Merge pull request #140 from fluxcd/docs-roadmap-update

Mark metrics as completed in roadmap

.github/workflows/docs.yaml

@@ -13,27 +13,32 @@ jobs:
       - name: Checkout master
         uses: actions/checkout@v1
       - name: Copy assets
+        env:
+          SOURCE_VER: ${{ 'v0.0.7' }}
+          KUSTOMIZE_VER: ${{ 'v0.0.7' }}
+          HELM_VER: ${{ 'v0.0.1' }}
+          NOTIFICATION_VER: ${{ 'v0.0.6' }}
         run: |
           # source-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/api/source.md > docs/components/source/api.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/gitrepositories.md > docs/components/source/gitrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmrepositories.md > docs/components/source/helmrepositories.md
-          curl https://raw.githubusercontent.com/fluxcd/source-controller/master/docs/spec/v1alpha1/helmcharts.md > docs/components/source/helmcharts.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/gitrepositories.md" > docs/components/source/gitrepositories.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmrepositories.md" > docs/components/source/helmrepositories.md
+          curl "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1alpha1/helmcharts.md" > docs/components/source/helmcharts.md
 
           # kustomize-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/api/kustomize.md > docs/components/kustomize/api.md
-          curl https://raw.githubusercontent.com/fluxcd/kustomize-controller/master/docs/spec/v1alpha1/kustomization.md > docs/components/kustomize/kustomization.md
+          curl "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1alpha1/kustomization.md" > docs/components/kustomize/kustomization.md
 
           # helm-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/api/helmrelease.md > docs/components/helm/api.md
-          curl https://raw.githubusercontent.com/fluxcd/helm-controller/master/docs/spec/v2alpha1/helmreleases.md > docs/components/helm/helmreleases.md
+          curl "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2alpha1/helmreleases.md" > docs/components/helm/helmreleases.md
 
           # notification-controller CRDs
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/api/notification.md > docs/components/notification/api.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/event.md > docs/components/notification/event.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/alert.md > docs/components/notification/alert.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/provider.md > docs/components/notification/provider.md
-          curl https://raw.githubusercontent.com/fluxcd/notification-controller/master/docs/spec/v1alpha1/receiver.md > docs/components/notification/receiver.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/event.md" > docs/components/notification/event.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/alert.md" > docs/components/notification/alert.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/provider.md" > docs/components/notification/provider.md
+          curl "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1alpha1/receiver.md" > docs/components/notification/receiver.md
 
           # install script
           cp install/tk.sh docs/install.sh

cmd/tk/bootstrap.go

@@ -45,8 +45,10 @@ var bootstrapCmd = &cobra.Command{
 }
 
 var (
-	bootstrapVersion    string
-	bootstrapComponents []string
+	bootstrapVersion         string
+	bootstrapComponents      []string
+	bootstrapRegistry        string
+	bootstrapImagePullSecret string
 )
 
 const (
@@ -61,7 +63,10 @@ func init() {
 		"toolkit version")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapRegistry, "registry", "docker.io/fluxcd",
+		"container registry where the toolkit images are published")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(bootstrapCmd)
 }
 
@@ -73,7 +78,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string) (string, err
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 
-	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, tkDir); err != nil {
+	if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents, bootstrapRegistry, bootstrapImagePullSecret, tkDir); err != nil {
 		return "", fmt.Errorf("generating manifests failed: %w", err)
 	}
 

cmd/tk/install.go

@@ -54,11 +54,13 @@ If a previous version is installed, then an in-place upgrade will be performed.`
 }
 
 var (
-	installExport        bool
-	installDryRun        bool
-	installManifestsPath string
-	installVersion       string
-	installComponents    []string
+	installExport          bool
+	installDryRun          bool
+	installManifestsPath   string
+	installVersion         string
+	installComponents      []string
+	installRegistry        string
+	installImagePullSecret string
 )
 
 func init() {
@@ -70,8 +72,12 @@ func init() {
 		"toolkit version")
 	installCmd.Flags().StringSliceVar(&installComponents, "components", defaultComponents,
 		"list of components, accepts comma-separated values")
-	installCmd.Flags().StringVarP(&installManifestsPath, "manifests", "", "",
+	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "",
 		"path to the manifest directory, dev only")
+	installCmd.Flags().StringVar(&installRegistry, "registry", "docker.io/fluxcd",
+		"container registry where the toolkit images are published")
+	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
+		"Kubernetes secret name used for pulling the toolkit images from a private registry")
 	rootCmd.AddCommand(installCmd)
 }
 
