Refer to authorisation model in RFC-0001

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,46 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve Flux v2
-title: ''
-assignees: ''
-
----
-
-<!--
-
-Find out more about your support options and getting help at
-
-   https://fluxcd.io/support/
-
--->
-
-### Describe the bug
-
-A clear and concise description of what the bug is.
-
-### To Reproduce
-
-Steps to reproduce the behaviour:
-
-1. Provide Flux install instructions
-2. Provide a GitHub repository with Kubernetes manifests
-
-### Expected behavior
-
-A clear and concise description of what you expected to happen.
-
-### Additional context
-
-- Kubernetes version:
-- Git provider:
-- Container registry provider:
-
-Below please provide the output of the following commands:
-
-```cli
-flux --version
-flux check
-kubectl -n <namespace> get all
-kubectl -n <namespace> logs deploy/source-controller
-kubectl -n <namespace> logs deploy/kustomize-controller
-```

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,84 @@
+---
+name: Bug report
+description: Create a report to help us improve Flux
+body:
+- type: markdown
+  attributes:
+    value: |
+      ## Support
+      Find out more about your support options and getting help at: https://fluxcd.io/support/
+- type: textarea
+  validations:
+    required: true
+  attributes:
+    label: Describe the bug
+    description: A clear description of what the bug is.
+- type: textarea
+  validations:
+    required: true
+  attributes:
+    label: Steps to reproduce
+    description: |
+      Steps to reproduce the problem.
+    placeholder: |
+      For example:
+      1. Install Flux with the additional image automation controllers
+      2. Run command '...'
+      3. See error
+- type: textarea
+  validations:
+    required: true
+  attributes:
+    label: Expected behavior
+    description: A brief description of what you expected to happen.
+- type: textarea
+  attributes:
+    label: Screenshots and recordings
+    description: |
+      If applicable, add screenshots to help explain your problem. You can also record an asciinema session: https://asciinema.org/
+- type: input
+  validations:
+    required: true
+  attributes:
+    label: OS / Distro
+    description: The OS / distro you are executing `flux` on. If not applicable, write `N/A`.
+    placeholder: e.g. Windows 10, Ubuntu 20.04, Arch Linux, macOS 10.15...
+- type: input
+  validations:
+    required: true
+  attributes:
+    label: Flux version
+    description: Run `flux version --client`. If not applicable, write `N/A`.
+    placeholder: e.g. v0.20.1
+- type: textarea
+  validations:
+    required: true
+  attributes:
+    label: Flux check
+    description: Run `flux check`. If not applicable, write `N/A`.
+    placeholder: |
+      For example:
+      ► checking prerequisites
+      ✔ Kubernetes 1.21.1 >=1.19.0-0
+      ► checking controllers
+      ✔ all checks passed
+- type: input
+  attributes:
+    label: Git provider
+    description: If applicable, add the Git provider you are having problems with, e.g. GitHub (Enterprise), GitLab, etc.
+- type: input
+  attributes:
+    label: Container Registry provider
+    description: If applicable, add the Container Registry provider you are having problems with, e.g. DockerHub, GitHub Packages, Quay.io, etc.
+- type: textarea
+  attributes:
+    label: Additional context
+    description: Add any other context about the problem here. This can be logs (e.g. output from `flux logs`), environment specific caveats, etc.
+- type: checkboxes
+  id: terms
+  attributes:
+    label: Code of Conduct
+    description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/fluxcd/.github/blob/main/CODE_OF_CONDUCT.md)
+    options:
+    - label: I agree to follow this project's Code of Conduct
+      required: true

.github/aur/flux-bin/.SRCINFO.template

@@ -8,7 +8,6 @@ pkgbase = flux-bin
 	arch = armv7h
 	arch = aarch64
 	license = APACHE
-	optdepends = kubectl
 	source_x86_64 = flux-bin-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v1/flux_${PKGVER}_linux_amd64.tar.gz
 	source_armv6h = flux-bin-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v1/flux_${PKGVER}_linux_arm.tar.gz
 	source_armv7h = flux-bin-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v1/flux_${PKGVER}_linux_arm.tar.gz

.github/aur/flux-bin/PKGBUILD.template

@@ -8,8 +8,7 @@ pkgdesc="Open and extensible continuous delivery solution for Kubernetes"
 url="https://fluxcd.io/"
 arch=("x86_64" "armv6h" "armv7h" "aarch64")
 license=("APACHE")
-optdepends=('kubectl: for apply actions on the Kubernetes cluster',
-'bash-completion: auto-completion for flux in Bash',
+optdepends=('bash-completion: auto-completion for flux in Bash',
 'zsh-completions: auto-completion for flux in ZSH')
 source_x86_64=(
   "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_amd64.tar.gz"

.github/aur/flux-go/.SRCINFO.template

@@ -10,7 +10,6 @@ pkgbase = flux-go
 	license = APACHE
 	makedepends = go
 	depends = glibc
-	optdepends = kubectl
 	provides = flux-bin
 	conflicts = flux-bin
   replaces = flux-cli

.github/aur/flux-go/PKGBUILD.template

@@ -13,8 +13,7 @@ conflicts=("flux-bin")
 replaces=("flux-cli")
 depends=("glibc")
 makedepends=('go>=1.16', 'kustomize>=3.0')
-optdepends=('kubectl: for apply actions on the Kubernetes cluster',
-'bash-completion: auto-completion for flux in Bash',
+optdepends=('bash-completion: auto-completion for flux in Bash',
 'zsh-completions: auto-completion for flux in ZSH')
 source=(
   "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/archive/v${pkgver}.tar.gz"

.github/aur/flux-scm/.SRCINFO.template

@@ -10,7 +10,6 @@ pkgbase = flux-scm
 	license = APACHE
 	makedepends = go
 	depends = glibc
-	optdepends = kubectl
 	provides = flux-bin
 	conflicts = flux-bin
 	source = git+https://github.com/fluxcd/flux2.git

.github/aur/flux-scm/PKGBUILD.template

@@ -12,8 +12,7 @@ provides=("flux-bin")
 conflicts=("flux-bin")
 depends=("glibc")
 makedepends=('go>=1.16', 'kustomize>=3.0')
-optdepends=('kubectl: for apply actions on the Kubernetes cluster',
-'bash-completion: auto-completion for flux in Bash',
+optdepends=('bash-completion: auto-completion for flux in Bash',
 'zsh-completions: auto-completion for flux in ZSH')
 source=(
   "git+https://github.com/fluxcd/flux2.git"

.github/runners/README.md

@@ -0,0 +1,72 @@
+# Flux ARM64 GitHub runners
+
+The Flux ARM64 end-to-end tests run on Equinix instances provisioned with Docker and GitHub self-hosted runners.
+
+## Current instances
+
+| Runner        | Instance            | Region |
+|---------------|---------------------|--------|
+| equinix-arm-1 | flux-equinix-arm-01 | AMS1   |
+| equinix-arm-2 | flux-equinix-arm-01 | AMS1   |
+| equinix-arm-3 | flux-equinix-arm-01 | AMS1   |
+| equinix-arm-4 | flux-equinix-arm-02 | DFW2   |
+| equinix-arm-5 | flux-equinix-arm-02 | DFW2   |
+| equinix-arm-6 | flux-equinix-arm-02 | DFW2   |
+
+## Instance setup
+
+In order to add a new runner to the GitHub Actions pool,
+first create a server on Equinix with the following configuration:
+- Type: c2.large.arm
+- OS: Ubuntu 20.04
+
+### Install prerequisites
+
+- SSH into a newly created instance
+```shell
+ssh root@<instance-public-IP>
+``` 
+
+- Create the ubuntu user
+```shell
+adduser ubuntu
+usermod -aG sudo ubuntu
+su - ubuntu
+```
+
+- Create the prerequisites dir
+```shell
+mkdir -p prereq && cd prereq
+```
+
+- Download the prerequisites script
+```shell
+curl -sL https://raw.githubusercontent.com/fluxcd/flux2/main/.github/runners/prereq.sh > prereq.sh \
+  && chmod +x ./prereq.sh
+```
+
+- Install the prerequisites
+```shell
+sudo ./prereq.sh
+```
+
+### Install runners
+
+- Retrieve the GitHub runner token from the repository [settings page](https://github.com/fluxcd/flux2/settings/actions/runners/new?arch=arm64&os=linux)
+
+- Create 3 directories `runner1`, `runner2`, `runner3`
+
+- In each dir run:
+```shell
+curl -sL https://raw.githubusercontent.com/fluxcd/flux2/main/.github/runners/runner-setup.sh > runner-setup.sh \
+  && chmod +x ./runner-setup.sh
+
+./runner-setup.sh equinix-arm-<NUMBER> <TOKEN>
+```
+
+- Reboot the instance
+```shell
+sudo reboot
+```
+
+- Navigate to the GitHub repository [runners page](https://github.com/fluxcd/flux2/settings/actions/runners) and check the runner status

.github/runners/prereq.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 The Flux authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script installs the prerequisites for running Flux end-to-end tests with Docker and GitHub self-hosted runners.
+
+set -eu
+
+KIND_VERSION=0.11.1
+KUBECTL_VERSION=1.21.2
+KUSTOMIZE_VERSION=4.1.3
+GITHUB_RUNNER_VERSION=2.285.1
+PACKAGES="apt-transport-https ca-certificates software-properties-common build-essential libssl-dev gnupg lsb-release jq"
+
+# install prerequisites
+apt-get update \
+  && apt-get install -y -q ${PACKAGES} \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+# install docker
+curl -fsSL https://get.docker.com -o get-docker.sh \
+  && chmod +x get-docker.sh
+./get-docker.sh
+systemctl enable docker.service
+systemctl enable containerd.service
+usermod -aG docker ubuntu
+
+# install kind
+curl -Lo ./kind https://kind.sigs.k8s.io/dl/v${KIND_VERSION}/kind-linux-arm64
+install -o root -g root -m 0755 kind /usr/local/bin/kind
+
+# install kubectl
+curl -LO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/arm64/kubectl"
+install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+
+# install kustomize
+curl -Lo ./kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_arm64.tar.gz \
+  && tar -zxvf kustomize.tar.gz \
+  && rm kustomize.tar.gz
+install -o root -g root -m 0755 kustomize /usr/local/bin/kustomize
+
+# download runner
+curl -o actions-runner-linux-arm64.tar.gz -L https://github.com/actions/runner/releases/download/v${GITHUB_RUNNER_VERSION}/actions-runner-linux-arm64-${GITHUB_RUNNER_VERSION}.tar.gz \
+  && tar xzf actions-runner-linux-arm64.tar.gz \
+  && rm actions-runner-linux-arm64.tar.gz
+
+# install runner dependencies
+./bin/installdependencies.sh

.github/runners/runner-setup.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 The Flux authors. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script installs a GitHub self-hosted ARM64 runner for running Flux end-to-end tests.
+
+set -eu
+
+RUNNER_NAME=$1
+REPOSITORY_TOKEN=$2
+REPOSITORY_URL=${3:-https://github.com/fluxcd/flux2}
+
+GITHUB_RUNNER_VERSION=2.285.1
+
+# download runner
+curl -o actions-runner-linux-arm64.tar.gz -L https://github.com/actions/runner/releases/download/v${GITHUB_RUNNER_VERSION}/actions-runner-linux-arm64-${GITHUB_RUNNER_VERSION}.tar.gz \
+  && tar xzf actions-runner-linux-arm64.tar.gz \
+  && rm actions-runner-linux-arm64.tar.gz
+
+# register runner with GitHub
+./config.sh --unattended --url ${REPOSITORY_URL} --token ${REPOSITORY_TOKEN} --name ${RUNNER_NAME}
+
+# start runner
+sudo ./svc.sh install
+sudo ./svc.sh start

.github/workflows/bootstrap.yaml

@@ -26,11 +26,14 @@ jobs:
           go-version: 1.16.x
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: v0.11.1
+          image: kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6
       - name: Setup Kustomize
         uses: fluxcd/pkg//actions/kustomize@main
       - name: Build
         run: |
-          make cmd/flux/manifests
+          make cmd/flux/.manifests.done
           go build -o /tmp/flux ./cmd/flux
       - name: Set outputs
         id: vars
@@ -61,20 +64,51 @@ jobs:
           --team=team-z
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
-      - name: uninstall
-        run: |
-          /tmp/flux uninstall -s --keep-namespace
-          kubectl delete ns flux-system --timeout=10m --wait=true
-      - name: bootstrap reinstall
+      - name: bootstrap customize
         run: |
+          make setup-bootstrap-patch
           /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
           --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster \
           --team=team-z
+          if [ $(kubectl get deployments.apps source-controller -o jsonpath='{.spec.template.spec.securityContext.runAsUser}') != "10000" ]; then
+          echo "Bootstrap not customized as controller is not running as user 10000" && exit 1
+          fi
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+          GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
+          GITHUB_ORG_NAME: fluxcd-testing
+      - name: libgit2
+        run: |
+          /tmp/flux create source git test-libgit2 \
+          --url=ssh://git@github.com/fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} \
+          --git-implementation=libgit2 \
+          --secret-ref=flux-system \
+          --branch=main
+      - name: uninstall
+        run: |
+          /tmp/flux uninstall -s --keep-namespace
+          kubectl delete ns flux-system --timeout=10m --wait=true
+      - name: test image automation
+        run: |
+          make setup-image-automation
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=${{ steps.vars.outputs.test_repo_name }} \
+          --branch=main \
+          --path=test-cluster \
+          --read-write-key
+          /tmp/flux reconcile image repository podinfo
+          /tmp/flux reconcile image update flux-system
+          /tmp/flux get images all
+          /tmp/flux get images policy podinfo | grep "5.2.1"
+          /tmp/flux get image update flux-system | grep commit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+          GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
+          GITHUB_ORG_NAME: fluxcd-testing
       - name: delete repository
         run: |
           curl \

