Merge pull request #148 from fluxcd/monitoring-stack

Add monitoring stack and dashboards

.github/workflows/docs.yaml

@@ -13,27 +13,32 @@ jobs:
       - name: Checkout master
         uses: actions/checkout@v1
       - name: Copy assets
+        env:
+          SOURCE_VER: ${{ 'v0.0.7' }}
+          KUSTOMIZE_VER: ${{ 'v0.0.7' }}
+          HELM_VER: ${{ 'v0.0.1' }}
+          NOTIFICATION_VER: ${{ 'v0.0.6' }}
         run: |
           # source-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/api/source.md > docs/components/source/api.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/gitrepositories.md > docs/components/source/gitrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmrepositories.md > docs/components/source/helmrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmcharts.md > docs/components/source/helmcharts.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/gitrepositories.md" > docs/components/source/gitrepositories.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmrepositories.md" > docs/components/source/helmrepositories.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmcharts.md" > docs/components/source/helmcharts.md
 
           # kustomize-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/api/kustomize.md > docs/components/kustomize/api.md
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/spec/v1alpha1/kustomization.md > docs/components/kustomize/kustomization.md
+          curl "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1alpha1/kustomization.md" > docs/components/kustomize/kustomization.md
 
           # helm-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/api/helmrelease.md > docs/components/helm/api.md
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/spec/v2alpha1/helmreleases.md > docs/components/helm/helmreleases.md
+          curl "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2alpha1/helmreleases.md" > docs/components/helm/helmreleases.md
 
           # notification-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/api/notification.md > docs/components/notification/api.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/event.md > docs/components/notification/event.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/alert.md > docs/components/notification/alert.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/provider.md > docs/components/notification/provider.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/receiver.md > docs/components/notification/receiver.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/event.md" > docs/components/notification/event.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/alert.md" > docs/components/notification/alert.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/provider.md" > docs/components/notification/provider.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/receiver.md" > docs/components/notification/receiver.md
 
           # install script
           cp install/tk.sh docs/install.sh

.github/workflows/e2e.yaml

@@ -91,6 +91,29 @@ jobs:
       - name: tk delete source git
         run: |
           ./bin/tk delete source git podinfo --silent
+      - name: tk create source helm
+        run: |
+          ./bin/tk create source helm podinfo \
+            --url https://stefanprodan.github.io/podinfo
+      - name: tk create helmrelease
+        run: |
+          ./bin/tk create hr podinfo \
+            --target-namespace=default \
+            --source=podinfo \
+            --chart-name=podinfo \
+            --chart-version=">4.0.0 <5.0.0"
+      - name: tk get helmreleases
+        run: |
+          ./bin/tk get helmreleases
+      - name: tk export helmrelease
+        run: |
+          ./bin/tk export hr --all
+      - name: tk delete helmrelease
+        run: |
+          ./bin/tk delete hr podinfo --silent
+      - name: tk delete source helm
+        run: |
+          ./bin/tk delete source helm podinfo --silent
       - name: tk check
         run: |
           ./bin/tk check

CONTRIBUTING.md

@@ -18,16 +18,39 @@ organization.
 
 ## Communications
 
-The project uses Slack: To join the conversation, simply join the
-[CNCF](https://slack.cncf.io/) Slack workspace and use the
+For realtime communications we use Slack: To join the conversation, simply
+join the [CNCF](https://slack.cncf.io/) Slack workspace and use the
 [#flux-dev](https://cloud-native.slack.com/messages/flux-dev/) channel.
 
-The developers use a mailing list to discuss development as well.
-Simply subscribe to [flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
-to join the conversation (this will also add an invitation to your
-Google calendar for our [Flux
+To discuss ideas and specifications we use [Github
+Discussions](https://github.com/fluxcd/toolkit/discussions).
+
+For announcements we use a mailing list as well. Simply subscribe to
+[flux-dev on cncf.io](https://lists.cncf.io/g/cncf-flux-dev)
+to join the conversation (there you can also add calendar invites
+to your Google calendar for our [Flux
 meeting](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/edit#)).
 
+## Understanding the GitOps Toolkit
+
+If you are entirely new to the GitOps Toolkit,
+you might want to take a look at the [introductory talk and demo](https://www.youtube.com/watch?v=qQBtSkgl7tI).
+
+This project is composed of:
+
+- [/f/toolkit](https://github.com/fluxcd/toolkit): The GitOps Toolkit CLI
+- [/f/source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources
+- [/f/kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
+- [/f/helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
+- [/f/notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events
+
+### Understanding the code
+
+To get started with developing controllers, you might want to review
+[our guide](https://toolkit.fluxcd.io/dev-guides/source-watcher/) which
+walks you through writing a short and concise controller that watches out
+for source changes.
+
 ### How to run the test suite
 
 You can run the unit tests by simply doing
@@ -66,16 +89,3 @@ For the GitOps Toolkit controllers we prefer the following rules for good commit
 
 The [following article](https://chris.beams.io/posts/git-commit/#seven-rules)
 has some more helpful advice on documenting your work.
-
-## Understanding the GitOps Toolkit
-
-If you are entirely new to the GitOps Toolkit,
-you might want to take a look at the [introductory talk and demo](https://www.youtube.com/watch?v=qQBtSkgl7tI).
-
-This project is composed of:
-
-- [/f/toolkit](https://github.com/fluxcd/toolkit): The GitOps Toolkit CLI
-- [/f/source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources
-- [/f/kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
-- [/f/helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
-- [/f/notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events

cmd/tk/bootstrap.go

@@ -45,8 +45,10 @@ var bootstrapCmd = &cobra.Command{
 }
 
 var (
-	bootstrapVersion    string
-	bootstrapComponents []string
+	bootstrapVersion         string
+	bootstrapComponents      []string
+	bootstrapRegistry        string
+	bootstrapImagePullSecret string
 )
 
 const (
@@ -61,7 +63,10 @@ func init() {
 		"toolkit version")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
+		"container registry where the toolkit images are published")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(bootstrapCmd)
 }
 
@@ -73,7 +78,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string) (string, err
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, tkDir); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, tkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 

cmd/tk/bootstrap_github.go

@@ -42,19 +42,19 @@ the bootstrap command will perform an upgrade if needed.`,
   export GITHUB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitHub organization
-  bootstrap github --owner=<organization> --repository=<repo name>
+  tk bootstrap github --owner=<organization> --repository=<repo name>
 
   # Run bootstrap for a private repo and assign organization teams to it
-  bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
+  tk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
 
   # Run bootstrap for a repository path
-  bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
+  tk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
+  tk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on GitHub Enterprise
-  bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+  tk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
 `,
 	RunE: bootstrapGitHubCmdRun,
 }

cmd/tk/bootstrap_gitlab.go

@@ -42,16 +42,16 @@ the bootstrap command will perform an upgrade if needed.`,
   export GITLAB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitLab group
-  bootstrap gitlab --owner=<group> --repository=<repo name>
+  tk bootstrap gitlab --owner=<group> --repository=<repo name>
 
   # Run bootstrap for a repository path
-  bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
+  tk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
+  tk bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on a GitLab server 
-  bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+  tk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
 `,
 	RunE: bootstrapGitLabCmdRun,
 }

cmd/tk/create_helmrelease.go

@@ -0,0 +1,256 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+)
+
+var createHelmReleaseCmd = &cobra.Command{
+	Use:     "helmrelease [name]",
+	Aliases: []string{"hr"},
+	Short:   "Create or update a HelmRelease resource",
+	Long:    "The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.",
+	Example: `  # Create a HelmRelease from a source
+  tk create hr podinfo \
+    --interval=10m \
+    --release-name=podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=">4.0.0"
+
+  # Create a HelmRelease with values for a local YAML file
+  tk create hr podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=4.0.5 \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease definition on disk without applying it on the cluster
+  tk create hr podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=4.0.5 \
+    --values=./values.yaml \
+    --export > podinfo-release.yaml
+`,
+	RunE: createHelmReleaseCmdRun,
+}
+
+var (
+	hrName            string
+	hrSource          string
+	hrDependsOn       []string
+	hrChartName       string
+	hrChartVersion    string
+	hrTargetNamespace string
+	hrValuesFile      string
+)
+
+func init() {
+	createHelmReleaseCmd.Flags().StringVar(&hrName, "release-name", "", "name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'")
+	createHelmReleaseCmd.Flags().StringVar(&hrSource, "source", "", "HelmRepository name")
+	createHelmReleaseCmd.Flags().StringVar(&hrChartName, "chart-name", "", "Helm chart name")
+	createHelmReleaseCmd.Flags().StringVar(&hrChartVersion, "chart-version", "", "Helm chart version, accepts semver range")
+	createHelmReleaseCmd.Flags().StringArrayVar(&hrDependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed")
+	createHelmReleaseCmd.Flags().StringVar(&hrTargetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
+	createHelmReleaseCmd.Flags().StringVar(&hrValuesFile, "values", "", "local path to the values.yaml file")
+	createCmd.AddCommand(createHelmReleaseCmd)
+}
+
+func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("release name is required")
+	}
+	name := args[0]
+
+	if hrSource == "" {
+		return fmt.Errorf("source is required")
+	}
+	if hrChartName == "" {
+		return fmt.Errorf("chart name is required")
+	}
+	if hrChartVersion == "" {
+		return fmt.Errorf("chart version is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	if !export {
+		logger.Generatef("generating release")
+	}
+
+	helmRelease := helmv2.HelmRelease{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Spec: helmv2.HelmReleaseSpec{
+			ReleaseName: hrName,
+			DependsOn:   hrDependsOn,
+			Interval: metav1.Duration{
+				Duration: interval,
+			},
+			TargetNamespace: hrTargetNamespace,
+			Chart: helmv2.HelmChartTemplate{
+				Name:    hrChartName,
+				Version: hrChartVersion,
+				SourceRef: helmv2.CrossNamespaceObjectReference{
+					Kind: sourcev1.HelmRepositoryKind,
+					Name: hrSource,
+				},
+			},
+			Suspend: false,
+		},
+	}
+
+	if hrValuesFile != "" {
+		data, err := ioutil.ReadFile(hrValuesFile)
+		if err != nil {
+			return fmt.Errorf("reading values from %s failed: %w", hrValuesFile, err)
+		}
+
+		json, err := yaml.YAMLToJSON(data)
+		if err != nil {
+			return fmt.Errorf("converting values to JSON from %s failed: %w", hrValuesFile, err)
+		}
+
+		helmRelease.Spec.Values = apiextensionsv1.JSON{Raw: json}
+	}
+
+	if export {
+		return exportHelmRelease(helmRelease)
+	}
+
+	logger.Actionf("applying release")
+	if err := upsertHelmRelease(ctx, kubeClient, helmRelease); err != nil {
+		return err
+	}
+
+	logger.Waitingf("waiting for reconciliation")
+	chartName := fmt.Sprintf("%s-%s", namespace, name)
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isHelmChartReady(ctx, kubeClient, chartName, namespace)); err != nil {
+		return err
+	}
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isHelmReleaseReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("release %s is ready", name)
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+	err = kubeClient.Get(ctx, namespacedName, &helmRelease)
+	if err != nil {
+		return fmt.Errorf("release failed: %w", err)
+	}
+
+	if helmRelease.Status.LastAppliedRevision != "" {
+		logger.Successf("applied revision %s", helmRelease.Status.LastAppliedRevision)
+	} else {
+		return fmt.Errorf("reconciliation failed")
+	}
+
+	return nil
+}
+
+func upsertHelmRelease(ctx context.Context, kubeClient client.Client, helmRelease helmv2.HelmRelease) error {
+	namespacedName := types.NamespacedName{
+		Namespace: helmRelease.GetNamespace(),
+		Name:      helmRelease.GetName(),
+	}
+
+	var existing helmv2.HelmRelease
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &helmRelease); err != nil {
+				return err
+			} else {
+				logger.Successf("release created")
+				return nil
+			}
+		}
+		return err
+	}
+
+	existing.Spec = helmRelease.Spec
+	if err := kubeClient.Update(ctx, &existing); err != nil {
+		return err
+	}
+
+	logger.Successf("release updated")
+	return nil
+}
+
+func isHelmChartReady(ctx context.Context, kubeClient client.Client, name, namespace string) wait.ConditionFunc {
+	return func() (bool, error) {
+		var helmChart sourcev1.HelmChart
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+
+		err := kubeClient.Get(ctx, namespacedName, &helmChart)
+		if err != nil {
+			if apierrors.IsNotFound(err) {
+				return false, nil
+			}
+			return false, err
+		}
+
+		for _, condition := range helmChart.Status.Conditions {
+			if condition.Type == helmv2.ReadyCondition {
+				if condition.Status == corev1.ConditionTrue {
+					return true, nil
+				} else if condition.Status == corev1.ConditionFalse {
+					return false, fmt.Errorf(condition.Message)
+				}
+			}
+		}
+		return false, nil
+	}
+}

cmd/tk/create_kustomization.go

@@ -40,7 +40,7 @@ var createKsCmd = &cobra.Command{
 	Short:   "Create or update a Kustomization resource",
 	Long:    "The kustomization source create command generates a Kustomize resource for a given GitRepository source.",
 	Example: `  # Create a Kustomization resource from a source at a given path
-  create kustomization contour \
+  tk create kustomization contour \
     --source=contour \
     --path="./examples/contour/" \
     --prune=true \
@@ -51,7 +51,7 @@ var createKsCmd = &cobra.Command{
     --health-check-timeout=3m
 
