+
+echo "${fpath// /\n}" | grep -i completion
+gotk completions zsh > _gotk
+
+mv _gotk ~/.oh-my-zsh/completions  # oh-my-zsh
+mv _gotk ~/.zprezto/modules/completion/external/src/  # zprezto
+`,
+	Run: func(cmd *cobra.Command, args []string) {
+		rootCmd.GenZshCompletion(os.Stdout)
+	},
+}
+
+func init() {
+	completionCmd.AddCommand(completionZshCmd)
+}

cmd/gotk/create.go

@@ -17,8 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
+	"strings"
 	"time"
 
+	"k8s.io/apimachinery/pkg/util/validation"
+
 	"github.com/spf13/cobra"
 )
 
@@ -31,10 +35,38 @@ var createCmd = &cobra.Command{
 var (
 	interval time.Duration
 	export   bool
+	labels   []string
 )
 
 func init() {
 	createCmd.PersistentFlags().DurationVarP(&interval, "interval", "", time.Minute, "source sync interval")
 	createCmd.PersistentFlags().BoolVar(&export, "export", false, "export in YAML format to stdout")
+	createCmd.PersistentFlags().StringSliceVar(&labels, "label", nil,
+		"set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)")
 	rootCmd.AddCommand(createCmd)
 }
+
+func parseLabels() (map[string]string, error) {
+	result := make(map[string]string)
+	for _, label := range labels {
+		// validate key value pair
+		parts := strings.Split(label, "=")
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid label format '%s', must be key=value", label)
+		}
+
+		// validate label name
+		if errors := validation.IsQualifiedName(parts[0]); len(errors) > 0 {
+			return nil, fmt.Errorf("invalid label '%s': %v", parts[0], errors)
+		}
+
+		// validate label value
+		if errors := validation.IsValidLabelValue(parts[1]); len(errors) > 0 {
+			return nil, fmt.Errorf("invalid label value '%s': %v", parts[1], errors)
+		}
+
+		result[parts[0]] = parts[1]
+	}
+
+	return result, nil
+}

cmd/gotk/create_helmrelease.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"io/ioutil"
 
 	"github.com/spf13/cobra"
@@ -32,8 +33,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createHelmReleaseCmd = &cobra.Command{
@@ -41,29 +42,47 @@ var createHelmReleaseCmd = &cobra.Command{
 	Aliases: []string{"hr"},
 	Short:   "Create or update a HelmRelease resource",
 	Long:    "The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.",
-	Example: `  # Create a HelmRelease from a source
+	Example: `  # Create a HelmRelease with a chart from a HelmRepository source
   gotk create hr podinfo \
     --interval=10m \
-    --release-name=podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --chart-version=">4.0.0"
 
-  # Create a HelmRelease with values for a local YAML file
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with a chart from a Bucket source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=Bucket/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
   gotk create hr podinfo \
     --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
-    --values=./my-values.yaml
+    --source=HelmRepository/podinfo \
+    --chart=podinfo
 
   # Create a HelmRelease definition on disk without applying it on the cluster
   gotk create hr podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --values=./values.yaml \
     --export > podinfo-release.yaml
 `,
@@ -74,18 +93,18 @@ var (
 	hrName            string
 	hrSource          string
 	hrDependsOn       []string
-	hrChartName       string
+	hrChart           string
 	hrChartVersion    string
 	hrTargetNamespace string
 	hrValuesFile      string
 )
 
 func init() {
-	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'")
-	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "HelmRepository name")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartName, "chart-name", "", "Helm chart name")
-	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts semver range")
-	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed")
+	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'")
+	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "source that contains the chart (<kind>/<name>)")
+	createHelmReleaseCmd.Flags().StringVar(&hrChart, "chart", "", "Helm chart name or path")
+	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
+	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
 	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
 	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
 	createCmd.AddCommand(createHelmReleaseCmd)
@@ -100,17 +119,19 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	if hrSource == "" {
 		return fmt.Errorf("source is required")
 	}
-	if hrChartName == "" {
-		return fmt.Errorf("chart name is required")
+	sourceKind, sourceName := utils.parseObjectKindName(hrSource)
+	if sourceKind == "" {
+		return fmt.Errorf("invalid source '%s', must be in format <kind>/<name>", hrSource)
 	}
-	if hrChartVersion == "" {
-		return fmt.Errorf("chart version is required")
+	if !utils.containsItemString(supportedHelmChartSourceKinds, sourceKind) {
+		return fmt.Errorf("source kind %s is not supported, can be %v",
+			sourceKind, supportedHelmChartSourceKinds)
+	}
+	if hrChart == "" {
+		return fmt.Errorf("chart name or path is required")
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-
-	kubeClient, err := utils.kubeClient(kubeconfig)
+	sourceLabels, err := parseLabels()
 	if err != nil {
 		return err
 	}
@@ -123,20 +144,23 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: helmv2.HelmReleaseSpec{
 			ReleaseName: hrName,
-			DependsOn:   hrDependsOn,
+			DependsOn:   utils.makeDependsOn(hrDependsOn),
 			Interval: metav1.Duration{
 				Duration: interval,
 			},
 			TargetNamespace: hrTargetNamespace,
 			Chart: helmv2.HelmChartTemplate{
-				Name:    hrChartName,
-				Version: hrChartVersion,
-				SourceRef: helmv2.CrossNamespaceObjectReference{
-					Kind: sourcev1.HelmRepositoryKind,
-					Name: hrSource,
+				Spec: helmv2.HelmChartTemplateSpec{
+					Chart:   hrChart,
+					Version: hrChartVersion,
+					SourceRef: helmv2.CrossNamespaceObjectReference{
+						Kind: sourceKind,
+						Name: sourceName,
+					},
 				},
 			},
 			Suspend: false,
@@ -161,6 +185,14 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		return exportHelmRelease(helmRelease)
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	logger.Actionf("applying release")
 	if err := upsertHelmRelease(ctx, kubeClient, helmRelease); err != nil {
 		return err
@@ -217,6 +249,7 @@ func upsertHelmRelease(ctx context.Context, kubeClient client.Client, helmReleas
 		return err
 	}
 
+	existing.Labels = helmRelease.Labels
 	existing.Spec = helmRelease.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -242,13 +275,37 @@ func isHelmChartReady(ctx context.Context, kubeClient client.Client, name, names
 			return false, err
 		}
 
-		for _, condition := range helmChart.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(helmChart.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
+			}
+		}
+		return false, nil
+	}
+}
+
+func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var helmRelease helmv2.HelmRelease
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &helmRelease)
+		if err != nil {
+			return false, err
+		}
+
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_kustomization.go

@@ -30,15 +30,17 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	"github.com/fluxcd/pkg/apis/meta"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createKsCmd = &cobra.Command{
 	Use:     "kustomization [name]",
 	Aliases: []string{"ks"},
 	Short:   "Create or update a Kustomization resource",
-	Long:    "The kustomization source create command generates a Kustomize resource for a given GitRepository source.",
+	Long:    "The kustomization source create command generates a Kustomize resource for a given source.",
 	Example: `  # Create a Kustomization resource from a source at a given path
   gotk create kustomization contour \
     --source=contour \
@@ -59,41 +61,42 @@ var createKsCmd = &cobra.Command{
     --interval=5m \
     --validation=client
 
-  # Create a Kustomization resource that runs under a service account
-  gotk create kustomization webapp \
-    --source=webapp \
-    --path="./deploy/overlays/staging" \
+  # Create a Kustomization resource that references a Bucket
+  gotk create kustomization secrets \
+    --source=Bucket/secrets \
     --prune=true \
-    --interval=5m \
-    --validation=client \
-    --sa-name=reconclier \
-    --sa-namespace=staging
+    --interval=5m
 `,
 	RunE: createKsCmdRun,
 }
 
 var (
-	ksSource        string
-	ksPath          string
-	ksPrune         bool
-	ksDependsOn     []string
-	ksValidation    string
-	ksHealthCheck   []string
-	ksHealthTimeout time.Duration
-	ksSAName        string
-	ksSANamespace   string
+	ksSource             string
+	ksPath               string
+	ksPrune              bool
+	ksDependsOn          []string
+	ksValidation         string
+	ksHealthCheck        []string
+	ksHealthTimeout      time.Duration
+	ksSAName             string
+	ksSANamespace        string
+	ksDecryptionProvider string
+	ksDecryptionSecret   string
 )
 
 func init() {
-	createKsCmd.Flags().StringVar(&ksSource, "source", "", "GitRepository name")
+	createKsCmd.Flags().StringVar(&ksSource, "source", "",
+		"source that contains the Kubernetes manifests in the format '[<kind>/]<name>', where kind can be GitRepository or Bucket, if kind is not specified it defaults to GitRepository")
 	createKsCmd.Flags().StringVar(&ksPath, "path", "./", "path to the directory containing the Kustomization file")
 	createKsCmd.Flags().BoolVar(&ksPrune, "prune", false, "enable garbage collection")
 	createKsCmd.Flags().StringArrayVar(&ksHealthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
 	createKsCmd.Flags().DurationVar(&ksHealthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
 	createKsCmd.Flags().StringVar(&ksValidation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
-	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied")
+	createKsCmd.Flags().StringArrayVar(&ksDependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
 	createKsCmd.Flags().StringVar(&ksSAName, "sa-name", "", "service account name")
 	createKsCmd.Flags().StringVar(&ksSANamespace, "sa-namespace", "", "service account namespace")
+	createKsCmd.Flags().StringVar(&ksDecryptionProvider, "decryption-provider", "", "enables secrets decryption, provider can be 'sops'")
+	createKsCmd.Flags().StringVar(&ksDecryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createCmd.AddCommand(createKsCmd)
 }
 
@@ -106,6 +109,16 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	if ksSource == "" {
 		return fmt.Errorf("source is required")
 	}
+
+	sourceKind, sourceName := utils.parseObjectKindName(ksSource)
+	if sourceKind == "" {
+		sourceKind = sourcev1.GitRepositoryKind
+	}
+	if !utils.containsItemString(supportedKustomizationSourceKinds, sourceKind) {
+		return fmt.Errorf("source kind %s is not supported, can be %v",
+			sourceKind, supportedKustomizationSourceKinds)
+	}
+
 	if ksPath == "" {
 		return fmt.Errorf("path is required")
 	}
@@ -117,21 +130,27 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating kustomization")
 	}
 
+	ksLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
 	kustomization := kustomizev1.Kustomization{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    ksLabels,
 		},
 		Spec: kustomizev1.KustomizationSpec{
-			DependsOn: ksDependsOn,
+			DependsOn: utils.makeDependsOn(ksDependsOn),
 			Interval: metav1.Duration{
 				Duration: interval,
 			},
 			Path:  ksPath,
 			Prune: ksPrune,
-			SourceRef: kustomizev1.CrossNamespaceObjectReference{
-				Kind: sourcev1.GitRepositoryKind,
-				Name: ksSource,
+			SourceRef: kustomizev1.CrossNamespaceSourceReference{
+				Kind: sourceKind,
+				Name: sourceName,
 			},
 			Suspend:    false,
 			Validation: ksValidation,
@@ -139,31 +158,39 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if len(ksHealthCheck) > 0 {
-		healthChecks := make([]kustomizev1.WorkloadReference, 0)
+		healthChecks := make([]kustomizev1.CrossNamespaceObjectReference, 0)
 		for _, w := range ksHealthCheck {
 			kindObj := strings.Split(w, "/")
 			if len(kindObj) != 2 {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace' %v", w, kindObj)
 			}
 			kind := kindObj[0]
+
+			//TODO: (stefan) extend this list with all the kstatus builtin kinds
 			kinds := map[string]bool{
-				"Deployment":  true,
-				"DaemonSet":   true,
-				"StatefulSet": true,
+				"Deployment":           true,
+				"DaemonSet":            true,
+				"StatefulSet":          true,
+				helmv2.HelmReleaseKind: true,
 			}
 			if !kinds[kind] {
-				return fmt.Errorf("invalid health check kind '%s' can be Deployment, DaemonSet or StatefulSet", kind)
+				return fmt.Errorf("invalid health check kind '%s' can be HelmRelease, Deployment, DaemonSet or StatefulSet", kind)
 			}
 			nameNs := strings.Split(kindObj[1], ".")
 			if len(nameNs) != 2 {
 				return fmt.Errorf("invalid health check '%s' must be in the format 'kind/name.namespace'", w)
 			}
 