.github/workflows/docs.yaml

@@ -1,76 +0,0 @@
-name: Publish docs via GitHub Pages
-
-on:
-  push:
-    branches: [ 'docs*', main ]
-
-jobs:
-  build:
-    name: Deploy docs
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout master
-        uses: actions/checkout@v1
-      - name: Copy assets
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          controller_version() {
-            sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p;n" manifests/bases/$1/kustomization.yaml
-          }
-
-          {
-            # source-controller CRDs
-            SOURCE_VER=$(controller_version source-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/api/source.md" > docs/components/source/api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/gitrepositories.md" > docs/components/source/gitrepositories.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmrepositories.md" > docs/components/source/helmrepositories.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/helmcharts.md" > docs/components/source/helmcharts.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/source-controller/$SOURCE_VER/docs/spec/v1beta1/buckets.md" > docs/components/source/buckets.md
-          }
-
-          {
-            # kustomize-controller CRDs
-            KUSTOMIZE_VER=$(controller_version kustomize-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/api/kustomize.md" > docs/components/kustomize/api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/kustomize-controller/$KUSTOMIZE_VER/docs/spec/v1beta1/kustomization.md" > docs/components/kustomize/kustomization.md
-          }
-
-          {
-            # helm-controller CRDs
-            HELM_VER=$(controller_version helm-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/api/helmrelease.md" > docs/components/helm/api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/helm-controller/$HELM_VER/docs/spec/v2beta1/helmreleases.md" > docs/components/helm/helmreleases.md
-          }
-
-          {
-            # notification-controller CRDs
-            NOTIFICATION_VER=$(controller_version notification-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/api/notification.md" > docs/components/notification/api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/event.md" > docs/components/notification/event.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/alert.md" > docs/components/notification/alert.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/provider.md" > docs/components/notification/provider.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/notification-controller/$NOTIFICATION_VER/docs/spec/v1beta1/receiver.md" > docs/components/notification/receiver.md
-          }
-
-          {
-            # image-*-controller CRDs; these use the same API group
-            IMG_REFL_VER=$(controller_version image-reflector-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/api/image-reflector.md" > docs/components/image/reflector-api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/spec/v1alpha1/imagerepositories.md" > docs/components/image/imagerepositories.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-reflector-controller/$IMG_REFL_VER/docs/spec/v1alpha1/imagepolicies.md" > docs/components/image/imagepolicies.md
-
-            IMG_AUTO_VER=$(controller_version image-automation-controller)
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-automation-controller/$IMG_AUTO_VER/docs/api/image-automation.md" > docs/components/image/automation-api.md
-            curl -# -Lf "https://raw.githubusercontent.com/fluxcd/image-automation-controller/$IMG_AUTO_VER/docs/spec/v1alpha1/imageupdateautomations.md" > docs/components/image/imageupdateautomations.md
-          }
-
-          {
-            # install script
-            cp install/flux.sh docs/install.sh
-          }
-      - name: Deploy docs
-        uses: mhausenblas/mkdocs-deploy-gh-pages@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CUSTOM_DOMAIN: toolkit.fluxcd.io

.github/workflows/e2e-arm64.yaml

@@ -0,0 +1,37 @@
+name: e2e-arm64
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main, update-components, equinix-runners ]
+
+jobs:
+  test:
+    # Hosted on Equinix
+    # Docs: https://github.com/fluxcd/flux2/tree/main/.github/runners
+    runs-on: [self-hosted, Linux, ARM64, equinix]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16.x
+      - name: Prepare
+        id: prep
+        run: |
+          echo ::set-output name=CLUSTER::arm64-${GITHUB_SHA:0:7}-$(date +%s)
+          echo ::set-output name=CONTEXT::kind-arm64-${GITHUB_SHA:0:7}-$(date +%s)
+      - name: Build
+        run: |
+          make build
+      - name: Setup Kubernetes Kind
+        run: |
+          kind create cluster --name ${{ steps.prep.outputs.CLUSTER }} --kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }}
+      - name: Run e2e tests
+        run: TEST_KUBECONFIG=/tmp/${{ steps.prep.outputs.CLUSTER }} make e2e
+      - name: Cleanup
+        if: always()
+        run: |
+          kind delete cluster --name ${{ steps.prep.outputs.CLUSTER }}
+          rm /tmp/${{ steps.prep.outputs.CLUSTER }}

.github/workflows/e2e-azure.yaml

@@ -0,0 +1,66 @@
+name: e2e-azure
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 6 * * *'
+  push:
+    branches: [ azure* ]
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Restore Go cache
+        uses: actions/cache@v1
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go1.16-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go1.16-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16.x
+      - name: Install libgit2
+        run: |
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
+          echo "deb http://deb.debian.org/debian unstable main" | sudo tee -a /etc/apt/sources.list
+          echo "deb-src http://deb.debian.org/debian unstable main" | sudo tee -a /etc/apt/sources.list
+          sudo apt-get update
+          sudo apt-get install -y --allow-downgrades libgit2-dev/unstable zlib1g-dev/unstable libssh2-1-dev/unstable libpcre3-dev/unstable
+      - name: Setup Flux CLI
+        run: |
+          make build
+          mkdir -p $HOME/.local/bin
+          mv ./bin/flux $HOME/.local/bin
+      - name: Setup SOPS
+        run: |
+          wget https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux
+          chmod +x sops-v3.7.1.linux
+          mkdir -p $HOME/.local/bin
+          mv sops-v3.7.1.linux $HOME/.local/bin/sops
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.0.7
+          terraform_wrapper: false
+      - name: Setup Azure CLI
+        run: |
+          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
+      - name: Run Azure e2e tests
+        env:
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+          ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+          ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+        run: |
+          echo $HOME
+          echo $PATH
+          ls $HOME/.local/bin
+          az login --service-principal -u ${ARM_CLIENT_ID} -p ${ARM_CLIENT_SECRET} -t ${ARM_TENANT_ID}
+          cd ./tests/azure
+          go test -v -coverprofile cover.out -timeout 60m .

.github/workflows/e2e.yaml

@@ -2,7 +2,7 @@ name: e2e
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, e2e* ]
   pull_request:
     branches: [ main ]
 
@@ -26,17 +26,23 @@ jobs:
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.5.0
         with:
-          version: "v0.10.0"
-          image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
+          version: v0.11.1
+          image: kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729
           config: .github/kind/config.yaml # disable KIND-net
+      - name: Setup envtest
+        uses: fluxcd/pkg/actions/envtest@main
+        with:
+          version: "1.21.x"
       - name: Setup Calico for network policy
         run: |
-          kubectl apply -f https://docs.projectcalico.org/v3.16/manifests/calico.yaml
+          kubectl apply -f https://docs.projectcalico.org/v3.20/manifests/calico.yaml
           kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
       - name: Setup Kustomize
         uses: fluxcd/pkg//actions/kustomize@main
-      - name: Run test
+      - name: Run tests
         run: make test
+      - name: Run e2e tests
+        run: TEST_KUBECONFIG=$HOME/.kube/config make e2e
       - name: Check if working tree is dirty
         run: |
           if [[ $(git diff --stat) != '' ]]; then
@@ -74,6 +80,13 @@ jobs:
             --tag-semver=">=3.2.3" \
             --export | kubectl apply -f -
           /tmp/flux delete source git podinfo-export --silent
+      - name: flux create source git libgit2 semver
+        run: |
+          /tmp/flux create source git podinfo-libgit2 \
+            --url https://github.com/stefanprodan/podinfo  \
+            --tag-semver=">=3.2.3" \
+            --git-implementation=libgit2
+          /tmp/flux delete source git podinfo-libgit2 --silent
       - name: flux get sources git
         run: |
           /tmp/flux get sources git
@@ -87,10 +100,15 @@ jobs:
             --path="./deploy/overlays/dev" \
             --prune=true \
             --interval=5m \
-            --validation=client \
             --health-check="Deployment/frontend.dev" \
             --health-check="Deployment/backend.dev" \
             --health-check-timeout=3m
+      - name: flux trace
+        run: |
+          /tmp/flux trace frontend \
+            --kind=deployment \
+            --api-version=apps/v1 \
+            --namespace=dev
       - name: flux reconcile kustomization --with-source
         run: |
           /tmp/flux reconcile kustomization podinfo --with-source
@@ -164,26 +182,6 @@ jobs:
             --chart=podinfo \
             --chart-version="5.0.x" \
             --service-account=dev-team
-      - name: flux create image repository
-        run: |
-          /tmp/flux create image repository podinfo \
-            --image=ghcr.io/stefanprodan/podinfo \
-            --interval=1m
-      - name: flux create image policy
-        run: |
-          /tmp/flux create image policy podinfo \
-            --image-ref=podinfo \
-            --interval=1m \
-            --select-semver=5.0.x
-      - name: flux create image policy podinfo-select-alpha
-        run: |
-          /tmp/flux create image policy podinfo-alpha \
-            --image-ref=podinfo \
-            --interval=1m \
-            --select-alpha=desc
-      - name: flux get image policy
-        run: |
-          /tmp/flux get image policy podinfo | grep '5.0.3'
       - name: flux2-kustomize-helm-example
         run: |
           /tmp/flux create source git flux-system \
@@ -193,7 +191,14 @@ jobs:
           /tmp/flux create kustomization flux-system \
           --source=flux-system \
           --path=./clusters/staging
-          kubectl -n flux-system wait kustomization/apps --for=condition=ready --timeout=2m
+          kubectl -n flux-system wait kustomization/infrastructure --for=condition=ready --timeout=5m
+          kubectl -n flux-system wait kustomization/apps --for=condition=ready --timeout=5m
+          kubectl -n nginx wait helmrelease/nginx --for=condition=ready --timeout=5m
+          kubectl -n redis wait helmrelease/redis --for=condition=ready --timeout=5m
+          kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
+      - name: flux tree
+        run: |
+          /tmp/flux tree kustomization flux-system | grep Service/podinfo
       - name: flux check
         run: |
           /tmp/flux check
@@ -205,6 +210,7 @@ jobs:
         run: |
           kubectl version --client --short
           kubectl -n flux-system get all
+          kubectl -n flux-system describe pods
           kubectl -n flux-system get kustomizations -oyaml
           kubectl -n flux-system logs deploy/source-controller
           kubectl -n flux-system logs deploy/kustomize-controller

.github/workflows/release.yaml

@@ -50,9 +50,22 @@ jobs:
         uses: fluxcd/pkg//actions/kustomize@main
       - name: Generate manifests
         run: |
-          make cmd/flux/manifests
+          make cmd/flux/.manifests.done
           ./manifests/scripts/bundle.sh "" ./output manifests.tar.gz
           kustomize build ./manifests/install > ./output/install.yaml
+      - name: Build CRDs
+        run: |
+          kustomize build manifests/crds > all-crds.yaml
+      # Pinned to commit before https://github.com/fluxcd/pkg/pull/189 due to
+      # introduction faulty behavior.
+      - name: Generate OpenAPI JSON schemas from CRDs
+        uses: fluxcd/pkg//actions/crdjsonschema@49e26aa2ee9e734c3233c560253fd9542afe18ae
+        with:
+          crd: all-crds.yaml
+          output: schemas
+      - name: Archive the OpenAPI JSON schemas
+        run: |
+          tar -czvf ./output/crd-schemas.tar.gz -C schemas .
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v1
         with:

.github/workflows/scan.yaml

@@ -31,7 +31,7 @@ jobs:
         uses: fluxcd/pkg//actions/kustomize@main
       - name: Build manifests
         run: |
-          make cmd/flux/manifests
+          make cmd/flux/.manifests.done
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/golang@master
         continue-on-error: true

.github/workflows/update.yaml

@@ -23,20 +23,32 @@ jobs:
           PR_BODY=""
 
           bump_version() {
-            local RELEASE_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
-            local CURRENT_VERSION=$(sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p;n" manifests/bases/$1/kustomization.yaml)
+            local LATEST_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
+            local CTRL_VERSION=$(sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p;n" manifests/bases/$1/kustomization.yaml)
+            local CRD_VERSION=$(sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p" manifests/crds/kustomization.yaml)
+            local MOD_VERSION=$(go list -m -f '{{ .Version }}' "github.com/fluxcd/$1/api")
 
-            if [[ "${RELEASE_VERSION}" != "${CURRENT_VERSION}" ]]; then
-              # bump kustomize
-              sed -i "s/\($1\/releases\/download\/\)v.*\(\/.*\)/\1${RELEASE_VERSION}\2/g" "manifests/bases/$1/kustomization.yaml"
+            local changed=false
 
-              if [[ ! -z $(grep "github.com/fluxcd/$1/api" go.mod | awk '{print $2}') ]]; then
-                # bump go mod
-                go mod edit -require="github.com/fluxcd/$1/api@${RELEASE_VERSION}"
-              fi
+            if [[ "${CTRL_VERSION}" != "${LATEST_VERSION}" ]]; then
+              sed -i "s/\($1\/releases\/download\/\)v.*\(\/.*\)/\1${LATEST_VERSION}\2/g" "manifests/bases/$1/kustomization.yaml"
+              changed=true
+            fi
 
-              # NB: special URL encoded formatting required for newlines
-              PR_BODY="$PR_BODY- $1 to ${RELEASE_VERSION}%0A  https://github.com/fluxcd/$1/blob/${RELEASE_VERSION}/CHANGELOG.md%0A"
+            if [[ "${CRD_VERSION}" != "${LATEST_VERSION}" ]]; then
+              sed -i "s/\($1\/releases\/download\/\)v.*\(\/.*\)/\1${LATEST_VERSION}\2/g" "manifests/crds/kustomization.yaml"
+              changed=true
+            fi
+
+            if [[ "${MOD_VERSION}" != "${LATEST_VERSION}" ]]; then
+              go mod edit -require="github.com/fluxcd/$1/api@${LATEST_VERSION}"
+              rm go.sum
+              go mod tidy
+              changed=true
+            fi
+
+            if [[ "$changed" == true ]]; then
+              PR_BODY="$PR_BODY- $1 to ${LATEST_VERSION}%0A  https://github.com/fluxcd/$1/blob/${LATEST_VERSION}/CHANGELOG.md%0A"
             fi
           }
 
@@ -49,9 +61,6 @@ jobs:
             bump_version image-reflector-controller
             bump_version image-automation-controller
 