   # Create a Kustomization resource that depends on the previous one
-  create kustomization webapp \
+  tk create kustomization webapp \
     --depends-on=contour \
     --source=webapp \
     --path="./deploy/overlays/dev" \
@@ -60,7 +60,7 @@ var createKsCmd = &cobra.Command{
     --validation=client
 
   # Create a Kustomization resource that runs under a service account
-  create kustomization webapp \
+  tk create kustomization webapp \
     --source=webapp \
     --path="./deploy/overlays/staging" \
     --prune=true \

cmd/tk/create_source_git.go

@@ -46,35 +46,35 @@ The create source git command generates a GitRepository resource and waits for i
 For Git over SSH, host and SSH keys are automatically generated and stored in a Kubernetes secret.
 For private Git repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
 	Example: `  # Create a source from a public Git repository master branch
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository pinned to specific git tag
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag="3.2.3"
 
   # Create a source from a public Git repository tag that matches a semver range
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag-semver=">=3.2.0 <3.3.0"
 
   # Create a source from a Git repository using SSH authentication
-  create source git podinfo \
+  tk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository using SSH authentication and an
   # ECDSA P-521 curve public key
-  create source git podinfo \
+  tk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master \
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
   # Create a source from a Git repository using basic authentication
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
     --password=password
@@ -115,7 +115,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	name := args[0]
 
 	if sourceGitURL == "" {
-		return fmt.Errorf("git-url is required")
+		return fmt.Errorf("url is required")
 	}
 
 	tmpDir, err := ioutil.TempDir("", name)

cmd/tk/create_source_helm.go

@@ -0,0 +1,259 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/spf13/cobra"
+	"io/ioutil"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"net/url"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+)
+
+var createSourceHelmCmd = &cobra.Command{
+	Use:   "helm [name]",
+	Short: "Create or update a HelmRepository source",
+	Long: `
+The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
+For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
+	Example: `  # Create a source from a public Helm repository
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --interval=10m
+
+  # Create a source from a Helm repository using basic authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --username=username \
+    --password=password
+
+  # Create a source from a Helm repository using TLS authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
+`,
+	RunE: createSourceHelmCmdRun,
+}
+
+var (
+	sourceHelmURL      string
+	sourceHelmUsername string
+	sourceHelmPassword string
+	sourceHelmCertFile string
+	sourceHelmKeyFile  string
+	sourceHelmCAFile   string
+)
+
+func init() {
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmURL, "url", "", "Helm repository address")
+	createSourceHelmCmd.Flags().StringVarP(&sourceHelmUsername, "username", "u", "", "basic authentication username")
+	createSourceHelmCmd.Flags().StringVarP(&sourceHelmPassword, "password", "p", "", "basic authentication password")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCertFile, "cert-file", "", "TLS authentication cert file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmKeyFile, "key-file", "", "TLS authentication key file path")
+	createSourceHelmCmd.Flags().StringVar(&sourceHelmCAFile, "ca-file", "", "TLS authentication CA file path")
+
+	createSourceCmd.AddCommand(createSourceHelmCmd)
+}
+
+func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("source name is required")
+	}
+	name := args[0]
+	secretName := fmt.Sprintf("helm-%s", name)
+
+	if sourceHelmURL == "" {
+		return fmt.Errorf("url is required")
+	}
+
+	tmpDir, err := ioutil.TempDir("", name)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	if _, err := url.Parse(sourceHelmURL); err != nil {
+		return fmt.Errorf("url parse failed: %w", err)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	helmRepository := sourcev1.HelmRepository{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Spec: sourcev1.HelmRepositorySpec{
+			URL: sourceHelmURL,
+			Interval: metav1.Duration{
+				Duration: interval,
+			},
+		},
+	}
+
+	if export {
+		return exportHelmRepository(helmRepository)
+	}
+
+	logger.Generatef("generating source")
+
+	secret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: namespace,
+		},
+		StringData: map[string]string{},
+	}
+
+	if sourceHelmUsername != "" && sourceHelmPassword != "" {
+		secret.StringData["username"] = sourceHelmUsername
+		secret.StringData["password"] = sourceHelmPassword
+	}
+
+	if sourceHelmCertFile != "" && sourceHelmKeyFile != "" {
+		cert, err := ioutil.ReadFile(sourceHelmCertFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmCertFile, err)
+		}
+		secret.StringData["certFile"] = string(cert)
+
+		key, err := ioutil.ReadFile(sourceHelmKeyFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmKeyFile, err)
+		}
+		secret.StringData["keyFile"] = string(key)
+	}
+
+	if sourceHelmCAFile != "" {
+		ca, err := ioutil.ReadFile(sourceHelmCAFile)
+		if err != nil {
+			return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmCAFile, err)
+		}
+		secret.StringData["caFile"] = string(ca)
+	}
+
+	if len(secret.StringData) > 0 {
+		logger.Actionf("applying secret with repository credentials")
+		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			return err
+		}
+		helmRepository.Spec.SecretRef = &corev1.LocalObjectReference{
+			Name: secretName,
+		}
+		logger.Successf("authentication configured")
+	}
+
+	logger.Actionf("applying source")
+	if err := upsertHelmRepository(ctx, kubeClient, helmRepository); err != nil {
+		return err
+	}
+
+	logger.Waitingf("waiting for index download")
+	if err := wait.PollImmediate(pollInterval, timeout,
+		isHelmRepositoryReady(ctx, kubeClient, name, namespace)); err != nil {
+		return err
+	}
+
+	logger.Successf("index download completed")
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+	err = kubeClient.Get(ctx, namespacedName, &helmRepository)
+	if err != nil {
+		return fmt.Errorf("helm index failed: %w", err)
+	}
+
+	if helmRepository.Status.Artifact != nil {
+		logger.Successf("fetched revision: %s", helmRepository.Status.Artifact.Revision)
+	} else {
+		return fmt.Errorf("index download failed, artifact not found")
+	}
+
+	return nil
+}
+
+func upsertHelmRepository(ctx context.Context, kubeClient client.Client, helmRepository sourcev1.HelmRepository) error {
+	namespacedName := types.NamespacedName{
+		Namespace: helmRepository.GetNamespace(),
+		Name:      helmRepository.GetName(),
+	}
+
+	var existing sourcev1.HelmRepository
+	err := kubeClient.Get(ctx, namespacedName, &existing)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			if err := kubeClient.Create(ctx, &helmRepository); err != nil {
+				return err
+			} else {
+				logger.Successf("source created")
+				return nil
+			}
+		}
+		return err
+	}
+
+	existing.Spec = helmRepository.Spec
+	if err := kubeClient.Update(ctx, &existing); err != nil {
+		return err
+	}
+
+	logger.Successf("source updated")
+	return nil
+}
+
+func exportHelmRepository(source sourcev1.HelmRepository) error {
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
+	export := sourcev1.HelmRepository{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      source.Name,
+			Namespace: source.Namespace,
+		},
+		Spec: source.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(string(data))
+	return nil
+}

cmd/tk/delete_helmrelease.go

@@ -0,0 +1,91 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/manifoldco/promptui"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+)
+
+var deleteHelmReleaseCmd = &cobra.Command{
+	Use:     "helmrelease [name]",
+	Aliases: []string{"hr"},
+	Short:   "Delete a HelmRelease resource",
+	Long:    "The delete helmrelease command removes the given HelmRelease from the cluster.",
+	Example: `  # Delete a Helm release and the Kubernetes resources created by it
+  tk delete hr podinfo
+`,
+	RunE: deleteHelmReleaseCmdRun,
+}
+
+func init() {
+	deleteCmd.AddCommand(deleteHelmReleaseCmd)
+}
+
+func deleteHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("release name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	var helmRelease helmv2.HelmRelease
+	err = kubeClient.Get(ctx, namespacedName, &helmRelease)
+	if err != nil {
+		return err
+	}
+
+	if !deleteSilent {
+		if !helmRelease.Spec.Suspend {
+			logger.Waitingf("This action will remove the Kubernetes objects previously applied by the %s Helm release!", name)
+		}
+		prompt := promptui.Prompt{
+			Label:     "Are you sure you want to delete this Helm release",
+			IsConfirm: true,
+		}
+		if _, err := prompt.Run(); err != nil {
+			return fmt.Errorf("aborting")
+		}
+	}
+
+	logger.Actionf("deleting release %s in %s namespace", name, namespace)
+	err = kubeClient.Delete(ctx, &helmRelease)
+	if err != nil {
+		return err
+	}
+	logger.Successf("release deleted")
+
+	return nil
+}

cmd/tk/delete_kustomization.go

@@ -31,7 +31,10 @@ var deleteKsCmd = &cobra.Command{
 	Aliases: []string{"ks"},
 	Short:   "Delete a Kustomization resource",
 	Long:    "The delete kustomization command deletes the given Kustomization from the cluster.",
-	RunE:    deleteKsCmdRun,
+	Example: `  # Delete a kustomization and the Kubernetes resources created by it
+  tk delete kustomization podinfo
+`,
+	RunE: deleteKsCmdRun,
 }
 
 func init() {

cmd/tk/delete_source_git.go

@@ -30,7 +30,10 @@ var deleteSourceGitCmd = &cobra.Command{
 	Use:   "git [name]",
 	Short: "Delete a GitRepository source",
 	Long:  "The delete source git command deletes the given GitRepository from the cluster.",
-	RunE:  deleteSourceGitCmdRun,
+	Example: `  # Delete a Git repository
+  tk delete source git podinfo
+`,
+	RunE: deleteSourceGitCmdRun,
 }
 
 func init() {

cmd/tk/delete_source_helm.go

@@ -0,0 +1,86 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/manifoldco/promptui"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+var deleteSourceHelmCmd = &cobra.Command{
+	Use:   "helm [name]",
+	Short: "Delete a HelmRepository source",
+	Long:  "The delete source helm command deletes the given HelmRepository from the cluster.",
+	Example: `  # Delete a Helm repository
+  tk delete source helm podinfo
+`,
+	RunE: deleteSourceHelmCmdRun,
+}
+
+func init() {
+	deleteSourceCmd.AddCommand(deleteSourceHelmCmd)
+}
+
+func deleteSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	namespacedName := types.NamespacedName{
+		Namespace: namespace,
+		Name:      name,
+	}
+
+	var helmRepository sourcev1.HelmRepository
+	err = kubeClient.Get(ctx, namespacedName, &helmRepository)
+	if err != nil {
+		return err
+	}
+
+	if !deleteSilent {
+		prompt := promptui.Prompt{
+			Label:     "Are you sure you want to delete this source",
+			IsConfirm: true,
+		}
+		if _, err := prompt.Run(); err != nil {
+			return fmt.Errorf("aborting")
+		}
+	}
+
+	logger.Actionf("deleting source %s in %s namespace", name, namespace)
+	err = kubeClient.Delete(ctx, &helmRepository)
+	if err != nil {
+		return err
+	}
+	logger.Successf("source deleted")
+
+	return nil
+}

cmd/tk/export_helmrelease.go

@@ -0,0 +1,118 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+)
+
+var exportHelmReleaseCmd = &cobra.Command{
+	Use:     "helmrelease [name]",
+	Aliases: []string{"hr"},
+	Short:   "Export HelmRelease resources in YAML format",
+	Long:    "The export helmrelease command exports one or all HelmRelease resources in YAML format.",
+	Example: `  # Export all HelmRelease resources
+  tk export helmrelease --all > kustomizations.yaml
+
+  # Export a HelmRelease
+  tk export hr my-app > app-release.yaml
+`,
+	RunE: exportHelmReleaseCmdRun,
+}
+
+func init() {
+	exportCmd.AddCommand(exportHelmReleaseCmd)
+}
+
+func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+	if !exportAll && len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	if exportAll {
+		var list helmv2.HelmReleaseList
+		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		if err != nil {
+			return err
+		}
+
+		if len(list.Items) == 0 {
+			logger.Failuref("no kustomizations found in %s namespace", namespace)
+			return nil
+		}
+
+		for _, helmRelease := range list.Items {
+			if err := exportHelmRelease(helmRelease); err != nil {
+				return err
+			}
+		}
+	} else {
+		name := args[0]
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+		var helmRelease helmv2.HelmRelease
+		err = kubeClient.Get(ctx, namespacedName, &helmRelease)
+		if err != nil {
+			return err
+		}
+		return exportHelmRelease(helmRelease)
+	}
+	return nil
+}
+
+func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
+	gvk := helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)
+	export := helmv2.HelmRelease{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       gvk.Kind,
+			APIVersion: gvk.GroupVersion().String(),
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      helmRelease.Name,
+			Namespace: helmRelease.Namespace,
+		},
+		Spec: helmRelease.Spec,
+	}
+
+	data, err := yaml.Marshal(export)
+	if err != nil {
+		return err
+	}
+
+	fmt.Println("---")
+	fmt.Println(string(data))
+	return nil
+}

cmd/tk/export_kustomization.go

@@ -34,10 +34,10 @@ var exportKsCmd = &cobra.Command{
 	Short:   "Export Kustomization resources in YAML format",
 	Long:    "The export kustomization command exports one or all Kustomization resources in YAML format.",
 	Example: `  # Export all Kustomization resources
-  export kustomization --all > kustomizations.yaml
+  tk export kustomization --all > kustomizations.yaml
 
   # Export a Kustomization
-  export kustomization my-app > kustomization.yaml
+  tk export kustomization my-app > kustomization.yaml
 `,
 	RunE: exportKsCmdRun,
 }

cmd/tk/export_source_git.go

@@ -34,10 +34,10 @@ var exportSourceGitCmd = &cobra.Command{
 	Short: "Export GitRepository sources in YAML format",
 	Long:  "The export source git command exports on or all GitRepository sources in YAML format.",
 	Example: `  # Export all GitRepository sources
-  export source git --all > sources.yaml
+  tk export source git --all > sources.yaml
 