-			healthChecks = append(healthChecks, kustomizev1.WorkloadReference{
+			check := kustomizev1.CrossNamespaceObjectReference{
 				Kind:      kind,
 				Name:      nameNs[0],
 				Namespace: nameNs[1],
-			})
+			}
+
+			if kind == helmv2.HelmReleaseKind {
+				check.APIVersion = helmv2.GroupVersion.String()
+			}
+			healthChecks = append(healthChecks, check)
 		}
 		kustomization.Spec.HealthChecks = healthChecks
 		kustomization.Spec.Timeout = &metav1.Duration{
@@ -178,6 +205,21 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	if ksDecryptionProvider != "" {
+		if !utils.containsItemString(supportedDecryptionProviders, ksDecryptionProvider) {
+			return fmt.Errorf("decryption provider %s is not supported, can be %v",
+				ksDecryptionProvider, supportedDecryptionProviders)
+		}
+
+		kustomization.Spec.Decryption = &kustomizev1.Decryption{
+			Provider: ksDecryptionProvider,
+		}
+
+		if ksDecryptionSecret != "" {
+			kustomization.Spec.Decryption.SecretRef = &corev1.LocalObjectReference{Name: ksDecryptionSecret}
+		}
+	}
+
 	if export {
 		return exportKs(kustomization)
 	}
@@ -241,6 +283,7 @@ func upsertKustomization(ctx context.Context, kubeClient client.Client, kustomiz
 		return err
 	}
 
+	existing.Labels = kustomization.Labels
 	existing.Spec = kustomization.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -263,13 +306,12 @@ func isKustomizationReady(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_source_bucket.go

@@ -0,0 +1,230 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var createSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Create or update a Bucket source",
+	Long: `
+The create source bucket command generates a Bucket resource and waits for it to be downloaded.
+For Buckets with static authentication, the credentials are stored in a Kubernetes secret.`,
+	Example: `  # Create a source from a Buckets using static authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+    --endpoint=minio.minio.svc.cluster.local:9000 \
+	--insecure=true \
+	--access-key=myaccesskey \
+	--secret-key=mysecretkey \
+    --interval=10m
+
+  # Create a source from an Amazon S3 Bucket using IAM authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+	--provider=aws \
+    --endpoint=s3.amazonaws.com \
+	--region=us-east-1 \
+    --interval=10m
+`,
+	RunE: createSourceBucketCmdRun,
+}
+
+var (
+	sourceBucketName      string
+	sourceBucketProvider  string
+	sourceBucketEndpoint  string
+	sourceBucketAccessKey string
+	sourceBucketSecretKey string
+	sourceBucketRegion    string
+	sourceBucketInsecure  bool
+)
+
+func init() {
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketProvider, "provider", sourcev1.GenericBucketProvider, "the S3 compatible storage provider name, can be 'generic' or 'aws'")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketName, "bucket-name", "", "the bucket name")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketEndpoint, "endpoint", "", "the bucket endpoint address")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketAccessKey, "access-key", "", "the bucket access key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketSecretKey, "secret-key", "", "the bucket secret key")
+	createSourceBucketCmd.Flags().StringVar(&sourceBucketRegion, "region", "", "the bucket region")
+	createSourceBucketCmd.Flags().BoolVar(&sourceBucketInsecure, "insecure", false, "for when connecting to a non-TLS S3 HTTP endpoint")
+
+	createSourceCmd.AddCommand(createSourceBucketCmd)
+}
+
+func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("source name is required")
+	}
+	name := args[0]
+	secretName := fmt.Sprintf("bucket-%s", name)
+
+	if !utils.containsItemString(supportedSourceBucketProviders, sourceBucketProvider) {
+		return fmt.Errorf("bucket provider %s is not supported, can be %v",
+			sourceBucketProvider, supportedSourceBucketProviders)
+	}
+
+	if sourceBucketName == "" {
+		return fmt.Errorf("bucket-name is required")
+	}
+
+	if sourceBucketEndpoint == "" {
+		return fmt.Errorf("endpoint is required")
+	}
+
+	sourceLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
+	tmpDir, err := ioutil.TempDir("", name)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	bucket := sourcev1.Bucket{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+			Labels:    sourceLabels,
+		},
+		Spec: sourcev1.BucketSpec{
+			BucketName: sourceBucketName,
+			Provider:   sourceBucketProvider,
+			Insecure:   sourceBucketInsecure,
+			Endpoint:   sourceBucketEndpoint,
+			Region:     sourceBucketRegion,
+			Interval: metav1.Duration{
+				Duration: interval,
+			},
+		},
+	}
+
+	if export {
+		return exportBucket(bucket)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	logger.Generatef("generating source")
+
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: namespace,
+		},
+		StringData: map[string]string{},
+	}
+
+	if sourceBucketAccessKey != "" && sourceBucketSecretKey != "" {
+		secret.StringData["accesskey"] = sourceBucketAccessKey
+		secret.StringData["secretkey"] = sourceBucketSecretKey
+	}
+
+	if len(secret.StringData) > 0 {
+		logger.Actionf("applying secret with the bucket credentials")
+		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			return err
+		}
+		bucket.Spec.SecretRef = &corev1.LocalObjectReference{
+			Name: secretName,
+		}
+		logger.Successf("authentication configured")
+	}
+
+	logger.Actionf("applying source")
+	if err := upsertBucket(ctx, kubeClient, bucket); err != nil {
+		return err
+	}
+
+	logger.Waitingf("waiting for download")
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isBucketReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("download completed")
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return fmt.Errorf("could not retrieve bucket: %w", err)
+	}
+
+	if bucket.Status.Artifact != nil {
+		logger.Successf("fetched revision: %s", bucket.Status.Artifact.Revision)
+	} else {
+		return fmt.Errorf("download failed, artifact not found")
+	}
+
+	return nil
+}
+
+func upsertBucket(ctx context.Context, kubeClient client.Client, bucket sourcev1.Bucket) error {
+	namespacedName := types.NamespacedName{
+		Namespace: bucket.GetNamespace(),
+		Name:      bucket.GetName(),
+	}
+
+	var existing sourcev1.Bucket
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &bucket); err != nil {
+				return err
+			} else {
+				logger.Successf("source created")
+				return nil
+			}
+		}
+		return err
+	}
+
+	existing.Labels = bucket.Labels
+	existing.Spec = bucket.Spec
+	if err := kubeClient.Update(ctx, &existing); err != nil {
+		return err
+	}
+
+	logger.Successf("source updated")
+	return nil
+}

cmd/gotk/create_source_git.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"crypto/elliptic"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"io/ioutil"
 	"net/url"
 	"os"
 	"time"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -129,10 +130,16 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
 
+	sourceLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
 	gitRepository := sourcev1.GitRepository{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.GitRepositorySpec{
 			URL: sourceGitURL,
@@ -343,6 +350,7 @@ func upsertGitRepository(ctx context.Context, kubeClient client.Client, gitRepos
 		return err
 	}
 
+	existing.Labels = gitRepository.Labels
 	existing.Spec = gitRepository.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -365,13 +373,12 @@ func isGitRepositoryReady(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range gitRepository.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(gitRepository.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/create_source_helm.go

@@ -19,18 +19,19 @@ package main
 import (
 	"context"
 	"fmt"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
-	"github.com/spf13/cobra"
 	"io/ioutil"
+	"net/url"
+	"os"
+
+	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"net/url"
-	"os"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createSourceHelmCmd = &cobra.Command{
@@ -91,6 +92,11 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("url is required")
 	}
 
+	sourceLabels, err := parseLabels()
+	if err != nil {
+		return err
+	}
+
 	tmpDir, err := ioutil.TempDir("", name)
 	if err != nil {
 		return err
@@ -105,6 +111,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
+			Labels:    sourceLabels,
 		},
 		Spec: sourcev1.HelmRepositorySpec{
 			URL: sourceHelmURL,
@@ -225,6 +232,7 @@ func upsertHelmRepository(ctx context.Context, kubeClient client.Client, helmRep
 		return err
 	}
 
+	existing.Labels = helmRepository.Labels
 	existing.Spec = helmRepository.Spec
 	if err := kubeClient.Update(ctx, &existing); err != nil {
 		return err
@@ -233,27 +241,3 @@ func upsertHelmRepository(ctx context.Context, kubeClient client.Client, helmRep
 	logger.Successf("source updated")
 	return nil
 }
-
-func exportHelmRepository(source sourcev1.HelmRepository) error {
-	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
-	export := sourcev1.HelmRepository{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       gvk.Kind,
-			APIVersion: gvk.GroupVersion().String(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      source.Name,
-			Namespace: source.Namespace,
-		},
-		Spec: source.Spec,
-	}
-
-	data, err := yaml.Marshal(export)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(string(data))
-	return nil
-}

cmd/gotk/create_tenant.go

@@ -0,0 +1,257 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/equality"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/validation"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+)
+
+var createTenantCmd = &cobra.Command{
+	Use:   "tenant",
+	Short: "Create or update a tenant",
+	Long: `
+The create tenant command generates namespaces and role bindings to limit the
+reconcilers scope to the tenant namespaces.`,
+	Example: `  # Create a tenant with access to a namespace 
+  gotk create tenant dev-team \
+    --with-namespace=frontend \
+    --label=environment=dev
+
+  # Generate tenant namespaces and role bindings in YAML format
+  gotk create tenant dev-team \
+    --with-namespace=frontend \
+    --with-namespace=backend \
+	--export > dev-team.yaml
+`,
+	RunE: createTenantCmdRun,
+}
+
+const (
+	tenantLabel       = "toolkit.fluxcd.io/tenant"
+	tenantRoleBinding = "gotk-reconciler"
+)
+
+var (
+	tenantNamespaces  []string
+	tenantClusterRole string
+)
+
+func init() {
+	createTenantCmd.Hidden = true
+	createTenantCmd.Flags().StringSliceVar(&tenantNamespaces, "with-namespace", nil, "namespace belonging to this tenant")
+	createTenantCmd.Flags().StringVar(&tenantClusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding")
+	createCmd.AddCommand(createTenantCmd)
+}
+
+func createTenantCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("tenant name is required")
+	}
+	tenant := args[0]
+	if err := validation.IsQualifiedName(tenant); len(err) > 0 {
+		return fmt.Errorf("invalid tenant name '%s': %v", tenant, err)
+	}
+
+	if tenantClusterRole == "" {
+		return fmt.Errorf("cluster-role is required")
+	}
+
+	if tenantNamespaces == nil {
+		return fmt.Errorf("with-namespace is required")
+	}
+
+	var namespaces []corev1.Namespace
+	var roleBindings []rbacv1.RoleBinding
+
+	for _, ns := range tenantNamespaces {
+		if err := validation.IsQualifiedName(ns); len(err) > 0 {
+			return fmt.Errorf("invalid namespace '%s': %v", ns, err)
+		}
+
+		objLabels, err := parseLabels()
+		if err != nil {
+			return err
+		}
+
+		objLabels[tenantLabel] = tenant
+
+		namespace := corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   ns,
+				Labels: objLabels,
+			},
+		}
+		namespaces = append(namespaces, namespace)
+
+		roleBinding := rbacv1.RoleBinding{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      tenantRoleBinding,
+				Namespace: ns,
+				Labels:    objLabels,
+			},
+			Subjects: []rbacv1.Subject{
+				{
+					APIGroup: "rbac.authorization.k8s.io",
+					Kind:     "User",
+					Name:     fmt.Sprintf("gotk:%s:reconciler", ns),
+				},
+			},
+			RoleRef: rbacv1.RoleRef{
+				APIGroup: "rbac.authorization.k8s.io",
+				Kind:     "ClusterRole",
+				Name:     tenantClusterRole,
+			},
+		}
+		roleBindings = append(roleBindings, roleBinding)
+	}
+
+	if export {
+		for i, _ := range tenantNamespaces {
+			if err := exportTenant(namespaces[i], roleBindings[1]); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	for i, _ := range tenantNamespaces {
+		logger.Actionf("applying namespace %s", namespaces[i].Name)
+		if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil {
+			return err
+		}
+
+		logger.Actionf("applying role binding %s", roleBindings[i].Name)
+		if err := upsertRoleBinding(ctx, kubeClient, roleBindings[i]); err != nil {
+			return err
+		}
+	}
+
+	logger.Successf("tenant setup completed")
+	return nil
+}
+
+func upsertNamespace(ctx context.Context, kubeClient client.Client, namespace corev1.Namespace) error {
+	namespacedName := types.NamespacedName{
+		Namespace: namespace.GetNamespace(),
+		Name:      namespace.GetName(),
+	}
+
+	var existing corev1.Namespace
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &namespace); err != nil {
+				return err
+			} else {
+				return nil
+			}
+		}
+		return err
+	}
+
+	if !equality.Semantic.DeepDerivative(namespace.Labels, existing.Labels) {
+		existing.Labels = namespace.Labels
+		if err := kubeClient.Update(ctx, &existing); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func upsertRoleBinding(ctx context.Context, kubeClient client.Client, roleBinding rbacv1.RoleBinding) error {
+	namespacedName := types.NamespacedName{
+		Namespace: roleBinding.GetNamespace(),
+		Name:      roleBinding.GetName(),
+	}
+
+	var existing rbacv1.RoleBinding
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &roleBinding); err != nil {
+				return err
+			} else {
+				return nil
+			}
+		}
+		return err
+	}
+
+	if !equality.Semantic.DeepDerivative(roleBinding.Subjects, existing.Subjects) ||
+		!equality.Semantic.DeepDerivative(roleBinding.RoleRef, existing.RoleRef) ||
+		!equality.Semantic.DeepDerivative(roleBinding.Labels, existing.Labels) {
+		if err := kubeClient.Delete(ctx, &existing); err != nil {
+			return err
+		}
+		if err := kubeClient.Create(ctx, &roleBinding); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func exportTenant(namespace corev1.Namespace, roleBinding rbacv1.RoleBinding) error {
+	namespace.TypeMeta = metav1.TypeMeta{
+		APIVersion: "v1",
+		Kind:       "Namespace",
+	}
+	data, err := yaml.Marshal(namespace)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	data = bytes.Replace(data, []byte("spec: {}\n"), []byte(""), 1)
+	fmt.Println(resourceToString(data))
+
+	roleBinding.TypeMeta = metav1.TypeMeta{
+		APIVersion: "rbac.authorization.k8s.io/v1",
+		Kind:       "RoleBinding",
+	}
+	data, err = yaml.Marshal(roleBinding)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+
+	return nil
+}