@@ -97,7 +103,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 	if kustomizePath == "" {
-		err = genInstallManifests(installVersion, namespace, installComponents, tmpDir)
+		err = genInstallManifests(installVersion, namespace, installComponents, installRegistry, installImagePullSecret, tmpDir)
 		if err != nil {
 			return fmt.Errorf("install failed: %w", err)
 		}
@@ -118,6 +124,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		} else if installExport {
 			fmt.Println("---")
 			fmt.Println("# GitOps Toolkit revision", installVersion, time.Now().Format(time.RFC3339))
+			fmt.Println("# Components:", strings.Join(installComponents, ","))
 			fmt.Print(yaml)
 			fmt.Println("---")
 			return nil
@@ -183,12 +190,15 @@ fieldSpecs:
 `
 
 var kustomizationTmpl = `---
-{{- $version := .Version }}
+{{- $eventsAddr := .EventsAddr }}
+{{- $registry := .Registry }}
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: {{.Namespace}}
+
 transformers:
   - labels.yaml
+
 resources:
   - namespace.yaml
   - policies.yaml
@@ -196,6 +206,34 @@ resources:
 {{- range .Components }}
   - {{.}}.yaml
 {{- end }}
+
+patches:
+- path: node-selector.yaml
+  target:
+    kind: Deployment
+
+patchesJson6902:
+{{- range $i, $component := .Components }}
+{{- if ne $component "notification-controller" }}
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: {{$component}}
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/args/0
+      value: --events-addr={{$eventsAddr}}
+{{- end }}
+{{- end }}
+
+{{- if $registry }}
+images:
+{{- range $i, $component := .Components }}
+  - name: fluxcd/{{$component}}
+    newName: {{$registry}}/{{$component}}
+{{- end }}
+{{- end }}
 `
 
 var kustomizationRolesTmpl = `---
@@ -206,6 +244,23 @@ resources:
 nameSuffix: -{{.Namespace}}
 `
 
+var nodeSelectorTmpl = `---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: all
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/arch: amd64
+        kubernetes.io/os: linux
+{{- if .ImagePullSecret }}
+      imagePullSecrets:
+       - name: {{.ImagePullSecret}}
+{{- end }}
+`
+
 func downloadManifests(version string, tmpDir string) error {
 	ghURL := "https://github.com/fluxcd/toolkit/releases/latest/download/manifests.tar.gz"
 	if strings.HasPrefix(version, "v") {
@@ -240,15 +295,26 @@ func downloadManifests(version string, tmpDir string) error {
 	return nil
 }
 
-func genInstallManifests(version string, namespace string, components []string, tmpDir string) error {
+func genInstallManifests(version string, namespace string, components []string, registry, imagePullSecret, tmpDir string) error {
+	eventsAddr := ""
+	if utils.containsItemString(components, defaultNotification) {
+		eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
+	}
+
 	model := struct {
-		Version    string
-		Namespace  string
-		Components []string
+		Version         string
+		Namespace       string
+		Components      []string
+		EventsAddr      string
+		Registry        string
+		ImagePullSecret string
 	}{
-		Version:    version,
-		Namespace:  namespace,
-		Components: components,
+		Version:         version,
+		Namespace:       namespace,
+		Components:      components,
+		EventsAddr:      eventsAddr,
+		Registry:        registry,
+		ImagePullSecret: imagePullSecret,
 	}
 
 	if err := downloadManifests(version, tmpDir); err != nil {
@@ -263,6 +329,10 @@ func genInstallManifests(version string, namespace string, components []string,
 		return fmt.Errorf("generate labels failed: %w", err)
 	}
 
+	if err := utils.execTemplate(model, nodeSelectorTmpl, path.Join(tmpDir, "node-selector.yaml")); err != nil {
+		return fmt.Errorf("generate node selector failed: %w", err)
+	}
+
 	if err := utils.execTemplate(model, kustomizationTmpl, path.Join(tmpDir, "kustomization.yaml")); err != nil {
 		return fmt.Errorf("generate kustomization failed: %w", err)
 	}

cmd/tk/main.go

@@ -38,7 +38,7 @@ var rootCmd = &cobra.Command{
 	SilenceErrors: true,
 	Short:         "Command line utility for assembling Kubernetes CD pipelines",
 	Long:          `Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
-	Example: `  # Check prerequisites 
+	Example: `  # Check prerequisites
   tk check --pre
 
   # Install the latest version of the toolkit
@@ -53,8 +53,8 @@ var rootCmd = &cobra.Command{
   # List GitRepository sources and their status
   tk get sources git
 
-  # Trigger a GitRepository source sync
-  tk sync source git webapp-latest
+  # Trigger a GitRepository source reconciliation
+  tk reconcile source git gitops-system
 
   # Export GitRepository sources in YAML format
   tk export source git --all > sources.yaml
@@ -104,9 +104,10 @@ var (
 )
 
 var (
-	defaultComponents = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
-	defaultVersion    = "latest"
-	defaultNamespace  = "gitops-system"
+	defaultComponents   = []string{"source-controller", "kustomize-controller", "helm-controller", "notification-controller"}
+	defaultVersion      = "latest"
+	defaultNamespace    = "gitops-system"
+	defaultNotification = "notification-controller"
 )
 
 func init() {

cmd/tk/uninstall.go

@@ -19,10 +19,12 @@ package main
 import (
 	"context"
 	"fmt"
-	"time"
 
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
+
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1alpha1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1alpha1"
 )
 
 var uninstallCmd = &cobra.Command{
@@ -33,24 +35,24 @@ var uninstallCmd = &cobra.Command{
   tk uninstall --dry-run --namespace=gitops-system
 