   # Export a GitRepository source including the SSH key pair or basic auth credentials
-  export source git my-private-repo --with-credentials > source.yaml
+  tk export source git my-private-repo --with-credentials > source.yaml
 `,
 	RunE: exportSourceGitCmdRun,
 }
@@ -48,7 +48,7 @@ func init() {
 
 func exportSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if !exportAll && len(args) < 1 {
-		return fmt.Errorf("kustomization name is required")
+		return fmt.Errorf("name is required")
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), timeout)
@@ -103,7 +103,7 @@ func exportSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 }
 
 func exportGit(source sourcev1.GitRepository) error {
-	gvk := sourcev1.GroupVersion.WithKind("GitRepository")
+	gvk := sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)
 	export := sourcev1.GitRepository{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       gvk.Kind,

cmd/tk/export_source_helm.go

@@ -0,0 +1,139 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+)
+
+var exportSourceHelmCmd = &cobra.Command{
+	Use:   "helm [name]",
+	Short: "Export HelmRepository sources in YAML format",
+	Long:  "The export source git command exports on or all HelmRepository sources in YAML format.",
+	Example: `  # Export all HelmRepository sources
+  tk export source helm --all > sources.yaml
+
+  # Export a HelmRepository source including the basic auth credentials
+  tk export source helm my-private-repo --with-credentials > source.yaml
+`,
+	RunE: exportSourceHelmCmdRun,
+}
+
+func init() {
+	exportSourceCmd.AddCommand(exportSourceHelmCmd)
+}
+
+func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+	if !exportAll && len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	if exportAll {
+		var list sourcev1.HelmRepositoryList
+		err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+		if err != nil {
+			return err
+		}
+
+		if len(list.Items) == 0 {
+			logger.Failuref("no source found in %s namespace", namespace)
+			return nil
+		}
+
+		for _, repository := range list.Items {
+			if err := exportHelmRepository(repository); err != nil {
+				return err
+			}
+			if exportSourceWithCred {
+				if err := exportHelmCredentials(ctx, kubeClient, repository); err != nil {
+					return err
+				}
+			}
+		}
+	} else {
+		name := args[0]
+		namespacedName := types.NamespacedName{
+			Namespace: namespace,
+			Name:      name,
+		}
+		var repository sourcev1.HelmRepository
+		err = kubeClient.Get(ctx, namespacedName, &repository)
+		if err != nil {
+			return err
+		}
+		if err := exportHelmRepository(repository); err != nil {
+			return err
+		}
+		if exportSourceWithCred {
+			return exportHelmCredentials(ctx, kubeClient, repository)
+		}
+	}
+	return nil
+}
+
+func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.HelmRepository) error {
+	if source.Spec.SecretRef != nil {
+		namespacedName := types.NamespacedName{
+			Namespace: source.Namespace,
+			Name:      source.Spec.SecretRef.Name,
+		}
+		var cred corev1.Secret
+		err := kubeClient.Get(ctx, namespacedName, &cred)
+		if err != nil {
+			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
+		}
+
+		exported := corev1.Secret{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "Secret",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      namespacedName.Name,
+				Namespace: namespacedName.Namespace,
+			},
+			Data: cred.Data,
+			Type: cred.Type,
+		}
+
+		data, err := yaml.Marshal(exported)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println("---")
+		fmt.Println(string(data))
+	}
+	return nil
+}

cmd/tk/get_helmrelease.go

@@ -0,0 +1,90 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+)
+
+var getHelmReleaseCmd = &cobra.Command{
+	Use:     "helmreleases",
+	Aliases: []string{"hr"},
+	Short:   "Get HelmRelease statuses",
+	Long:    "The get helmreleases command prints the statuses of the resources.",
+	Example: `  # List all Helm releases and their status
+  tk get helmreleases
+`,
+	RunE: getHelmReleaseCmdRun,
+}
+
+func init() {
+	getCmd.AddCommand(getHelmReleaseCmd)
+}
+
+func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	var list helmv2.HelmReleaseList
+	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	if err != nil {
+		return err
+	}
+
+	if len(list.Items) == 0 {
+		logger.Failuref("no releases found in %s namespace", namespace)
+		return nil
+	}
+
+	for _, helmRelease := range list.Items {
+		if helmRelease.Spec.Suspend {
+			logger.Successf("%s is suspended", helmRelease.GetName())
+			continue
+		}
+		isInitialized := false
+		for _, condition := range helmRelease.Status.Conditions {
+			if condition.Type == helmv2.ReadyCondition {
+				if condition.Status != corev1.ConditionFalse {
+					if helmRelease.Status.LastAppliedRevision != "" {
+						logger.Successf("%s last applied revision %s", helmRelease.GetName(), helmRelease.Status.LastAppliedRevision)
+					} else {
+						logger.Successf("%s reconciling", helmRelease.GetName())
+					}
+				} else {
+					logger.Failuref("%s %s", helmRelease.GetName(), condition.Message)
+				}
+				isInitialized = true
+				break
+			}
+		}
+		if !isInitialized {
+			logger.Failuref("%s is not ready", helmRelease.GetName())
+		}
+	}
+	return nil
+}

cmd/tk/get_kustomization.go

@@ -28,9 +28,12 @@ import (
 var getKsCmd = &cobra.Command{
 	Use:     "kustomizations",
 	Aliases: []string{"ks"},
-	Short:   "Get Kustomization source statuses",
+	Short:   "Get Kustomization statuses",
 	Long:    "The get kustomizations command prints the statuses of the resources.",
-	RunE:    getKsCmdRun,
+	Example: `  # List all kustomizations and their status
+  tk get kustomizations
+`,
+	RunE: getKsCmdRun,
 }
 
 func init() {

cmd/tk/get_source_git.go

@@ -29,7 +29,10 @@ var getSourceGitCmd = &cobra.Command{
 	Use:   "git",
 	Short: "Get GitRepository source statuses",
 	Long:  "The get sources git command prints the status of the GitRepository sources.",
-	RunE:  getSourceGitCmdRun,
+	Example: `  # List all Git repositories and their status
+  tk get sources git
+`,
+	RunE: getSourceGitCmdRun,
 }
 
 func init() {

cmd/tk/get_source_helm.go

@@ -0,0 +1,80 @@
+/*
+Copyright 2020 The Flux CD contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var getSourceHelmCmd = &cobra.Command{
+	Use:   "helm",
+	Short: "Get HelmRepository source statuses",
+	Long:  "The get sources helm command prints the status of the HelmRepository sources.",
+	Example: `  # List all Helm repositories and their status
+  tk get sources helm
+`,
+	RunE: getSourceHelmCmdRun,
+}
+
+func init() {
+	getSourceCmd.AddCommand(getSourceHelmCmd)
+}
+
+func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	defer cancel()
+
+	kubeClient, err := utils.kubeClient(kubeconfig)
+	if err != nil {
+		return err
+	}
+
+	var list sourcev1.HelmRepositoryList
+	err = kubeClient.List(ctx, &list, client.InNamespace(namespace))
+	if err != nil {
+		return err
+	}
+
+	if len(list.Items) == 0 {
+		logger.Failuref("no sources found in %s namespace", namespace)
+		return nil
+	}
+
+	for _, source := range list.Items {
+		isInitialized := false
+		for _, condition := range source.Status.Conditions {
+			if condition.Type == sourcev1.ReadyCondition {
+				if condition.Status != corev1.ConditionFalse {
+					logger.Successf("%s last fetched revision: %s", source.GetName(), source.Status.Artifact.Revision)
+				} else {
+					logger.Failuref("%s %s", source.GetName(), condition.Message)
+				}
+				isInitialized = true
+				break
+			}
+		}
+		if !isInitialized {
+			logger.Failuref("%s is not ready", source.GetName())
+		}
+	}
+	return nil
+}

cmd/tk/install.go

@@ -54,11 +54,13 @@ If a previous version is installed, then an in-place upgrade will be performed.`
 }
 
 var (
-	installExport        bool
-	installDryRun        bool
-	installManifestsPath string
-	installVersion       string
-	installComponents    []string
+	installExport          bool
+	installDryRun          bool
+	installManifestsPath   string
+	installVersion         string
+	installComponents      []string
+	installRegistry        string
+	installImagePullSecret string
 )
 
 func init() {
@@ -70,8 +72,12 @@ func init() {
 		"toolkit version")
 	installCmd.Flags().StringSliceVar(&installComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	installCmd.Flags().StringVarP(&installManifestsPath, "manifests", "", "",
+	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "",
 		"path to the manifest directory, dev only")
+	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
+		"container registry where the toolkit images are published")
+	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(installCmd)
 }
 
@@ -97,7 +103,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, tmpDir)
+		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
@@ -118,6 +124,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		} else if installExport {
 			fmt.Println("---")
 			fmt.Println("# GitOps Toolkit revision", installVersion, time.Now().Format(time.RFC3339))
+			fmt.Println("# Components:", strings.Join(installComponents, ","))
 			fmt.Print(yaml)
 			fmt.Println("---")
 			return nil
@@ -183,12 +190,15 @@ fieldSpecs:
 `
 
 var kustomizationTmpl = `---
-{{- $version := .Version }}
+{{- $eventsAddr := .EventsAddr }}
+{{- $registry := .Registry }}
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: {{.Namespace}}
+
 transformers:
   - labels.yaml
+
 resources:
   - namespace.yaml
   - policies.yaml
@@ -196,6 +206,34 @@ resources:
 {{- range .Components }}
   - {{.}}.yaml
 {{- end }}
+
+patches:
+- path: node-selector.yaml
+  target:
+    kind: Deployment
+
+patchesJson6902:
+{{- range $i, $component := .Components }}
+{{- if ne $component "notification-controller" }}
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: {{$component}}
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/args/0
+      value: --events-addr={{$eventsAddr}}
+{{- end }}
+{{- end }}
+
+{{- if $registry }}
+images:
+{{- range $i, $component := .Components }}
+  - name: fluxcd/{{$component}}
+    newName: {{$registry}}/{{$component}}
+{{- end }}
+{{- end }}
 `
 
 var kustomizationRolesTmpl = `---
@@ -206,6 +244,23 @@ resources:
 nameSuffix: -{{.Namespace}}
 `
 
+var nodeSelectorTmpl = `---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: all
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/arch: amd64
+        kubernetes.io/os: linux
+{{- if .ImagePullSecret }}
+      imagePullSecrets:
+       - name: {{.ImagePullSecret}}
+{{- end }}
+`
+
 func downloadManifests(version string, tmpDir string) error {
 	ghURL := "https://github.com/fluxcd/toolkit/releases/latest/download/manifests.tar.gz"
 	if strings.HasPrefix(version, "v") {
@@ -240,15 +295,26 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
+	eventsAddr := ""
+	if utils.containsItemString(components, defaultNotification) {
+		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
+	}
+
 	model := struct {
-		Version    string
-		Namespace  string
-		Components []string
+		Version         string
+		Namespace       string
+		Components      []string
+		EventsAddr      string
+		Registry        string
+		ImagePullSecret string
 	}{
-		Version:    version,
-		Namespace:  namespace,
-		Components: components,
+		Version:         version,
+		Namespace:       namespace,
+		Components:      components,
+		EventsAddr:      eventsAddr,
+		Registry:        registry,
+		ImagePullSecret: imagePullSecret,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {
@@ -263,6 +329,10 @@ func genInstallManifests(version string, namespace string, components []string,
 		return fmt.Errorf("generate labels failed: %w", err)
 	}
 
+	if err := utils.execTemplate(model, nodeSelectorTmpl, path.Join(tmpDir, "node-selector.yaml")); err != nil {
+		return fmt.Errorf("generate node selector failed: %w", err)
+	}
+
 	if err := utils.execTemplate(model, kustomizationTmpl, path.Join(tmpDir, "kustomization.yaml")); err != nil {
 		return fmt.Errorf("generate kustomization failed: %w", err)
 	}

cmd/tk/main.go

@@ -38,7 +38,7 @@ var rootCmd = &cobra.Command{
 	SilenceErrors: true,
 	Short:         "Command line utility for assembling Kubernetes CD pipelines",
 	Long:          `Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
-	Example: `  # Check prerequisites 
+	Example: `  # Check prerequisites
   tk check --pre
 
   # Install the latest version of the toolkit
@@ -53,8 +53,8 @@ var rootCmd = &cobra.Command{
   # List GitRepository sources and their status
   tk get sources git
 
-  # Trigger a GitRepository source sync
-  tk sync source git webapp-latest
+  # Trigger a GitRepository source reconciliation
+  tk reconcile source git gitops-system
 
