Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
5efa1ebe88 | ||
|
|
07677ed4a7 | ||
|
|
73e5640109 | ||
|
|
bdbded8588 | ||
|
|
e0fbf8920d | ||
|
|
7b2227bfac | ||
|
|
12866ca7ba | ||
|
|
1427b1537e |
@@ -52,6 +52,7 @@ var (
|
||||
bootstrapArch string
|
||||
bootstrapBranch string
|
||||
bootstrapWatchAllNamespaces bool
|
||||
bootstrapNetworkPolicy bool
|
||||
bootstrapLogLevel string
|
||||
bootstrapManifestsPath string
|
||||
bootstrapRequiredComponents = []string{"source-controller", "kustomize-controller"}
|
||||
@@ -80,6 +81,8 @@ func init() {
|
||||
rootCmd.AddCommand(bootstrapCmd)
|
||||
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapWatchAllNamespaces, "watch-all-namespaces", true,
|
||||
"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
|
||||
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapNetworkPolicy, "network-policy", true,
|
||||
"deny ingress access to the toolkit controllers from other namespaces using network policies")
|
||||
bootstrapCmd.PersistentFlags().StringVar(&bootstrapLogLevel, "log-level", "info", "set the controllers log level")
|
||||
bootstrapCmd.PersistentFlags().StringVar(&bootstrapManifestsPath, "manifests", "", "path to the manifest directory")
|
||||
bootstrapCmd.PersistentFlags().MarkHidden("manifests")
|
||||
@@ -126,7 +129,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
|
||||
}
|
||||
|
||||
if err := genInstallManifests(bootstrapVersion, namespace, bootstrapComponents,
|
||||
bootstrapWatchAllNamespaces, bootstrapRegistry, bootstrapImagePullSecret,
|
||||
bootstrapWatchAllNamespaces, bootstrapNetworkPolicy, bootstrapRegistry, bootstrapImagePullSecret,
|
||||
bootstrapArch, bootstrapLogLevel, gotkDir); err != nil {
|
||||
return "", fmt.Errorf("generating manifests failed: %w", err)
|
||||
}
|
||||
|
||||
@@ -142,7 +142,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
|
||||
Labels: ksLabels,
|
||||
},
|
||||
Spec: kustomizev1.KustomizationSpec{
|
||||
DependsOn: utils.makeDependsOn(hrDependsOn),
|
||||
DependsOn: utils.makeDependsOn(ksDependsOn),
|
||||
Interval: metav1.Duration{
|
||||
Duration: interval,
|
||||
},
|
||||
|
||||
@@ -78,7 +78,6 @@ func getHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Failuref("%s %s", helmRelease.GetName(), c.Message)
|
||||
}
|
||||
isInitialized = true
|
||||
break
|
||||
}
|
||||
if !isInitialized {
|
||||
logger.Failuref("%s is not ready", helmRelease.GetName())
|
||||
|
||||
@@ -77,7 +77,6 @@ func getKsCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Failuref("%s %s", kustomization.GetName(), c.Message)
|
||||
}
|
||||
isInitialized = true
|
||||
break
|
||||
}
|
||||
if !isInitialized {
|
||||
logger.Failuref("%s is not ready", kustomization.GetName())
|
||||
|
||||
@@ -75,7 +75,6 @@ func getSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Failuref("%s %s", source.GetName(), c.Message)
|
||||
}
|
||||
isInitialized = true
|
||||
break
|
||||
}
|
||||
if !isInitialized {
|
||||
logger.Failuref("%s is not ready", source.GetName())
|
||||
|
||||
@@ -75,7 +75,6 @@ func getSourceGitCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Failuref("%s %s", source.GetName(), c.Message)
|
||||
}
|
||||
isInitialized = true
|
||||
break
|
||||
}
|
||||
if !isInitialized {
|
||||
logger.Failuref("%s is not ready", source.GetName())
|
||||
|
||||
@@ -75,7 +75,6 @@ func getSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
|
||||
logger.Failuref("%s %s", source.GetName(), c.Message)
|
||||
}
|
||||
isInitialized = true
|
||||
break
|
||||
}
|
||||
if !isInitialized {
|
||||
logger.Failuref("%s is not ready", source.GetName())
|
||||
|
||||
@@ -64,6 +64,7 @@ var (
|
||||
installImagePullSecret string
|
||||
installArch string
|
||||
installWatchAllNamespaces bool
|
||||
installNetworkPolicy bool
|
||||
installLogLevel string
|
||||
)
|
||||
|
||||
@@ -87,6 +88,8 @@ func init() {
|
||||
installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", true,
|
||||
"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
|
||||
installCmd.Flags().StringVar(&installLogLevel, "log-level", "info", "set the controllers log level")
|
||||
installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", true,
|
||||
"deny ingress access to the toolkit controllers from other namespaces using network policies")
|
||||
rootCmd.AddCommand(installCmd)
|
||||
}
|
||||
|
||||
@@ -113,7 +116,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
if installManifestsPath == "" {
|
||||
err = genInstallManifests(installVersion, namespace, installComponents,
|
||||
installWatchAllNamespaces, installRegistry, installImagePullSecret,
|
||||
installWatchAllNamespaces, installNetworkPolicy, installRegistry, installImagePullSecret,
|
||||
installArch, installLogLevel, tmpDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("install failed: %w", err)
|
||||
@@ -215,7 +218,9 @@ transformers:
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
{{- if .NetworkPolicy }}
|
||||
- policies.yaml
|
||||
{{- end }}
|
||||
- roles
|
||||
{{- range .Components }}
|
||||
- {{.}}.yaml
|
||||
@@ -333,7 +338,7 @@ func downloadManifests(version string, tmpDir string) error {
|
||||
}
|
||||
|