-            # add missing and remove unused modules
-            go mod tidy
-
             # diff change
             git diff
 
@@ -63,21 +72,21 @@ jobs:
         id: cpr
         uses: peter-evans/create-pull-request@v3
         with:
-            token: ${{ secrets.BOT_GITHUB_TOKEN }}
-            commit-message: |
-              Update toolkit components
+          token: ${{ secrets.BOT_GITHUB_TOKEN }}
+          commit-message: |
+            Update toolkit components
 
-              ${{ steps.update.outputs.pr_body }}
-            committer: GitHub <noreply@github.com>
-            author: fluxcdbot <fluxcdbot@users.noreply.github.com>
-            signoff: true
-            branch: update-components
-            title: Update toolkit components
-            body: |
-              ${{ steps.update.outputs.pr_body }}
-            labels: |
-              area/build
-            reviewers: ${{ secrets.ASSIGNEES }}
+            ${{ steps.update.outputs.pr_body }}
+          committer: GitHub <noreply@github.com>
+          author: fluxcdbot <fluxcdbot@users.noreply.github.com>
+          signoff: true
+          branch: update-components
+          title: Update toolkit components
+          body: |
+            ${{ steps.update.outputs.pr_body }}
+          labels: |
+            area/build
+          reviewers: ${{ secrets.ASSIGNEES }}
 
       - name: Check output
         run: |

.gitignore

@@ -19,3 +19,7 @@ dist/
 bin/
 output/
 cmd/flux/manifests/
+cmd/flux/.manifests.done
+
+# Docs
+site/

.goreleaser.yml

@@ -47,11 +47,19 @@ brews:
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
     folder: Formula
-    homepage: "https://toolkit.fluxcd.io/"
+    homepage: "https://fluxcd.io/"
     description: "Flux CLI"
-    dependencies:
-      - name: kubectl
-        type: optional
+    install: |
+      bin.install "flux"
+
+      bash_output = Utils.safe_popen_read(bin/"flux", "completion", "bash")
+      (bash_completion/"flux").write bash_output
+
+      zsh_output = Utils.safe_popen_read(bin/"flux", "completion", "zsh")
+      (zsh_completion/"_flux").write zsh_output
+
+      fish_output = Utils.safe_popen_read(bin/"flux", "completion", "fish")
+      (fish_completion/"flux.fish").write fish_output
     test: |
       system "#{bin}/flux --version"
 publishers:
@@ -72,6 +80,7 @@ publishers:
       .github/aur/flux-go/publish.sh {{ .Version }}
 release:
   extra_files:
+    - glob: ./output/crd-schemas.tar.gz
     - glob: ./output/manifests.tar.gz
     - glob: ./output/install.yaml
 dockers:

CONTRIBUTING.md

@@ -30,7 +30,7 @@ you can sign your commit automatically with `git commit -s`.
 
 For realtime communications we use Slack: To join the conversation, simply
 join the [CNCF](https://slack.cncf.io/) Slack workspace and use the
-[#flux-dev](https://cloud-native.slack.com/messages/flux-dev/) channel.
+[#flux-contributors](https://cloud-native.slack.com/messages/flux-contributors/) channel.
 
 To discuss ideas and specifications we use [Github
 Discussions](https://github.com/fluxcd/flux2/discussions).
@@ -59,24 +59,49 @@ This project is composed of:
 ### Understanding the code
 
 To get started with developing controllers, you might want to review
-[our guide](https://toolkit.fluxcd.io/dev-guides/source-watcher/) which
+[our guide](https://fluxcd.io/docs/gitops-toolkit/source-watcher/) which
 walks you through writing a short and concise controller that watches out
 for source changes.
 
-### How to run the test suite
+## How to run the test suite
 
 Prerequisites:
 
 * go >= 1.16
-* kubectl >= 1.18
-* kustomize >= 3.1
+* kubectl >= 1.19
+* kustomize >= 4.0
 
-You can run the unit tests by simply doing
+Install the [controller-runtime/envtest](https://github.com/kubernetes-sigs/controller-runtime/tree/master/tools/setup-envtest) binaries with:
+
+```bash
+make install-envtest
+```
+
+Then you can run the unit tests with:
 
 ```bash
 make test
 ```
 
+After [installing Kubernetes kind](https://kind.sigs.k8s.io/docs/user/quick-start#installation) on your machine,
+create a cluster for testing with:
+
+```bash
+make setup-kind
+```
+
+Then you can run the end-to-end tests with:
+
+```bash
+make e2e
+```
+
+Teardown the e2e environment with:
+
+```bash
+make cleanup-kind
+```
+
 ## Acceptance policy
 
 These things will make a PR more likely to be accepted:

Dockerfile

@@ -1,15 +1,15 @@
-FROM alpine:3.13 as builder
+FROM alpine:3.14 as builder
 
 RUN apk add --no-cache ca-certificates curl
 
 ARG ARCH=linux/amd64
-ARG KUBECTL_VER=1.20.4
+ARG KUBECTL_VER=1.22.2
 
 RUN curl -sL https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/${ARCH}/kubectl \
     -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
     kubectl version --client=true
 
-FROM alpine:3.13 as flux-cli
+FROM alpine:3.14 as flux-cli
 
 # Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries.
 # https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460

MAINTAINERS

@@ -12,7 +12,9 @@ should.
 
 In alphabetical order:
 
-Aurel Canciu, Sortlist <aurel@sortlist.com> (github: @relu, slack: relu)
+Aurel Canciu, NexHealth <aurel.canciu@nexhealth.com> (github: @relu, slack: relu)
 Hidde Beydals, Weaveworks <hidde@weave.works> (github: @hiddeco, slack: hidde)
+Max Jonas Werner, D2iQ <max@e13.dev> (github: @makkes, slack: max)
 Philip Laine, Xenit <philip.laine@xenit.se> (github: @phillebaba, slack: phillebaba)
 Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)
+Sunny, Weaveworks <sunny@weave.works> (github: @darkowlzz, slack: darkowlzz)

Makefile

@@ -1,5 +1,15 @@
-VERSION?=$(shell grep 'VERSION' cmd/flux/main.go | awk '{ print $$4 }' | tr -d '"')
-EMBEDDED_MANIFESTS_TARGET=cmd/flux/manifests
+VERSION?=$(shell grep 'VERSION' cmd/flux/main.go | awk '{ print $$4 }' | head -n 1 | tr -d '"')
+EMBEDDED_MANIFESTS_TARGET=cmd/flux/.manifests.done
+TEST_KUBECONFIG?=/tmp/flux-e2e-test-kubeconfig
+ENVTEST_BIN_VERSION?=latest
+KUBEBUILDER_ASSETS?=$(shell $(SETUP_ENVTEST) use -i $(ENVTEST_BIN_VERSION) -p path)
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
 
 rwildcard=$(foreach d,$(wildcard $(addsuffix *,$(1))),$(call rwildcard,$(d)/,$(2)) $(filter $(subst *,%,$(2)),$(d)))
 
@@ -14,22 +24,61 @@ fmt:
 vet:
 	go vet ./...
 
-test: $(EMBEDDED_MANIFESTS_TARGET) tidy fmt vet docs
-	go test ./... -coverprofile cover.out
+setup-kind:
+	kind create cluster --name=flux-e2e-test --kubeconfig=$(TEST_KUBECONFIG) --config=.github/kind/config.yaml
+	kubectl --kubeconfig=$(TEST_KUBECONFIG) apply -f https://docs.projectcalico.org/v3.16/manifests/calico.yaml
+	kubectl --kubeconfig=$(TEST_KUBECONFIG) -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
+
+cleanup-kind:
+	kind delete cluster --name=flux-e2e-test
+	rm $(TEST_KUBECONFIG)
+
+test: $(EMBEDDED_MANIFESTS_TARGET) tidy fmt vet install-envtest
+	KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" go test ./... -coverprofile cover.out --tags=unit
+
+e2e: $(EMBEDDED_MANIFESTS_TARGET) tidy fmt vet
+	TEST_KUBECONFIG=$(TEST_KUBECONFIG) go test ./cmd/flux/... -coverprofile e2e.cover.out --tags=e2e -v -failfast
+
+test-with-kind: install-envtest
+	make setup-kind
+	make e2e
+	make cleanup-kind
 
 $(EMBEDDED_MANIFESTS_TARGET): $(call rwildcard,manifests/,*.yaml *.json)
 	./manifests/scripts/bundle.sh
+	touch $@
 
 build: $(EMBEDDED_MANIFESTS_TARGET)
-	CGO_ENABLED=0 go build -o ./bin/flux ./cmd/flux
+	CGO_ENABLED=0 go build -ldflags="-s -w -X main.VERSION=$(VERSION)" -o ./bin/flux ./cmd/flux
 
+.PHONY: install
 install:
-	go install cmd/flux
-
-.PHONY: docs
-docs:
-	rm -rf docs/cmd/*
-	mkdir -p ./docs/cmd && go run ./cmd/flux/ docgen
+	CGO_ENABLED=0 go install ./cmd/flux
 
 install-dev:
 	CGO_ENABLED=0 go build -o /usr/local/bin ./cmd/flux
+
+install-envtest:  setup-envtest
+	 $(SETUP_ENVTEST) use $(ENVTEST_BIN_VERSION)
+
+setup-bootstrap-patch:
+	go run ./tests/bootstrap/main.go
+
+setup-image-automation:
+	cd tests/image-automation && go run main.go
+
+# Find or download setup-envtest
+setup-envtest:
+ifeq (, $(shell which setup-envtest))
+	@{ \
+	set -e ;\
+	SETUP_ENVTEST_TMP_DIR=$$(mktemp -d) ;\
+	cd $$SETUP_ENVTEST_TMP_DIR ;\
+	go mod init tmp ;\
+	go get sigs.k8s.io/controller-runtime/tools/setup-envtest@latest ;\
+	rm -rf $$SETUP_ENVTEST_TMP_DIR ;\
+	}
+SETUP_ENVTEST=$(GOBIN)/setup-envtest
+else
+SETUP_ENVTEST=$(shell which setup-envtest)
+endif

README.md

@@ -20,56 +20,18 @@ Flux v2 is constructed with the [GitOps Toolkit](#gitops-toolkit), a
 set of composable APIs and specialized tools for building Continuous
 Delivery on top of Kubernetes.
 
-## Flux installation
+Flux is a Cloud Native Computing Foundation ([CNCF](https://www.cncf.io/)) project.
 
-With Homebrew:
+## Quickstart and documentation
 
-```sh
-brew install fluxcd/tap/flux
-```
+To get started check out this [guide](https://fluxcd.io/docs/get-started/)
+on how to bootstrap Flux on Kubernetes and deploy a sample application in a GitOps manner.
 
-With Bash:
-
-```sh
-curl -s https://toolkit.fluxcd.io/install.sh | sudo bash
-
-# enable completions in ~/.bash_profile
-. <(flux completion bash)
-```
-
-Arch Linux (AUR) packages:
-
-- [flux-bin](https://aur.archlinux.org/packages/flux-bin): install the latest
-  stable version using a pre-build binary (recommended)
-- [flux-go](https://aur.archlinux.org/packages/flux-go): build the latest
-  stable version from source code
-- [flux-scm](https://aur.archlinux.org/packages/flux-scm): build the latest
-  (unstable) version from source code from our git `main` branch
-
-Binaries for macOS, Windows and Linux AMD64/ARM are available to download on the
-[release page](https://github.com/fluxcd/flux2/releases).
-
-A container image with `kubectl` and `flux` is available on Docker Hub and GitHub:
-
-* `docker.io/fluxcd/flux-cli:<version>`
-* `ghcr.io/fluxcd/flux-cli:<version>`
-
-Verify that your cluster satisfies the prerequisites with:
-
-```sh
-flux check --pre
-```
-
-## Get started
-
-To get started with Flux, start [browsing the
-documentation](https://toolkit.fluxcd.io) or get started with one of
-the following guides:
-
-- [Get started with Flux](https://toolkit.fluxcd.io/get-started/)
-- [Manage Helm Releases](https://toolkit.fluxcd.io/guides/helmreleases/)
-- [Automate image updates to Git](https://toolkit.fluxcd.io/guides/image-update/)  
-- [Manage Kubernetes secrets with Mozilla SOPS](https://toolkit.fluxcd.io/guides/mozilla-sops/)  
+For more comprehensive documentation, see the following guides:
+- [Ways of structuring your repositories](https://fluxcd.io/docs/guides/repository-structure/)
+- [Manage Helm Releases](https://fluxcd.io/docs/guides/helmreleases/)
+- [Automate image updates to Git](https://fluxcd.io/docs/guides/image-update/)  
+- [Manage Kubernetes secrets with Mozilla SOPS](https://fluxcd.io/docs/guides/mozilla-sops/)  
 
 If you need help, please refer to our **[Support page](https://fluxcd.io/support/)**.
 
@@ -84,27 +46,27 @@ automation tooling.
 
 You can use the toolkit to extend Flux, or to build your own systems
 for continuous delivery -- see [the developer
-guides](https://toolkit.fluxcd.io/dev-guides/source-watcher/).
+guides](https://fluxcd.io/docs/gitops-toolkit/source-watcher/).
 