   # Export GitRepository sources in YAML format
   tk export source git --all > sources.yaml
@@ -104,9 +104,10 @@ var (
 )
 
 var (
-	defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
-	defaultVersion    = "latest"
-	defaultNamespace  = "gitops-system"
+	defaultComponents   = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+	defaultVersion      = "latest"
+	defaultNamespace    = "gitops-system"
+	defaultNotification = "notification-controller"
 )
 
 func init() {

cmd/tk/reconcile_source_helm.go

@@ -34,7 +34,7 @@ var reconcileSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Reconcile a HelmRepository source",
 	Long:  `The reconcile source command triggers a reconciliation of a HelmRepository resource and waits for it to finish.`,
-	Example: `  # Trigger a helm repo update for an existing source
+	Example: `  # Trigger a reconciliation for an existing source
   tk reconcile source helm podinfo
 `,
 	RunE: syncSourceHelmCmdRun,

cmd/tk/resume_helmrelease.go

@@ -35,6 +35,9 @@ var resumeHrCmd = &cobra.Command{
 	Short:   "Resume a suspended HelmRelease",
 	Long: `The resume command marks a previously suspended HelmRelease resource for reconciliation and waits for it to
 finish the apply.`,
+	Example: `  # Resume reconciliation for an existing Helm release
+  tk resume hr podinfo
+`,
 	RunE: resumeHrCmdRun,
 }
 

cmd/tk/resume_kustomization.go

@@ -35,6 +35,9 @@ var resumeKsCmd = &cobra.Command{
 	Short:   "Resume a suspended Kustomization",
 	Long: `The resume command marks a previously suspended Kustomization resource for reconciliation and waits for it to
 finish the apply.`,
+	Example: `  # Resume reconciliation for an existing Kustomization
+  tk resume ks podinfo
+`,
 	RunE: resumeKsCmdRun,
 }
 

cmd/tk/suspend_helmrelease.go

@@ -31,7 +31,10 @@ var suspendHrCmd = &cobra.Command{
 	Aliases: []string{"hr"},
 	Short:   "Suspend reconciliation of HelmRelease",
 	Long:    "The suspend command disables the reconciliation of a HelmRelease resource.",
-	RunE:    suspendHrCmdRun,
+	Example: `  # Suspend reconciliation for an existing Helm release
+  tk suspend hr podinfo
+`,
+	RunE: suspendHrCmdRun,
 }
 
 func init() {

cmd/tk/suspend_kustomization.go

@@ -29,7 +29,10 @@ var suspendKsCmd = &cobra.Command{
 	Aliases: []string{"ks"},
 	Short:   "Suspend reconciliation of Kustomization",
 	Long:    "The suspend command disables the reconciliation of a Kustomization resource.",
-	RunE:    suspendKsCmdRun,
+	Example: `  # Suspend reconciliation for an existing Kustomization
+  tk suspend ks podinfo
+`,
+	RunE: suspendKsCmdRun,
 }
 
 func init() {

cmd/tk/uninstall.go

@@ -19,10 +19,12 @@ package main
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 )
 
 var uninstallCmd = &cobra.Command{
@@ -30,27 +32,27 @@ var uninstallCmd = &cobra.Command{
 	Short: "Uninstall the toolkit components",
 	Long:  "The uninstall command removes the namespace, cluster roles, cluster role bindings and CRDs from the cluster.",
 	Example: `  # Dry-run uninstall of all components
-   uninstall --dry-run --namespace=gitops-system
+  tk uninstall --dry-run --namespace=gitops-system
 
   # Uninstall all components and delete custom resource definitions
-  uninstall --crds --namespace=gitops-system
+  tk uninstall --resources --crds --namespace=gitops-system
 `,
 	RunE: uninstallCmdRun,
 }
 
 var (
-	uninstallCRDs           bool
-	uninstallKustomizations bool
-	uninstallDryRun         bool
-	uninstallSilent         bool
+	uninstallCRDs      bool
+	uninstallResources bool
+	uninstallDryRun    bool
+	uninstallSilent    bool
 )
 
 func init() {
-	uninstallCmd.Flags().BoolVarP(&uninstallKustomizations, "kustomizations", "", false,
-		"removes all Kustomizations previously installed")
-	uninstallCmd.Flags().BoolVarP(&uninstallCRDs, "crds", "", false,
+	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", false,
+		"removes custom resources such as Kustomizations, GitRepositories and HelmRepositories")
+	uninstallCmd.Flags().BoolVar(&uninstallCRDs, "crds", false,
 		"removes all CRDs previously installed")
-	uninstallCmd.Flags().BoolVarP(&uninstallDryRun, "dry-run", "", false,
+	uninstallCmd.Flags().BoolVar(&uninstallDryRun, "dry-run", false,
 		"only print the object that would be deleted")
 	uninstallCmd.Flags().BoolVarP(&uninstallSilent, "silent", "s", false,
 		"delete components without asking for confirmation")
@@ -75,18 +77,19 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	if uninstallKustomizations {
-		logger.Actionf("uninstalling kustomizations")
-		command := fmt.Sprintf("kubectl -n %s delete kustomizations --all --timeout=%s %s",
-			namespace, timeout.String(), dryRun)
-		if _, err := utils.execCommand(ctx, ModeOS, command); err != nil {
-			return fmt.Errorf("uninstall failed")
+	if uninstallResources {
+		logger.Actionf("uninstalling custom resources")
+		for _, kind := range []string{
+			kustomizev1.KustomizationKind,
+			sourcev1.GitRepositoryKind,
+			sourcev1.HelmRepositoryKind,
+		} {
+			command := fmt.Sprintf("kubectl -n %s delete %s --all --timeout=%s %s",
+				namespace, kind, timeout.String(), dryRun)
+			if _, err := utils.execCommand(ctx, ModeOS, command); err != nil {
+				return fmt.Errorf("uninstall failed")
+			}
 		}
-
-		// TODO: use the kustomizations snapshots to create a list of objects
-		// that are subject to deletion and wait for all of them to be terminated
-		logger.Waitingf("waiting on GC")
-		time.Sleep(30 * time.Second)
 	}
 
 	kinds := "namespace,clusterroles,clusterrolebindings"

cmd/tk/utils.go

@@ -26,12 +26,14 @@ import (
 	"os/exec"
 	"text/template"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/clientcmd"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2alpha1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 )
 
 type Utils struct {
@@ -118,6 +120,7 @@ func (*Utils) kubeClient(config string) (client.Client, error) {
 	_ = corev1.AddToScheme(scheme)
 	_ = sourcev1.AddToScheme(scheme)
 	_ = kustomizev1.AddToScheme(scheme)
+	_ = helmv2.AddToScheme(scheme)
 
 	kubeClient, err := client.New(cfg, client.Options{
 		Scheme: scheme,
@@ -163,3 +166,12 @@ func (*Utils) copyFile(src, dst string) error {
 	}
 	return out.Close()
 }
+
+func (*Utils) containsItemString(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}

docs/_static/custom.css

@@ -22,3 +22,76 @@ body {
 .md-header-nav__title {
     font-size: .85rem;
 }
+
+.check-bullet {
+  color:#07bfa5;
+  background-color: white;
+  margin-left:-22px;
+}
+
+/* Progress bar styling */
+
+.progress-label {
+    position: absolute;
+    text-align: center;
+    font-weight: 700;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0 ! important; */
+    margin-top: -0.4rem ! important;
+    line-height: 1.2rem;
+    white-space: nowrap;
+    overflow: hidden;
+  }
+  
+  .progress-bar {
+    /*remove original styling for thin styling
+    height: 1.2rem; */
+    height: 0.4rem;
+    float: left;
+    background: repeating-linear-gradient(
+        45deg,
+        rgba(255, 255, 255, 0.2),
+        rgba(255, 255, 255, 0.2) 10px,
+        rgba(255, 255, 255, 0.3) 10px,
+        rgba(255, 255, 255, 0.3) 20px
+      ) #2979ff;
+      border-radius: 2px;
+  }
+  
+  .progress {
+    display: block;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0.5rem 0;
+    height: 1.2rem; */
+    margin-top: 0.9rem;
+    height: 0.4rem;
+    background-color: #eeeeee;
+    position: relative;
+    border-radius: 2px;
+  }
+
+  .progress-100plus .progress-bar {
+    background-color: #00c853;
+  }
+  
+  .progress-80plus .progress-bar {
+    background-color: #64dd17;
+  }
+  
+  .progress-60plus .progress-bar {
+    background-color: #fbc02d;
+  }
+  
+  .progress-40plus .progress-bar {
+    background-color: #ff9100;
+  }
+  
+  .progress-20plus .progress-bar {
+    background-color: #ff5252;
+  }
+  
+  .progress-0plus .progress-bar {
+    background-color: #ff1744;
+  }

docs/cmd/tk.md

@@ -9,7 +9,7 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
 ### Examples
 
 ```
-  # Check prerequisites 
+  # Check prerequisites
   tk check --pre
 
   # Install the latest version of the toolkit
@@ -24,8 +24,8 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
   # List GitRepository sources and their status
   tk get sources git
 
-  # Trigger a GitRepository source sync
-  tk sync source git webapp-latest
+  # Trigger a GitRepository source reconciliation
+  tk reconcile source git gitops-system
 
   # Export GitRepository sources in YAML format
   tk export source git --all > sources.yaml

docs/cmd/tk_bootstrap.md

@@ -9,9 +9,11 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-  -h, --help                 help for bootstrap
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+  -h, --help                       help for bootstrap
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands

docs/cmd/tk_bootstrap_github.md

@@ -21,19 +21,19 @@ tk bootstrap github [flags]
   export GITHUB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitHub organization
-  bootstrap github --owner=<organization> --repository=<repo name>
+  tk bootstrap github --owner=<organization> --repository=<repo name>
 
   # Run bootstrap for a private repo and assign organization teams to it
-  bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
+  tk bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
 
   # Run bootstrap for a repository path
-  bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
+  tk bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
+  tk bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on GitHub Enterprise
-  bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
+  tk bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain>
 
 ```
 
@@ -54,12 +54,14 @@ tk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
-      --namespace string     the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
-      --verbose              print generated objects
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --timeout duration           timeout for this operation (default 5m0s)
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_bootstrap_gitlab.md

@@ -21,16 +21,16 @@ tk bootstrap gitlab [flags]
   export GITLAB_TOKEN=<my-token>
 
   # Run bootstrap for a private repo owned by a GitLab group
-  bootstrap gitlab --owner=<group> --repository=<repo name>
+  tk bootstrap gitlab --owner=<group> --repository=<repo name>
 
   # Run bootstrap for a repository path
-  bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
+  tk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
+  tk bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal=true 
 
   # Run bootstrap for a private repo hosted on a GitLab server 
-  bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
+  tk bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain>
 
 ```
 
@@ -50,12 +50,14 @@ tk bootstrap gitlab [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
-      --namespace string     the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
-      --verbose              print generated objects
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --timeout duration           timeout for this operation (default 5m0s)
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_create.md

@@ -26,6 +26,7 @@ The create sub-commands generate sources and resources.
 ### SEE ALSO
 
 * [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [tk create helmrelease](tk_create_helmrelease.md)	 - Create or update a HelmRelease resource
 * [tk create kustomization](tk_create_kustomization.md)	 - Create or update a Kustomization resource
 * [tk create source](tk_create_source.md)	 - Create or update sources
 

docs/cmd/tk_create_helmrelease.md

@@ -0,0 +1,71 @@
+## tk create helmrelease
+
+Create or update a HelmRelease resource
+
+### Synopsis
+
+The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.
+
+```
+tk create helmrelease [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a HelmRelease from a source
+  tk create hr podinfo \
+    --interval=10m \
+    --release-name=podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=">4.0.0"
+
+  # Create a HelmRelease with values for a local YAML file
+  tk create hr podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=4.0.5 \
+    --values=./my-values.yaml
+
+  # Create a HelmRelease definition on disk without applying it on the cluster
+  tk create hr podinfo \
+    --target-namespace=default \
+    --source=podinfo \
+    --chart-name=podinfo \
+    --chart-version=4.0.5 \
+    --values=./values.yaml \
+    --export > podinfo-release.yaml
+
+```
+
+### Options
+
+```
+      --chart-name string         Helm chart name
+      --chart-version string      Helm chart version, accepts semver range
+      --depends-on stringArray    HelmReleases that must be ready before this release can be installed
+  -h, --help                      help for helmrelease
+      --release-name string       name used for the Helm release, defaults to a composition of '<target-namespace>-<hr-name>'
+      --source string             HelmRepository name
+      --target-namespace string   namespace to install this release, defaults to the HelmRelease namespace
+      --values string             local path to the values.yaml file
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk create](tk_create.md)	 - Create or update sources and resources
+

docs/cmd/tk_create_kustomization.md

@@ -14,7 +14,7 @@ tk create kustomization [name] [flags]
 
 ```
   # Create a Kustomization resource from a source at a given path
-  create kustomization contour \
+  tk create kustomization contour \
     --source=contour \
     --path="./examples/contour/" \
     --prune=true \
@@ -25,7 +25,7 @@ tk create kustomization [name] [flags]
     --health-check-timeout=3m
 
   # Create a Kustomization resource that depends on the previous one
-  create kustomization webapp \
+  tk create kustomization webapp \
     --depends-on=contour \
     --source=webapp \
     --path="./deploy/overlays/dev" \
@@ -34,7 +34,7 @@ tk create kustomization [name] [flags]
     --validation=client
 
   # Create a Kustomization resource that runs under a service account
-  create kustomization webapp \
+  tk create kustomization webapp \
     --source=webapp \
     --path="./deploy/overlays/staging" \
     --prune=true \

docs/cmd/tk_create_source.md

@@ -27,4 +27,5 @@ The create source sub-commands generate sources.
 