   # Uninstall all components and delete custom resource definitions
-  tk uninstall --crds --namespace=gitops-system
+  tk uninstall --resources --crds --namespace=gitops-system
 `,
 	RunE: uninstallCmdRun,
 }
 
 var (
-	uninstallCRDs           bool
-	uninstallKustomizations bool
-	uninstallDryRun         bool
-	uninstallSilent         bool
+	uninstallCRDs      bool
+	uninstallResources bool
+	uninstallDryRun    bool
+	uninstallSilent    bool
 )
 
 func init() {
-	uninstallCmd.Flags().BoolVarP(&uninstallKustomizations, "kustomizations", "", false,
-		"removes all Kustomizations previously installed")
-	uninstallCmd.Flags().BoolVarP(&uninstallCRDs, "crds", "", false,
+	uninstallCmd.Flags().BoolVar(&uninstallResources, "resources", false,
+		"removes custom resources such as Kustomizations, GitRepositories and HelmRepositories")
+	uninstallCmd.Flags().BoolVar(&uninstallCRDs, "crds", false,
 		"removes all CRDs previously installed")
-	uninstallCmd.Flags().BoolVarP(&uninstallDryRun, "dry-run", "", false,
+	uninstallCmd.Flags().BoolVar(&uninstallDryRun, "dry-run", false,
 		"only print the object that would be deleted")
 	uninstallCmd.Flags().BoolVarP(&uninstallSilent, "silent", "s", false,
 		"delete components without asking for confirmation")
@@ -75,18 +77,19 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	if uninstallKustomizations {
-		logger.Actionf("uninstalling kustomizations")
-		command := fmt.Sprintf("kubectl -n %s delete kustomizations --all --timeout=%s %s",
-			namespace, timeout.String(), dryRun)
-		if _, err := utils.execCommand(ctx, ModeOS, command); err != nil {
-			return fmt.Errorf("uninstall failed")
+	if uninstallResources {
+		logger.Actionf("uninstalling custom resources")
+		for _, kind := range []string{
+			kustomizev1.KustomizationKind,
+			sourcev1.GitRepositoryKind,
+			sourcev1.HelmRepositoryKind,
+		} {
+			command := fmt.Sprintf("kubectl -n %s delete %s --all --timeout=%s %s",
+				namespace, kind, timeout.String(), dryRun)
+			if _, err := utils.execCommand(ctx, ModeOS, command); err != nil {
+				return fmt.Errorf("uninstall failed")
+			}
 		}
-
-		// TODO: use the kustomizations snapshots to create a list of objects
-		// that are subject to deletion and wait for all of them to be terminated
-		logger.Waitingf("waiting on GC")
-		time.Sleep(30 * time.Second)
 	}
 
 	kinds := "namespace,clusterroles,clusterrolebindings"

cmd/tk/utils.go

@@ -166,3 +166,12 @@ func (*Utils) copyFile(src, dst string) error {
 	}
 	return out.Close()
 }
+
+func (*Utils) containsItemString(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}

docs/_static/custom.css

@@ -22,3 +22,76 @@ body {
 .md-header-nav__title {
     font-size: .85rem;
 }
+
+.check-bullet {
+  color:#07bfa5;
+  background-color: white;
+  margin-left:-22px;
+}
+
+/* Progress bar styling */
+
+.progress-label {
+    position: absolute;
+    text-align: center;
+    font-weight: 700;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0 ! important; */
+    margin-top: -0.4rem ! important;
+    line-height: 1.2rem;
+    white-space: nowrap;
+    overflow: hidden;
+  }
+  
+  .progress-bar {
+    /*remove original styling for thin styling
+    height: 1.2rem; */
+    height: 0.4rem;
+    float: left;
+    background: repeating-linear-gradient(
+        45deg,
+        rgba(255, 255, 255, 0.2),
+        rgba(255, 255, 255, 0.2) 10px,
+        rgba(255, 255, 255, 0.3) 10px,
+        rgba(255, 255, 255, 0.3) 20px
+      ) #2979ff;
+      border-radius: 2px;
+  }
+  
+  .progress {
+    display: block;
+    width: 100%;
+    /* remove original styling for thin styling
+    margin: 0.5rem 0;
+    height: 1.2rem; */
+    margin-top: 0.9rem;
+    height: 0.4rem;
+    background-color: #eeeeee;
+    position: relative;
+    border-radius: 2px;
+  }
+
+  .progress-100plus .progress-bar {
+    background-color: #00c853;
+  }
+  
+  .progress-80plus .progress-bar {
+    background-color: #64dd17;
+  }
+  
+  .progress-60plus .progress-bar {
+    background-color: #fbc02d;
+  }
+  
+  .progress-40plus .progress-bar {
+    background-color: #ff9100;
+  }
+  
+  .progress-20plus .progress-bar {
+    background-color: #ff5252;
+  }
+  
+  .progress-0plus .progress-bar {
+    background-color: #ff1744;
+  }