cmd/gotk/delete_helmrelease.go

@@ -24,7 +24,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var deleteHelmReleaseCmd = &cobra.Command{

cmd/gotk/delete_kustomization.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"

cmd/gotk/delete_source_bucket.go

@@ -0,0 +1,86 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/manifoldco/promptui"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+var deleteSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Delete a Bucket source",
+	Long:  "The delete source bucket command deletes the given Bucket from the cluster.",
+	Example: `  # Delete a Bucket source
+  gotk delete source bucket podinfo
+`,
+	RunE: deleteSourceBucketCmdRun,
+}
+
+func init() {
+	deleteSourceCmd.AddCommand(deleteSourceBucketCmd)
+}
+
+func deleteSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	var bucket sourcev1.Bucket
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if !deleteSilent {
+		prompt := promptui.Prompt{
+			Label:     "Are you sure you want to delete this source",
+			IsConfirm: true,
+		}
+		if _, err := prompt.Run(); err != nil {
+			return fmt.Errorf("aborting")
+		}
+	}
+
+	logger.Actionf("deleting source %s in %s namespace", name, namespace)
+	err = kubeClient.Delete(ctx, &bucket)
+	if err != nil {
+		return err
+	}
+	logger.Successf("source deleted")
+
+	return nil
+}

cmd/gotk/delete_source_git.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"

cmd/gotk/delete_source_helm.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"

cmd/gotk/export.go

@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"bytes"
+
 	"github.com/spf13/cobra"
 )
 
@@ -35,3 +37,9 @@ func init() {
 
 	rootCmd.AddCommand(exportCmd)
 }
+
+func resourceToString(data []byte) string {
+	data = bytes.Replace(data, []byte("  creationTimestamp: null\n"), []byte(""), 1)
+	data = bytes.Replace(data, []byte("status: {}\n"), []byte(""), 1)
+	return string(data)
+}

cmd/gotk/export_helmrelease.go

@@ -26,7 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var exportHelmReleaseCmd = &cobra.Command{
@@ -68,7 +68,7 @@ func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		}
 
 		if len(list.Items) == 0 {
-			logger.Failuref("no kustomizations found in %s namespace", namespace)
+			logger.Failuref("no helmrelease found in %s namespace", namespace)
 			return nil
 		}
 
@@ -101,8 +101,10 @@ func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      helmRelease.Name,
-			Namespace: helmRelease.Namespace,
+			Name:        helmRelease.Name,
+			Namespace:   helmRelease.Namespace,
+			Labels:      helmRelease.Labels,
+			Annotations: helmRelease.Annotations,
 		},
 		Spec: helmRelease.Spec,
 	}
@@ -113,6 +115,6 @@ func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }

cmd/gotk/export_kustomization.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"fmt"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 )
 
 var exportKsCmd = &cobra.Command{
@@ -100,8 +101,10 @@ func exportKs(kustomization kustomizev1.Kustomization) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      kustomization.Name,
-			Namespace: kustomization.Namespace,
+			Name:        kustomization.Name,
+			Namespace:   kustomization.Namespace,
+			Labels:      kustomization.Labels,
+			Annotations: kustomization.Annotations,
 		},
 		Spec: kustomization.Spec,
 	}
@@ -112,6 +115,6 @@ func exportKs(kustomization kustomizev1.Kustomization) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }

cmd/gotk/export_source_bucket.go

@@ -0,0 +1,166 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var exportSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Export Bucket sources in YAML format",
+	Long:  "The export source git command exports on or all Bucket sources in YAML format.",
+	Example: `  # Export all Bucket sources
+  gotk export source bucket --all > sources.yaml
+
+  # Export a Bucket source including the static credentials
+  gotk export source bucket my-bucket --with-credentials > source.yaml
+`,
+	RunE: exportSourceBucketCmdRun,
+}
+
+func init() {
+	exportSourceCmd.AddCommand(exportSourceBucketCmd)
+}
+
+func exportSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if !exportAll && len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	if exportAll {
+		var list sourcev1.BucketList
+		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		if err != nil {
+			return err
+		}
+
+		if len(list.Items) == 0 {
+			logger.Failuref("no source found in %s namespace", namespace)
+			return nil
+		}
+
+		for _, bucket := range list.Items {
+			if err := exportBucket(bucket); err != nil {
+				return err
+			}
+			if exportSourceWithCred {
+				if err := exportBucketCredentials(ctx, kubeClient, bucket); err != nil {
+					return err
+				}
+			}
+		}
+	} else {
+		name := args[0]
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+		var bucket sourcev1.Bucket
+		err = kubeClient.Get(ctx, namespacedName, &bucket)
+		if err != nil {
+			return err
+		}
+		if err := exportBucket(bucket); err != nil {
+			return err
+		}
+		if exportSourceWithCred {
+			return exportBucketCredentials(ctx, kubeClient, bucket)
+		}
+	}
+	return nil
+}
+
+func exportBucket(source sourcev1.Bucket) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)
+	export := sourcev1.Bucket{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
+		},
+		Spec: source.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+	return nil
+}
+
+func exportBucketCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.Bucket) error {
+	if source.Spec.SecretRef != nil {
+		namespacedName := types.NamespacedName{
+			Namespace: source.Namespace,
+			Name:      source.Spec.SecretRef.Name,
+		}
+		var cred corev1.Secret
+		err := kubeClient.Get(ctx, namespacedName, &cred)
+		if err != nil {
+			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
+		}
+
+		exported := corev1.Secret{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "Secret",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      namespacedName.Name,
+				Namespace: namespacedName.Namespace,
+			},
+			Data: cred.Data,
+			Type: cred.Type,
+		}
+
+		data, err := yaml.Marshal(exported)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println("---")
+		fmt.Println(resourceToString(data))
+	}
+	return nil
+}

cmd/gotk/export_source_git.go

@@ -20,13 +20,14 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceGitCmd = &cobra.Command{
@@ -110,8 +111,10 @@ func exportGit(source sourcev1.GitRepository) error {
 			APIVersion: gvk.GroupVersion().String(),
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      source.Name,
-			Namespace: source.Namespace,
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
 		},
 		Spec: source.Spec,
 	}
@@ -122,7 +125,7 @@ func exportGit(source sourcev1.GitRepository) error {
 	}
 
 	fmt.Println("---")
-	fmt.Println(string(data))
+	fmt.Println(resourceToString(data))
 	return nil
 }
 
@@ -157,7 +160,7 @@ func exportGitCredentials(ctx context.Context, kubeClient client.Client, source
 		}
 
 		fmt.Println("---")
-		fmt.Println(string(data))
+		fmt.Println(resourceToString(data))
 	}
 	return nil
 }

cmd/gotk/export_source_helm.go

@@ -20,13 +20,14 @@ import (
 	"context"
 	"fmt"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceHelmCmd = &cobra.Command{
@@ -102,6 +103,32 @@ func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+func exportHelmRepository(source sourcev1.HelmRepository) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
+	export := sourcev1.HelmRepository{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        source.Name,
+			Namespace:   source.Namespace,
+			Labels:      source.Labels,
+			Annotations: source.Annotations,
+		},
+		Spec: source.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(resourceToString(data))
+	return nil
+}
+
 func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.HelmRepository) error {
 	if source.Spec.SecretRef != nil {
 		namespacedName := types.NamespacedName{
@@ -133,7 +160,7 @@ func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source
 		}
 
 		fmt.Println("---")
-		fmt.Println(string(data))
+		fmt.Println(resourceToString(data))
 	}
 	return nil
 }

cmd/gotk/get.go

@@ -26,6 +26,10 @@ var getCmd = &cobra.Command{
 	Long:  "The get sub-commands print the statuses of sources and resources.",
 }
 
+var allNamespaces bool
+
 func init() {
+	getCmd.PersistentFlags().BoolVarP(&allNamespaces, "all-namespaces", "A", false,
+		"list the requested object(s) across all namespaces")
 	rootCmd.AddCommand(getCmd)
 }

cmd/gotk/get_helmrelease.go

@@ -18,12 +18,17 @@ package main
 
 import (
 	"context"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var getHelmReleaseCmd = &cobra.Command{
@@ -50,8 +55,12 @@ func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	var listOpts []client.ListOption
+	if !allNamespaces {
+		listOpts = append(listOpts, client.InNamespace(namespace))
+	}
 	var list helmv2.HelmReleaseList
-	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
@@ -61,30 +70,35 @@ func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
+	header := []string{"Name", "Revision", "Suspended", "Ready", "Message"}
+	if allNamespaces {
+		header = append([]string{"Namespace"}, header...)
+	}
+	var rows [][]string
 	for _, helmRelease := range list.Items {
-		if helmRelease.Spec.Suspend {
-			logger.Successf("%s is suspended", helmRelease.GetName())
-			continue
-		}
-		isInitialized := false
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					if helmRelease.Status.LastAppliedRevision != "" {
-						logger.Successf("%s last applied revision %s", helmRelease.GetName(), helmRelease.Status.LastAppliedRevision)
-					} else {
-						logger.Successf("%s reconciling", helmRelease.GetName())
-					}
-				} else {
-					logger.Failuref("%s %s", helmRelease.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		row := []string{}
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			row = []string{
+				helmRelease.GetName(),
+				helmRelease.Status.LastAppliedRevision,
+				strings.Title(strconv.FormatBool(helmRelease.Spec.Suspend)),
+				string(c.Status),
+				c.Message,
+			}
+		} else {
+			row = []string{
+				helmRelease.GetName(),
+				helmRelease.Status.LastAppliedRevision,
+				strings.Title(strconv.FormatBool(helmRelease.Spec.Suspend)),
+				string(corev1.ConditionFalse),
+				"waiting to be reconciled",
 			}
 		}
-		if !isInitialized {
-			logger.Failuref("%s is not ready", helmRelease.GetName())
+		if allNamespaces {
+			row = append([]string{helmRelease.Namespace}, row...)
 		}
+		rows = append(rows, row)
 	}
+	utils.printTable(os.Stdout, header, rows)
 	return nil
 }