 * [tk create](tk_create.md)	 - Create or update sources and resources
 * [tk create source git](tk_create_source_git.md)	 - Create or update a GitRepository source
+* [tk create source helm](tk_create_source_helm.md)	 - Create or update a HelmRepository source
 

docs/cmd/tk_create_source_git.md

@@ -17,35 +17,35 @@ tk create source git [name] [flags]
 
 ```
   # Create a source from a public Git repository master branch
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository pinned to specific git tag
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag="3.2.3"
 
   # Create a source from a public Git repository tag that matches a semver range
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag-semver=">=3.2.0 <3.3.0"
 
   # Create a source from a Git repository using SSH authentication
-  create source git podinfo \
+  tk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master
 
   # Create a source from a Git repository using SSH authentication and an
   # ECDSA P-521 curve public key
-  create source git podinfo \
+  tk create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master \
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
   # Create a source from a Git repository using basic authentication
-  create source git podinfo \
+  tk create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
     --password=password

docs/cmd/tk_create_source_helm.md

@@ -0,0 +1,64 @@
+## tk create source helm
+
+Create or update a HelmRepository source
+
+### Synopsis
+
+
+The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
+For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.
+
+```
+tk create source helm [name] [flags]
+```
+
+### Examples
+
+```
+  # Create a source from a public Helm repository
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --interval=10m
+
+  # Create a source from a Helm repository using basic authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --username=username \
+    --password=password
+
+  # Create a source from a Helm repository using TLS authentication
+  tk create source helm podinfo \
+    --url=https://stefanprodan.github.io/podinfo \
+    --cert-file=./cert.crt \
+    --key-file=./key.crt \
+    --ca-file=./ca.crt
+
+```
+
+### Options
+
+```
+      --ca-file string     TLS authentication CA file path
+      --cert-file string   TLS authentication cert file path
+  -h, --help               help for helm
+      --key-file string    TLS authentication key file path
+  -p, --password string    basic authentication password
+      --url string         Helm repository address
+  -u, --username string    basic authentication username
+```
+
+### Options inherited from parent commands
+
+```
+      --export              export in YAML format to stdout
+      --interval duration   source sync interval (default 1m0s)
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk create source](tk_create_source.md)	 - Create or update sources
+

docs/cmd/tk_delete.md

@@ -25,6 +25,7 @@ The delete sub-commands delete sources and resources.
 ### SEE ALSO
 
 * [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [tk delete helmrelease](tk_delete_helmrelease.md)	 - Delete a HelmRelease resource
 * [tk delete kustomization](tk_delete_kustomization.md)	 - Delete a Kustomization resource
 * [tk delete source](tk_delete_source.md)	 - Delete sources
 

docs/cmd/tk_delete_helmrelease.md

@@ -0,0 +1,40 @@
+## tk delete helmrelease
+
+Delete a HelmRelease resource
+
+### Synopsis
+
+The delete helmrelease command removes the given HelmRelease from the cluster.
+
+```
+tk delete helmrelease [name] [flags]
+```
+
+### Examples
+
+```
+  # Delete a Helm release and the Kubernetes resources created by it
+  tk delete hr podinfo
+
+```
+
+### Options
+
+```
+  -h, --help   help for helmrelease
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -s, --silent              delete resource without asking for confirmation
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk delete](tk_delete.md)	 - Delete sources and resources
+

docs/cmd/tk_delete_kustomization.md

@@ -10,6 +10,14 @@ The delete kustomization command deletes the given Kustomization from the cluste
 tk delete kustomization [name] [flags]
 ```
 
+### Examples
+
+```
+  # Delete a kustomization and the Kubernetes resources created by it
+  tk delete kustomization podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_delete_source.md

@@ -26,4 +26,5 @@ The delete source sub-commands delete sources.
 
 * [tk delete](tk_delete.md)	 - Delete sources and resources
 * [tk delete source git](tk_delete_source_git.md)	 - Delete a GitRepository source
+* [tk delete source helm](tk_delete_source_helm.md)	 - Delete a HelmRepository source
 

docs/cmd/tk_delete_source_git.md

@@ -10,6 +10,14 @@ The delete source git command deletes the given GitRepository from the cluster.
 tk delete source git [name] [flags]
 ```
 
+### Examples
+
+```
+  # Delete a Git repository
+  tk delete source git podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_delete_source_helm.md

@@ -0,0 +1,40 @@
+## tk delete source helm
+
+Delete a HelmRepository source
+
+### Synopsis
+
+The delete source helm command deletes the given HelmRepository from the cluster.
+
+```
+tk delete source helm [name] [flags]
+```
+
+### Examples
+
+```
+  # Delete a Helm repository
+  tk delete source helm podinfo
+
+```
+
+### Options
+
+```
+  -h, --help   help for helm
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+  -s, --silent              delete resource without asking for confirmation
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk delete source](tk_delete_source.md)	 - Delete sources
+

docs/cmd/tk_export.md

@@ -25,6 +25,7 @@ The export sub-commands export resources in YAML format.
 ### SEE ALSO
 
 * [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
+* [tk export helmrelease](tk_export_helmrelease.md)	 - Export HelmRelease resources in YAML format
 * [tk export kustomization](tk_export_kustomization.md)	 - Export Kustomization resources in YAML format
 * [tk export source](tk_export_source.md)	 - Export sources
 

docs/cmd/tk_export_helmrelease.md

@@ -0,0 +1,43 @@
+## tk export helmrelease
+
+Export HelmRelease resources in YAML format
+
+### Synopsis
+
+The export helmrelease command exports one or all HelmRelease resources in YAML format.
+
+```
+tk export helmrelease [name] [flags]
+```
+
+### Examples
+
+```
+  # Export all HelmRelease resources
+  tk export helmrelease --all > kustomizations.yaml
+
+  # Export a HelmRelease
+  tk export hr my-app > app-release.yaml
+
+```
+
+### Options
+
+```
+  -h, --help   help for helmrelease
+```
+
+### Options inherited from parent commands
+
+```
+      --all                 select all resources
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk export](tk_export.md)	 - Export resources in YAML format
+

docs/cmd/tk_export_kustomization.md

@@ -14,10 +14,10 @@ tk export kustomization [name] [flags]
 
 ```
   # Export all Kustomization resources
-  export kustomization --all > kustomizations.yaml
+  tk export kustomization --all > kustomizations.yaml
 
   # Export a Kustomization
-  export kustomization my-app > kustomization.yaml
+  tk export kustomization my-app > kustomization.yaml
 
 ```
 

docs/cmd/tk_export_source.md

@@ -27,4 +27,5 @@ The export source sub-commands export sources in YAML format.
 
 * [tk export](tk_export.md)	 - Export resources in YAML format
 * [tk export source git](tk_export_source_git.md)	 - Export GitRepository sources in YAML format
+* [tk export source helm](tk_export_source_helm.md)	 - Export HelmRepository sources in YAML format
 

docs/cmd/tk_export_source_git.md

@@ -14,10 +14,10 @@ tk export source git [name] [flags]
 
 ```
   # Export all GitRepository sources
-  export source git --all > sources.yaml
+  tk export source git --all > sources.yaml
 
   # Export a GitRepository source including the SSH key pair or basic auth credentials
-  export source git my-private-repo --with-credentials > source.yaml
+  tk export source git my-private-repo --with-credentials > source.yaml
 
 ```
 

docs/cmd/tk_export_source_helm.md

@@ -0,0 +1,44 @@
+## tk export source helm
+
+Export HelmRepository sources in YAML format
+
+### Synopsis
+
+The export source git command exports on or all HelmRepository sources in YAML format.
+
+```
+tk export source helm [name] [flags]
+```
+
+### Examples
+
+```
+  # Export all HelmRepository sources
+  tk export source helm --all > sources.yaml
+
+  # Export a HelmRepository source including the basic auth credentials
+  tk export source helm my-private-repo --with-credentials > source.yaml
+
+```
+
+### Options
+
+```
+  -h, --help   help for helm
+```
+
+### Options inherited from parent commands
+
+```
+      --all                 select all resources
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+      --with-credentials    include credential secrets
+```
+
+### SEE ALSO
+
+* [tk export source](tk_export_source.md)	 - Export sources
+

docs/cmd/tk_get.md

@@ -24,6 +24,7 @@ The get sub-commands print the statuses of sources and resources.
 ### SEE ALSO
 
 * [tk](tk.md)	 - Command line utility for assembling Kubernetes CD pipelines
-* [tk get kustomizations](tk_get_kustomizations.md)	 - Get Kustomization source statuses
+* [tk get helmreleases](tk_get_helmreleases.md)	 - Get HelmRelease statuses
+* [tk get kustomizations](tk_get_kustomizations.md)	 - Get Kustomization statuses
 * [tk get sources](tk_get_sources.md)	 - Get source statuses
 

docs/cmd/tk_get_helmreleases.md

@@ -0,0 +1,39 @@
+## tk get helmreleases
+
+Get HelmRelease statuses
+
+### Synopsis
+
+The get helmreleases command prints the statuses of the resources.
+
+```
+tk get helmreleases [flags]
+```
+
+### Examples
+
+```
+  # List all Helm releases and their status
+  tk get helmreleases
+
+```
+
+### Options
+
+```
+  -h, --help   help for helmreleases
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk get](tk_get.md)	 - Get sources and resources
+

docs/cmd/tk_get_kustomizations.md

@@ -1,6 +1,6 @@
 ## tk get kustomizations
 
-Get Kustomization source statuses
+Get Kustomization statuses
 
 ### Synopsis
 
@@ -10,6 +10,14 @@ The get kustomizations command prints the statuses of the resources.
 tk get kustomizations [flags]
 ```
 
+### Examples
+
+```
+  # List all kustomizations and their status
+  tk get kustomizations
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_get_sources.md

@@ -25,4 +25,5 @@ The get source sub-commands print the statuses of the sources.
 
 * [tk get](tk_get.md)	 - Get sources and resources
 * [tk get sources git](tk_get_sources_git.md)	 - Get GitRepository source statuses
+* [tk get sources helm](tk_get_sources_helm.md)	 - Get HelmRepository source statuses
 

docs/cmd/tk_get_sources_git.md

@@ -10,6 +10,14 @@ The get sources git command prints the status of the GitRepository sources.
 tk get sources git [flags]
 ```
 
+### Examples
+
+```
+  # List all Git repositories and their status
+  tk get sources git
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_get_sources_helm.md

@@ -0,0 +1,39 @@
+## tk get sources helm
+
+Get HelmRepository source statuses
+
+### Synopsis
+
+The get sources helm command prints the status of the HelmRepository sources.
+
+```
+tk get sources helm [flags]
+```
+
+### Examples
+
+```
+  # List all Helm repositories and their status
+  tk get sources helm
+
+```
+
+### Options
+
+```
+  -h, --help   help for helm
+```
+
+### Options inherited from parent commands
+
+```
+      --kubeconfig string   path to the kubeconfig file (default "~/.kube/config")
+      --namespace string    the namespace scope for this operation (default "gitops-system")
+      --timeout duration    timeout for this operation (default 5m0s)
+      --verbose             print generated objects
+```
+
+### SEE ALSO
+
+* [tk get sources](tk_get_sources.md)	 - Get source statuses
+

docs/cmd/tk_install.md

@@ -31,12 +31,14 @@ tk install [flags]
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --dry-run              only print the object that would be applied
-      --export               write the install manifests to stdout and exit
-  -h, --help                 help for install
-      --manifests string     path to the manifest directory, dev only
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --dry-run                    only print the object that would be applied
+      --export                     write the install manifests to stdout and exit
+  -h, --help                       help for install
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --manifests string           path to the manifest directory, dev only
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands

docs/cmd/tk_reconcile_source_helm.md

@@ -13,7 +13,7 @@ tk reconcile source helm [name] [flags]
 ### Examples
 
 ```
-  # Trigger a helm repo update for an existing source
+  # Trigger a reconciliation for an existing source
   tk reconcile source helm podinfo
 
 ```

docs/cmd/tk_resume_helmrelease.md

@@ -11,6 +11,14 @@ finish the apply.
 tk resume helmrelease [name] [flags]
 ```
 
+### Examples
+
+```
+  # Resume reconciliation for an existing Helm release
+  tk resume hr podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_resume_kustomization.md

@@ -11,6 +11,14 @@ finish the apply.
 tk resume kustomization [name] [flags]
 ```
 
+### Examples
+
+```
+  # Resume reconciliation for an existing Kustomization
+  tk resume ks podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_suspend_helmrelease.md

@@ -10,6 +10,14 @@ The suspend command disables the reconciliation of a HelmRelease resource.
 tk suspend helmrelease [name] [flags]
 ```
 
+### Examples
+
+```
+  # Suspend reconciliation for an existing Helm release
+  tk suspend hr podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_suspend_kustomization.md

@@ -10,6 +10,14 @@ The suspend command disables the reconciliation of a Kustomization resource.
 tk suspend kustomization [name] [flags]
 ```
 
+### Examples
+
+```
+  # Suspend reconciliation for an existing Kustomization
+  tk suspend ks podinfo
+
+```
+
 ### Options
 
 ```

docs/cmd/tk_uninstall.md

@@ -14,21 +14,21 @@ tk uninstall [flags]
 
 ```
   # Dry-run uninstall of all components
-   uninstall --dry-run --namespace=gitops-system
+  tk uninstall --dry-run --namespace=gitops-system
 
   # Uninstall all components and delete custom resource definitions
-  uninstall --crds --namespace=gitops-system
+  tk uninstall --resources --crds --namespace=gitops-system
 
 ```
 
 ### Options
 
 ```
-      --crds             removes all CRDs previously installed
-      --dry-run          only print the object that would be deleted
-  -h, --help             help for uninstall
-      --kustomizations   removes all Kustomizations previously installed
-  -s, --silent           delete components without asking for confirmation
+      --crds        removes all CRDs previously installed
+      --dry-run     only print the object that would be deleted
+  -h, --help        help for uninstall
+      --resources   removes custom resources such as Kustomizations, GitRepositories and HelmRepositories
+  -s, --silent      delete components without asking for confirmation
 ```
 
 ### Options inherited from parent commands

docs/dev-guides/source-watcher.md

@@ -131,8 +131,8 @@ type GitRepositoryWatcher struct {
 	Scheme *runtime.Scheme
 }
 
-// +kubebuilder:rbac:groups=source.fluxcd.io,resources=gitrepositories,verbs=get;list;watch
-// +kubebuilder:rbac:groups=source.fluxcd.io,resources=gitrepositories/status,verbs=get
+// +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories,verbs=get;list;watch
+// +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories/status,verbs=get
 
 func (r *GitRepositoryWatcher) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	// set timeout for the reconciliation

docs/get-started/index.md

@@ -227,7 +227,7 @@ If you delete a kustomization from the `fleet-infra` repo, the reconciler will r
 were previously applied from that kustomization.
 