 ### Components
 
-- [Source Controller](https://toolkit.fluxcd.io/components/source/controller/)
-    - [GitRepository CRD](https://toolkit.fluxcd.io/components/source/gitrepositories/)
-    - [HelmRepository CRD](https://toolkit.fluxcd.io/components/source/helmrepositories/)
-    - [HelmChart CRD](https://toolkit.fluxcd.io/components/source/helmcharts/)
-    - [Bucket CRD](https://toolkit.fluxcd.io/components/source/buckets/)
-- [Kustomize Controller](https://toolkit.fluxcd.io/components/kustomize/controller/)
-    - [Kustomization CRD](https://toolkit.fluxcd.io/components/kustomize/kustomization/)
-- [Helm Controller](https://toolkit.fluxcd.io/components/helm/controller/)
-    - [HelmRelease CRD](https://toolkit.fluxcd.io/components/helm/helmreleases/)
-- [Notification Controller](https://toolkit.fluxcd.io/components/notification/controller/)
-    - [Provider CRD](https://toolkit.fluxcd.io/components/notification/provider/)
-    - [Alert CRD](https://toolkit.fluxcd.io/components/notification/alert/)
-    - [Receiver CRD](https://toolkit.fluxcd.io/components/notification/receiver/)
-- [Image Automation Controllers](https://toolkit.fluxcd.io/components/image/controller/)
-  - [ImageRepository CRD](https://toolkit.fluxcd.io/components/image/imagerepositories/)
-  - [ImagePolicy CRD](https://toolkit.fluxcd.io/components/image/imagepolicies/)
-  - [ImageUpdateAutomation CRD](https://toolkit.fluxcd.io/components/image/imageupdateautomations/)
+- [Source Controller](https://fluxcd.io/docs/components/source/)
+    - [GitRepository CRD](https://fluxcd.io/docs/components/source/gitrepositories/)
+    - [HelmRepository CRD](https://fluxcd.io/docs/components/source/helmrepositories/)
+    - [HelmChart CRD](https://fluxcd.io/docs/components/source/helmcharts/)
+    - [Bucket CRD](https://fluxcd.io/docs/components/source/buckets/)
+- [Kustomize Controller](https://fluxcd.io/docs/components/kustomize/)
+    - [Kustomization CRD](https://fluxcd.io/docs/components/kustomize/kustomization/)
+- [Helm Controller](https://fluxcd.io/docs/components/helm/)
+    - [HelmRelease CRD](https://fluxcd.io/docs/components/helm/helmreleases/)
+- [Notification Controller](https://fluxcd.io/docs/components/notification/)
+    - [Provider CRD](https://fluxcd.io/docs/components/notification/provider/)
+    - [Alert CRD](https://fluxcd.io/docs/components/notification/alert/)
+    - [Receiver CRD](https://fluxcd.io/docs/components/notification/receiver/)
+- [Image Automation Controllers](https://fluxcd.io/docs/components/image/)
+  - [ImageRepository CRD](https://fluxcd.io/docs/components/image/imagerepositories/)
+  - [ImagePolicy CRD](https://fluxcd.io/docs/components/image/imagepolicies/)
+  - [ImageUpdateAutomation CRD](https://fluxcd.io/docs/components/image/imageupdateautomations/)
   
 ## Community
 
@@ -112,7 +74,7 @@ Need help or want to contribute? Please see the links below. The Flux project is
 new contributors and there are a multitude of ways to get involved.
 
 - Getting Started?
-    - Look at our [Get Started guide](https://toolkit.fluxcd.io/get-started/) and give us feedback
+    - Look at our [Get Started guide](https://fluxcd.io/docs/get-started/) and give us feedback
 - Need help?
     - First: Ask questions on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
     - Second: Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
@@ -127,7 +89,9 @@ new contributors and there are a multitude of ways to get involved.
 
 ### Events
 
-Check out our **[events calendar](https://fluxcd.io/community/#talks)**,
-both with upcoming talks you can attend or past events videos you can watch.
+Check out our **[events calendar](https://fluxcd.io/#calendar)**,
+both with upcoming talks, events and meetings you can attend.
+Or view the **[resources section](https://fluxcd.io/resources)**
+with past events videos you can watch.
 
 We look forward to seeing you with us!

action/README.md

@@ -10,11 +10,21 @@ Usage:
         run: flux -v
 ```
 
-Note that this action can only be used on GitHub **Linux AMD64** runners.
 The latest stable version of the `flux` binary is downloaded from
 GitHub [releases](https://github.com/fluxcd/flux2/releases)
 and placed at `/usr/local/bin/flux`.
 
+Note that this action can only be used on GitHub **Linux** runners.
+You can change the arch (defaults to `amd64`) with:
+
+```yaml
+    steps:
+      - name: Setup Flux CLI
+        uses: fluxcd/flux2/action@main
+        with:
+          arch: arm64 # can be amd64, arm64 or arm
+```
+
 You can download a specific version with:
 
 ```yaml

action/action.yml

@@ -8,19 +8,24 @@ inputs:
   version:
     description: "Flux version e.g. 0.8.0 (defaults to latest stable release)"
     required: false
+  arch:
+    description: "arch can be amd64, arm64 or arm"
+    required: true
+    default: "amd64"
 runs:
   using: composite
   steps:
     - name: "Download flux binary to tmp"
       shell: bash
       run: |
+        ARCH=${{ inputs.arch }}
         VERSION=${{ inputs.version }}
 
         if [ -z $VERSION ]; then
           VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
         fi
 
-        BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz"
+        BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_${ARCH}.tar.gz"
         curl -sL ${BIN_URL} -o /tmp/flux.tar.gz
         mkdir -p /tmp/flux
         tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz

cmd/flux/alert.go

@@ -37,6 +37,10 @@ func (a alertAdapter) asClientObject() client.Object {
 	return a.Alert
 }
 
+func (a alertAdapter) deepCopyClientObject() client.Object {
+	return a.Alert.DeepCopy()
+}
+
 // notificationv1.Alert
 
 type alertListAdapter struct {

cmd/flux/alert_provider.go

@@ -37,6 +37,10 @@ func (a alertProviderAdapter) asClientObject() client.Object {
 	return a.Provider
 }
 
+func (a alertProviderAdapter) deepCopyClientObject() client.Object {
+	return a.Provider.DeepCopy()
+}
+
 // notificationv1.Provider
 
 type alertProviderListAdapter struct {

cmd/flux/bootstrap.go

@@ -19,7 +19,8 @@ package main
 import (
 	"crypto/elliptic"
 	"fmt"
-	"io/ioutil"
+	"os"
+	"strings"
 
 	"github.com/spf13/cobra"
 
@@ -67,6 +68,10 @@ type bootstrapFlags struct {
 	authorName  string
 	authorEmail string
 
+	gpgKeyRingPath string
+	gpgPassphrase  string
+	gpgKeyID       string
+
 	commitMessageAppendix string
 }
 
@@ -118,6 +123,10 @@ func init() {
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorName, "author-name", "Flux", "author name for Git commits")
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.authorEmail, "author-email", "", "author email for Git commits")
 
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyRingPath, "gpg-key-ring", "", "path to GPG key ring for signing commits")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgPassphrase, "gpg-passphrase", "", "passphrase for decrypting GPG private key")
+	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.gpgKeyID, "gpg-key-id", "", "key id for selecting a particular key")
+
 	bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'")
 
 	bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.arch, "arch", bootstrapArgs.arch.Description())
@@ -131,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -145,7 +154,7 @@ func buildEmbeddedManifestBase() (string, error) {
 	if !isEmbeddedVersion(bootstrapArgs.version) {
 		return "", nil
 	}
-	tmpBaseDir, err := ioutil.TempDir("", "flux-manifests-")
+	tmpBaseDir, err := os.MkdirTemp("", "flux-manifests-")
 	if err != nil {
 		return "", err
 	}
@@ -174,6 +183,10 @@ func mapTeamSlice(s []string, defaultPermission string) map[string]string {
 	m := make(map[string]string, len(s))
 	for _, v := range s {
 		m[v] = defaultPermission
+		if s := strings.Split(v, ":"); len(s) == 2 {
+			m[s[0]] = s[1]
+		}
 	}
+
 	return m
 }

cmd/flux/bootstrap_bitbucket_server.go

@@ -0,0 +1,279 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	"github.com/spf13/cobra"
+
+	"github.com/fluxcd/flux2/internal/bootstrap"
+	"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
+	"github.com/fluxcd/flux2/internal/bootstrap/provider"
+	"github.com/fluxcd/flux2/internal/flags"
+	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/install"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
+)
+
+var bootstrapBServerCmd = &cobra.Command{
+	Use:   "bitbucket-server",
+	Short: "Bootstrap toolkit components in a Bitbucket Server repository",
+	Long: `The bootstrap bitbucket-server command creates the Bitbucket Server repository if it doesn't exists and
+commits the toolkit components manifests to the master branch.
+Then it configures the target cluster to synchronize with the repository.
+If the toolkit components are present on the cluster,
+the bootstrap command will perform an upgrade if needed.`,
+	Example: `  # Create a Bitbucket Server API token and export it as an env var
+  export BITBUCKET_TOKEN=<my-token>
+
+  # Run bootstrap for a private repository using HTTPS token authentication
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
+
+  # Run bootstrap for a private repository using SSH authentication
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain>
+
+  # Run bootstrap for a repository path
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --path=dev-cluster --hostname=<domain>
+
+  # Run bootstrap for a public repository on a personal account
+  flux bootstrap bitbucket-server --owner=<user> --repository=<repository name> --private=false --personal --hostname=<domain> --token-auth
+
+  # Run bootstrap for a an existing repository with a branch named main
+  flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --branch=main --hostname=<domain> --token-auth`,
+	RunE: bootstrapBServerCmdRun,
+}
+
+const (
+	bServerDefaultPermission = "push"
+	bServerTokenEnvVar       = "BITBUCKET_TOKEN"
+)
+
+type bServerFlags struct {
+	owner        string
+	repository   string
+	interval     time.Duration
+	personal     bool
+	username     string
+	private      bool
+	hostname     string
+	path         flags.SafeRelativePath
+	teams        []string
+	readWriteKey bool
+	reconcile    bool
+}
+
+var bServerArgs bServerFlags
+
+func init() {
+	bootstrapBServerCmd.Flags().StringVar(&bServerArgs.owner, "owner", "", "Bitbucket Server user or project name")
+	bootstrapBServerCmd.Flags().StringVar(&bServerArgs.repository, "repository", "", "Bitbucket Server repository name")
+	bootstrapBServerCmd.Flags().StringSliceVar(&bServerArgs.teams, "group", []string{}, "Bitbucket Server groups to be given write access (also accepts comma-separated values)")
+	bootstrapBServerCmd.Flags().BoolVar(&bServerArgs.personal, "personal", false, "if true, the owner is assumed to be a Bitbucket Server user; otherwise a group")
+	bootstrapBServerCmd.Flags().StringVarP(&bServerArgs.username, "username", "u", "git", "authentication username")
+	bootstrapBServerCmd.Flags().BoolVar(&bServerArgs.private, "private", true, "if true, the repository is setup or configured as private")
+	bootstrapBServerCmd.Flags().DurationVar(&bServerArgs.interval, "interval", time.Minute, "sync interval")
+	bootstrapBServerCmd.Flags().StringVar(&bServerArgs.hostname, "hostname", "", "Bitbucket Server hostname")
+	bootstrapBServerCmd.Flags().Var(&bServerArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
+	bootstrapBServerCmd.Flags().BoolVar(&bServerArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
+	bootstrapBServerCmd.Flags().BoolVar(&bServerArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")
+
+	bootstrapCmd.AddCommand(bootstrapBServerCmd)
+}
+
+func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
+	bitbucketToken := os.Getenv(bServerTokenEnvVar)
+	if bitbucketToken == "" {
+		var err error
+		bitbucketToken, err = readPasswordFromStdin("Please enter your Bitbucket personal access token (PAT): ")
+		if err != nil {
+			return fmt.Errorf("could not read token: %w", err)
+		}
+	}
+
+	if bServerArgs.hostname == "" {
+		return fmt.Errorf("invalid hostname %q", bServerArgs.hostname)
+	}
+
+	if err := bootstrapValidate(); err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return err
+	}
+
+	// Manifest base
+	if ver, err := getVersion(bootstrapArgs.version); err == nil {
+		bootstrapArgs.version = ver
+	}
+	manifestsBase, err := buildEmbeddedManifestBase()
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(manifestsBase)
+
+	user := bServerArgs.username
+	if bServerArgs.personal {
+		user = bServerArgs.owner
+	}
+
+	var caBundle []byte
+	if bootstrapArgs.caFile != "" {
+		var err error
+		caBundle, err = os.ReadFile(bootstrapArgs.caFile)
+		if err != nil {
+			return fmt.Errorf("unable to read TLS CA file: %w", err)
+		}
+	}
+
+	// Build Bitbucket Server provider
+	providerCfg := provider.Config{
+		Provider: provider.GitProviderStash,
+		Hostname: bServerArgs.hostname,
+		Username: user,
+		Token:    bitbucketToken,
+		CaBundle: caBundle,
+	}
+
+	providerClient, err := provider.BuildGitProvider(providerCfg)
+	if err != nil {
+		return err
+	}
+
+	// Lazy go-git repository
+	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
+	if err != nil {
+		return fmt.Errorf("failed to create temporary working dir: %w", err)
+	}
+	defer os.RemoveAll(tmpDir)
+	gitClient := gogit.New(tmpDir, &http.BasicAuth{
+		Username: user,
+		Password: bitbucketToken,
+	})
+
+	// Install manifest config
+	installOptions := install.Options{
+		BaseURL:                rootArgs.defaults.BaseURL,
+		Version:                bootstrapArgs.version,
+		Namespace:              rootArgs.namespace,
+		Components:             bootstrapComponents(),
+		Registry:               bootstrapArgs.registry,
+		ImagePullSecret:        bootstrapArgs.imagePullSecret,
+		WatchAllNamespaces:     bootstrapArgs.watchAllNamespaces,
+		NetworkPolicy:          bootstrapArgs.networkPolicy,
+		LogLevel:               bootstrapArgs.logLevel.String(),
+		NotificationController: rootArgs.defaults.NotificationController,
+		ManifestFile:           rootArgs.defaults.ManifestFile,
+		Timeout:                rootArgs.timeout,
+		TargetPath:             bServerArgs.path.ToSlash(),
+		ClusterDomain:          bootstrapArgs.clusterDomain,
+		TolerationKeys:         bootstrapArgs.tolerationKeys,
+	}
+	if customBaseURL := bootstrapArgs.manifestsPath; customBaseURL != "" {
+		installOptions.BaseURL = customBaseURL
+	}
+
+	// Source generation and secret config
+	secretOpts := sourcesecret.Options{
+		Name:         bootstrapArgs.secretName,
+		Namespace:    rootArgs.namespace,
+		TargetPath:   bServerArgs.path.String(),
+		ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
+	}
+	if bootstrapArgs.tokenAuth {
+		if bServerArgs.personal {
+			secretOpts.Username = bServerArgs.owner
+		} else {
+			secretOpts.Username = bServerArgs.username
+		}
+		secretOpts.Password = bitbucketToken
+
+		if bootstrapArgs.caFile != "" {
+			secretOpts.CAFilePath = bootstrapArgs.caFile
+		}
+	} else {
+		secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
+		secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits)
+		secretOpts.ECDSACurve = bootstrapArgs.keyECDSACurve.Curve
+		secretOpts.SSHHostname = bServerArgs.hostname
+
+		if bootstrapArgs.privateKeyFile != "" {
+			secretOpts.PrivateKeyPath = bootstrapArgs.privateKeyFile
+		}
+		if bootstrapArgs.sshHostname != "" {
+			secretOpts.SSHHostname = bootstrapArgs.sshHostname
+		}
+	}
+
+	// Sync manifest config
+	syncOpts := sync.Options{
+		Interval:          bServerArgs.interval,
+		Name:              rootArgs.namespace,
+		Namespace:         rootArgs.namespace,
+		Branch:            bootstrapArgs.branch,
+		Secret:            bootstrapArgs.secretName,
+		TargetPath:        bServerArgs.path.ToSlash(),
+		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
+		GitImplementation: sourceGitArgs.gitImplementation.String(),
+		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
+	}
+
+	// Bootstrap config
+	bootstrapOpts := []bootstrap.GitProviderOption{
+		bootstrap.WithProviderRepository(bServerArgs.owner, bServerArgs.repository, bServerArgs.personal),
+		bootstrap.WithBranch(bootstrapArgs.branch),
+		bootstrap.WithBootstrapTransportType("https"),
+		bootstrap.WithAuthor(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
+		bootstrap.WithCommitMessageAppendix(bootstrapArgs.commitMessageAppendix),
+		bootstrap.WithProviderTeamPermissions(mapTeamSlice(bServerArgs.teams, bServerDefaultPermission)),
+		bootstrap.WithReadWriteKeyPermissions(bServerArgs.readWriteKey),
+		bootstrap.WithKubeconfig(rootArgs.kubeconfig, rootArgs.kubecontext),
+		bootstrap.WithLogger(logger),
+		bootstrap.WithCABundle(caBundle),
+	}
+	if bootstrapArgs.sshHostname != "" {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))
+	}
+	if bootstrapArgs.tokenAuth {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithSyncTransportType("https"))
+	}
+	if !bServerArgs.private {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
+	}
+	if bServerArgs.reconcile {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
+	}
+
+	// Setup bootstrapper with constructed configs
+	b, err := bootstrap.NewGitProviderBootstrapper(gitClient, providerClient, kubeClient, bootstrapOpts...)
+	if err != nil {
+		return err
+	}
+
+	// Run
+	return bootstrap.Run(ctx, b, manifestsBase, installOptions, secretOpts, syncOpts, rootArgs.pollInterval, rootArgs.timeout)
+}