docs/cmd/tk.md

@@ -9,7 +9,7 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
 ### Examples
 
 ```
-  # Check prerequisites 
+  # Check prerequisites
   tk check --pre
 
   # Install the latest version of the toolkit
@@ -24,8 +24,8 @@ Command line utility for assembling Kubernetes CD pipelines the GitOps way.
   # List GitRepository sources and their status
   tk get sources git
 
-  # Trigger a GitRepository source sync
-  tk sync source git webapp-latest
+  # Trigger a GitRepository source reconciliation
+  tk reconcile source git gitops-system
 
   # Export GitRepository sources in YAML format
   tk export source git --all > sources.yaml

docs/cmd/tk_bootstrap.md

@@ -9,9 +9,11 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-  -h, --help                 help for bootstrap
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+  -h, --help                       help for bootstrap
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands

docs/cmd/tk_bootstrap_github.md

@@ -54,12 +54,14 @@ tk bootstrap github [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
-      --namespace string     the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
-      --verbose              print generated objects
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --timeout duration           timeout for this operation (default 5m0s)
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_bootstrap_gitlab.md

@@ -50,12 +50,14 @@ tk bootstrap gitlab [flags]
 ### Options inherited from parent commands
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --kubeconfig string    path to the kubeconfig file (default "~/.kube/config")
-      --namespace string     the namespace scope for this operation (default "gitops-system")
-      --timeout duration     timeout for this operation (default 5m0s)
-      --verbose              print generated objects
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --kubeconfig string          path to the kubeconfig file (default "~/.kube/config")
+      --namespace string           the namespace scope for this operation (default "gitops-system")
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+      --timeout duration           timeout for this operation (default 5m0s)
+      --verbose                    print generated objects
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### SEE ALSO

docs/cmd/tk_install.md

@@ -31,12 +31,14 @@ tk install [flags]
 ### Options
 
 ```
-      --components strings   list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
-      --dry-run              only print the object that would be applied
-      --export               write the install manifests to stdout and exit
-  -h, --help                 help for install
-      --manifests string     path to the manifest directory, dev only
-  -v, --version string       toolkit version (default "latest")
+      --components strings         list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
+      --dry-run                    only print the object that would be applied
+      --export                     write the install manifests to stdout and exit
+  -h, --help                       help for install
+      --image-pull-secret string   Kubernetes secret name used for pulling the toolkit images from a private registry
+      --manifests string           path to the manifest directory, dev only
+      --registry string            container registry where the toolkit images are published (default "docker.io/fluxcd")
+  -v, --version string             toolkit version (default "latest")
 ```
 
 ### Options inherited from parent commands

docs/cmd/tk_uninstall.md

@@ -17,18 +17,18 @@ tk uninstall [flags]
   tk uninstall --dry-run --namespace=gitops-system
 
   # Uninstall all components and delete custom resource definitions
-  tk uninstall --crds --namespace=gitops-system
+  tk uninstall --resources --crds --namespace=gitops-system
 
 ```
 
 ### Options
 
 ```
-      --crds             removes all CRDs previously installed
-      --dry-run          only print the object that would be deleted
-  -h, --help             help for uninstall
-      --kustomizations   removes all Kustomizations previously installed
-  -s, --silent           delete components without asking for confirmation
+      --crds        removes all CRDs previously installed
+      --dry-run     only print the object that would be deleted
+  -h, --help        help for uninstall
+      --resources   removes custom resources such as Kustomizations, GitRepositories and HelmRepositories
+  -s, --silent      delete components without asking for confirmation
 ```
 
 ### Options inherited from parent commands

docs/dev-guides/source-watcher.md

@@ -131,8 +131,8 @@ type GitRepositoryWatcher struct {
 	Scheme *runtime.Scheme
 }
 
-// +kubebuilder:rbac:groups=source.fluxcd.io,resources=gitrepositories,verbs=get;list;watch
-// +kubebuilder:rbac:groups=source.fluxcd.io,resources=gitrepositories/status,verbs=get
+// +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories,verbs=get;list;watch
+// +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories/status,verbs=get
 
 func (r *GitRepositoryWatcher) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	// set timeout for the reconciliation

docs/guides/helmreleases.md

@@ -27,7 +27,7 @@ By default, the source-controller watches for sources only in the
 untrusted sources from being registered by users.
 
 ```yaml
-apiVersion: source.fluxcd.io/v1alpha1
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
 kind: HelmRepository
 metadata:
   name: podinfo
@@ -55,7 +55,7 @@ With the `HelmRepository` created, define a new `HelmRelease` to deploy
 the Helm chart from the repository:
 
 ```yaml
-apiVersion: helm.fluxcd.io/v2alpha1
+apiVersion: helm.toolkit.fluxcd.io/v2alpha1
 kind: HelmRelease
 metadata:
   name: podinfo
@@ -93,6 +93,32 @@ helm-controller.
     See the [`HelmRelease` CRD docs](../components/helm/helmreleases.md)
     for more details.
 