 If you alter the webapp deployment using `kubectl edit`, the changes will be reverted to match
-the state described in git. When dealing with an incident, you can pause the recitation of a
+the state described in git. When dealing with an incident, you can pause the reconciliation of a
 kustomization with `tk suspend kustomization <name>`. Once the debugging session
 is over, you can re-enable the reconciliation with `tk resume kustomization <name>`.
 

docs/guides/helmreleases.md

@@ -12,7 +12,7 @@ The helm-controller is part of the default toolkit installation.
 To follow this guide you'll need a Kubernetes cluster with the GitOps 
 toolkit controllers installed on it.
 Please see the [get started guide](../get-started/index.md)
-or the [install command docs](../cmd/tk_install.md).
+or the [installation guide](installation.md).
 
 ## Define a Helm repository
 
@@ -27,7 +27,7 @@ By default, the source-controller watches for sources only in the
 untrusted sources from being registered by users.
 
 ```yaml
-apiVersion: source.fluxcd.io/v1alpha1
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
 kind: HelmRepository
 metadata:
   name: podinfo
@@ -55,7 +55,7 @@ With the `HelmRepository` created, define a new `HelmRelease` to deploy
 the Helm chart from the repository:
 
 ```yaml
-apiVersion: helm.fluxcd.io/v2alpha1
+apiVersion: helm.toolkit.fluxcd.io/v2alpha1
 kind: HelmRelease
 metadata:
   name: podinfo
@@ -93,6 +93,32 @@ helm-controller.
     See the [`HelmRelease` CRD docs](../components/helm/helmreleases.md)
     for more details.
 
+## Refer to values in `ConfigMap` and `Secret` resources
+
+It is possible to define a list of `ConfigMap` and `Secret` resources
+from which to take values. The values are merged in the order given,
+with the later values overwriting earlier. These values always have a
+lower priority than the values inlined in the `HelmRelease` via the
+`spec.values` parameter.
+
+```yaml
+spec:
+  valuesFrom:
+  - kind: ConfigMap
+    name: prod-env-values
+  - kind: Secret
+    name: prod-secret-values
+    valuesKey: secret.yaml
+```
+
+The definition of the listed keys is as follows:
+
+- `kind`: Kind of the values referent (`ConfigMap` or `Secret`).
+- `name`: Name of the values referent, in the same namespace as the
+  `HelmRelease`.
+- `valuesKey` _(Optional)_: The key in the referent the values can be
+  found at. Defaults to `values.yaml` when ommitted.
+
 ## Configure notifications
 
 The default toolkit installation configures the helm-controller to
@@ -105,7 +131,7 @@ the `gitops-system` to start receiving notifications about the Helm
 release:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
   kind: Alert
   metadata:
     generation: 2
@@ -147,7 +173,7 @@ kubectl -n gitops-system create secret generic webhook-token \
 When using [Harbor](https://goharbor.io/) as your Helm repository, you can define a receiver with:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Receiver
 metadata:
   name: helm-podinfo

docs/guides/installation.md

@@ -0,0 +1,357 @@
+# Installation 
+
+This guide walks you through setting up the GitOps Toolkit 
+to manage one or more Kubernetes clusters.
+
+## Prerequisites
+
+You will need a Kubernetes cluster version **1.16** or newer
+and kubectl version **1.18** or newer.
+
+Install the toolkit CLI with:
+
+```sh
+curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
+```
+
+The install script downloads the tk binary to `/usr/local/bin`.
+Binaries for macOS and Linux AMD64 are available for download on the 
+[release page](https://github.com/fluxcd/toolkit/releases).
+
+Verify that your cluster satisfies the prerequisites with:
+
+```sh
+tk check --pre
+```
+
+## Bootstrap
+
+Using the `tk bootstrap` command you can install the toolkit on a Kubernetes cluster 
+and configure it to manage itself from a Git repository.
+
+The bootstrap creates a Git repository if one doesn't exist and
+commits the toolkit components manifests to the master branch.
+Then it configures the target cluster to synchronize with that
+repository by setting up SSH deploy keys.
+
+If the toolkit components are present on the cluster,
+the bootstrap command will perform an upgrade if needed.
+The bootstrap is idempotent, it's safe to run the command as many times as you want.
+
+You can choose what components to install and for which cluster with:
+
+```sh
+tk bootstrap <GIT-PROVIDER> \
+  --components=source-controller,kustomize-controller,helm-controller,notification-controller \
+  --path=my-cluster \
+  --version=latest
+```
+
+If you wish to install a specific version, use the toolkit 
+[release tag](https://github.com/fluxcd/toolkit/releases) e.g. `--version=v0.0.14`.
+
+With `--path` you can configure the directory which will be used to reconcile the target cluster.
+To control multiple clusters from the same Git repository, you have to set a unique path per
+cluster e.g. `staging-cluster` and `production-cluster`:
+
+```sh
+├── staging-cluster # <- path=staging-cluster
+│   └── gitops-system # <- namespace dir generated by bootstrap
+│       ├── toolkit-components.yaml
+│       ├── toolkit-kustomization.yaml
+│       └── toolkit-source.yaml
+└── production-cluster # <- path=production-cluster
+    └── gitops-system
+``` 
+
+### GitHub and GitHub Enterprise
+
+Generate a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)
+that can create repositories by checking all permissions under `repo`.
+
+Export your GitHub personal access token as an environment variable:
+
+```sh
+export GITHUB_TOKEN=<your-token>
+```
+
+Run the bootstrap for a repository on your personal GitHub account:
+
+```sh
+tk bootstrap github \
+  --owner=my-github-username \
+  --repository=my-repository \
+  --path=my-cluster \
+  --personal
+```
+
+Run the bootstrap for a repository owned by a GitHub organization:
+
+```sh
+tk bootstrap github \
+  --owner=my-github-organization \
+  --repository=my-repository \
+  --team=team1-slug \
+  --team=team2-slug \
+  --path=my-cluster
+```
+
+When you specify a list of teams, those teams will be granted maintainer access to the repository.
+
+To run the bootstrap for a repository hosted on GitHub Enterprise, you have to specify your GitHub hostname:
+
+```sh
+tk bootstrap github \
+  --hostname=my-github-enterprise.com \
+  --owner=my-github-organization \
+  --repository=my-repository \
+  --path=my-cluster
+```
+
+### GitLab and GitLab Enterprise
+
+Generate a [personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
+that grants complete read/write access to the GitLab API.
+
+Export your GitLab personal access token as an environment variable:
+
+```sh
+export GITLAB_TOKEN=<your-token>
+```
+
+Run the bootstrap for a repository on your personal GitLab account:
+
+```sh
+tk bootstrap gitlab \
+  --owner=my-gitlab-username \
+  --repository=my-repository \
+  --path=my-cluster \
+  --personal
+```
+
+Run the bootstrap for a repository owned by a GitLab group:
+
+```sh
+tk bootstrap gitlab \
+  --owner=my-gitlab-group \
+  --repository=my-repository \
+  --path=my-cluster
+```
+
+To run the bootstrap for a repository hosted on GitLab on-prem or enterprise, you have to specify your GitLab hostname:
+
+```sh
+tk bootstrap gitlab \
+  --hostname=my-gitlab.com \
+  --owner=my-gitlab-group \
+  --repository=my-repository \
+  --path=my-cluster
+```
+
+### Generic Git Server
+
+For other Git providers such as Bitbucket, Gogs, Gitea, etc you can manually setup the repository and the deploy key.
+
+Create a Git repository and clone it locally:
+
+```sh
+git clone ssh://<host>/<org>/my-repository
+cd my-repository
+```
+
+Create a directory inside the repository:
+
+```sh
+mkdir -p ./my-cluster/gitops-system
+```
+
+Generate the toolkit manifests with:
+
+```sh
+tk install --version=latest \
+  --export > ./my-cluster/gitops-system/toolkit-components.yaml
+```
+
+If your cluster must pull images from a private container registry, first you should pull
+the toolkit images from Docker Hub and push them to your registry, for example:
+
+```sh
+docker pull fluxcd/source-controller:v0.0.7
+docker tag fluxcd/source-controller:v0.0.7 registry.internal/fluxcd/source-controller:v0.0.7
+docker push registry.internal/fluxcd/source-controller:v0.0.7
+```
+
+Create the pull secret in the `gitops-system` namespace:
+
+```sh
+kubectl create ns gitops-system
+
+kubectl -n gitops-system create secret generic regcred \
+    --from-file=.dockerconfigjson=/.docker/config.json \
+    --type=kubernetes.io/dockerconfigjson
+```
+
+Set your registry domain, and the pull secret when generating the manifests:
+
+```sh
+tk install --version=latest \
+  --registry=registry.internal/fluxcd \
+  --image-pull-secret=regcred \
+  --export > ./my-cluster/gitops-system/toolkit-components.yaml
+```
+
+Commit and push the manifest to the master branch:
+
+```sh
+git add -A && git commit -m "add toolkit manifests" && git push
+```
+
+Apply the manifests on your cluster:
+
+```sh
+kubectl apply -f ./my-cluster/gitops-system/toolkit-components.yaml
+```
+
+Verify that the toolkit controllers have started:
+
+```sh
+tk check
+```
+
+Create a `GitRepository` object on your cluster by specifying the SSH address of your repo:
+
+```sh
+tk create source git gitops-system \
+  --url= ssh://<host>/<org>/my-repository \
+  --ssh-key-algorithm=ecdsa \
+  --ssh-ecdsa-curve=p521 \
+  --branch=master \
+  --interval=1m
+```
+
+You will be prompted to add a deploy key to your repository.
+If you don't specify the SSH algorithm, then tk will generate an RSA 2048 bits key.
+
+If your Git server supports basic auth, you can set the URL to HTTPS and specify the credentials with:
+
+```sh
+tk create source git gitops-system \
+  --url=https://<host>/<org>/my-repository \
+  --username=my-username \
+  --password=my-password \
+  --branch=master \
+  --interval=1m
+```
+
+Create a `Kustomization` object on your cluster:
+
+```sh
+tk create kustomization gitops-system \
+  --source=gitops-system \
+  --path="./my-cluster" \
+  --prune=true \
+  --interval=10m
+```
+
+Export both objects, commit and push the manifests to Git:
+
+```sh
+tk export source git gitops-system \
+  > ./my-cluster/gitops-system/toolkit-source.yaml
+
+tk export kustomization gitops-system \
+  > ./my-cluster/gitops-system/toolkit-kustomization.yaml
+
+git add -A && git commit -m "add toolkit reconciliation" && git push
+```
+
+To upgrade the toolkit to a newer version, run the install command and commit the changes:
+
+```sh
+tk install --version=latest \
+  --export > ./my-cluster/gitops-system/toolkit-components.yaml
+
+git add -A && git commit -m "update toolkit" && git push
+```
+
+The source-controller will pull the changes on the cluster, then the kustomize-controller
+will perform a rolling update of all toolkit components including itself.
+
+## Dev install
+
+For testing purposes you can install the toolkit without storing its manifests in a Git repository.
+
+Here is the equivalent to `fluxctl install`:
+
+```sh
+tk install \
+  --components=source-controller,kustomize-controller
+```
+
+Then you can register Git repositories and reconcile them on your cluster:
+
+```sh
+tk create source git podinfo \
+  --url=https://github.com/stefanprodan/podinfo \
+  --tag-semver=">=4.0.0" \
+  --interval=1m
+
+tk create kustomization podinfo-default \
+  --source=podinfo \
+  --path="./kustomize" \
+  --prune=true \
+  --validation=client \
+  --interval=10m \
+  --health-check="Deployment/podinfo.default" \
+  --health-check-timeout=2m
+```
+
+Here is the equivalent to `helm install helm-operator`:
+
+```sh
+tk install \
+  --components=source-controller,kustomize-controller,helm-controller
+```
+
+Then you can register Helm repositories and create Helm releases:
+
+```sh
+tk create source helm stable \
+--interval=1h \
+--url=https://kubernetes-charts.storage.googleapis.com
+
+tk create helmrelease sealed-secrets \
+--interval=1h \
+--release-name=sealed-secrets \
+--target-namespace=gitops-system \
+--source=stable \
+--chart-name=sealed-secrets \
+--chart-version="^1.10.0"
+```
+
+### Monitoring with Prometheus and Grafana
+
+The GitOps Toolkit comes with an optional monitoring stack.
+You can install the stack in the `gitops-system` namespace with:
+
+```yaml
+kustomize build github.com/fluxcd/toolkit/manifests/monitoring?ref=master | kubectl apply -f-
+```
+
+The monitoring stack is composed of:
+
+* Prometheus server - collects metrics from the toolkit controllers and stores them for 2h
+* Grafana dashboards - displays the control plane resource usage and reconciliation stats
+
+![](../_files/cp-dashboard-p1.png)
+
+![](../_files/cp-dashboard-p2.png)
+
+If you wish to use your own Prometheus and Grafana instances, then you can import the dashboards from
+[GitHub](https://github.com/fluxcd/toolkit/tree/master/manifests/monitoring/grafana/dashboards).
+
+!!! hint
+    Note that the toolkit controllers expose the `/metrics` endpoint on port `8080`.
+    When using Prometheus Operator you should create `PodMonitor` objects to configure scraping.
+    When Prometheus is running outside of the `gitops-system` namespace, you have to create a network policy
+    that allows traffic on port `8080` from the namespace where Prometheus is deployed.

docs/guides/notifications.md

@@ -8,7 +8,10 @@ of an app was deployed and if the deployment is healthy.
 