cmd/flux/bootstrap_git.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"strings"
@@ -56,6 +55,9 @@ command will perform an upgrade if needed.`,
 
   # Run bootstrap for a Git repository with a passwordless private key
   flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key>
+
+  # Run bootstrap for a Git repository with a private key and password
+  flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --password=<password>
 `,
 	RunE: bootstrapGitCmdRun,
 }
@@ -66,6 +68,7 @@ type gitFlags struct {
 	path     flags.SafeRelativePath
 	username string
 	password string
+	silent   bool
 }
 
 var gitArgs gitFlags
@@ -76,6 +79,7 @@ func init() {
 	bootstrapGitCmd.Flags().Var(&gitArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitCmd.Flags().StringVarP(&gitArgs.username, "username", "u", "git", "basic authentication username")
 	bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
+	bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 
 	bootstrapCmd.AddCommand(bootstrapGitCmd)
 }
@@ -113,7 +117,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 	defer os.RemoveAll(manifestsBase)
 
 	// Lazy go-git repository
-	tmpDir, err := ioutil.TempDir("", "flux-bootstrap-")
+	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
@@ -163,13 +167,19 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		repositoryURL.Host = repositoryURL.Hostname()
 	} else {
 		secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
+		secretOpts.Password = gitArgs.password
 		secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits)
 		secretOpts.ECDSACurve = bootstrapArgs.keyECDSACurve.Curve
 
-		// Configure repository URL to match auth config for sync.
-		repositoryURL.User = url.User(gitArgs.username)
+		// Configure repository URL to match auth config for sync
+
+		// Override existing user when user is not already set
+		// or when a username was passed in
+		if repositoryURL.User == nil || gitArgs.username != "git" {
+			repositoryURL.User = url.User(gitArgs.username)
+		}
+
 		repositoryURL.Scheme = "ssh"
-		repositoryURL.Host = repositoryURL.Hostname()
 		if bootstrapArgs.sshHostname != "" {
 			repositoryURL.Host = bootstrapArgs.sshHostname
 		}
@@ -189,12 +199,21 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		URL:               repositoryURL.String(),
 		Branch:            bootstrapArgs.branch,
 		Secret:            bootstrapArgs.secretName,
-		TargetPath:        gitArgs.path.String(),
+		TargetPath:        gitArgs.path.ToSlash(),
 		ManifestFile:      sync.MakeDefaultOptions().ManifestFile,
 		GitImplementation: sourceGitArgs.gitImplementation.String(),
 		RecurseSubmodules: bootstrapArgs.recurseSubmodules,
 	}
 
+	var caBundle []byte
+	if bootstrapArgs.caFile != "" {
+		var err error
+		caBundle, err = os.ReadFile(bootstrapArgs.caFile)
+		if err != nil {
+			return fmt.Errorf("unable to read TLS CA file: %w", err)
+		}
+	}
+
 	// Bootstrap config
 	bootstrapOpts := []bootstrap.GitOption{
 		bootstrap.WithRepositoryURL(gitArgs.url),
@@ -204,6 +223,8 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 		bootstrap.WithKubeconfig(rootArgs.kubeconfig, rootArgs.kubecontext),
 		bootstrap.WithPostGenerateSecretFunc(promptPublicKey),
 		bootstrap.WithLogger(logger),
+		bootstrap.WithCABundle(caBundle),
+		bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
 	}
 
 	// Setup bootstrapper with constructed configs
@@ -229,7 +250,7 @@ func transportForURL(u *url.URL) (transport.AuthMethod, error) {
 		}, nil
 	case "ssh":
 		if bootstrapArgs.privateKeyFile != "" {
-			return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, "")
+			return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, gitArgs.password)
 		}
 		return nil, nil
 	default:
@@ -244,13 +265,16 @@ func promptPublicKey(ctx context.Context, secret corev1.Secret, _ sourcesecret.O
 	}
 
 	logger.Successf("public key: %s", strings.TrimSpace(ppk))
-	prompt := promptui.Prompt{
-		Label:     "Please give the key access to your repository",
-		IsConfirm: true,
-	}
-	_, err := prompt.Run()
-	if err != nil {
-		return fmt.Errorf("aborting")
+
+	if !gitArgs.silent {
+		prompt := promptui.Prompt{
+			Label:     "Please give the key access to your repository",
+			IsConfirm: true,
+		}
+		_, err := prompt.Run()
+		if err != nil {
+			return fmt.Errorf("aborting")
+		}
 	}
 	return nil
 }

cmd/flux/bootstrap_github.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"time"
 
@@ -53,6 +52,9 @@ the bootstrap command will perform an upgrade if needed.`,
   # Run bootstrap for a private repository and assign organization teams to it
   flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug>
 
+  # Run bootstrap for a private repository and assign organization teams with their access level(e.g maintain, admin) to it
+  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug>:<access-level>
+
   # Run bootstrap for a repository path
   flux bootstrap github --owner=<organization> --repository=<repository name> --path=dev-cluster
 
@@ -80,6 +82,7 @@ type githubFlags struct {
 	path         flags.SafeRelativePath
 	teams        []string
 	readWriteKey bool
+	reconcile    bool
 }
 
 const (
@@ -93,13 +96,14 @@ var githubArgs githubFlags
 func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.owner, "owner", "", "GitHub user or organization name")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.repository, "repository", "", "GitHub repository name")
-	bootstrapGitHubCmd.Flags().StringArrayVar(&githubArgs.teams, "team", []string{}, "GitHub team to be given maintainer access")
+	bootstrapGitHubCmd.Flags().StringSliceVar(&githubArgs.teams, "team", []string{}, "GitHub team and the access to be given to it(team:maintain). Defaults to maintainer access if no access level is specified (also accepts comma-separated values)")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.personal, "personal", false, "if true, the owner is assumed to be a GitHub user; otherwise an org")
-	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.private, "private", true, "if true, the repository is assumed to be private")
+	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.private, "private", true, "if true, the repository is setup or configured as private")
 	bootstrapGitHubCmd.Flags().DurationVar(&githubArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.hostname, "hostname", ghDefaultDomain, "GitHub hostname")
 	bootstrapGitHubCmd.Flags().Var(&githubArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
+	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")
 
 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
 }
@@ -107,7 +111,11 @@ func init() {
 func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ghToken := os.Getenv(ghTokenEnvVar)
 	if ghToken == "" {
-		return fmt.Errorf("%s environment variable not found", ghTokenEnvVar)
+		var err error
+		ghToken, err = readPasswordFromStdin("Please enter your GitHub personal access token (PAT): ")
+		if err != nil {
+			return fmt.Errorf("could not read token: %w", err)
+		}
 	}
 
 	if err := bootstrapValidate(); err != nil {
@@ -132,11 +140,20 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	defer os.RemoveAll(manifestsBase)
 
+	var caBundle []byte
+	if bootstrapArgs.caFile != "" {
+		var err error
+		caBundle, err = os.ReadFile(bootstrapArgs.caFile)
+		if err != nil {
+			return fmt.Errorf("unable to read TLS CA file: %w", err)
+		}
+	}
 	// Build GitHub provider
 	providerCfg := provider.Config{
 		Provider: provider.GitProviderGitHub,
 		Hostname: githubArgs.hostname,
 		Token:    ghToken,
+		CaBundle: caBundle,
 	}
 	providerClient, err := provider.BuildGitProvider(providerCfg)
 	if err != nil {
@@ -144,7 +161,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// Lazy go-git repository
-	tmpDir, err := ioutil.TempDir("", "flux-bootstrap-")
+	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
@@ -225,6 +242,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		bootstrap.WithReadWriteKeyPermissions(githubArgs.readWriteKey),
 		bootstrap.WithKubeconfig(rootArgs.kubeconfig, rootArgs.kubecontext),
 		bootstrap.WithLogger(logger),
+		bootstrap.WithCABundle(caBundle),
 	}
 	if bootstrapArgs.sshHostname != "" {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))
@@ -235,6 +253,9 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	if !githubArgs.private {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
 	}
+	if githubArgs.reconcile {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
+	}
 
 	// Setup bootstrapper with constructed configs
 	b, err := bootstrap.NewGitProviderBootstrapper(gitClient, providerClient, kubeClient, bootstrapOpts...)

cmd/flux/bootstrap_gitlab.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"regexp"
 	"strings"
@@ -86,6 +85,7 @@ type gitlabFlags struct {
 	path         flags.SafeRelativePath
 	teams        []string
 	readWriteKey bool
+	reconcile    bool
 }
 
 var gitlabArgs gitlabFlags
@@ -93,13 +93,14 @@ var gitlabArgs gitlabFlags
 func init() {
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.owner, "owner", "", "GitLab user or group name")
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.repository, "repository", "", "GitLab repository name")
-	bootstrapGitLabCmd.Flags().StringArrayVar(&gitlabArgs.teams, "team", []string{}, "GitLab teams to be given maintainer access")
+	bootstrapGitLabCmd.Flags().StringSliceVar(&gitlabArgs.teams, "team", []string{}, "GitLab teams to be given maintainer access (also accepts comma-separated values)")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.personal, "personal", false, "if true, the owner is assumed to be a GitLab user; otherwise a group")
-	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is assumed to be private")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.private, "private", true, "if true, the repository is setup or configured as private")
 	bootstrapGitLabCmd.Flags().DurationVar(&gitlabArgs.interval, "interval", time.Minute, "sync interval")
 	bootstrapGitLabCmd.Flags().StringVar(&gitlabArgs.hostname, "hostname", glDefaultDomain, "GitLab hostname")
 	bootstrapGitLabCmd.Flags().Var(&gitlabArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
+	bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")
 
 	bootstrapCmd.AddCommand(bootstrapGitLabCmd)
 }
@@ -107,7 +108,11 @@ func init() {
 func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	glToken := os.Getenv(glTokenEnvVar)
 	if glToken == "" {
-		return fmt.Errorf("%s environment variable not found", glTokenEnvVar)
+		var err error
+		glToken, err = readPasswordFromStdin("Please enter your GitLab personal access token (PAT): ")
+		if err != nil {
+			return fmt.Errorf("could not read token: %w", err)
+		}
 	}
 
 	if projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, gitlabArgs.repository); err != nil || !projectNameIsValid {
@@ -139,11 +144,21 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	defer os.RemoveAll(manifestsBase)
 
+	var caBundle []byte
+	if bootstrapArgs.caFile != "" {
+		var err error
+		caBundle, err = os.ReadFile(bootstrapArgs.caFile)
+		if err != nil {
+			return fmt.Errorf("unable to read TLS CA file: %w", err)
+		}
+	}
+
 	// Build GitLab provider
 	providerCfg := provider.Config{
 		Provider: provider.GitProviderGitLab,
 		Hostname: gitlabArgs.hostname,
 		Token:    glToken,
+		CaBundle: caBundle,
 	}
 	// Workaround for: https://github.com/fluxcd/go-git-providers/issues/55
 	if hostname := providerCfg.Hostname; hostname != glDefaultDomain &&
@@ -157,7 +172,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// Lazy go-git repository
-	tmpDir, err := ioutil.TempDir("", "flux-bootstrap-")
+	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
@@ -241,6 +256,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		bootstrap.WithReadWriteKeyPermissions(gitlabArgs.readWriteKey),
 		bootstrap.WithKubeconfig(rootArgs.kubeconfig, rootArgs.kubecontext),
 		bootstrap.WithLogger(logger),
+		bootstrap.WithCABundle(caBundle),
 	}
 	if bootstrapArgs.sshHostname != "" {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))
@@ -251,6 +267,9 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	if !gitlabArgs.private {
 		bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
 	}
+	if gitlabArgs.reconcile {
+		bootstrapOpts = append(bootstrapOpts, bootstrap.WithReconcile())
+	}
 