cmd/gotk/get_kustomization.go

@@ -18,8 +18,13 @@ package main
 
 import (
 	"context"
+	"os"
+	"strconv"
+	"strings"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -49,8 +54,12 @@ func getKsCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	var listOpts []client.ListOption
+	if !allNamespaces {
+		listOpts = append(listOpts, client.InNamespace(namespace))
+	}
 	var list kustomizev1.KustomizationList
-	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
@@ -60,30 +69,35 @@ func getKsCmdRun(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
+	header := []string{"Name", "Revision", "Suspended", "Ready", "Message"}
+	if allNamespaces {
+		header = append([]string{"Namespace"}, header...)
+	}
+	var rows [][]string
 	for _, kustomization := range list.Items {
-		if kustomization.Spec.Suspend {
-			logger.Successf("%s is suspended", kustomization.GetName())
-			continue
-		}
-		isInitialized := false
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == kustomizev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					if kustomization.Status.LastAppliedRevision != "" {
-						logger.Successf("%s last applied revision %s", kustomization.GetName(), kustomization.Status.LastAppliedRevision)
-					} else {
-						logger.Successf("%s reconciling", kustomization.GetName())
-					}
-				} else {
-					logger.Failuref("%s %s", kustomization.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		row := []string{}
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			row = []string{
+				kustomization.GetName(),
+				kustomization.Status.LastAppliedRevision,
+				strings.Title(strconv.FormatBool(kustomization.Spec.Suspend)),
+				string(c.Status),
+				c.Message,
+			}
+		} else {
+			row = []string{
+				kustomization.GetName(),
+				kustomization.Status.LastAppliedRevision,
+				strings.Title(strconv.FormatBool(kustomization.Spec.Suspend)),
+				string(corev1.ConditionFalse),
+				"waiting to be reconciled",
 			}
 		}
-		if !isInitialized {
-			logger.Failuref("%s is not ready", kustomization.GetName())
+		if allNamespaces {
+			row = append([]string{kustomization.Namespace}, row...)
 		}
+		rows = append(rows, row)
 	}
+	utils.printTable(os.Stdout, header, rows)
 	return nil
 }

cmd/gotk/get_source_bucket.go

@@ -0,0 +1,102 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"os"
+
+	"github.com/fluxcd/pkg/apis/meta"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var getSourceBucketCmd = &cobra.Command{
+	Use:   "bucket",
+	Short: "Get Bucket source statuses",
+	Long:  "The get sources bucket command prints the status of the Bucket sources.",
+	Example: `  # List all Buckets and their status
+  gotk get sources bucket
+`,
+	RunE: getSourceBucketCmdRun,
+}
+
+func init() {
+	getSourceCmd.AddCommand(getSourceBucketCmd)
+}
+
+func getSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	var listOpts []client.ListOption
+	if !allNamespaces {
+		listOpts = append(listOpts, client.InNamespace(namespace))
+	}
+	var list sourcev1.BucketList
+	err = kubeClient.List(ctx, &list, listOpts...)
+	if err != nil {
+		return err
+	}
+
+	if len(list.Items) == 0 {
+		logger.Failuref("no bucket sources found in %s namespace", namespace)
+		return nil
+	}
+
+	header := []string{"Name", "Revision", "Ready", "Message"}
+	if allNamespaces {
+		header = append([]string{"Namespace"}, header...)
+	}
+	var rows [][]string
+	for _, source := range list.Items {
+		var row []string
+		var revision string
+		if source.GetArtifact() != nil {
+			revision = source.GetArtifact().Revision
+		}
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(c.Status),
+				c.Message,
+			}
+		} else {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(corev1.ConditionFalse),
+				"waiting to be reconciled",
+			}
+		}
+		if allNamespaces {
+			row = append([]string{source.Namespace}, row...)
+		}
+		rows = append(rows, row)
+	}
+	utils.printTable(os.Stdout, header, rows)
+	return nil
+}

cmd/gotk/get_source_git.go

@@ -18,8 +18,11 @@ package main
 
 import (
 	"context"
+	"os"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -48,33 +51,52 @@ func getSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	var listOpts []client.ListOption
+	if !allNamespaces {
+		listOpts = append(listOpts, client.InNamespace(namespace))
+	}
 	var list sourcev1.GitRepositoryList
-	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
 
 	if len(list.Items) == 0 {
-		logger.Failuref("no sources found in %s namespace", namespace)
+		logger.Failuref("no git sources found in %s namespace", namespace)
 		return nil
 	}
 
+	header := []string{"Name", "Revision", "Ready", "Message"}
+	if allNamespaces {
+		header = append([]string{"Namespace"}, header...)
+	}
+	var rows [][]string
 	for _, source := range list.Items {
-		isInitialized := false
-		for _, condition := range source.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					logger.Successf("%s last fetched revision: %s", source.GetName(), source.Status.Artifact.Revision)
-				} else {
-					logger.Failuref("%s %s", source.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		var row []string
+		var revision string
+		if source.GetArtifact() != nil {
+			revision = source.GetArtifact().Revision
+		}
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(c.Status),
+				c.Message,
+			}
+		} else {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(corev1.ConditionFalse),
+				"waiting to be reconciled",
 			}
 		}
-		if !isInitialized {
-			logger.Failuref("%s is not ready", source.GetName())
+		if allNamespaces {
+			row = append([]string{source.Namespace}, row...)
 		}
+		rows = append(rows, row)
 	}
+	utils.printTable(os.Stdout, header, rows)
 	return nil
 }

cmd/gotk/get_source_helm.go

@@ -18,8 +18,11 @@ package main
 
 import (
 	"context"
+	"os"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -48,33 +51,52 @@ func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	var listOpts []client.ListOption
+	if !allNamespaces {
+		listOpts = append(listOpts, client.InNamespace(namespace))
+	}
 	var list sourcev1.HelmRepositoryList
-	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	err = kubeClient.List(ctx, &list, listOpts...)
 	if err != nil {
 		return err
 	}
 
 	if len(list.Items) == 0 {
-		logger.Failuref("no sources found in %s namespace", namespace)
+		logger.Failuref("no helm sources found in %s namespace", namespace)
 		return nil
 	}
 
+	header := []string{"Name", "Revision", "Ready", "Message"}
+	if allNamespaces {
+		header = append([]string{"Namespace"}, header...)
+	}
+	var rows [][]string
 	for _, source := range list.Items {
-		isInitialized := false
-		for _, condition := range source.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status != corev1.ConditionFalse {
-					logger.Successf("%s last fetched revision: %s", source.GetName(), source.Status.Artifact.Revision)
-				} else {
-					logger.Failuref("%s %s", source.GetName(), condition.Message)
-				}
-				isInitialized = true
-				break
+		var row []string
+		var revision string
+		if source.GetArtifact() != nil {
+			revision = source.GetArtifact().Revision
+		}
+		if c := meta.GetCondition(source.Status.Conditions, meta.ReadyCondition); c != nil {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(c.Status),
+				c.Message,
+			}
+		} else {
+			row = []string{
+				source.GetName(),
+				revision,
+				string(corev1.ConditionFalse),
+				"waiting to be reconciled",
 			}
 		}
-		if !isInitialized {
-			logger.Failuref("%s is not ready", source.GetName())
+		if allNamespaces {
+			row = append([]string{source.Namespace}, row...)
 		}
+		rows = append(rows, row)
 	}
+	utils.printTable(os.Stdout, header, rows)
 	return nil
 }

cmd/gotk/install.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/fluxcd/pkg/untar"
 	"io/ioutil"
 	"net/http"
 	"os"
@@ -31,6 +30,8 @@ import (
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/kustomize/api/filesys"
 	"sigs.k8s.io/kustomize/api/krusty"
+
+	"github.com/fluxcd/pkg/untar"
 )
 
 var installCmd = &cobra.Command{
@@ -38,8 +39,8 @@ var installCmd = &cobra.Command{
 	Short: "Install the toolkit components",
 	Long: `The install command deploys the toolkit components in the specified namespace.
 If a previous version is installed, then an in-place upgrade will be performed.`,
-	Example: `  # Install the latest version in the gitops-systems namespace
-  gotk install --version=latest --namespace=gitops-systems
+	Example: `  # Install the latest version in the gotk-system namespace
+  gotk install --version=latest --namespace=gotk-system
 
   # Dry-run install for a specific version and a series of components
   gotk install --dry-run --version=v0.0.7 --components="source-controller,kustomize-controller"
@@ -48,19 +49,23 @@ If a previous version is installed, then an in-place upgrade will be performed.`
   gotk install --dry-run --verbose
 
   # Write install manifests to file 
-  gotk install --export > gitops-system.yaml
+  gotk install --export > gotk-system.yaml
 `,
 	RunE: installCmdRun,
 }
 
 var (
-	installExport          bool
-	installDryRun          bool
-	installManifestsPath   string
-	installVersion         string
-	installComponents      []string
-	installRegistry        string
-	installImagePullSecret string
+	installExport             bool
+	installDryRun             bool
+	installManifestsPath      string
+	installVersion            string
+	installComponents         []string
+	installRegistry           string
+	installImagePullSecret    string
+	installArch               string
+	installWatchAllNamespaces bool
+	installNetworkPolicy      bool
+	installLogLevel           string
 )
 
 func init() {
@@ -72,27 +77,34 @@ func init() {
 		"toolkit version")
 	installCmd.Flags().StringSliceVar(&installComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "",
-		"path to the manifest directory, dev only")
-	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
+	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "", "path to the manifest directory")
+	installCmd.Flags().MarkHidden("manifests")
+	installCmd.Flags().StringVar(&installRegistry, "registry", "ghcr.io/fluxcd",
 		"container registry where the toolkit images are published")
 	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
+	installCmd.Flags().StringVar(&installArch, "arch", "amd64",
+		"arch can be amd64 or arm64")
+	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", true,
+		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
+	installCmd.Flags().StringVar(&installLogLevel, "log-level", "info", "set the controllers log level")
+	installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", true,
+		"deny ingress access to the toolkit controllers from other namespaces using network policies")
 	rootCmd.AddCommand(installCmd)
 }
 
 func installCmdRun(cmd *cobra.Command, args []string) error {
+	if !utils.containsItemString(supportedArch, installArch) {
+		return fmt.Errorf("arch %s is not supported, can be %v", installArch, supportedArch)
+	}
+
+	if !utils.containsItemString(supportedLogLevels, installLogLevel) {
+		return fmt.Errorf("log level %s is not supported, can be %v", bootstrapLogLevel, installLogLevel)
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
-	var kustomizePath string
-	if installVersion == "" && !strings.HasPrefix(installManifestsPath, "github.com/") {
-		if _, err := os.Stat(installManifestsPath); err != nil {
-			return fmt.Errorf("manifests not found: %w", err)
-		}
-		kustomizePath = installManifestsPath
-	}
-
 	tmpDir, err := ioutil.TempDir("", namespace)
 	if err != nil {
 		return err
@@ -102,16 +114,18 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	if !installExport {
 		logger.Generatef("generating manifests")
 	}
-	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
+	if installManifestsPath == "" {
+		err = genInstallManifests(installVersion, namespace, installComponents,
+			installWatchAllNamespaces, installNetworkPolicy, installRegistry, installImagePullSecret,
+			installArch, installLogLevel, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
-		kustomizePath = tmpDir
+		installManifestsPath = tmpDir
 	}
 
 	manifest := path.Join(tmpDir, fmt.Sprintf("%s.yaml", namespace))
-	if err := buildKustomization(kustomizePath, manifest); err != nil {
+	if err := buildKustomization(installManifestsPath, manifest); err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
 