 ## Prerequisites
 
-* [Get started guide](../get-started/index.md)
+To follow this guide you'll need a Kubernetes cluster with the GitOps 
+toolkit controllers installed on it.
+Please see the [get started guide](../get-started/index.md)
+or the [installation guide](installation.md).
 
 The GitOps toolkit controllers emit Kubernetes events whenever a resource status changes.
 You can use the [notification-controller](../components/notification/controller.md)
@@ -30,7 +33,7 @@ it can be a Slack, Microsoft Teams, Discord or Rocket webhook URL.
 Create a notification provider for Slack by referencing the above secret:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Provider
 metadata:
   name: slack
@@ -54,7 +57,7 @@ Elasticsearch, CloudWatch, Stackdriver, etc.
 Create an alert definition for all repositories and kustomizations:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Alert
 metadata:
   name: on-call-webapp

docs/guides/sealed-secrets.md

@@ -0,0 +1,173 @@
+# Sealed Secrets
+
+In order to store secrets safely in a public or private Git repository, you can use
+Bitnami's [sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets)
+and encrypt your Kubernetes Secrets into SealedSecrets.
+The sealed secrets can be decrypted only by the controller running in your cluster and
+nobody else can obtain the original secret, even if they have access to the Git repository.
+
+## Prerequisites
+
+To follow this guide you'll need a Kubernetes cluster with the GitOps 
+toolkit controllers installed on it.
+Please see the [get started guide](../get-started/index.md)
+or the [installation guide](installation.md).
+
+The sealed-secrets controller comes with a companion CLI tool called kubeseal.
+With kubeseal you can create SealedSecret custom resources in YAML format
+and store those in your Git repository.
+
+Install the kubeseal CLI:
+
+```sh
+brew install kubeseal
+```
+
+For Linux or Windows you can download the kubeseal binary from
+[GitHub](https://github.com/bitnami-labs/sealed-secrets/releases).
+
+## Deploy sealed-secrets with a HelmRelease
+
+You'll be using [helm-controller](../components/helm/controller.md) APIs to install
+the sealed-secrets controller from its [Helm chart](https://hub.kubeapps.com/charts/stable/sealed-secrets).
+
+First you have to register the Helm repository where the sealed-secrets chart is published:
+
+```sh
+tk create source helm stable \
+--interval=1h \
+--url=https://kubernetes-charts.storage.googleapis.com
+```
+
+With `interval` we configure [source-controller](../components/source/controller.md) to download
+the Helm repository index every hour. If a newer version of sealed-secrets is published,
+source-controller will signal helm-controller that a new chart is available.
+
+Create a Helm release that installs the latest version of sealed-secrets controller:
+
+```sh
+tk create helmrelease sealed-secrets \
+--interval=1h \
+--release-name=sealed-secrets \
+--target-namespace=gitops-system \
+--source=stable \
+--chart-name=sealed-secrets \
+--chart-version="^1.10.0"
+```
+
+With chart version `^1.10.0` we configure helm-controller to automatically upgrade the release
+when a new chart version is fetch by source-controller. 
+
+At startup, the sealed-secrets controller generates a 4096-bit RSA key pair and 
+persists the private and public keys as Kubernetes secrets in the `gitops-system` namespace.
+
+You can retrieve the public key with:
+
+```sh
+kubeseal --fetch-cert \
+--controller-name=sealed-secrets \
+--controller-namespace=gitops-system \
+> pub-sealed-secrets.pem
+``` 
+
+The public key can be safely stored in Git, and can be used to encrypt secrets
+without direct access to the Kubernetes cluster.
+
+## Encrypt secrets
+
+Generate a Kubernetes secret manifest with kubectl:
+
+```sh
+kubectl -n default create secret generic basic-auth \
+--from-literal=user=admin \
+--from-literal=password=change-me \
+--dry-run \
+-o yaml > basic-auth.yaml
+```
+
+Encrypt the secret with kubeseal:
+
+```sh
+kubeseal --format=yaml --cert=pub-sealed-secrets.pem \
+< basic-auth.yaml > basic-auth-sealed.yaml
+```
+
+Delete the plain secret and apply the sealed one:
+
+```sh
+rm basic-auth.yaml
+kubectl apply -f basic-auth-sealed.yaml
+```
+
+Verify that the sealed-secrets controller has created the `basic-auth` Kubernetes Secret:
+
+```console
+$ kubectl -n default get secrets basic-auth 
+
+NAME         TYPE     DATA   AGE
+basic-auth   Opaque   2      1m43s
+```
+
+## GitOps workflow
+
+A cluster admin should add the stable `HelmRepository` manifest and the sealed-secrets `HelmRelease`
+to the fleet repository.
+
+Helm repository manifest:
+
+```yaml
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
+kind: HelmRepository
+metadata:
+  name: stable
+  namespace: gitops-system
+spec:
+  interval: 1h0m0s
+  url: https://kubernetes-charts.storage.googleapis.com
+```
+
+Helm release manifest:
+
+```yaml
+apiVersion: helm.toolkit.fluxcd.io/v2alpha1
+kind: HelmRelease
+metadata:
+  name: sealed-secrets
+  namespace: gitops-system
+spec:
+  chart:
+    name: sealed-secrets
+    sourceRef:
+      kind: HelmRepository
+      name: stable
+    version: "^1.10.0"
+  interval: 1h0m0s
+  releaseName: sealed-secrets
+  targetNamespace: gitops-system
+```
+
+!!! hint
+    You can generate the above manifests using `tk create <kind> --export > manifest.yaml`.
+
+Once the sealed-secrets controller is installed, the admin fetches the 
+public key and shares it with the teams that operate on the fleet clusters via Git.
+
+When a team member wants to create a Kubernetes Secret on a cluster,
+they uses kubeseal and the public key corresponding to that cluster to generate a SealedSecret.
+
+Assuming a team member wants to deploy an application that needs to connect
+to a database using a username and password, they'll be doing the following:
+
+* create a Kubernetes Secret manifest locally with the db credentials e.g. `db-auth.yaml`
+* encrypt the secret with kubeseal as `db-auth-sealed.yaml`
+* delete the original secret file `db-auth.yaml`
+* create a Kubernetes Deployment manifest for the app e.g. `app-deployment.yaml`
+* add the Secret to the Deployment manifest as a [volume mount or env var](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets) using the original name `db-auth`
+* commit the manifests `db-auth-sealed.yaml` and `app-deployment.yaml` to a Git repository that's being synced by the GitOps toolkit controllers
+
+Once the manifests have been pushed to the Git repository, the following happens:
+
+* source-controller pulls the changes from Git
+* kustomize-controller applies the SealedSecret and the Deployment manifests
+* sealed-secrets controller decrypts the SealedSecret and creates a Kubernetes Secret
+* kubelet creates the pods and mounts the secret as a volume or env variable inside the app container

docs/guides/webhook-receivers.md

@@ -11,7 +11,7 @@ GitOps pipelines that react to external events.
 To follow this guide you'll need a Kubernetes cluster with the GitOps 
 toolkit controllers installed on it.
 Please see the [get started guide](../get-started/index.md)
-or the [install command docs](../cmd/tk_install.md).
+or the [installation guide](installation.md).
 