 	// Setup bootstrapper with constructed configs
 	b, err := bootstrap.NewGitProviderBootstrapper(gitClient, providerClient, kubeClient, bootstrapOpts...)

cmd/flux/check.go

@@ -18,21 +18,19 @@ package main
 
 import (
 	"context"
-	"encoding/json"
 	"os"
-	"os/exec"
 	"time"
 
 	"github.com/Masterminds/semver/v3"
 	"github.com/spf13/cobra"
 	v1 "k8s.io/api/apps/v1"
-	apimachineryversion "k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/fluxcd/pkg/version"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/status"
 )
@@ -54,10 +52,14 @@ type checkFlags struct {
 	pre             bool
 	components      []string
 	extraComponents []string
+	pollInterval    time.Duration
 }
 
-type kubectlVersion struct {
-	ClientVersion *apimachineryversion.Info `json:"clientVersion"`
+var kubernetesConstraints = []string{
+	">=1.19.0-0",
+	">=1.16.11-0 <=1.16.15-0",
+	">=1.17.7-0 <=1.17.17-0",
+	">=1.18.4-0 <=1.18.20-0",
 }
 
 var checkArgs checkFlags
@@ -69,23 +71,18 @@ func init() {
 		"list of components, accepts comma-separated values")
 	checkCmd.Flags().StringSliceVar(&checkArgs.extraComponents, "components-extra", nil,
 		"list of components in addition to those supplied or defaulted, accepts comma-separated values")
+	checkCmd.Flags().DurationVar(&checkArgs.pollInterval, "poll-interval", 5*time.Second,
+		"how often the health checker should poll the cluster for the latest state of the resources.")
 	rootCmd.AddCommand(checkCmd)
 }
 
 func runCheckCmd(cmd *cobra.Command, args []string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
 	logger.Actionf("checking prerequisites")
 	checkFailed := false
 
 	fluxCheck()
 
-	if !kubectlCheck(ctx, ">=1.18.0-0") {
-		checkFailed = true
-	}
-
-	if !kubernetesCheck(">=1.16.0-0") {
+	if !kubernetesCheck(kubernetesConstraints) {
 		checkFailed = true
 	}
 
@@ -130,43 +127,7 @@ func fluxCheck() {
 	}
 }
 
-func kubectlCheck(ctx context.Context, constraint string) bool {
-	_, err := exec.LookPath("kubectl")
-	if err != nil {
-		logger.Failuref("kubectl not found")
-		return false
-	}
-
-	kubectlArgs := []string{"version", "--client", "--output", "json"}
-	output, err := utils.ExecKubectlCommand(ctx, utils.ModeCapture, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...)
-	if err != nil {
-		logger.Failuref("kubectl version can't be determined")
-		return false
-	}
-
-	kv := &kubectlVersion{}
-	if err = json.Unmarshal([]byte(output), kv); err != nil {
-		logger.Failuref("kubectl version output can't be unmarshalled")
-		return false
-	}
-
-	v, err := version.ParseVersion(kv.ClientVersion.GitVersion)
-	if err != nil {
-		logger.Failuref("kubectl version can't be parsed")
-		return false
-	}
-
-	c, _ := semver.NewConstraint(constraint)
-	if !c.Check(v) {
-		logger.Failuref("kubectl version %s < %s", v.Original(), constraint)
-		return false
-	}
-
-	logger.Successf("kubectl %s %s", v.String(), constraint)
-	return true
-}
-
-func kubernetesCheck(constraint string) bool {
+func kubernetesCheck(constraints []string) bool {
 	cfg, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		logger.Failuref("Kubernetes client initialization failed: %s", err.Error())
@@ -191,13 +152,23 @@ func kubernetesCheck(constraint string) bool {
 		return false
 	}
 
-	c, _ := semver.NewConstraint(constraint)
-	if !c.Check(v) {
-		logger.Failuref("Kubernetes version %s < %s", v.Original(), constraint)
+	var valid bool
+	var vrange string
+	for _, constraint := range constraints {
+		c, _ := semver.NewConstraint(constraint)
+		if c.Check(v) {
+			valid = true
+			vrange = constraint
+			break
+		}
+	}
+
+	if !valid {
+		logger.Failuref("Kubernetes version %s does not match %s", v.Original(), constraints[0])
 		return false
 	}
 
-	logger.Successf("Kubernetes %s %s", v.String(), constraint)
+	logger.Successf("Kubernetes %s %s", v.String(), vrange)
 	return true
 }
 
@@ -210,7 +181,7 @@ func componentsCheck() bool {
 		return false
 	}
 
-	statusChecker, err := status.NewStatusChecker(kubeConfig, time.Second, rootArgs.timeout, logger)
+	statusChecker, err := status.NewStatusChecker(kubeConfig, checkArgs.pollInterval, rootArgs.timeout, logger)
 	if err != nil {
 		return false
 	}
@@ -221,7 +192,7 @@ func componentsCheck() bool {
 	}
 
 	ok := true
-	selector := client.MatchingLabels{"app.kubernetes.io/instance": rootArgs.namespace}
+	selector := client.MatchingLabels{manifestgen.PartOfLabelKey: manifestgen.PartOfLabelValue}
 	var list v1.DeploymentList
 	if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err == nil {
 		for _, d := range list.Items {

cmd/flux/check_test.go

@@ -0,0 +1,51 @@
+// +build e2e
+
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/fluxcd/flux2/internal/utils"
+	"k8s.io/apimachinery/pkg/version"
+)
+
+func TestCheckPre(t *testing.T) {
+	jsonOutput, err := utils.ExecKubectlCommand(context.TODO(), utils.ModeCapture, rootArgs.kubeconfig, rootArgs.kubecontext, "version", "--output", "json")
+	if err != nil {
+		t.Fatalf("Error running utils.ExecKubectlCommand: %v", err.Error())
+	}
+
+	var versions map[string]version.Info
+	if err := json.Unmarshal([]byte(jsonOutput), &versions); err != nil {
+		t.Fatalf("Error unmarshalling: %v", err.Error())
+	}
+
+	serverVersion := strings.TrimPrefix(versions["serverVersion"].GitVersion, "v")
+
+	cmd := cmdTestCase{
+		args: "check --pre",
+		assert: assertGoldenTemplateFile("testdata/check/check_pre.golden", map[string]string{
+			"serverVersion": serverVersion,
+		}),
+	}
+	cmd.runTestCmd(t)
+}

cmd/flux/completion.go

@@ -17,7 +17,18 @@ limitations under the License.
 package main
 
 import (
+	"context"
+	"strings"
+
+	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/discovery"
+	memory "k8s.io/client-go/discovery/cached"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/restmapper"
 )
 
 var completionCmd = &cobra.Command{
@@ -29,3 +40,77 @@ var completionCmd = &cobra.Command{
 func init() {
 	rootCmd.AddCommand(completionCmd)
 }
+
+func contextsCompletionFunc(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	rawConfig, err := utils.ClientConfig(rootArgs.kubeconfig, rootArgs.kubecontext).RawConfig()
+	if err != nil {
+		return completionError(err)
+	}
+
+	var comps []string
+
+	for name := range rawConfig.Contexts {
+		if strings.HasPrefix(name, toComplete) {
+			comps = append(comps, name)
+		}
+	}
+
+	return comps, cobra.ShellCompDirectiveNoFileComp
+}
+
+func resourceNamesCompletionFunc(gvk schema.GroupVersionKind) func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+		defer cancel()
+
+		cfg, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
+		if err != nil {
+			return completionError(err)
+		}
+
+		dc, err := discovery.NewDiscoveryClientForConfig(cfg)
+		if err != nil {
+			return completionError(err)
+		}
+		mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(dc))
+
+		mapping, err := mapper.RESTMapping(gvk.GroupKind(), gvk.Version)
+		if err != nil {
+			return completionError(err)
+		}
+
+		client, err := dynamic.NewForConfig(cfg)
+		if err != nil {
+			return completionError(err)
+		}
+
+		var dr dynamic.ResourceInterface
+		if mapping.Scope.Name() == meta.RESTScopeNameNamespace {
+			dr = client.Resource(mapping.Resource).Namespace(rootArgs.namespace)
+		} else {
+			dr = client.Resource(mapping.Resource)
+		}
+
+		list, err := dr.List(ctx, metav1.ListOptions{})
+		if err != nil {
+			return completionError(err)
+		}
+
+		var comps []string
+
+		for _, item := range list.Items {
+			name := item.GetName()
+
+			if strings.HasPrefix(name, toComplete) {
+				comps = append(comps, name)
+			}
+		}
+
+		return comps, cobra.ShellCompDirectiveNoFileComp
+	}
+}
+
+func completionError(err error) ([]string, cobra.ShellCompDirective) {
+	cobra.CompError(err.Error())
+	return nil, cobra.ShellCompDirectiveError
+}

cmd/flux/completion_zsh.go

@@ -17,6 +17,7 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"os"
 
 	"github.com/spf13/cobra"
@@ -27,12 +28,12 @@ var completionZshCmd = &cobra.Command{
 	Short: "Generates zsh completion scripts",
 	Example: `To load completion run
 
-. <(flux completion zsh) && compdef _flux flux
+. <(flux completion zsh)
 
 To configure your zsh shell to load completions for each session add to your zshrc
 
 # ~/.zshrc or ~/.profile
-command -v flux >/dev/null && . <(flux completion zsh) && compdef _flux flux
+command -v flux >/dev/null && . <(flux completion zsh)
 
 or write a cached file in one of the completion directories in your ${fpath}:
 
@@ -43,6 +44,8 @@ mv _flux ~/.oh-my-zsh/completions  # oh-my-zsh
 mv _flux ~/.zprezto/modules/completion/external/src/  # zprezto`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenZshCompletion(os.Stdout)
+		// Cobra doesn't source zsh completion file, explicitly doing it here
+		fmt.Println("compdef _flux flux")
 	},
 }
 

cmd/flux/create_alert.go

@@ -58,7 +58,7 @@ var alertArgs alertFlags
 func init() {
 	createAlertCmd.Flags().StringVar(&alertArgs.providerRef, "provider-ref", "", "reference to provider")
 	createAlertCmd.Flags().StringVar(&alertArgs.eventSeverity, "event-severity", "", "severity of events to send alerts for")
-	createAlertCmd.Flags().StringArrayVar(&alertArgs.eventSources, "event-source", []string{}, "sources that should generate alerts (<kind>/<name>)")
+	createAlertCmd.Flags().StringSliceVar(&alertArgs.eventSources, "event-source", []string{}, "sources that should generate alerts (<kind>/<name>), also accepts comma-separated values")
 	createCmd.AddCommand(createAlertCmd)
 }
 
@@ -74,14 +74,15 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
 
 	eventSources := []notificationv1.CrossNamespaceObjectReference{}
 	for _, eventSource := range alertArgs.eventSources {
-		kind, name := utils.ParseObjectKindName(eventSource)
+		kind, name, namespace := utils.ParseObjectKindNameNamespace(eventSource)
 		if kind == "" {
 			return fmt.Errorf("invalid event source '%s', must be in format <kind>/<name>", eventSource)
 		}
 
 		eventSources = append(eventSources, notificationv1.CrossNamespaceObjectReference{
-			Kind: kind,
-			Name: name,
+			Kind:      kind,
+			Name:      name,
+			Namespace: namespace,
 		})
 	}
 

cmd/flux/create_helmrelease.go

@@ -20,7 +20,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
@@ -87,7 +87,8 @@ var createHelmReleaseCmd = &cobra.Command{
 
   # Create a HelmRelease targeting another namespace than the resource
   flux create hr podinfo \
-    --target-namespace=default \
+    --target-namespace=test \
+    --create-target-namespace=true \
     --source=HelmRepository/podinfo \
     --chart=podinfo
 
@@ -113,9 +114,11 @@ type helmReleaseFlags struct {
 	chart           string
 	chartVersion    string
 	targetNamespace string
-	valuesFile      []string
+	createNamespace bool
+	valuesFiles     []string
 	valuesFrom      flags.HelmReleaseValuesFrom
 	saName          string
+	crds            flags.CRDsPolicy
 }
 
 var helmReleaseArgs helmReleaseFlags
@@ -125,11 +128,13 @@ func init() {
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.source, "source", helmReleaseArgs.source.Description())
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.chart, "chart", "", "Helm chart name or path")
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.chartVersion, "chart-version", "", "Helm chart version, accepts a semver range (ignored for charts from GitRepository sources)")
-	createHelmReleaseCmd.Flags().StringArrayVar(&helmReleaseArgs.dependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
+	createHelmReleaseCmd.Flags().StringSliceVar(&helmReleaseArgs.dependsOn, "depends-on", nil, "HelmReleases that must be ready before this release can be installed, supported formats '<name>' and '<namespace>/<name>'")
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.targetNamespace, "target-namespace", "", "namespace to install this release, defaults to the HelmRelease namespace")
+	createHelmReleaseCmd.Flags().BoolVar(&helmReleaseArgs.createNamespace, "create-target-namespace", false, "create the target namespace if it does not exist")
 	createHelmReleaseCmd.Flags().StringVar(&helmReleaseArgs.saName, "service-account", "", "the name of the service account to impersonate when reconciling this HelmRelease")
-	createHelmReleaseCmd.Flags().StringArrayVar(&helmReleaseArgs.valuesFile, "values", nil, "local path to values.yaml files")
+	createHelmReleaseCmd.Flags().StringSliceVar(&helmReleaseArgs.valuesFiles, "values", nil, "local path to values.yaml files, also accepts comma-separated values")
 	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.valuesFrom, "values-from", helmReleaseArgs.valuesFrom.Description())
+	createHelmReleaseCmd.Flags().Var(&helmReleaseArgs.crds, "crds", helmReleaseArgs.crds.Description())
 	createCmd.AddCommand(createHelmReleaseCmd)
 }
 