@@ -191,7 +205,10 @@ fieldSpecs:
 
 var kustomizationTmpl = `---
 {{- $eventsAddr := .EventsAddr }}
+{{- $watchAllNamespaces := .WatchAllNamespaces }}
 {{- $registry := .Registry }}
+{{- $arch := .Arch }}
+{{- $logLevel := .LogLevel }}
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: {{.Namespace}}
@@ -201,7 +218,9 @@ transformers:
 
 resources:
   - namespace.yaml
+{{- if .NetworkPolicy }}
   - policies.yaml
+{{- end }}
   - roles
 {{- range .Components }}
   - {{.}}.yaml
@@ -214,7 +233,20 @@ patches:
 
 patchesJson6902:
 {{- range $i, $component := .Components }}
-{{- if ne $component "notification-controller" }}
+{{- if eq $component "notification-controller" }}
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: {{$component}}
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/args/0
+      value: --watch-all-namespaces={{$watchAllNamespaces}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/1
+      value: --log-level={{$logLevel}}
+{{- else }}
 - target:
     group: apps
     version: v1
@@ -224,6 +256,12 @@ patchesJson6902:
     - op: replace
       path: /spec/template/spec/containers/0/args/0
       value: --events-addr={{$eventsAddr}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/1
+      value: --watch-all-namespaces={{$watchAllNamespaces}}
+    - op: replace
+      path: /spec/template/spec/containers/0/args/2
+      value: --log-level={{$logLevel}}
 {{- end }}
 {{- end }}
 
@@ -231,7 +269,11 @@ patchesJson6902:
 images:
 {{- range $i, $component := .Components }}
   - name: fluxcd/{{$component}}
+{{- if eq $arch "amd64" }}
     newName: {{$registry}}/{{$component}}
+{{- else }}
+    newName: {{$registry}}/{{$component}}-arm64
+{{- end }}
 {{- end }}
 {{- end }}
 `
@@ -253,7 +295,7 @@ spec:
   template:
     spec:
       nodeSelector:
-        kubernetes.io/arch: amd64
+        kubernetes.io/arch: {{.Arch}}
         kubernetes.io/os: linux
 {{- if .ImagePullSecret }}
       imagePullSecrets:
@@ -295,26 +337,35 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string,
+	watchAllNamespaces, networkPolicy bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
 	eventsAddr := ""
 	if utils.containsItemString(components, defaultNotification) {
 		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
 	}
 
 	model := struct {
-		Version         string
-		Namespace       string
-		Components      []string
-		EventsAddr      string
-		Registry        string
-		ImagePullSecret string
+		Version            string
+		Namespace          string
+		Components         []string
+		EventsAddr         string
+		Registry           string
+		ImagePullSecret    string
+		Arch               string
+		WatchAllNamespaces bool
+		NetworkPolicy      bool
+		LogLevel           string
 	}{
-		Version:         version,
-		Namespace:       namespace,
-		Components:      components,
-		EventsAddr:      eventsAddr,
-		Registry:        registry,
-		ImagePullSecret: imagePullSecret,
+		Version:            version,
+		Namespace:          namespace,
+		Components:         components,
+		EventsAddr:         eventsAddr,
+		Registry:           registry,
+		ImagePullSecret:    imagePullSecret,
+		Arch:               arch,
+		WatchAllNamespaces: watchAllNamespaces,
+		NetworkPolicy:      networkPolicy,
+		LogLevel:           logLevel,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {

cmd/gotk/main.go

@@ -26,6 +26,8 @@ import (
 	"github.com/spf13/cobra/doc"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+
 	gotklog "github.com/fluxcd/toolkit/pkg/log"
 )
 
@@ -54,7 +56,7 @@ var rootCmd = &cobra.Command{
   gotk get sources git
 
   # Trigger a GitRepository source reconciliation
-  gotk reconcile source git gitops-system
+  gotk reconcile source git gotk-system
 
   # Export GitRepository sources in YAML format
   gotk export source git --all > sources.yaml
@@ -104,19 +106,22 @@ var (
 )
 
 var (
-	defaultComponents   = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
-	defaultVersion      = "latest"
-	defaultNamespace    = "gitops-system"
-	defaultNotification = "notification-controller"
+	defaultComponents                 = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+	defaultVersion                    = "latest"
+	defaultNamespace                  = "gotk-system"
+	defaultNotification               = "notification-controller"
+	supportedLogLevels                = []string{"debug", "info", "error"}
+	supportedArch                     = []string{"amd64", "arm", "arm64"}
+	supportedDecryptionProviders      = []string{"sops"}
+	supportedKustomizationSourceKinds = []string{sourcev1.GitRepositoryKind, sourcev1.BucketKind}
+	supportedHelmChartSourceKinds     = []string{sourcev1.HelmRepositoryKind, sourcev1.GitRepositoryKind, sourcev1.BucketKind}
+	supportedSourceBucketProviders    = []string{sourcev1.GenericBucketProvider, sourcev1.AmazonBucketProvider}
 )
 
 func init() {
-	rootCmd.PersistentFlags().StringVar(&namespace, "namespace", defaultNamespace,
-		"the namespace scope for this operation")
-	rootCmd.PersistentFlags().DurationVarP(&timeout, "timeout", "", 5*time.Minute,
-		"timeout for this operation")
-	rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "", false,
-		"print generated objects")
+	rootCmd.PersistentFlags().StringVarP(&namespace, "namespace", "n", defaultNamespace, "the namespace scope for this operation")
+	rootCmd.PersistentFlags().DurationVar(&timeout, "timeout", 5*time.Minute, "timeout for this operation")
+	rootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "print generated objects")
 }
 
 func main() {

cmd/gotk/reconcile_helmrelease.go

@@ -25,9 +25,13 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileHrCmd = &cobra.Command{
@@ -81,28 +85,29 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if syncHrWithSource {
-		err := syncSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.SourceRef.Name})
+		switch helmRelease.Spec.Chart.Spec.SourceRef.Kind {
+		case sourcev1.HelmRepositoryKind:
+			err = reconcileSourceHelmCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		case sourcev1.GitRepositoryKind:
+			err = reconcileSourceGitCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		case sourcev1.BucketKind:
+			err = reconcileSourceBucketCmdRun(nil, []string{helmRelease.Spec.Chart.Spec.SourceRef.Name})
+		}
 		if err != nil {
 			return err
 		}
-	} else {
-		logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
-		if helmRelease.Annotations == nil {
-			helmRelease.Annotations = map[string]string{
-				helmv2.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-			}
-		} else {
-			helmRelease.Annotations[helmv2.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-		}
-		if err := kubeClient.Update(ctx, &helmRelease); err != nil {
-			return err
-		}
-		logger.Successf("HelmRelease annotated")
 	}
 
+	logger.Actionf("annotating HelmRelease %s in %s namespace", name, namespace)
+	if err := requestHelmReleaseReconciliation(ctx, kubeClient, namespacedName); err != nil {
+		return err
+	}
+	logger.Successf("HelmRelease annotated")
+
 	logger.Waitingf("waiting for HelmRelease reconciliation")
 	if err := wait.PollImmediate(pollInterval, timeout,
-		isHelmReleaseReady(ctx, kubeClient, name, namespace)); err != nil {
+		helmReleaseReconciliationHandled(ctx, kubeClient, name, namespace, helmRelease.Status.LastHandledReconcileAt),
+	); err != nil {
 		return err
 	}
 
@@ -112,16 +117,19 @@ func reconcileHrCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
-	if helmRelease.Status.LastAppliedRevision != "" {
-		logger.Successf("reconciled revision %s", helmRelease.Status.LastAppliedRevision)
-	} else {
-		return fmt.Errorf("HelmRelease reconciliation failed")
+	if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+		switch c.Status {
+		case corev1.ConditionFalse:
+			return fmt.Errorf("HelmRelease reconciliation failed")
+		default:
+			logger.Successf("reconciled revision %s", helmRelease.Status.LastAppliedRevision)
+		}
 	}
 	return nil
 }
 
-func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+func helmReleaseReconciliationHandled(ctx context.Context, kubeClient client.Client,
+	name, namespace, lastHandledReconcileAt string) wait.ConditionFunc {
 	return func() (bool, error) {
 		var helmRelease helmv2.HelmRelease
 		namespacedName := types.NamespacedName{
@@ -134,15 +142,26 @@ func isHelmReleaseReady(ctx context.Context, kubeClient client.Client, name, nam
 			return false, err
 		}
 
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse && helmRelease.Status.LastAttemptedRevision != "" {
-					return false, fmt.Errorf(condition.Message)
-				}
-			}
-		}
-		return false, nil
+		return helmRelease.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
 	}
 }
+
+func requestHelmReleaseReconciliation(ctx context.Context, kubeClient client.Client, namespacedName types.NamespacedName) error {
+	var release helmv2.HelmRelease
+	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
+		if err := kubeClient.Get(ctx, namespacedName, &release); err != nil {
+			return err
+		}
+
+		if release.Annotations == nil {
+			release.Annotations = map[string]string{
+				meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			}
+		} else {
+			release.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		}
+
+		err = kubeClient.Update(ctx, &release)
+		return
+	})
+}

cmd/gotk/reconcile_kustomization.go

@@ -21,10 +21,17 @@ import (
 	"fmt"
 	"time"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/util/retry"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/fluxcd/pkg/apis/meta"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileKsCmd = &cobra.Command{
@@ -78,28 +85,28 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if syncKsWithSource {
-		err := syncSourceGitCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		switch kustomization.Spec.SourceRef.Kind {
+		case sourcev1.GitRepositoryKind:
+			err = reconcileSourceGitCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		case sourcev1.BucketKind:
+			err = reconcileSourceBucketCmdRun(nil, []string{kustomization.Spec.SourceRef.Name})
+		}
 		if err != nil {
 			return err
 		}
-	} else {
-		logger.Actionf("annotating kustomization %s in %s namespace", name, namespace)
-		if kustomization.Annotations == nil {
-			kustomization.Annotations = map[string]string{
-				kustomizev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
-			}
-		} else {
-			kustomization.Annotations[kustomizev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
-		}
-		if err := kubeClient.Update(ctx, &kustomization); err != nil {
-			return err
-		}
-		logger.Successf("kustomization annotated")
 	}
 
+	logger.Actionf("annotating kustomization %s in %s namespace", name, namespace)
+	if err := requestKustomizeReconciliation(ctx, kubeClient, namespacedName); err != nil {
+		return err
+	}
+	logger.Successf("kustomization annotated")
+
 	logger.Waitingf("waiting for kustomization reconciliation")
-	if err := wait.PollImmediate(pollInterval, timeout,
-		isKustomizationReady(ctx, kubeClient, name, namespace)); err != nil {
+	if err := wait.PollImmediate(
+		pollInterval, timeout,
+		kustomizeReconciliationHandled(ctx, kubeClient, name, namespace, kustomization.Status.LastHandledReconcileAt),
+	); err != nil {
 		return err
 	}
 
@@ -109,11 +116,51 @@ func reconcileKsCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
-	if kustomization.Status.LastAppliedRevision != "" {
-		logger.Successf("reconciled revision %s", kustomization.Status.LastAppliedRevision)
-	} else {
-		return fmt.Errorf("kustomization sync failed")
+	if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+		switch c.Status {
+		case corev1.ConditionFalse:
+			return fmt.Errorf("kustomization reconciliation failed")
+		default:
+			logger.Successf("reconciled revision %s", kustomization.Status.LastAppliedRevision)
+		}
 	}
 	return nil
 }
+
+func kustomizeReconciliationHandled(ctx context.Context, kubeClient client.Client,
+	name, namespace, lastHandledReconcileAt string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var kustomize kustomizev1.Kustomization
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &kustomize)
+		if err != nil {
+			return false, err
+		}
+
+		return kustomize.Status.LastHandledReconcileAt != lastHandledReconcileAt, nil
+	}
+}
+
+func requestKustomizeReconciliation(ctx context.Context, kubeClient client.Client, namespacedName types.NamespacedName) error {
+	var kustomization kustomizev1.Kustomization
+	return retry.RetryOnConflict(retry.DefaultBackoff, func() (err error) {
+		if err := kubeClient.Get(ctx, namespacedName, &kustomization); err != nil {
+			return err
+		}
+
+		if kustomization.Annotations == nil {
+			kustomization.Annotations = map[string]string{
+				meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			}
+		} else {
+			kustomization.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		}
+
+		err = kubeClient.Update(ctx, &kustomization)
+		return
+	})
+}