 The [notification controller](../components/notification/controller.md)
 can handle events coming from external systems
@@ -58,7 +58,7 @@ watch kubectl -n gitops-system get svc/receiver
 Create a Git source pointing to a GitHub repository that you have control over:
 
 ```yaml
-apiVersion: source.fluxcd.io/v1alpha1
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
 kind: GitRepository
 metadata:
   name: webapp
@@ -89,7 +89,7 @@ kubectl -n gitops-system create secret generic webhook-token \
 Create a receiver for GitHub and specify the `GitRepository` object:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Receiver
 metadata:
   name: webapp

docs/roadmap/index.md

@@ -10,76 +10,82 @@
 
 ### Flux read-only feature parity
 
+[= 80% "80%"]
+
 This would be the first stepping stone: we want the GitOps Toolkit to be on-par with today's Flux in
 [read-only mode](https://github.com/fluxcd/flux/blob/master/docs/faq.md#can-i-run-flux-with-readonly-git-access)
 and [FluxCloud](https://github.com/justinbarrick/fluxcloud) notifications.
 
 Goals
 
-- Offer an in-place migration tool for those that are using Flux in read-only mode to synchronize plain manifests
-- Offer a migration guide for those that are using Flux in read-only mode to synchronize Kustomize overlays
-- ~~Offer a dedicated component for forwarding events to external messaging platforms~~
+-  Offer an in-place migration tool for those that are using Flux in read-only mode to synchronize plain manifests
+-  Offer a migration guide for those that are using Flux in read-only mode to synchronize Kustomize overlays
+-  <span class="check-bullet">:material-check-bold:</span> [Offer a dedicated component for forwarding events to external messaging platforms](https://toolkit.fluxcd.io/guides/notifications/)
 
 Non-Goals
 
-- Migrate users that are using Flux to run custom scripts with `flux.yaml`
-- Automate the migration of `flux.yaml` kustomize users
+-  Migrate users that are using Flux to run custom scripts with `flux.yaml`
+-  Automate the migration of `flux.yaml` kustomize users
 
 Tasks
 
-- ~~Design the events API~~
-- ~~Implement events in source and kustomize controllers~~
-- ~~Make the kustomize-controller apply/gc events on-par with Flux v1 apply events~~
-- ~~Design the notifications and events filtering API~~
-- ~~Implement a notification controller for Slack, MS Teams, Discord, Rocket~~
-- Implement Prometheus metrics in source and kustomize controllers
-- Review the git source and kustomize APIs
-- Implement the migration command in tk
-- Create a migration guide for `flux.yaml` kustomize users
+- [x]  <span style="color:grey">Design the events API</span>
+- [x]  <span style="color:grey">Implement events in source and kustomize controllers</span>
+- [x]  <span style="color:grey">Make the kustomize-controller apply/gc events on-par with Flux v1 apply events</span>
+- [x]  <span style="color:grey">Design the notifications and events filtering API</span>
+- [x]  <span style="color:grey">Implement a notification controller for Slack, MS Teams, Discord, Rocket</span>
+- [x]  <span style="color:grey">Implement Prometheus metrics in source and kustomize controllers</span>
+- [ ]  Review the git source and kustomize APIs
+- [ ]  Implement the migration command in tk
+- [ ]  Create a migration guide for `flux.yaml` kustomize users
 
 ### Flux image update feature parity
 
+[= 0% "0%"]
+
 Goals
 
-- Offer components that can replace Flux v1 image update feature
+-  Offer components that can replace Flux v1 image update feature
 
 Non-Goals
 
-- Maintain backwards compatibility with Flux v1 annotations
+-  Maintain backwards compatibility with Flux v1 annotations
 
 Tasks
 
-- [Design the image scanning and automation API](https://github.com/fluxcd/toolkit/discussions/107)
-- Implement an image scanning controller
-- Design the automation component
-- Implement the image scan/patch/push workflow
-- Integrate the new components in the toolkit assembler
-- Create a migration guide from Flux annotations
+- [ ]  [Design the image scanning and automation API](https://github.com/fluxcd/toolkit/discussions/107)
+- [ ]  Implement an image scanning controller
+- [ ]  Design the automation component
+- [ ]  Implement the image scan/patch/push workflow
+- [ ]  Integrate the new components in the toolkit assembler
+- [ ]  Create a migration guide from Flux annotations
 
 ## The road to Helm Operator v2
 
 ### Helm v3 feature parity
 
+[= 50% "50%"]
+
 Goals
 
-- Offer a migration guide for those that are using Helm Operator with Helm v3 and Helm repositories
+-  Offer a migration guide for those that are using Helm Operator with Helm v3 and Helm repositories
 
 Non-Goals
 
-- Migrate users that are using Helm v2
+-  Migrate users that are using Helm v2
 
 Stretch-Goals
 
-- [Migrate users that are using Helm charts from Git](https://github.com/fluxcd/toolkit/discussions/75#discussioncomment-38589)
+-  [Migrate users that are using Helm charts from Git](https://github.com/fluxcd/toolkit/discussions/75#discussioncomment-38589)
 
 Tasks
 
-- ~~Implement a Helm controller for Helm v3 covering all the current release options~~
-- Discuss and design Helm releases based on source API:
-    + [Providing values from sources](https://github.com/fluxcd/toolkit/discussions/100)
-    + [Conditional remediation on failed Helm actions](https://github.com/fluxcd/toolkit/discussions/102)
-    + [Support running Helm test actions on an interval](https://github.com/fluxcd/toolkit/discussions/103)
-- Review the Helm release, chart and repository APIs
-- ~~Implement events in Helm controller~~
-- Implement Prometheus metrics in Helm controller
-- Create a migration guide for Helm Operator users
+- [x]  <span style="color:grey">Implement a Helm controller for Helm v3 covering all the current release options</span>
+- [ ]  Discuss and design Helm releases based on source API:
+    * [ ]  [Providing values from sources](https://github.com/fluxcd/toolkit/discussions/100)
+    * [ ]  [Conditional remediation on failed Helm actions](https://github.com/fluxcd/toolkit/discussions/102)
+    * [ ]  [Support running Helm test actions on an interval](https://github.com/fluxcd/toolkit/discussions/103)
+- [x]  <span style="color:grey">Review the Helm release, chart and repository APIs</span>
+- [x]  <span style="color:grey">Implement events in Helm controller</span>
+- [x]  <span style="color:grey">Implement Prometheus metrics in Helm controller</span>
+- [ ]  Create a migration guide for Helm Operator users

go.mod

@@ -4,10 +4,10 @@ go 1.14
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/fluxcd/helm-controller v0.0.1-beta.1
-	github.com/fluxcd/kustomize-controller v0.0.5
+	github.com/fluxcd/helm-controller v0.0.1
+	github.com/fluxcd/kustomize-controller v0.0.7
 	github.com/fluxcd/pkg v0.0.3
-	github.com/fluxcd/source-controller v0.0.6
+	github.com/fluxcd/source-controller v0.0.7
 	github.com/manifoldco/promptui v0.7.0
 	github.com/spf13/cobra v1.0.0
 	golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect
@@ -16,6 +16,7 @@ require (
 	google.golang.org/appengine v1.6.6 // indirect
 	google.golang.org/protobuf v1.24.0 // indirect
 	k8s.io/api v0.18.4
+	k8s.io/apiextensions-apiserver v0.18.4
 	k8s.io/apimachinery v0.18.4
 	k8s.io/client-go v0.18.4
 	sigs.k8s.io/controller-runtime v0.6.1

go.sum

@@ -172,14 +172,14 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwC
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller v0.0.1-beta.1 h1:XNQWhrKmT4KcJ0kaNbl/QsN+aTDU8XCMmFB1pnexpaQ=
-github.com/fluxcd/helm-controller v0.0.1-beta.1/go.mod h1:asoN9pG8J0oQ9iXpkxNwvch1EKspus6RxH818ZYVo+4=
-github.com/fluxcd/kustomize-controller v0.0.5 h1:jjBJT/UbblMaeQpYn5TjH/oXXnORO6C3Cka77bs9K3Q=
-github.com/fluxcd/kustomize-controller v0.0.5/go.mod h1:1O78f9Qigs74BMxO/ThzLt5XGGQnwQPgzi+47ntie5M=
+github.com/fluxcd/helm-controller v0.0.1 h1:vTAbVJbn6MX8YAMPQ+zeiGV2CwX75YjF1Yxd8veng7c=
+github.com/fluxcd/helm-controller v0.0.1/go.mod h1:TLmobkvkb44l/R3J9MZsO0ht4nUX7plO5hWj4qTrhgI=
+github.com/fluxcd/kustomize-controller v0.0.7 h1:bIBT5s6jnRjUEOp+AdgQNGpQBZHMBJV/Ak1bK1qtRSM=
+github.com/fluxcd/kustomize-controller v0.0.7/go.mod h1:GVZs7l+0iI/N6ly0ftNzD5cZqJTmd+BPbsy445hklpU=
 github.com/fluxcd/pkg v0.0.3 h1:yhjtpGtD9LxFo8JtwTuUxJyFcX2wSSb0TPptIEpGSmA=
 github.com/fluxcd/pkg v0.0.3/go.mod h1:rtlppQU+9DNikyDZptLdOeTf+wBvQQiQQ/J113FPoeU=
-github.com/fluxcd/source-controller v0.0.6 h1:8yBdy5ZQmM4jZWHDBDgysftZnC1mybyfkV7NRzCo5Kc=
-github.com/fluxcd/source-controller v0.0.6/go.mod h1:XZR988ahVLjbqfe0EUq2Zl7bYH2NBly3u0n7DY5XtyU=
+github.com/fluxcd/source-controller v0.0.7 h1:D17Le7bc+53deRA3EMJc9eB/uU2HqvkMCwILE5HRhPk=
+github.com/fluxcd/source-controller v0.0.7/go.mod h1:XZR988ahVLjbqfe0EUq2Zl7bYH2NBly3u0n7DY5XtyU=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.1-beta.1
-- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.1-beta.1
+- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.1
+- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.1
 patchesJson6902:
 - target:
     group: apps

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.5
-- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.5
+- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.7
 patchesJson6902:
 - target:
     group: apps

manifests/bases/notification-controller/kustomization.yaml

@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.5
-- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.5
+- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.7

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/source-controller/config//crd?ref=v0.0.6
-- github.com/fluxcd/source-controller/config//manager?ref=v0.0.6
+- github.com/fluxcd/source-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/source-controller/config//manager?ref=v0.0.7
 patchesJson6902:
 - target:
     group: apps

manifests/monitoring/grafana/datasources.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-datasources
+  namespace: gitops-system
+data:
+  datasources.yaml: |-
+    apiVersion: 1
+    deleteDatasources:
+      - name: prometheus
+    datasources:
+    - name: prometheus
+      type: prometheus
+      access: proxy
+      url: http://prometheus:9090
+      isDefault: true
+      editable: true
+      version: 1

manifests/monitoring/grafana/deployment.yaml

@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana
+  labels:
+    app: grafana
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: grafana
+  template:
+    metadata:
+      labels:
+        app: grafana
+      annotations:
+        prometheus.io/scrape: 'false'
+    spec:
+      containers:
+        - name: grafana
+          image: "grafana/grafana:7.1.1"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          env:
+            - name: GF_PATHS_PROVISIONING
+              value: /etc/grafana/provisioning/
+            - name: GF_AUTH_BASIC_ENABLED
+              value: "false"
+            - name: GF_AUTH_ANONYMOUS_ENABLED
+              value: "true"
+            - name: GF_AUTH_ANONYMOUS_ORG_ROLE
+              value: Admin
+            - name: GF_DEFAULT_THEME
+              value: "Light"
+          volumeMounts:
+            - name: grafana
+              mountPath: /var/lib/grafana
+            - name: dashboards
+              mountPath: /etc/grafana/dashboards
+            - name: datasources
+              mountPath: /etc/grafana/provisioning/datasources
+            - name: providers
+              mountPath: /etc/grafana/provisioning/dashboards
+          resources:
+            {}
+      volumes:
+        - name: grafana
+          emptyDir: {}
+        - name: dashboards
+          configMap:
+            name: grafana-dashboards
+        - name: providers
+          configMap:
+            name: grafana-providers
+        - name: datasources
+          configMap:
+            name: grafana-datasources

manifests/monitoring/grafana/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitops-system
+resources:
+  - service.yaml
+  - deployment.yaml
+  - providers.yaml
+  - datasources.yaml
+configMapGenerator:
+  - name: grafana-dashboards
+    files:
+      - dashboards/control-plane.json
+

manifests/monitoring/grafana/providers.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-providers
+  namespace: gitops-system
+data:
+  providers.yaml: |+
+    apiVersion: 1
+    providers:
+    - name: 'default'
+      orgId: 1
+      folder: ''
+      type: file
+      disableDeletion: false
+      editable: true
+      options:
+        path: /etc/grafana/dashboards

manifests/monitoring/grafana/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  namespace: gitops-system
+  labels:
+    app: grafana
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app: grafana

manifests/monitoring/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitops-system
+resources:
+- prometheus
+- grafana

manifests/monitoring/prometheus/account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: gitops-system

manifests/monitoring/prometheus/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prometheus
+  namespace: gitops-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: prometheus
+  template:
+    metadata:
+      labels:
+        app: prometheus
+      annotations:
+        appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+        sidecar.istio.io/inject: "false"
+    spec:
+      serviceAccountName: prometheus
+      containers:
+          - name: prometheus
+            image: prom/prometheus:v2.20.0
+            imagePullPolicy: IfNotPresent
+            args:
+              - '--storage.tsdb.retention=2h'
+              - '--config.file=/etc/prometheus/prometheus.yml'
+            ports:
+              - containerPort: 9090
+                name: http
+            livenessProbe:
+              httpGet:
+                path: /-/healthy
+                port: 9090
+            readinessProbe:
+              httpGet:
+                path: /-/ready
+                port: 9090
+            resources:
+              requests:
+                cpu: 10m
+                memory: 128Mi
+            volumeMounts:
+              - name: config-volume
+                mountPath: /etc/prometheus
+              - name: data-volume
+                mountPath: /prometheus/data
+      volumes:
+        - name: config-volume
+          configMap:
+            name: prometheus
+        - name: data-volume
+          emptyDir: {}

manifests/monitoring/prometheus/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitops-system
+resources:
+  - account.yaml
+  - rbac.yaml
+  - service.yaml
+  - deployment.yaml
+configMapGenerator:
+  - name: prometheus
+    files:
+      - prometheus.yml

manifests/monitoring/prometheus/prometheus.yml

@@ -0,0 +1,52 @@
+global:
+  scrape_interval: 10s
+scrape_configs:
+
+# Kubernetes API
+- job_name: kubernetes-apiserver
+  kubernetes_sd_configs:
+  - role: endpoints
+    namespaces:
+      names:
+      - default
+  scheme: https
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    insecure_skip_verify: true
+  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+  relabel_configs:
+  - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
+    action: keep
+    regex: kubernetes;https
+
+# Kubernetes pods
+- job_name: kubernetes-pods
+  kubernetes_sd_configs:
+  - role: pod
+  relabel_configs:
+  - action: keep
+    regex: true
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_scrape
+  - action: replace
+    regex: (.+)
+    source_labels:
+    - __meta_kubernetes_pod_annotation_prometheus_io_path
+    target_label: __metrics_path__
+  - action: replace
+    regex: ([^:]+)(?::\d+)?;(\d+)
+    replacement: $1:$2
+    source_labels:
+    - __address__
+    - __meta_kubernetes_pod_annotation_prometheus_io_port
+    target_label: __address__
+  - action: labelmap
+    regex: __meta_kubernetes_pod_label_(.+)
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_namespace
+    target_label: kubernetes_namespace
+  - action: replace
+    source_labels:
+    - __meta_kubernetes_pod_name
+    target_label: kubernetes_pod_name

manifests/monitoring/prometheus/rbac.yaml

@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus-gitops-system
+rules:
+  - apiGroups: [""]
+    resources:
+      - nodes
+      - services
+      - endpoints
+      - pods
+      - nodes/proxy
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources:
+      - configmaps
+    verbs: ["get"]
+  - nonResourceURLs: ["/metrics"]
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus-gitops-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-gitops-system
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: gitops-system

manifests/monitoring/prometheus/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus
+  namespace: gitops-system
+spec:
+  selector:
+    app: prometheus
+  ports:
+    - name: http
+      protocol: TCP
+      port: 9090

manifests/rbac/role.yaml

@@ -3,16 +3,16 @@ kind: Role
 metadata:
   name: crd-controller
 rules:
-- apiGroups: ['source.fluxcd.io']
+- apiGroups: ['source.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['kustomize.fluxcd.io']
+- apiGroups: ['kustomize.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['helm.fluxcd.io']
+- apiGroups: ['helm.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['notification.fluxcd.io']
+- apiGroups: ['notification.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
 - apiGroups:

mkdocs.yml

@@ -35,14 +35,21 @@ markdown_extensions:
       highlight_code: true
   - pymdownx.tabbed
   - pymdownx.tilde
+  - pymdownx.progressbar
+  - pymdownx.tasklist
+  - pymdownx.emoji:
+      emoji_index: !!python/name:materialx.emoji.twemoji
+      emoji_generator: !!python/name:materialx.emoji.to_svg
 
 nav:
   - Introduction: index.md
   - Get Started: get-started/index.md
   - Guides:
+      - Installation: guides/installation.md
       - Manage Helm Releases: guides/helmreleases.md
       - Setup Notifications: guides/notifications.md
       - Setup Webhook Receivers: guides/webhook-receivers.md
+      - Sealed Secrets: guides/sealed-secrets.md
   - Toolkit Components:
     - Source Controller:
       - Overview: components/source/controller.md
@@ -73,20 +80,28 @@ nav:
     - Check: cmd/tk_check.md
     - Create: cmd/tk_create.md
     - Create kustomization: cmd/tk_create_kustomization.md
+    - Create helmrelease: cmd/tk_create_helmrelease.md
     - Create source: cmd/tk_create_source.md
     - Create source git: cmd/tk_create_source_git.md
+    - Create source helm: cmd/tk_create_source_helm.md
     - Delete: cmd/tk_delete.md
     - Delete kustomization: cmd/tk_delete_kustomization.md
+    - Delete helmrelease: cmd/tk_delete_helmrelease.md
     - Delete source: cmd/tk_delete_source.md
     - Delete source git: cmd/tk_delete_source_git.md
+    - Delete source helm: cmd/tk_delete_source_helm.md
     - Export: cmd/tk_export.md
     - Export kustomization: cmd/tk_export_kustomization.md
+    - Export helmrelease: cmd/tk_export_helmrelease.md
     - Export source: cmd/tk_export_source.md
     - Export source git: cmd/tk_export_source_git.md
+    - Export source helm: cmd/tk_export_source_helm.md
     - Get: cmd/tk_get.md
     - Get kustomizations: cmd/tk_get_kustomizations.md
+    - Get helmreleases: cmd/tk_get_helmreleases.md
     - Get sources: cmd/tk_get_sources.md
     - Get sources git: cmd/tk_get_sources_git.md
+    - Get sources helm: cmd/tk_get_sources_helm.md
     - Install: cmd/tk_install.md
     - Resume: cmd/tk_resume.md
     - Resume kustomization: cmd/tk_resume_kustomization.md