@@ -165,6 +170,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 				Duration: createArgs.interval,
 			},
 			TargetNamespace: helmReleaseArgs.targetNamespace,
+
 			Chart: helmv2.HelmChartTemplate{
 				Spec: helmv2.HelmChartTemplateSpec{
 					Chart:   helmReleaseArgs.chart,
@@ -180,14 +186,31 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if helmReleaseArgs.createNamespace {
+		if helmRelease.Spec.Install == nil {
+			helmRelease.Spec.Install = &helmv2.Install{}
+		}
+
+		helmRelease.Spec.Install.CreateNamespace = helmReleaseArgs.createNamespace
+	}
+
 	if helmReleaseArgs.saName != "" {
 		helmRelease.Spec.ServiceAccountName = helmReleaseArgs.saName
 	}
 
-	if len(helmReleaseArgs.valuesFile) > 0 {
-		var valuesMap map[string]interface{}
-		for _, v := range helmReleaseArgs.valuesFile {
-			data, err := ioutil.ReadFile(v)
+	if helmReleaseArgs.crds != "" {
+		if helmRelease.Spec.Install == nil {
+			helmRelease.Spec.Install = &helmv2.Install{}
+		}
+
+		helmRelease.Spec.Install.CRDs = helmv2.Create
+		helmRelease.Spec.Upgrade = &helmv2.Upgrade{CRDs: helmv2.CRDsPolicy(helmReleaseArgs.crds.String())}
+	}
+
+	if len(helmReleaseArgs.valuesFiles) > 0 {
+		valuesMap := make(map[string]interface{})
+		for _, v := range helmReleaseArgs.valuesFiles {
+			data, err := os.ReadFile(v)
 			if err != nil {
 				return fmt.Errorf("reading values from %s failed: %w", v, err)
 			}
@@ -202,11 +225,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 				return fmt.Errorf("unmarshaling values from %s failed: %w", v, err)
 			}
 
-			if valuesMap == nil {
-				valuesMap = jsonMap
-			} else {
-				valuesMap = transform.MergeMaps(valuesMap, jsonMap)
-			}
+			valuesMap = transform.MergeMaps(valuesMap, jsonMap)
 		}
 
 		jsonRaw, err := json.Marshal(valuesMap)

cmd/flux/create_image_policy.go

@@ -28,7 +28,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var createImagePolicyCmd = &cobra.Command{
@@ -105,7 +105,7 @@ func createImagePolicyRun(cmd *cobra.Command, args []string) error {
 			Labels:    labels,
 		},
 		Spec: imagev1.ImagePolicySpec{
-			ImageRepositoryRef: meta.LocalObjectReference{
+			ImageRepositoryRef: meta.NamespacedObjectReference{
 				Name: imagePolicyArgs.imageRef,
 			},
 		},

cmd/flux/create_image_repository.go

@@ -26,7 +26,7 @@ import (
 
 	"github.com/fluxcd/pkg/apis/meta"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var createImageRepositoryCmd = &cobra.Command{

cmd/flux/create_image_update.go

@@ -22,9 +22,8 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/fluxcd/pkg/apis/meta"
-
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var createImageUpdateCmd = &cobra.Command{
@@ -113,25 +112,33 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 			Labels:    labels,
 		},
 		Spec: autov1.ImageUpdateAutomationSpec{
-			Checkout: autov1.GitCheckoutSpec{
-				GitRepositoryRef: meta.LocalObjectReference{
-					Name: imageUpdateArgs.gitRepoRef,
+			SourceRef: autov1.SourceReference{
+				Kind: sourcev1.GitRepositoryKind,
+				Name: imageUpdateArgs.gitRepoRef,
+			},
+
+			GitSpec: &autov1.GitSpec{
+				Checkout: &autov1.GitCheckoutSpec{
+					Reference: sourcev1.GitRepositoryRef{
+						Branch: imageUpdateArgs.checkoutBranch,
+					},
+				},
+				Commit: autov1.CommitSpec{
+					Author: autov1.CommitUser{
+						Name:  imageUpdateArgs.authorName,
+						Email: imageUpdateArgs.authorEmail,
+					},
+					MessageTemplate: imageUpdateArgs.commitTemplate,
 				},
-				Branch: imageUpdateArgs.checkoutBranch,
 			},
 			Interval: metav1.Duration{
 				Duration: createArgs.interval,
 			},
-			Commit: autov1.CommitSpec{
-				AuthorName:      imageUpdateArgs.authorName,
-				AuthorEmail:     imageUpdateArgs.authorEmail,
-				MessageTemplate: imageUpdateArgs.commitTemplate,
-			},
 		},
 	}
 
 	if imageUpdateArgs.pushBranch != "" {
-		update.Spec.Push = &autov1.PushSpec{
+		update.Spec.GitSpec.Push = &autov1.PushSpec{
 			Branch: imageUpdateArgs.pushBranch,
 		}
 	}

cmd/flux/create_kustomization.go

@@ -31,7 +31,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 	"github.com/fluxcd/pkg/apis/meta"
 
 	"github.com/fluxcd/flux2/internal/flags"
@@ -49,7 +49,6 @@ var createKsCmd = &cobra.Command{
     --path="./examples/contour/" \
     --prune=true \
     --interval=10m \
-    --validation=client \
     --health-check="Deployment/contour.projectcontour" \
     --health-check="DaemonSet/envoy.projectcontour" \
     --health-check-timeout=3m
@@ -60,8 +59,7 @@ var createKsCmd = &cobra.Command{
     --source=GitRepository/webapp \
     --path="./deploy/overlays/dev" \
     --prune=true \
-    --interval=5m \
-    --validation=client
+    --interval=5m
 
   # Create a Kustomization using a source from a different namespace
   flux create kustomization podinfo \
@@ -69,8 +67,7 @@ var createKsCmd = &cobra.Command{
     --source=GitRepository/podinfo.flux-system \
     --path="./deploy/overlays/dev" \
     --prune=true \
-    --interval=5m \
-    --validation=client
+    --interval=5m
 
   # Create a Kustomization resource that references a Bucket
   flux create kustomization secrets \
@@ -92,6 +89,7 @@ type kustomizationFlags struct {
 	decryptionProvider flags.DecryptionProvider
 	decryptionSecret   string
 	targetNamespace    string
+	wait               bool
 }
 
 var kustomizationArgs = NewKustomizationFlags()
@@ -100,14 +98,17 @@ func init() {
 	createKsCmd.Flags().Var(&kustomizationArgs.source, "source", kustomizationArgs.source.Description())
 	createKsCmd.Flags().Var(&kustomizationArgs.path, "path", "path to the directory containing a kustomization.yaml file")
 	createKsCmd.Flags().BoolVar(&kustomizationArgs.prune, "prune", false, "enable garbage collection")
-	createKsCmd.Flags().StringArrayVar(&kustomizationArgs.healthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
+	createKsCmd.Flags().BoolVar(&kustomizationArgs.wait, "wait", false, "enable health checking of all the applied resources")
+	createKsCmd.Flags().StringSliceVar(&kustomizationArgs.healthCheck, "health-check", nil, "workload to be included in the health assessment, in the format '<kind>/<name>.<namespace>'")
 	createKsCmd.Flags().DurationVar(&kustomizationArgs.healthTimeout, "health-check-timeout", 2*time.Minute, "timeout of health checking operations")
 	createKsCmd.Flags().StringVar(&kustomizationArgs.validation, "validation", "", "validate the manifests before applying them on the cluster, can be 'client' or 'server'")
-	createKsCmd.Flags().StringArrayVar(&kustomizationArgs.dependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>'")
+	createKsCmd.Flags().StringSliceVar(&kustomizationArgs.dependsOn, "depends-on", nil, "Kustomization that must be ready before this Kustomization can be applied, supported formats '<name>' and '<namespace>/<name>', also accepts comma-separated values")
 	createKsCmd.Flags().StringVar(&kustomizationArgs.saName, "service-account", "", "the name of the service account to impersonate when reconciling this Kustomization")
 	createKsCmd.Flags().Var(&kustomizationArgs.decryptionProvider, "decryption-provider", kustomizationArgs.decryptionProvider.Description())
 	createKsCmd.Flags().StringVar(&kustomizationArgs.decryptionSecret, "decryption-secret", "", "set the Kubernetes secret name that contains the OpenPGP private keys used for sops decryption")
 	createKsCmd.Flags().StringVar(&kustomizationArgs.targetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")
+	createKsCmd.Flags().MarkDeprecated("validation", "this arg is no longer used, all resources are validated using server-side apply dry-run")
+
 	createCmd.AddCommand(createKsCmd)
 }
 
@@ -158,12 +159,11 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 				Namespace: kustomizationArgs.source.Namespace,
 			},
 			Suspend:         false,
-			Validation:      kustomizationArgs.validation,
 			TargetNamespace: kustomizationArgs.targetNamespace,
 		},
 	}
 
-	if len(kustomizationArgs.healthCheck) > 0 {
+	if len(kustomizationArgs.healthCheck) > 0 && !kustomizationArgs.wait {
 		healthChecks := make([]meta.NamespacedObjectKindReference, 0)
 		for _, w := range kustomizationArgs.healthCheck {
 			kindObj := strings.Split(w, "/")
@@ -204,6 +204,13 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	if kustomizationArgs.wait {
+		kustomization.Spec.Wait = true
+		kustomization.Spec.Timeout = &metav1.Duration{
+			Duration: kustomizationArgs.healthTimeout,
+		}
+	}
+
 	if kustomizationArgs.saName != "" {
 		kustomization.Spec.ServiceAccountName = kustomizationArgs.saName
 	}

cmd/flux/create_receiver.go

@@ -61,8 +61,8 @@ var receiverArgs receiverFlags
 func init() {
 	createReceiverCmd.Flags().StringVar(&receiverArgs.receiverType, "type", "", "")
 	createReceiverCmd.Flags().StringVar(&receiverArgs.secretRef, "secret-ref", "", "")
-	createReceiverCmd.Flags().StringArrayVar(&receiverArgs.events, "event", []string{}, "")
-	createReceiverCmd.Flags().StringArrayVar(&receiverArgs.resources, "resource", []string{}, "")
+	createReceiverCmd.Flags().StringSliceVar(&receiverArgs.events, "event", []string{}, "also accepts comma-separated values")
+	createReceiverCmd.Flags().StringSliceVar(&receiverArgs.resources, "resource", []string{}, "also accepts comma-separated values")
 	createCmd.AddCommand(createReceiverCmd)
 }
 

cmd/flux/create_secret_git.go

@@ -50,25 +50,28 @@ For Git over HTTP/S, the provided basic authentication credentials are stored in
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --private-key-file=./private.key
 
+  # Create a Git SSH authentication secret with a passworded private key from file
+  # The public SSH host key will still be gathered from the host
+  flux create secret git podinfo-auth \
+    --url=ssh://git@github.com/stefanprodan/podinfo \
+    --private-key-file=./private.key \
+    --password=<password>
+
   # Create a secret for a Git repository using basic authentication
   flux create secret git podinfo-auth \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
     --password=password
 
-  # Create a Git SSH secret on disk and print the deploy key
+  # Create a Git SSH secret on disk
   flux create secret git podinfo-auth \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --export > podinfo-auth.yaml
 
-  yq read podinfo-auth.yaml 'data."identity.pub"' | base64 --decode
-
-  # Create a Git SSH secret on disk and encrypt it with Mozilla SOPS
-  flux create secret git podinfo-auth \
-    --namespace=apps \
-    --url=ssh://git@github.com/stefanprodan/podinfo \
-    --export > podinfo-auth.yaml
+  # Print the deploy key
+  yq eval '.stringData."identity.pub"' podinfo-auth.yaml
 
+  # Encrypt the secret on disk with Mozilla SOPS
   sops --encrypt --encrypted-regex '^(data|stringData)$' \
     --in-place podinfo-auth.yaml`,
 	RunE: createSecretGitCmdRun,
@@ -102,7 +105,7 @@ func init() {
 
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -140,6 +143,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 		opts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(secretGitArgs.keyAlgorithm)
 		opts.RSAKeyBits = int(secretGitArgs.rsaBits)
 		opts.ECDSACurve = secretGitArgs.ecdsaCurve.Curve
+		opts.Password = secretGitArgs.password
 	case "http", "https":
 		if secretGitArgs.username == "" || secretGitArgs.password == "" {
 			return fmt.Errorf("for Git over HTTP/S the username and password are required")
@@ -157,7 +161,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		fmt.Println(secret.Content)
+		rootCmd.Println(secret.Content)
 		return nil
 	}
 
@@ -179,7 +183,7 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 	if err := upsertSecret(ctx, kubeClient, s); err != nil {
 		return err
 	}
-	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
+	logger.Actionf("git secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 
 	return nil
 }

cmd/flux/create_secret_git_test.go

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestCreateGitSecret(t *testing.T) {
+	tests := []struct {
+		name   string
+		args   string
+		assert assertFunc
+	}{
+		{
+			name:   "no args",
+			args:   "create secret git",
+			assert: assertError("secret name is required"),
+		},
+		{
+			name:   "basic secret",
+			args:   "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --username=my-username --password=my-password --namespace=my-namespace --export",
+			assert: assertGoldenFile("./testdata/create_secret/git/secret-git-basic.yaml"),
+		},
+		{
+			name:   "ssh key",
+			args:   "create secret git podinfo-auth --url=ssh://git@github.com/stefanprodan/podinfo --private-key-file=./testdata/create_secret/git/ecdsa.private --namespace=my-namespace --export",
+			assert: assertGoldenFile("testdata/create_secret/git/git-ssh-secret.yaml"),
+		},
+		{
+			name:   "ssh key with password",
+			args:   "create secret git podinfo-auth --url=ssh://git@github.com/stefanprodan/podinfo --private-key-file=./testdata/create_secret/git/ecdsa-password.private --password=password --namespace=my-namespace --export",
+			assert: assertGoldenFile("testdata/create_secret/git/git-ssh-secret-password.yaml"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := cmdTestCase{
+				args:   tt.args,
+				assert: tt.assert,
+			}
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/create_secret_helm.go