cmd/gotk/reconcile_source_bucket.go

@@ -0,0 +1,130 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
+	"time"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+)
+
+var reconcileSourceBucketCmd = &cobra.Command{
+	Use:   "bucket [name]",
+	Short: "Reconcile a Bucket source",
+	Long:  `The reconcile source command triggers a reconciliation of a Bucket resource and waits for it to finish.`,
+	Example: `  # Trigger a reconciliation for an existing source
+  gotk reconcile source bucket podinfo
+`,
+	RunE: reconcileSourceBucketCmdRun,
+}
+
+func init() {
+	reconcileSourceCmd.AddCommand(reconcileSourceBucketCmd)
+}
+
+func reconcileSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("source name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	logger.Actionf("annotating source %s in %s namespace", name, namespace)
+	var bucket sourcev1.Bucket
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if bucket.Annotations == nil {
+		bucket.Annotations = map[string]string{
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+		}
+	} else {
+		bucket.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+	}
+	if err := kubeClient.Update(ctx, &bucket); err != nil {
+		return err
+	}
+	logger.Successf("source annotated")
+
+	logger.Waitingf("waiting for reconciliation")
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isBucketReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("bucket reconciliation completed")
+
+	err = kubeClient.Get(ctx, namespacedName, &bucket)
+	if err != nil {
+		return err
+	}
+
+	if bucket.Status.Artifact != nil {
+		logger.Successf("fetched revision %s", bucket.Status.Artifact.Revision)
+	} else {
+		return fmt.Errorf("bucket reconciliation failed, artifact not found")
+	}
+	return nil
+}
+
+func isBucketReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var bucket sourcev1.Bucket
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &bucket)
+		if err != nil {
+			return false, err
+		}
+
+		if c := meta.GetCondition(bucket.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
+			}
+		}
+		return false, nil
+	}
+}

cmd/gotk/reconcile_source_git.go

@@ -19,11 +19,14 @@ package main
 import (
 	"context"
 	"fmt"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/apis/meta"
+	"time"
+
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"time"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileSourceGitCmd = &cobra.Command{
@@ -33,14 +36,14 @@ var reconcileSourceGitCmd = &cobra.Command{
 	Example: `  # Trigger a git pull for an existing source
   gotk reconcile source git podinfo
 `,
-	RunE: syncSourceGitCmdRun,
+	RunE: reconcileSourceGitCmdRun,
 }
 
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceGitCmd)
 }
 
-func syncSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func reconcileSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("source name is required")
 	}
@@ -68,10 +71,10 @@ func syncSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 
 	if gitRepository.Annotations == nil {
 		gitRepository.Annotations = map[string]string{
-			sourcev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
 		}
 	} else {
-		gitRepository.Annotations[sourcev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		gitRepository.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
 	}
 	if err := kubeClient.Update(ctx, &gitRepository); err != nil {
 		return err

cmd/gotk/reconcile_source_helm.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -27,7 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var reconcileSourceHelmCmd = &cobra.Command{
@@ -37,14 +38,14 @@ var reconcileSourceHelmCmd = &cobra.Command{
 	Example: `  # Trigger a reconciliation for an existing source
   gotk reconcile source helm podinfo
 `,
-	RunE: syncSourceHelmCmdRun,
+	RunE: reconcileSourceHelmCmdRun,
 }
 
 func init() {
 	reconcileSourceCmd.AddCommand(reconcileSourceHelmCmd)
 }
 
-func syncSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func reconcileSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("source name is required")
 	}
@@ -72,10 +73,10 @@ func syncSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 
 	if helmRepository.Annotations == nil {
 		helmRepository.Annotations = map[string]string{
-			sourcev1.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
+			meta.ReconcileAtAnnotation: time.Now().Format(time.RFC3339Nano),
 		}
 	} else {
-		helmRepository.Annotations[sourcev1.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
+		helmRepository.Annotations[meta.ReconcileAtAnnotation] = time.Now().Format(time.RFC3339Nano)
 	}
 	if err := kubeClient.Update(ctx, &helmRepository); err != nil {
 		return err
@@ -116,13 +117,12 @@ func isHelmRepositoryReady(ctx context.Context, kubeClient client.Client, name,
 			return false, err
 		}
 
-		for _, condition := range helmRepository.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					return false, fmt.Errorf(condition.Message)
-				}
+		if c := meta.GetCondition(helmRepository.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/resume_helmrelease.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -26,7 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var resumeHrCmd = &cobra.Command{
@@ -111,17 +112,15 @@ func isHelmReleaseResumed(ctx context.Context, kubeClient client.Client, name, n
 			return false, err
 		}
 
-		for _, condition := range helmRelease.Status.Conditions {
-			if condition.Type == helmv2.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					if condition.Reason == helmv2.SuspendedReason {
-						return false, nil
-					}
-
-					return false, fmt.Errorf(condition.Message)
+		if c := meta.GetCondition(helmRelease.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				if c.Reason == meta.SuspendedReason {
+					return false, nil
 				}
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/resume_kustomization.go

@@ -19,9 +19,9 @@ package main
 import (
 	"context"
 	"fmt"
+	"github.com/fluxcd/pkg/apis/meta"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -111,17 +111,15 @@ func isKustomizationResumed(ctx context.Context, kubeClient client.Client, name,
 			return false, err
 		}
 
-		for _, condition := range kustomization.Status.Conditions {
-			if condition.Type == sourcev1.ReadyCondition {
-				if condition.Status == corev1.ConditionTrue {
-					return true, nil
-				} else if condition.Status == corev1.ConditionFalse {
-					if condition.Reason == kustomizev1.SuspendedReason {
-						return false, nil
-					}
-
-					return false, fmt.Errorf(condition.Message)
+		if c := meta.GetCondition(kustomization.Status.Conditions, meta.ReadyCondition); c != nil {
+			switch c.Status {
+			case corev1.ConditionTrue:
+				return true, nil
+			case corev1.ConditionFalse:
+				if c.Reason == meta.SuspendedReason {
+					return false, nil
 				}
+				return false, fmt.Errorf(c.Message)
 			}
 		}
 		return false, nil

cmd/gotk/suspend_helmrelease.go

@@ -23,7 +23,7 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var suspendHrCmd = &cobra.Command{

cmd/gotk/suspend_kustomization.go

@@ -19,7 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 )

cmd/gotk/uninstall.go

@@ -22,9 +22,10 @@ import (
 
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var uninstallCmd = &cobra.Command{
@@ -32,10 +33,10 @@ var uninstallCmd = &cobra.Command{
 	Short: "Uninstall the toolkit components",
 	Long:  "The uninstall command removes the namespace, cluster roles, cluster role bindings and CRDs from the cluster.",
 	Example: `  # Dry-run uninstall of all components
-  gotk uninstall --dry-run --namespace=gitops-system
+  gotk uninstall --dry-run --namespace=gotk-system
 
   # Uninstall all components and delete custom resource definitions
-  gotk uninstall --resources --crds --namespace=gitops-system
+  gotk uninstall --resources --crds --namespace=gotk-system
 `,
 	RunE: uninstallCmdRun,
 }
@@ -48,7 +49,7 @@ var (
 )
 
 func init() {
-	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", false,
+	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", true,
 		"removes custom resources such as Kustomizations, GitRepositories and HelmRepositories")
 	uninstallCmd.Flags().BoolVar(&uninstallCRDs, "crds", false,
 		"removes all CRDs previously installed")
@@ -64,6 +65,11 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
 	defer cancel()
 
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
 	dryRun := ""
 	if uninstallDryRun {
 		dryRun = "--dry-run=client"
@@ -77,7 +83,20 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	if uninstallResources {
+	// suspend bootstrap kustomization if it exists
+	kustomizationName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      namespace,
+	}
+	var kustomization kustomizev1.Kustomization
+	if err := kubeClient.Get(ctx, kustomizationName, &kustomization); err == nil {
+		kustomization.Spec.Suspend = true
+		if err := kubeClient.Update(ctx, &kustomization); err != nil {
+			return fmt.Errorf("unable to suspend kustomization '%s': %w", kustomizationName.String(), err)
+		}
+	}
+
+	if uninstallResources || uninstallCRDs {
 		logger.Actionf("uninstalling custom resources")
 		for _, kind := range []string{
 			kustomizev1.KustomizationKind,

cmd/gotk/utils.go

@@ -22,18 +22,30 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
 	"text/template"
 
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/runtime"
+	rbacv1 "k8s.io/api/rbac/v1"
+	apiruntime "k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/k8sdeps/kunstruct"
+	"sigs.k8s.io/kustomize/api/konfig"
+	kustypes "sigs.k8s.io/kustomize/api/types"
+	"sigs.k8s.io/yaml"
 
-	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	"github.com/fluxcd/pkg/runtime/dependency"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/olekukonko/tablewriter"
 )
 
 type Utils struct {
@@ -110,14 +122,18 @@ func (*Utils) execTemplate(obj interface{}, tmpl, filename string) error {
 	return file.Sync()
 }
 
-func (*Utils) kubeClient(config string) (client.Client, error) {
-	cfg, err := clientcmd.BuildConfigFromFlags("", config)
+func (*Utils) kubeClient(kubeConfigPath string) (client.Client, error) {
+	configFiles := utils.splitKubeConfigPath(kubeConfigPath)
+	cfg, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
+		&clientcmd.ClientConfigLoadingRules{Precedence: configFiles},
+		&clientcmd.ConfigOverrides{}).ClientConfig()
 	if err != nil {
-		return nil, fmt.Errorf("Kubernetes client initialization failed: %w", err)
+		return nil, fmt.Errorf("kubernetes client initialization failed: %w", err)
 	}
 
-	scheme := runtime.NewScheme()
+	scheme := apiruntime.NewScheme()
 	_ = corev1.AddToScheme(scheme)
+	_ = rbacv1.AddToScheme(scheme)
 	_ = sourcev1.AddToScheme(scheme)
 	_ = kustomizev1.AddToScheme(scheme)
 	_ = helmv2.AddToScheme(scheme)
@@ -126,12 +142,27 @@ func (*Utils) kubeClient(config string) (client.Client, error) {
 		Scheme: scheme,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("Kubernetes client initialization failed: %w", err)
+		return nil, fmt.Errorf("kubernetes client initialization failed: %w", err)
 	}
 
 	return kubeClient, nil
 }
 
+// splitKubeConfigPath splits the given KUBECONFIG path based on the runtime OS
+// target.
+//
+// Ref: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable
+func (*Utils) splitKubeConfigPath(path string) []string {
+	var sep string
+	switch runtime.GOOS {
+	case "windows":
+		sep = ";"
+	default:
+		sep = ":"
+	}
+	return strings.Split(path, sep)
+}
+
 func (*Utils) writeFile(content, filename string) error {
 	file, err := os.Create(filename)
 	if err != nil {
@@ -175,3 +206,132 @@ func (*Utils) containsItemString(s []string, e string) bool {
 	}
 	return false
 }
+
+func (*Utils) parseObjectKindName(input string) (string, string) {
+	kind := ""
+	name := input
+	parts := strings.Split(input, "/")
+	if len(parts) == 2 {
+		kind, name = parts[0], parts[1]
+	}
+
+	return kind, name
+}
+
+func (*Utils) makeDependsOn(deps []string) []dependency.CrossNamespaceDependencyReference {
+	refs := []dependency.CrossNamespaceDependencyReference{}
+	for _, dep := range deps {
+		parts := strings.Split(dep, "/")
+		depNamespace := ""
+		depName := ""
+		if len(parts) > 1 {
+			depNamespace = parts[0]
+			depName = parts[1]
+		} else {
+			depName = parts[0]
+		}
+		refs = append(refs, dependency.CrossNamespaceDependencyReference{
+			Namespace: depNamespace,
+			Name:      depName,
+		})
+	}
+	return refs
+}
+
+// generateKustomizationYaml is the equivalent of running
+// 'kustomize create --autodetect' in the specified dir
+func (*Utils) generateKustomizationYaml(dirPath string) error {
+	fs := filesys.MakeFsOnDisk()
+	kfile := filepath.Join(dirPath, "kustomization.yaml")
+
+	scan := func(base string) ([]string, error) {
+		var paths []string
+		uf := kunstruct.NewKunstructuredFactoryImpl()
+		err := fs.Walk(base, func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+			if path == base {
+				return nil
+			}
+			if info.IsDir() {
+				// If a sub-directory contains an existing kustomization file add the
+				// directory as a resource and do not decend into it.
+				for _, kfilename := range konfig.RecognizedKustomizationFileNames() {
+					if fs.Exists(filepath.Join(path, kfilename)) {
+						paths = append(paths, path)
+						return filepath.SkipDir
+					}
+				}
+				return nil
+			}
+			fContents, err := fs.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			if _, err := uf.SliceFromBytes(fContents); err != nil {
+				return nil
+			}
+			paths = append(paths, path)
+			return nil
+		})
+		return paths, err
+	}
+
+	if _, err := os.Stat(kfile); err != nil {
+		abs, err := filepath.Abs(dirPath)
+		if err != nil {
+			return err
+		}
+
+		files, err := scan(abs)
+		if err != nil {
+			return err
+		}
+
+		f, err := fs.Create(kfile)
+		if err != nil {
+			return err
+		}
+		f.Close()
+
+		kus := kustypes.Kustomization{
+			TypeMeta: kustypes.TypeMeta{
+				APIVersion: kustypes.KustomizationVersion,
+				Kind:       kustypes.KustomizationKind,
+			},
+		}
+
+		var resources []string
+		for _, file := range files {
+			resources = append(resources, strings.Replace(file, abs, ".", 1))
+		}
+
+		kus.Resources = resources
+		kd, err := yaml.Marshal(kus)
+		if err != nil {
+			return err
+		}
+
+		return ioutil.WriteFile(kfile, kd, os.ModePerm)
+	}
+	return nil
+}
+
+func (*Utils) printTable(writer io.Writer, header []string, rows [][]string) {
+	table := tablewriter.NewWriter(writer)
+	table.SetHeader(header)
+	table.SetAutoWrapText(false)
+	table.SetAutoFormatHeaders(true)
+	table.SetHeaderAlignment(tablewriter.ALIGN_LEFT)
+	table.SetAlignment(tablewriter.ALIGN_LEFT)
+	table.SetCenterSeparator("")
+	table.SetColumnSeparator("")
+	table.SetRowSeparator("")
+	table.SetHeaderLine(false)
+	table.SetBorder(false)
+	table.SetTablePadding("\t")
+	table.SetNoWhiteSpace(true)
+	table.AppendBulk(rows)
+	table.Render()
+}