||||
func genInstallManifests(version string, namespace string, components []string,
|
||||
watchAllNamespaces bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
|
||||
watchAllNamespaces, networkPolicy bool, registry, imagePullSecret, arch, logLevel, tmpDir string) error {
|
||||
eventsAddr := ""
|
||||
if utils.containsItemString(components, defaultNotification) {
|
||||
eventsAddr = fmt.Sprintf("http://%s/", defaultNotification)
|
||||
@@ -348,6 +353,7 @@ func genInstallManifests(version string, namespace string, components []string,
|
||||
ImagePullSecret string
|
||||
Arch string
|
||||
WatchAllNamespaces bool
|
||||
NetworkPolicy bool
|
||||
LogLevel string
|
||||
}{
|
||||
Version: version,
|
||||
@@ -358,6 +364,7 @@ func genInstallManifests(version string, namespace string, components []string,
|
||||
ImagePullSecret: imagePullSecret,
|
||||
Arch: arch,
|
||||
WatchAllNamespaces: watchAllNamespaces,
|
||||
NetworkPolicy: networkPolicy,
|
||||
LogLevel: logLevel,
|
||||
}
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ The bootstrap sub-commands bootstrap the toolkit components on the targeted Git
|
||||
-h, --help help for bootstrap
|
||||
--image-pull-secret string Kubernetes secret name used for pulling the toolkit images from a private registry
|
||||
--log-level string set the controllers log level (default "info")
|
||||
--network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
|
||||
--registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd")
|
||||
-v, --version string toolkit version (default "latest")
|
||||
--watch-all-namespaces watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
|
||||
|
||||
@@ -64,6 +64,7 @@ gotk bootstrap github [flags]
|
||||
--kubeconfig string path to the kubeconfig file (default "~/.kube/config")
|
||||
--log-level string set the controllers log level (default "info")
|
||||
-n, --namespace string the namespace scope for this operation (default "gotk-system")
|
||||
--network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
|
||||
--registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd")
|
||||
--timeout duration timeout for this operation (default 5m0s)
|
||||
--verbose print generated objects
|
||||
|
||||
@@ -61,6 +61,7 @@ gotk bootstrap gitlab [flags]
|
||||
--kubeconfig string path to the kubeconfig file (default "~/.kube/config")
|
||||
--log-level string set the controllers log level (default "info")
|
||||
-n, --namespace string the namespace scope for this operation (default "gotk-system")
|
||||
--network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
|
||||
--registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd")
|
||||
--timeout duration timeout for this operation (default 5m0s)
|
||||
--verbose print generated objects
|
||||
|
||||
@@ -38,6 +38,7 @@ gotk install [flags]
|
||||
-h, --help help for install
|
||||
--image-pull-secret string Kubernetes secret name used for pulling the toolkit images from a private registry
|
||||
--log-level string set the controllers log level (default "info")
|
||||
--network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
|
||||
--registry string container registry where the toolkit images are published (default "ghcr.io/fluxcd")
|
||||
-v, --version string toolkit version (default "latest")
|
||||
--watch-all-namespaces watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true)
|
||||
|
||||
2
go.mod
2
go.mod
@@ -5,7 +5,7 @@ go 1.15
|
||||
require (
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/blang/semver v3.5.0+incompatible
|
||||
github.com/fluxcd/helm-controller/api v0.1.0
|
||||
github.com/fluxcd/helm-controller/api v0.1.1
|
||||
github.com/fluxcd/kustomize-controller/api v0.1.0
|
||||
github.com/fluxcd/pkg/apis/meta v0.0.2
|
||||
github.com/fluxcd/pkg/git v0.0.7
|
||||
|
||||
4
go.sum
4
go.sum
@@ -111,8 +111,8 @@ github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fluxcd/helm-controller/api v0.1.0 h1:hci9/dLlej6W+rZVkAGVi1MjLVaHWsq/luOYX9DtzJo=
|
||||
github.com/fluxcd/helm-controller/api v0.1.0/go.mod h1:orwdS+iYGcM8BReUQfIb5CJ+jiFdlKmnLnzp6K3FK2U=
|
||||
github.com/fluxcd/helm-controller/api v0.1.1 h1:iKskkLGRYRi5hiZg/+Rn+rpneGPayGQPnmilM3bok44=
|
||||
github.com/fluxcd/helm-controller/api v0.1.1/go.mod h1:orwdS+iYGcM8BReUQfIb5CJ+jiFdlKmnLnzp6K3FK2U=
|
||||
github.com/fluxcd/kustomize-controller/api v0.1.0 h1:dPowX408q0jO7wnWBj5Dglc22euAQBLxDhPS8XHlLM0=
|
||||
github.com/fluxcd/kustomize-controller/api v0.1.0/go.mod h1:upR7/OzX/wXJlKgiBLUn7ez4XG4Lo5edep2WKSx0u7c=
|
||||
github.com/fluxcd/pkg/apis/meta v0.0.2 h1:kyA4Y0IzNjf1joBOnFqpWG7aNDHvtLExZcaHQM7qhRI=
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/fluxcd/helm-controller/archive/v0.1.0.zip//helm-controller-0.1.0/config/crd
|
||||
- https://github.com/fluxcd/helm-controller/archive/v0.1.0.zip//helm-controller-0.1.0/config/manager
|
||||
- https://github.com/fluxcd/helm-controller/archive/v0.1.1.zip//helm-controller-0.1.1/config/crd
|
||||
- https://github.com/fluxcd/helm-controller/archive/v0.1.1.zip//helm-controller-0.1.1/config/manager
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: apps
|
||||
|
||||
Reference in New Issue
Block a user