+## Refer to values in `ConfigMap` and `Secret` resources
+
+It is possible to define a list of `ConfigMap` and `Secret` resources
+from which to take values. The values are merged in the order given,
+with the later values overwriting earlier. These values always have a
+lower priority than the values inlined in the `HelmRelease` via the
+`spec.values` parameter.
+
+```yaml
+spec:
+  valuesFrom:
+  - kind: ConfigMap
+    name: prod-env-values
+  - kind: Secret
+    name: prod-secret-values
+    valuesKey: secret.yaml
+```
+
+The definition of the listed keys is as follows:
+
+- `kind`: Kind of the values referent (`ConfigMap` or `Secret`).
+- `name`: Name of the values referent, in the same namespace as the
+  `HelmRelease`.
+- `valuesKey` _(Optional)_: The key in the referent the values can be
+  found at. Defaults to `values.yaml` when ommitted.
+
 ## Configure notifications
 
 The default toolkit installation configures the helm-controller to
@@ -105,7 +131,7 @@ the `gitops-system` to start receiving notifications about the Helm
 release:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
   kind: Alert
   metadata:
     generation: 2
@@ -147,7 +173,7 @@ kubectl -n gitops-system create secret generic webhook-token \
 When using [Harbor](https://goharbor.io/) as your Helm repository, you can define a receiver with:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Receiver
 metadata:
   name: helm-podinfo

docs/guides/notifications.md

@@ -30,7 +30,7 @@ it can be a Slack, Microsoft Teams, Discord or Rocket webhook URL.
 Create a notification provider for Slack by referencing the above secret:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Provider
 metadata:
   name: slack
@@ -54,7 +54,7 @@ Elasticsearch, CloudWatch, Stackdriver, etc.
 Create an alert definition for all repositories and kustomizations:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Alert
 metadata:
   name: on-call-webapp

docs/guides/sealed-secrets.md

@@ -0,0 +1,173 @@
+# Sealed Secrets
+
+In order to store secrets safely in a public or private Git repository, you can use
+Bitnami's [sealed-secrets controller](https://github.com/bitnami-labs/sealed-secrets)
+and encrypt your Kubernetes Secrets into SealedSecrets.
+The sealed secrets can be decrypted only by the controller running in your cluster and
+nobody else can obtain the original secret, even if they have access to the Git repository.
+
+## Prerequisites
+
+To follow this guide you'll need a Kubernetes cluster with the GitOps 
+toolkit controllers installed on it.
+Please see the [get started guide](../get-started/index.md)
+or the [install command docs](../cmd/tk_install.md).
+
+The sealed-secrets controller comes with a companion CLI tool called kubeseal.
+With kubeseal you can create SealedSecret custom resources in YAML format
+and store those in your Git repository.
+
+Install the kubeseal CLI:
+
+```sh
+brew install kubeseal
+```
+
+For Linux or Windows you can download the kubeseal binary from
+[GitHub](https://github.com/bitnami-labs/sealed-secrets/releases).
+
+## Deploy sealed-secrets with a HelmRelease
+
+You'll be using [helm-controller](../components/helm/controller.md) APIs to install
+the sealed-secrets controller from its [Helm chart](https://hub.kubeapps.com/charts/stable/sealed-secrets).
+
+First you have to register the Helm repository where the sealed-secrets chart is published:
+
+```sh
+tk create source helm stable \
+--interval=1h \
+--url=https://kubernetes-charts.storage.googleapis.com
+```
+
+With `interval` we configure [source-controller](../components/source/controller.md) to download
+the Helm repository index every hour. If a newer version of sealed-secrets is published,
+source-controller will signal helm-controller that a new chart is available.
+
+Create a Helm release that installs the latest version of sealed-secrets controller:
+
+```sh
+tk create helmrelease sealed-secrets \
+--interval=1h \
+--release-name=sealed-secrets \
+--target-namespace=gitops-system \
+--source=stable \
+--chart-name=sealed-secrets \
+--chart-version="^1.10.0"
+```
+
+With chart version `^1.10.0` we configure helm-controller to automatically upgrade the release
+when a new chart version is fetch by source-controller. 
+
+At startup, the sealed-secrets controller generates a 4096-bit RSA key pair and 
+persists the private and public keys as Kubernetes secrets in the `gitops-system` namespace.
+
+You can retrieve the public key with:
+
+```sh
+kubeseal --fetch-cert \
+--controller-name=sealed-secrets \
+--controller-namespace=gitops-system \
+> pub-sealed-secrets.pem
+``` 
+
+The public key can be safely stored in Git, and can be used to encrypt secrets
+without direct access to the Kubernetes cluster.
+
+## Encrypt secrets
+
+Generate a Kubernetes secret manifest with kubectl:
+
+```sh
+kubectl -n default create secret generic basic-auth \
+--from-literal=user=admin \
+--from-literal=password=change-me \
+--dry-run \
+-o yaml > basic-auth.yaml
+```
+
+Encrypt the secret with kubeseal:
+
+```sh
+kubeseal --format=yaml --cert=pub-sealed-secrets.pem \
+< basic-auth.yaml > basic-auth-sealed.yaml
+```
+
+Delete the plain secret and apply the sealed one:
+
+```sh
+rm basic-auth.yaml
+kubectl apply -f basic-auth-sealed.yaml
+```
+
+Verify that the sealed-secrets controller has created the `basic-auth` Kubernetes Secret:
+
+```console
+$ kubectl -n default get secrets basic-auth 
+
+NAME         TYPE     DATA   AGE
+basic-auth   Opaque   2      1m43s
+```
+
+## GitOps workflow
+
+A cluster admin should add the stable `HelmRepository` manifest and the sealed-secrets `HelmRelease`
+to the fleet repository.
+
+Helm repository manifest:
+
+```yaml
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
+kind: HelmRepository
+metadata:
+  name: stable
+  namespace: gitops-system
+spec:
+  interval: 1h0m0s
+  url: https://kubernetes-charts.storage.googleapis.com
+```
+
+Helm release manifest:
+
+```yaml
+apiVersion: helm.toolkit.fluxcd.io/v2alpha1
+kind: HelmRelease
+metadata:
+  name: sealed-secrets
+  namespace: gitops-system
+spec:
+  chart:
+    name: sealed-secrets
+    sourceRef:
+      kind: HelmRepository
+      name: stable
+    version: "^1.10.0"
+  interval: 1h0m0s
+  releaseName: sealed-secrets
+  targetNamespace: gitops-system
+```
+
+!!! hint
+    You can generate the above manifests using `tk create <kind> --export > manifest.yaml`.
+
+Once the sealed-secrets controller is installed, the admin fetches the 
+public key and shares it with the teams that operate on the fleet clusters via Git.
+
+When a team member wants to create a Kubernetes Secret on a cluster,
+they uses kubeseal and the public key corresponding to that cluster to generate a SealedSecret.
+
+Assuming a team member wants to deploy an application that needs to connect
+to a database using a username and password, they'll be doing the following:
+
+* create a Kubernetes Secret manifest locally with the db credentials e.g. `db-auth.yaml`
+* encrypt the secret with kubeseal as `db-auth-sealed.yaml`
+* delete the original secret file `db-auth.yaml`
+* create a Kubernetes Deployment manifest for the app e.g. `app-deployment.yaml`
+* add the Secret to the Deployment manifest as a [volume mount or env var](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets) using the original name `db-auth`
+* commit the manifests `db-auth-sealed.yaml` and `app-deployment.yaml` to a Git repository that's being synced by the GitOps toolkit controllers
+
+Once the manifests have been pushed to the Git repository, the following happens:
+
+* source-controller pulls the changes from Git
+* kustomize-controller applies the SealedSecret and the Deployment manifests
+* sealed-secrets controller decrypts the SealedSecret and creates a Kubernetes Secret
+* kubelet creates the pods and mounts the secret as a volume or env variable inside the app container