docs/cmd/gotk.md

@@ -25,7 +25,7 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
   gotk get sources git
 
   # Trigger a GitRepository source reconciliation
-  gotk reconcile source git gitops-system
+  gotk reconcile source git gotk-system
 
   # Export GitRepository sources in YAML format
   gotk export source git --all > sources.yaml
@@ -69,7 +69,7 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
 ```
   -h, --help                help for gotk
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -78,7 +78,7 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
 
 * [gotk bootstrap](gotk_bootstrap.md)	 - Bootstrap toolkit components
 * [gotk check](gotk_check.md)	 - Check requirements and installation
-* [gotk completion](gotk_completion.md)	 - Generates bash completion scripts
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
 * [gotk create](gotk_create.md)	 - Create or update sources and resources
 * [gotk delete](gotk_delete.md)	 - Delete sources and resources
 * [gotk export](gotk_export.md)	 - Export resources in YAML format

docs/cmd/gotk_bootstrap.md

@@ -9,18 +9,23 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 ### Options
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
   -h, --help                       help for bootstrap
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --log-level string           set the controllers log level (default "info")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
 ```
 
 ### Options inherited from parent commands
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_bootstrap_github.md

@@ -35,6 +35,9 @@ gotk bootstrap github [flags]
   # Run bootstrap for a private repo hosted on GitHub Enterprise
   gotk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
 
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap github --owner=<organization> --repository=<repo name> --branch=main
+
 ```
 
 ### Options
@@ -54,14 +57,19 @@ gotk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
-      --namespace string           the namespace scope for this operation (default "gitops-system")
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --log-level string           set the controllers log level (default "info")
+  -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects
   -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
 ```
 
 ### SEE ALSO

docs/cmd/gotk_bootstrap_gitlab.md

@@ -32,6 +32,9 @@ gotk bootstrap gitlab [flags]
   # Run bootstrap for a private repo hosted on a GitLab server 
   gotk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
 
+  # Run bootstrap for a an existing repository with a branch named main
+  gotk bootstrap gitlab --owner=<organization> --repository=<repo name> --branch=main
+
 ```
 
 ### Options
@@ -51,14 +54,19 @@ gotk bootstrap gitlab [flags]
 ### Options inherited from parent commands
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
+      --branch string              default branch (for GitHub this must match the default branch setting for the organization) (default "main")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
       --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
-      --namespace string           the namespace scope for this operation (default "gitops-system")
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --log-level string           set the controllers log level (default "info")
+  -n, --namespace string           the namespace scope for this operation (default "gotk-system")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
       --timeout duration           timeout for this operation (default 5m0s)
       --verbose                    print generated objects
   -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
 ```
 
 ### SEE ALSO

docs/cmd/gotk_check.md

@@ -34,7 +34,7 @@ gotk check [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_completion.md

@@ -1,28 +1,10 @@
 ## gotk completion
 
-Generates bash completion scripts
+Generates completion scripts for various shells
 
 ### Synopsis
 
-Generates bash completion scripts
-
-```
-gotk completion [flags]
-```
-
-### Examples
-
-```
-To load completion run
-
-. <(gotk completion)
-
-To configure your bash shell to load completions for each session add to your bashrc
-
-# ~/.bashrc or ~/.profile
-. <(gotk completion)
-
-```
+The completion sub-command generates completion scripts for various shells
 
 ### Options
 
@@ -34,7 +16,7 @@ To configure your bash shell to load completions for each session add to your ba
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -42,4 +24,8 @@ To configure your bash shell to load completions for each session add to your ba
 ### SEE ALSO
 
 * [gotk](gotk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [gotk completion bash](gotk_completion_bash.md)	 - Generates bash completion scripts
+* [gotk completion fish](gotk_completion_fish.md)	 - Generates fish completion scripts
+* [gotk completion powershell](gotk_completion_powershell.md)	 - Generates powershell completion scripts
+* [gotk completion zsh](gotk_completion_zsh.md)	 - Generates zsh completion scripts
 

docs/cmd/gotk_completion_bash.md

@@ -0,0 +1,45 @@
+## gotk completion bash
+
+Generates bash completion scripts
+
+### Synopsis
+
+Generates bash completion scripts
+
+```
+gotk completion bash [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion bash)
+
+To configure your bash shell to load completions for each session add to your bashrc
+
+# ~/.bashrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion bash)
+
+```
+
+### Options
+
+```
+  -h, --help   help for bash
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_completion_fish.md

@@ -0,0 +1,46 @@
+## gotk completion fish
+
+Generates fish completion scripts
+
+### Synopsis
+
+Generates fish completion scripts
+
+```
+gotk completion fish [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion fish)
+
+To configure your fish shell to load completions for each session write this script to your completions dir:
+
+gotk completion fish > ~/.config/fish/completions/gotk
+
+See http://fishshell.com/docs/current/index.html#completion-own for more details
+
+```
+
+### Options
+
+```
+  -h, --help   help for fish
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_completion_powershell.md

@@ -0,0 +1,52 @@
+## gotk completion powershell
+
+Generates powershell completion scripts
+
+### Synopsis
+
+Generates powershell completion scripts
+
+```
+gotk completion powershell [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion powershell)
+
+To configure your powershell shell to load completions for each session add to your powershell profile
+
+Windows:
+
+cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
+gotk completion >> gotk-completion.ps1
+
+Linux:
+
+cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
+gotk completion >> gotk-completions.ps1
+
+```
+
+### Options
+
+```
+  -h, --help   help for powershell
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_completion_zsh.md

@@ -0,0 +1,53 @@
+## gotk completion zsh
+
+Generates zsh completion scripts
+
+### Synopsis
+
+Generates zsh completion scripts
+
+```
+gotk completion zsh [flags]
+```
+
+### Examples
+
+```
+To load completion run
+
+. <(gotk completion zsh) && compdef _gotk gotk
+
+To configure your zsh shell to load completions for each session add to your zshrc
+
+# ~/.zshrc or ~/.profile
+command -v gotk >/dev/null && . <(gotk completion zsh) && compdef _gotk gotk
+
+or write a cached file in one of the completion directories in your ${fpath}:
+
+echo "${fpath// /\n}" | grep -i completion
+gotk completions zsh > _gotk
+
+mv _gotk ~/.oh-my-zsh/completions  # oh-my-zsh
+mv _gotk ~/.zprezto/modules/completion/external/src/  # zprezto
+
+```
+
+### Options
+
+```
+  -h, --help   help for zsh
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk completion](gotk_completion.md)	 - Generates completion scripts for various shells
+

docs/cmd/gotk_create.md

@@ -12,13 +12,14 @@ The create sub-commands generate sources and resources.
       --export              export in YAML format to stdout
   -h, --help                help for create
       --interval duration   source sync interval (default 1m0s)
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
 ```
 
 ### Options inherited from parent commands
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_create_helmrelease.md

@@ -13,29 +13,47 @@ gotk create helmrelease [name] [flags]
 ### Examples
 
 ```
-  # Create a HelmRelease from a source
+  # Create a HelmRelease with a chart from a HelmRepository source
   gotk create hr podinfo \
     --interval=10m \
-    --release-name=podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --chart-version=">4.0.0"
 
-  # Create a HelmRelease with values for a local YAML file
+  # Create a HelmRelease with a chart from a GitRepository source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=GitRepository/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with a chart from a Bucket source
+  gotk create hr podinfo \
+    --interval=10m \
+    --source=Bucket/podinfo \
+    --chart=./charts/podinfo
+
+  # Create a HelmRelease with values from a local YAML file
+  gotk create hr podinfo \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease with a custom release name
+  gotk create hr podinfo \
+    --release-name=podinfo-dev
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
+
+  # Create a HelmRelease targeting another namespace than the resource
   gotk create hr podinfo \
     --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
-    --values=./my-values.yaml
+    --source=HelmRepository/podinfo \
+    --chart=podinfo
 
   # Create a HelmRelease definition on disk without applying it on the cluster
   gotk create hr podinfo \
-    --target-namespace=default \
-    --source=podinfo \
-    --chart-name=podinfo \
-    --chart-version=4.0.5 \
+    --source=HelmRepository/podinfo \
+    --chart=podinfo \
     --values=./values.yaml \
     --export > podinfo-release.yaml
 
@@ -44,12 +62,12 @@ gotk create helmrelease [name] [flags]
 ### Options
 
 ```
-      --chart-name string         Helm chart name
-      --chart-version string      Helm chart version, accepts semver range
-      --depends-on stringArray    HelmReleases that must be ready before this release can be installed
+      --chart string              Helm chart name or path
+      --chart-version string      Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)
+      --depends-on stringArray    HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'
   -h, --help                      help for helmrelease
-      --release-name string       name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'
-      --source string             HelmRepository name
+      --release-name string       name used for the Helm release, defaults to a composition of '[<target-namespace>-]<hr-name>'
+      --source string             source that contains the chart (<kind>/<name>)
       --target-namespace string   namespace to install this release, defaults to the HelmRelease namespace
       --values string             local path to the values.yaml file
 ```
@@ -60,7 +78,8 @@ gotk create helmrelease [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_create_kustomization.md

@@ -4,7 +4,7 @@ Create or update a Kustomization resource
 
 ### Synopsis
 
-The kustomization source create command generates a Kustomize resource for a given GitRepository source.
+The kustomization source create command generates a Kustomize resource for a given source.
 
 ```
 gotk create kustomization [name] [flags]
@@ -33,22 +33,20 @@ gotk create kustomization [name] [flags]
     --interval=5m \
     --validation=client
 
-  # Create a Kustomization resource that runs under a service account
-  gotk create kustomization webapp \
-    --source=webapp \
-    --path="./deploy/overlays/staging" \
+  # Create a Kustomization resource that references a Bucket
+  gotk create kustomization secrets \
+    --source=Bucket/secrets \
     --prune=true \
-    --interval=5m \
-    --validation=client \
-    --sa-name=reconclier \
-    --sa-namespace=staging
+    --interval=5m
 
 ```
 
 ### Options
 
 ```
-      --depends-on stringArray          Kustomization that must be ready before this Kustomization can be applied
+      --decryption-provider string      enables secrets decryption, provider can be 'sops'
+      --decryption-secret string        set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption
+      --depends-on stringArray          Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'
       --health-check stringArray        workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'
       --health-check-timeout duration   timeout of health checking operations (default 2m0s)
   -h, --help                            help for kustomization
@@ -56,7 +54,7 @@ gotk create kustomization [name] [flags]
       --prune                           enable garbage collection
       --sa-name string                  service account name
       --sa-namespace string             service account namespace
-      --source string                   GitRepository name
+      --source string                   source that contains the Kubernetes manifests in the format '[<kind>/]<name>', where kind can be GitRepository or Bucket, if kind is not specified it defaults to GitRepository
       --validation string               validate the manifests before applying them on the cluster, can be 'client' or 'server'
 ```
 
@@ -66,7 +64,8 @@ gotk create kustomization [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_create_source.md

@@ -18,7 +18,8 @@ The create source sub-commands generate sources.
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -26,6 +27,7 @@ The create source sub-commands generate sources.
 ### SEE ALSO
 
 * [gotk create](gotk_create.md)	 - Create or update sources and resources
+* [gotk create source bucket](gotk_create_source_bucket.md)	 - Create or update a Bucket source
 * [gotk create source git](gotk_create_source_git.md)	 - Create or update a GitRepository source
 * [gotk create source helm](gotk_create_source_helm.md)	 - Create or update a HelmRepository source
 

docs/cmd/gotk_create_source_bucket.md

@@ -0,0 +1,65 @@
+## gotk create source bucket
+
+Create or update a Bucket source
+
+### Synopsis
+
+
+The create source bucket command generates a Bucket resource and waits for it to be downloaded.
+For Buckets with static authentication, the credentials are stored in a Kubernetes secret.
+
+```
+gotk create source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a source from a Buckets using static authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+    --endpoint=minio.minio.svc.cluster.local:9000 \
+	--insecure=true \
+	--access-key=myaccesskey \
+	--secret-key=mysecretkey \
+    --interval=10m
+
+  # Create a source from an Amazon S3 Bucket using IAM authentication
+  gotk create source bucket podinfo \
+	--bucket-name=podinfo \
+	--provider=aws \
+    --endpoint=s3.amazonaws.com \
+	--region=us-east-1 \
+    --interval=10m
+
+```
+
+### Options
+
+```
+      --access-key string    the bucket access key
+      --bucket-name string   the bucket name
+      --endpoint string      the bucket endpoint address
+  -h, --help                 help for bucket
+      --insecure             for when connecting to a non-TLS S3 HTTP endpoint
+      --provider string      the S3 compatible storage provider name, can be 'generic' or 'aws' (default "generic")
+      --region string        the bucket region
+      --secret-key string    the bucket secret key
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk create source](gotk_create_source.md)	 - Create or update sources
+

docs/cmd/gotk_create_source_git.md

@@ -73,7 +73,8 @@ gotk create source git [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_create_source_helm.md

@@ -53,7 +53,8 @@ gotk create source helm [name] [flags]
       --export              export in YAML format to stdout
       --interval duration   source sync interval (default 1m0s)
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --label strings       set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_delete.md

@@ -17,7 +17,7 @@ The delete sub-commands delete sources and resources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_delete_helmrelease.md

@@ -28,7 +28,7 @@ gotk delete helmrelease [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects

docs/cmd/gotk_delete_kustomization.md

@@ -28,7 +28,7 @@ gotk delete kustomization [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects

docs/cmd/gotk_delete_source.md

@@ -16,7 +16,7 @@ The delete source sub-commands delete sources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
@@ -25,6 +25,7 @@ The delete source sub-commands delete sources.
 ### SEE ALSO
 
 * [gotk delete](gotk_delete.md)	 - Delete sources and resources
+* [gotk delete source bucket](gotk_delete_source_bucket.md)	 - Delete a Bucket source
 * [gotk delete source git](gotk_delete_source_git.md)	 - Delete a GitRepository source
 * [gotk delete source helm](gotk_delete_source_helm.md)	 - Delete a HelmRepository source
 

docs/cmd/gotk_delete_source_bucket.md

@@ -0,0 +1,40 @@
+## gotk delete source bucket
+
+Delete a Bucket source
+
+### Synopsis
+
+The delete source bucket command deletes the given Bucket from the cluster.
+
+```
+gotk delete source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Delete a Bucket source
+  gotk delete source bucket podinfo
+
+```
+
+### Options
+
+```
+  -h, --help   help for bucket
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+  -s, --silent              delete resource without asking for confirmation
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk delete source](gotk_delete_source.md)	 - Delete sources
+

docs/cmd/gotk_delete_source_git.md

@@ -28,7 +28,7 @@ gotk delete source git [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects

docs/cmd/gotk_delete_source_helm.md

@@ -28,7 +28,7 @@ gotk delete source helm [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
   -s, --silent              delete resource without asking for confirmation
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects

docs/cmd/gotk_export.md

@@ -17,7 +17,7 @@ The export sub-commands export resources in YAML format.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_export_helmrelease.md

@@ -32,7 +32,7 @@ gotk export helmrelease [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_export_kustomization.md

@@ -32,7 +32,7 @@ gotk export kustomization [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_export_source.md

@@ -18,7 +18,7 @@ The export source sub-commands export sources in YAML format.
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -26,6 +26,7 @@ The export source sub-commands export sources in YAML format.
 ### SEE ALSO
 
 * [gotk export](gotk_export.md)	 - Export resources in YAML format
+* [gotk export source bucket](gotk_export_source_bucket.md)	 - Export Bucket sources in YAML format
 * [gotk export source git](gotk_export_source_git.md)	 - Export GitRepository sources in YAML format
 * [gotk export source helm](gotk_export_source_helm.md)	 - Export HelmRepository sources in YAML format
 

docs/cmd/gotk_export_source_bucket.md

@@ -0,0 +1,44 @@
+## gotk export source bucket
+
+Export Bucket sources in YAML format
+
+### Synopsis
+
+The export source git command exports on or all Bucket sources in YAML format.
+
+```
+gotk export source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Export all Bucket sources
+  gotk export source bucket --all > sources.yaml
+
+  # Export a Bucket source including the static credentials
+  gotk export source bucket my-bucket --with-credentials > source.yaml
+
+```
+
+### Options
+
+```
+  -h, --help   help for bucket
+```
+
+### Options inherited from parent commands
+
+```
+      --all                 select all resources
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+      --with-credentials    include credential secrets
+```
+
+### SEE ALSO
+
+* [gotk export source](gotk_export_source.md)	 - Export sources
+

docs/cmd/gotk_export_source_git.md

@@ -32,7 +32,7 @@ gotk export source git [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
       --with-credentials    include credential secrets

docs/cmd/gotk_export_source_helm.md

@@ -32,7 +32,7 @@ gotk export source helm [name] [flags]
 ```
       --all                 select all resources
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
       --with-credentials    include credential secrets

docs/cmd/gotk_get.md

@@ -9,14 +9,15 @@ The get sub-commands print the statuses of sources and resources.
 ### Options
 
 ```
-  -h, --help   help for get
+  -A, --all-namespaces   list the requested object(s) across all namespaces
+  -h, --help             help for get
 ```
 
 ### Options inherited from parent commands
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_get_helmreleases.md

@@ -27,8 +27,9 @@ gotk get helmreleases [flags]
 ### Options inherited from parent commands
 
 ```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_get_kustomizations.md

@@ -27,8 +27,9 @@ gotk get kustomizations [flags]
 ### Options inherited from parent commands
 
 ```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_get_sources.md

@@ -15,8 +15,9 @@ The get source sub-commands print the statuses of the sources.
 ### Options inherited from parent commands
 
 ```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -24,6 +25,7 @@ The get source sub-commands print the statuses of the sources.
 ### SEE ALSO
 
 * [gotk get](gotk_get.md)	 - Get sources and resources
+* [gotk get sources bucket](gotk_get_sources_bucket.md)	 - Get Bucket source statuses
 * [gotk get sources git](gotk_get_sources_git.md)	 - Get GitRepository source statuses
 * [gotk get sources helm](gotk_get_sources_helm.md)	 - Get HelmRepository source statuses
 

docs/cmd/gotk_get_sources_bucket.md

@@ -0,0 +1,40 @@
+## gotk get sources bucket
+
+Get Bucket source statuses
+
+### Synopsis
+
+The get sources bucket command prints the status of the Bucket sources.
+
+```
+gotk get sources bucket [flags]
+```
+
+### Examples
+
+```
+  # List all Buckets and their status
+  gotk get sources bucket
+
+```
+
+### Options
+
+```
+  -h, --help   help for bucket
+```
+
+### Options inherited from parent commands
+
+```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk get sources](gotk_get_sources.md)	 - Get source statuses
+

docs/cmd/gotk_get_sources_git.md

@@ -27,8 +27,9 @@ gotk get sources git [flags]
 ### Options inherited from parent commands
 
 ```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_get_sources_helm.md

@@ -27,8 +27,9 @@ gotk get sources helm [flags]
 ### Options inherited from parent commands
 
 ```
+  -A, --all-namespaces      list the requested object(s) across all namespaces
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_install.md

@@ -14,8 +14,8 @@ gotk install [flags]
 ### Examples
 
 ```
-  # Install the latest version in the gitops-systems namespace
-  gotk install --version=latest --namespace=gitops-systems
+  # Install the latest version in the gotk-system namespace
+  gotk install --version=latest --namespace=gotk-system
 
   # Dry-run install for a specific version and a series of components
   gotk install --dry-run --version=v0.0.7 --components="source-controller,kustomize-controller"
@@ -24,28 +24,31 @@ gotk install [flags]
   gotk install --dry-run --verbose
 
   # Write install manifests to file 
-  gotk install --export > gitops-system.yaml
+  gotk install --export > gotk-system.yaml
 
 ```
 
 ### Options
 
 ```
+      --arch string                arch can be amd64 or arm64 (default "amd64")
       --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
       --dry-run                    only print the object that would be applied
       --export                     write the install manifests to stdout and exit
   -h, --help                       help for install
       --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
-      --manifests string           path to the manifest directory, dev only
-      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --log-level string           set the controllers log level (default "info")
+      --network-policy             deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
+      --registry string            container registry where the toolkit images are published (default "ghcr.io/fluxcd")
   -v, --version string             toolkit version (default "latest")
+      --watch-all-namespaces       watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
 ```
 
 ### Options inherited from parent commands
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_reconcile.md

@@ -16,7 +16,7 @@ The reconcile sub-commands trigger a reconciliation of sources and resources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_reconcile_helmrelease.md

@@ -33,7 +33,7 @@ gotk reconcile helmrelease [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_reconcile_kustomization.md

@@ -33,7 +33,7 @@ gotk reconcile kustomization [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```

docs/cmd/gotk_reconcile_source.md

@@ -16,7 +16,7 @@ The reconcile source sub-commands trigger a reconciliation of sources.
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```
@@ -24,6 +24,7 @@ The reconcile source sub-commands trigger a reconciliation of sources.
 ### SEE ALSO
 
 * [gotk reconcile](gotk_reconcile.md)	 - Reconcile sources and resources
+* [gotk reconcile source bucket](gotk_reconcile_source_bucket.md)	 - Reconcile a Bucket source
 * [gotk reconcile source git](gotk_reconcile_source_git.md)	 - Reconcile a GitRepository source
 * [gotk reconcile source helm](gotk_reconcile_source_helm.md)	 - Reconcile a HelmRepository source
 

docs/cmd/gotk_reconcile_source_bucket.md

@@ -0,0 +1,39 @@
+## gotk reconcile source bucket
+
+Reconcile a Bucket source
+
+### Synopsis
+
+The reconcile source command triggers a reconciliation of a Bucket resource and waits for it to finish.
+
+```
+gotk reconcile source bucket [name] [flags]
+```
+
+### Examples
+
+```
+  # Trigger a reconciliation for an existing source
+  gotk reconcile source bucket podinfo
+
+```
+
+### Options
+
+```
+  -h, --help   help for bucket
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [gotk reconcile source](gotk_reconcile_source.md)	 - Reconcile sources
+

docs/cmd/gotk_reconcile_source_git.md

@@ -28,7 +28,7 @@ gotk reconcile source git [name] [flags]
 
 ```
       --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
-      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -n, --namespace string    the namespace scope for this operation (default "gotk-system")
       --timeout duration    timeout for this operation (default 5m0s)
       --verbose             print generated objects
 ```