docs/guides/webhook-receivers.md

@@ -58,7 +58,7 @@ watch kubectl -n gitops-system get svc/receiver
 Create a Git source pointing to a GitHub repository that you have control over:
 
 ```yaml
-apiVersion: source.fluxcd.io/v1alpha1
+apiVersion: source.toolkit.fluxcd.io/v1alpha1
 kind: GitRepository
 metadata:
   name: webapp
@@ -89,7 +89,7 @@ kubectl -n gitops-system create secret generic webhook-token \
 Create a receiver for GitHub and specify the `GitRepository` object:
 
 ```yaml
-apiVersion: notification.fluxcd.io/v1alpha1
+apiVersion: notification.toolkit.fluxcd.io/v1alpha1
 kind: Receiver
 metadata:
   name: webapp

docs/roadmap/index.md

@@ -10,76 +10,82 @@
 
 ### Flux read-only feature parity
 
+[= 80% "80%"]
+
 This would be the first stepping stone: we want the GitOps Toolkit to be on-par with today's Flux in
 [read-only mode](https://github.com/fluxcd/flux/blob/master/docs/faq.md#can-i-run-flux-with-readonly-git-access)
 and [FluxCloud](https://github.com/justinbarrick/fluxcloud) notifications.
 
 Goals
 
-- Offer an in-place migration tool for those that are using Flux in read-only mode to synchronize plain manifests
-- Offer a migration guide for those that are using Flux in read-only mode to synchronize Kustomize overlays
-- ~~Offer a dedicated component for forwarding events to external messaging platforms~~
+-  Offer an in-place migration tool for those that are using Flux in read-only mode to synchronize plain manifests
+-  Offer a migration guide for those that are using Flux in read-only mode to synchronize Kustomize overlays
+-  <span class="check-bullet">:material-check-bold:</span> [Offer a dedicated component for forwarding events to external messaging platforms](https://toolkit.fluxcd.io/guides/notifications/)
 
 Non-Goals
 
-- Migrate users that are using Flux to run custom scripts with `flux.yaml`
-- Automate the migration of `flux.yaml` kustomize users
+-  Migrate users that are using Flux to run custom scripts with `flux.yaml`
+-  Automate the migration of `flux.yaml` kustomize users
 
 Tasks
 
-- ~~Design the events API~~
-- ~~Implement events in source and kustomize controllers~~
-- ~~Make the kustomize-controller apply/gc events on-par with Flux v1 apply events~~
-- ~~Design the notifications and events filtering API~~
-- ~~Implement a notification controller for Slack, MS Teams, Discord, Rocket~~
-- Implement Prometheus metrics in source and kustomize controllers
-- Review the git source and kustomize APIs
-- Implement the migration command in tk
-- Create a migration guide for `flux.yaml` kustomize users
+- [x]  <span style="color:grey">Design the events API</span>
+- [x]  <span style="color:grey">Implement events in source and kustomize controllers</span>
+- [x]  <span style="color:grey">Make the kustomize-controller apply/gc events on-par with Flux v1 apply events</span>
+- [x]  <span style="color:grey">Design the notifications and events filtering API</span>
+- [x]  <span style="color:grey">Implement a notification controller for Slack, MS Teams, Discord, Rocket</span>
+- [x]  <span style="color:grey">Implement Prometheus metrics in source and kustomize controllers</span>
+- [ ]  Review the git source and kustomize APIs
+- [ ]  Implement the migration command in tk
+- [ ]  Create a migration guide for `flux.yaml` kustomize users
 
 ### Flux image update feature parity
 
+[= 0% "0%"]
+
 Goals
 
-- Offer components that can replace Flux v1 image update feature
+-  Offer components that can replace Flux v1 image update feature
 
 Non-Goals
 
-- Maintain backwards compatibility with Flux v1 annotations
+-  Maintain backwards compatibility with Flux v1 annotations
 
 Tasks
 
-- [Design the image scanning and automation API](https://github.com/fluxcd/toolkit/discussions/107)
-- Implement an image scanning controller
-- Design the automation component
-- Implement the image scan/patch/push workflow
-- Integrate the new components in the toolkit assembler
-- Create a migration guide from Flux annotations
+- [ ]  [Design the image scanning and automation API](https://github.com/fluxcd/toolkit/discussions/107)
+- [ ]  Implement an image scanning controller
+- [ ]  Design the automation component
+- [ ]  Implement the image scan/patch/push workflow
+- [ ]  Integrate the new components in the toolkit assembler
+- [ ]  Create a migration guide from Flux annotations
 
 ## The road to Helm Operator v2
 
 ### Helm v3 feature parity
 
+[= 50% "50%"]
+
 Goals
 
-- Offer a migration guide for those that are using Helm Operator with Helm v3 and Helm repositories
+-  Offer a migration guide for those that are using Helm Operator with Helm v3 and Helm repositories
 
 Non-Goals
 
-- Migrate users that are using Helm v2
+-  Migrate users that are using Helm v2
 
 Stretch-Goals
 
-- [Migrate users that are using Helm charts from Git](https://github.com/fluxcd/toolkit/discussions/75#discussioncomment-38589)
+-  [Migrate users that are using Helm charts from Git](https://github.com/fluxcd/toolkit/discussions/75#discussioncomment-38589)
 
 Tasks
 
-- ~~Implement a Helm controller for Helm v3 covering all the current release options~~
-- Discuss and design Helm releases based on source API:
-    + [Providing values from sources](https://github.com/fluxcd/toolkit/discussions/100)
-    + [Conditional remediation on failed Helm actions](https://github.com/fluxcd/toolkit/discussions/102)
-    + [Support running Helm test actions on an interval](https://github.com/fluxcd/toolkit/discussions/103)
-- Review the Helm release, chart and repository APIs
-- ~~Implement events in Helm controller~~
-- Implement Prometheus metrics in Helm controller
-- Create a migration guide for Helm Operator users
+- [x]  <span style="color:grey">Implement a Helm controller for Helm v3 covering all the current release options</span>
+- [ ]  Discuss and design Helm releases based on source API:
+    * [ ]  [Providing values from sources](https://github.com/fluxcd/toolkit/discussions/100)
+    * [ ]  [Conditional remediation on failed Helm actions](https://github.com/fluxcd/toolkit/discussions/102)
+    * [ ]  [Support running Helm test actions on an interval](https://github.com/fluxcd/toolkit/discussions/103)
+- [x]  <span style="color:grey">Review the Helm release, chart and repository APIs</span>
+- [x]  <span style="color:grey">Implement events in Helm controller</span>
+- [x]  <span style="color:grey">Implement Prometheus metrics in Helm controller</span>
+- [ ]  Create a migration guide for Helm Operator users

go.mod

@@ -4,10 +4,10 @@ go 1.14
 
 require (
 	github.com/blang/semver v3.5.1+incompatible
-	github.com/fluxcd/helm-controller v0.0.1-beta.3
-	github.com/fluxcd/kustomize-controller v0.0.5
+	github.com/fluxcd/helm-controller v0.0.1
+	github.com/fluxcd/kustomize-controller v0.0.7
 	github.com/fluxcd/pkg v0.0.3
-	github.com/fluxcd/source-controller v0.0.6
+	github.com/fluxcd/source-controller v0.0.7
 	github.com/manifoldco/promptui v0.7.0
 	github.com/spf13/cobra v1.0.0
 	golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect

go.sum

@@ -172,14 +172,14 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwC
 github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/helm-controller v0.0.1-beta.3 h1:S6XOwAM0IbJxYDbasv85Zk7W1gJ51S3ZqYylMtGcuEE=
-github.com/fluxcd/helm-controller v0.0.1-beta.3/go.mod h1:asoN9pG8J0oQ9iXpkxNwvch1EKspus6RxH818ZYVo+4=
-github.com/fluxcd/kustomize-controller v0.0.5 h1:jjBJT/UbblMaeQpYn5TjH/oXXnORO6C3Cka77bs9K3Q=
-github.com/fluxcd/kustomize-controller v0.0.5/go.mod h1:1O78f9Qigs74BMxO/ThzLt5XGGQnwQPgzi+47ntie5M=
+github.com/fluxcd/helm-controller v0.0.1 h1:vTAbVJbn6MX8YAMPQ+zeiGV2CwX75YjF1Yxd8veng7c=
+github.com/fluxcd/helm-controller v0.0.1/go.mod h1:TLmobkvkb44l/R3J9MZsO0ht4nUX7plO5hWj4qTrhgI=
+github.com/fluxcd/kustomize-controller v0.0.7 h1:bIBT5s6jnRjUEOp+AdgQNGpQBZHMBJV/Ak1bK1qtRSM=
+github.com/fluxcd/kustomize-controller v0.0.7/go.mod h1:GVZs7l+0iI/N6ly0ftNzD5cZqJTmd+BPbsy445hklpU=
 github.com/fluxcd/pkg v0.0.3 h1:yhjtpGtD9LxFo8JtwTuUxJyFcX2wSSb0TPptIEpGSmA=
 github.com/fluxcd/pkg v0.0.3/go.mod h1:rtlppQU+9DNikyDZptLdOeTf+wBvQQiQQ/J113FPoeU=
-github.com/fluxcd/source-controller v0.0.6 h1:8yBdy5ZQmM4jZWHDBDgysftZnC1mybyfkV7NRzCo5Kc=
-github.com/fluxcd/source-controller v0.0.6/go.mod h1:XZR988ahVLjbqfe0EUq2Zl7bYH2NBly3u0n7DY5XtyU=
+github.com/fluxcd/source-controller v0.0.7 h1:D17Le7bc+53deRA3EMJc9eB/uU2HqvkMCwILE5HRhPk=
+github.com/fluxcd/source-controller v0.0.7/go.mod h1:XZR988ahVLjbqfe0EUq2Zl7bYH2NBly3u0n7DY5XtyU=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=

manifests/bases/helm-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.1-beta.3
-- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.1-beta.3
+- github.com/fluxcd/helm-controller/config//crd?ref=v0.0.1
+- github.com/fluxcd/helm-controller/config//manager?ref=v0.0.1
 patchesJson6902:
 - target:
     group: apps

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.5
-- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.5
+- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.7
 patchesJson6902:
 - target:
     group: apps

manifests/bases/notification-controller/kustomization.yaml

@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.5
-- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.5
+- github.com/fluxcd/notification-controller/config//crd?ref=v0.0.6
+- github.com/fluxcd/notification-controller/config//manager?ref=v0.0.6

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/source-controller/config//crd?ref=v0.0.6
-- github.com/fluxcd/source-controller/config//manager?ref=v0.0.6
+- github.com/fluxcd/source-controller/config//crd?ref=v0.0.7
+- github.com/fluxcd/source-controller/config//manager?ref=v0.0.7
 patchesJson6902:
 - target:
     group: apps

manifests/rbac/role.yaml

@@ -3,16 +3,16 @@ kind: Role
 metadata:
   name: crd-controller
 rules:
-- apiGroups: ['source.fluxcd.io']
+- apiGroups: ['source.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['kustomize.fluxcd.io']
+- apiGroups: ['kustomize.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['helm.fluxcd.io']
+- apiGroups: ['helm.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
-- apiGroups: ['notification.fluxcd.io']
+- apiGroups: ['notification.toolkit.fluxcd.io']
   resources: ['*']
   verbs: ['*']
 - apiGroups:

mkdocs.yml

@@ -35,6 +35,11 @@ markdown_extensions:
       highlight_code: true
   - pymdownx.tabbed
   - pymdownx.tilde
+  - pymdownx.progressbar
+  - pymdownx.tasklist
+  - pymdownx.emoji:
+      emoji_index: !!python/name:materialx.emoji.twemoji
+      emoji_generator: !!python/name:materialx.emoji.to_svg
 
 nav:
   - Introduction: index.md
@@ -43,6 +48,7 @@ nav:
       - Manage Helm Releases: guides/helmreleases.md
       - Setup Notifications: guides/notifications.md
       - Setup Webhook Receivers: guides/webhook-receivers.md
+      - Sealed Secrets: guides/sealed-secrets.md
   - Toolkit Components:
     - Source Controller:
       - Overview: components/source/controller.md