@@ -94,7 +94,7 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		fmt.Println(secret.Content)
+		rootCmd.Println(secret.Content)
 		return nil
 	}
 
@@ -112,5 +112,6 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	logger.Actionf("helm secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 	return nil
 }

cmd/flux/create_secret_helm_test.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestCreateHelmSecret(t *testing.T) {
+	tests := []struct {
+		name   string
+		args   string
+		assert assertFunc
+	}{
+		{
+			args:   "create secret helm",
+			assert: assertError("secret name is required"),
+		},
+		{
+			args:   "create secret helm helm-secret --username=my-username --password=my-password --namespace=my-namespace --export",
+			assert: assertGoldenFile("testdata/create_secret/helm/secret-helm.yaml"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := cmdTestCase{
+				args:   tt.args,
+				assert: tt.assert,
+			}
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/create_secret_tls.go

@@ -91,7 +91,7 @@ func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		fmt.Println(secret.Content)
+		rootCmd.Print(secret.Content)
 		return nil
 	}
 
@@ -109,5 +109,6 @@ func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	logger.Actionf("tls secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 	return nil
 }

cmd/flux/create_secret_tls_test.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestCreateTlsSecretNoArgs(t *testing.T) {
+	tests := []struct {
+		name   string
+		args   string
+		assert assertFunc
+	}{
+		{
+			args:   "create secret tls",
+			assert: assertError("secret name is required"),
+		},
+		{
+			args:   "create secret tls certs --namespace=my-namespace --cert-file=./testdata/create_secret/tls/test-cert.pem --key-file=./testdata/create_secret/tls/test-key.pem --export",
+			assert: assertGoldenFile("testdata/create_secret/tls/secret-tls.yaml"),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := cmdTestCase{
+				args:   tt.args,
+				assert: tt.assert,
+			}
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/create_source.go

@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"time"
+
 	"github.com/spf13/cobra"
 )
 
@@ -26,6 +28,14 @@ var createSourceCmd = &cobra.Command{
 	Long:  "The create source sub-commands generate sources.",
 }
 
+type createSourceFlags struct {
+	fetchTimeout time.Duration
+}
+
+var createSourceArgs createSourceFlags
+
 func init() {
+	createSourceCmd.PersistentFlags().DurationVar(&createSourceArgs.fetchTimeout, "fetch-timeout", createSourceArgs.fetchTimeout,
+		"set a timeout for fetch operations performed by source-controller (e.g. 'git clone' or 'helm repo update')")
 	createCmd.AddCommand(createSourceCmd)
 }

cmd/flux/create_source_bucket.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 
 	"github.com/spf13/cobra"
@@ -112,7 +111,7 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	tmpDir, err := ioutil.TempDir("", name)
+	tmpDir, err := os.MkdirTemp("", name)
 	if err != nil {
 		return err
 	}
@@ -135,7 +134,12 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 			},
 		},
 	}
-	if sourceHelmArgs.secretRef != "" {
+
+	if createSourceArgs.fetchTimeout > 0 {
+		bucket.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
+	if sourceBucketArgs.secretRef != "" {
 		bucket.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: sourceBucketArgs.secretRef,
 		}

cmd/flux/create_source_git.go

@@ -20,7 +20,6 @@ import (
 	"context"
 	"crypto/elliptic"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 
@@ -57,6 +56,7 @@ type sourceGitFlags struct {
 	caFile            string
 	privateKeyFile    string
 	recurseSubmodules bool
+	silent            bool
 }
 
 var createSourceGitCmd = &cobra.Command{
@@ -101,6 +101,15 @@ For private Git repositories, the basic authentication credentials are stored in
     --branch=master \
     --private-key-file=./private.key
 
+  # Create a source for a Git repository using SSH authentication and a
+  # private key with a password from file
+  # The public SSH host key will still be gathered from the host
+  flux create source git podinfo \
+    --url=ssh://git@github.com/stefanprodan/podinfo \
+    --branch=master \
+    --private-key-file=./private.key \
+    --password=<password>
+
   # Create a source for a Git repository using basic authentication
   flux create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
@@ -113,7 +122,7 @@ var sourceGitArgs = newSourceGitFlags()
 
 func init() {
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.url, "url", "", "git address, e.g. ssh://git@host/org/repository")
-	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.branch, "branch", "master", "git branch")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.branch, "branch", "", "git branch")
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.tag, "tag", "", "git tag")
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.semver, "tag-semver", "", "git tag semver range")
 	createSourceGitCmd.Flags().StringVarP(&sourceGitArgs.username, "username", "u", "", "basic authentication username")
@@ -127,13 +136,14 @@ func init() {
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
 	createSourceGitCmd.Flags().BoolVar(&sourceGitArgs.recurseSubmodules, "recurse-submodules", false,
 		"when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces")
+	createSourceGitCmd.Flags().BoolVarP(&sourceGitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
 
 	createSourceCmd.AddCommand(createSourceGitCmd)
 }
 
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -157,6 +167,10 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
 	}
 
+	if sourceGitArgs.branch == "" && sourceGitArgs.tag == "" && sourceGitArgs.semver == "" {
+		return fmt.Errorf("a Git ref is required, use one of the following: --branch, --tag or --tag-semver")
+	}
+
 	if sourceGitArgs.caFile != "" && u.Scheme == "ssh" {
 		return fmt.Errorf("specifing a CA file is not supported for Git over SSH")
 	}
@@ -165,7 +179,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("recurse submodules requires --git-implementation=%s", sourcev1.GoGitImplementation)
 	}
 
-	tmpDir, err := ioutil.TempDir("", name)
+	tmpDir, err := os.MkdirTemp("", name)
 	if err != nil {
 		return err
 	}
@@ -192,6 +206,10 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if createSourceArgs.fetchTimeout > 0 {
+		gitRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
 	if sourceGitArgs.gitImplementation != "" {
 		gitRepository.Spec.GitImplementation = sourceGitArgs.gitImplementation.String()
 	}
@@ -236,6 +254,7 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 			secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(sourceGitArgs.keyAlgorithm)
 			secretOpts.RSAKeyBits = int(sourceGitArgs.keyRSABits)
 			secretOpts.ECDSACurve = sourceGitArgs.keyECDSACurve.Curve
+			secretOpts.Password = sourceGitArgs.password
 		case "https":
 			secretOpts.Username = sourceGitArgs.username
 			secretOpts.Password = sourceGitArgs.password
@@ -259,12 +278,14 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 			}
 			if ppk, ok := s.StringData[sourcesecret.PublicKeySecretKey]; ok {
 				logger.Generatef("deploy key: %s", ppk)
-				prompt := promptui.Prompt{
-					Label:     "Have you added the deploy key to your repository",
-					IsConfirm: true,
-				}
-				if _, err := prompt.Run(); err != nil {
-					return fmt.Errorf("aborting")
+				if !sourceGitArgs.silent {
+					prompt := promptui.Prompt{
+						Label:     "Have you added the deploy key to your repository",
+						IsConfirm: true,
+					}
+					if _, err := prompt.Run(); err != nil {
+						return fmt.Errorf("aborting")
+					}
 				}
 			}
 			logger.Actionf("applying secret with repository credentials")

cmd/flux/create_source_git_test.go

@@ -0,0 +1,147 @@
+// +build unit
+
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"github.com/fluxcd/pkg/apis/meta"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"testing"
+	"time"
+)
+
+var pollInterval = 50 * time.Millisecond
+var testTimeout = 10 * time.Second
+
+// Update the GitRepository once created to exercise test specific behavior
+type reconcileFunc func(repo *sourcev1.GitRepository)
+
+// reconciler waits for an object to be created, then invokes a test supplied
+// function to mutate that object, simulating a controller.
+// Test should invoke run() to run the background reconciler task which
+// polls to wait for the object to exist before applying the update function.
+// Any errors from the reconciler are asserted on test completion.
+type reconciler struct {
+	client    client.Client
+	name      types.NamespacedName
+	reconcile reconcileFunc
+}
+
+// Start the background task that waits for the object to exist then applies
+// the update function.
+func (r *reconciler) run(t *testing.T) {
+	result := make(chan error)
+	go func() {
+		defer close(result)
+		err := wait.PollImmediate(
+			pollInterval,
+			testTimeout,
+			r.conditionFunc)
+		result <- err
+	}()
+	t.Cleanup(func() {
+		if err := <-result; err != nil {
+			t.Errorf("Failure from test reconciler: '%v':", err.Error())
+		}
+	})
+}
+
+// A ConditionFunction that waits for the named GitRepository to be created,
+// then sets the ready condition to true.
+func (r *reconciler) conditionFunc() (bool, error) {
+	var repo sourcev1.GitRepository
+	if err := r.client.Get(context.Background(), r.name, &repo); err != nil {
+		if errors.IsNotFound(err) {
+			return false, nil // Keep polling until object is created
+		}
+		return true, err
+	}
+	r.reconcile(&repo)
+	err := r.client.Status().Update(context.Background(), &repo)
+	return true, err
+}
+
+func TestCreateSourceGit(t *testing.T) {
+	// Default command used for multiple tests
+	var command = "create source git podinfo --url=https://github.com/stefanprodan/podinfo --branch=master --timeout=" + testTimeout.String()
+
+	cases := []struct {
+		name      string
+		args      string
+		assert    assertFunc
+		reconcile reconcileFunc
+	}{
+		{
+			"NoArgs",
+			"create source git",
+			assertError("GitRepository source name is required"),
+			nil,
+		}, {
+			"Succeeded",
+			command,
+			assertGoldenFile("testdata/create_source_git/success.golden"),
+			func(repo *sourcev1.GitRepository) {
+				meta.SetResourceCondition(repo, meta.ReadyCondition, metav1.ConditionTrue, sourcev1.GitOperationSucceedReason, "succeeded message")
+				repo.Status.Artifact = &sourcev1.Artifact{
+					Path:     "some-path",
+					Revision: "v1",
+				}
+			},
+		}, {
+			"Failed",
+			command,
+			assertError("failed message"),
+			func(repo *sourcev1.GitRepository) {
+				meta.SetResourceCondition(repo, meta.ReadyCondition, metav1.ConditionFalse, sourcev1.URLInvalidReason, "failed message")
+			},
+		}, {
+			"NoArtifact",
+			command,
+			assertError("GitRepository source reconciliation completed but no artifact was found"),
+			func(repo *sourcev1.GitRepository) {
+				// Updated with no artifact
+				meta.SetResourceCondition(repo, meta.ReadyCondition, metav1.ConditionTrue, sourcev1.GitOperationSucceedReason, "succeeded message")
+			},
+		},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			ns := allocateNamespace("podinfo")
+			setupTestNamespace(ns, t)
+			if tc.reconcile != nil {
+				r := reconciler{
+					client:    testEnv.client,
+					name:      types.NamespacedName{Namespace: ns, Name: "podinfo"},
+					reconcile: tc.reconcile,
+				}
+				r.run(t)
+			}
+			cmd := cmdTestCase{
+				args:   tc.args + " -n=" + ns,
+				assert: tc.assert,
+			}
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/create_source_helm.go

@@ -19,7 +19,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 
@@ -66,13 +65,14 @@ For private Helm repositories, the basic authentication credentials are stored i
 }
 
 type sourceHelmFlags struct {
-	url       string
-	username  string
-	password  string
-	certFile  string
-	keyFile   string
-	caFile    string
-	secretRef string
+	url             string
+	username        string
+	password        string
+	certFile        string
+	keyFile         string
+	caFile          string
+	secretRef       string
+	passCredentials bool
 }
 
 var sourceHelmArgs sourceHelmFlags
@@ -85,6 +85,7 @@ func init() {
 	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.keyFile, "key-file", "", "TLS authentication key file path")
 	createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.caFile, "ca-file", "", "TLS authentication CA file path")
 	createSourceHelmCmd.Flags().StringVarP(&sourceHelmArgs.secretRef, "secret-ref", "", "", "the name of an existing secret containing TLS or basic auth credentials")
+	createSourceHelmCmd.Flags().BoolVarP(&sourceHelmArgs.passCredentials, "pass-credentials", "", false, "pass credentials to all domains")
 
 	createSourceCmd.AddCommand(createSourceHelmCmd)
 }
@@ -104,7 +105,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	tmpDir, err := ioutil.TempDir("", name)
+	tmpDir, err := os.MkdirTemp("", name)
 	if err != nil {
 		return err
 	}
@@ -128,10 +129,15 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if createSourceArgs.fetchTimeout > 0 {
+		helmRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
 	if sourceHelmArgs.secretRef != "" {
 		helmRepository.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: sourceHelmArgs.secretRef,
 		}
+		helmRepository.Spec.PassCredentials = sourceHelmArgs.passCredentials
 	}
 
 	if createArgs.export {
@@ -175,6 +181,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 			helmRepository.Spec.SecretRef = &meta.LocalObjectReference{
 				Name: secretName,
 			}
+			helmRepository.Spec.PassCredentials = sourceHelmArgs.passCredentials
 			logger.Successf("authentication configured")
 		}
 	}

cmd/flux/create_tenant.go

@@ -148,7 +148,7 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		for i, _ := range tenantArgs.namespaces {
+		for i := range tenantArgs.namespaces {
 			if err := exportTenant(namespaces[i], accounts[i], roleBindings[i]); err != nil {
 				return err
 			}
@@ -164,7 +164,7 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	for i, _ := range tenantArgs.namespaces {
+	for i := range tenantArgs.namespaces {
 		logger.Actionf("applying namespace %s", namespaces[i].Name)
 		if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil {
 			return err

cmd/flux/delete_alert.go

@@ -28,6 +28,7 @@ var deleteAlertCmd = &cobra.Command{
 	Long:  "The delete alert command removes the given Alert from the cluster.",
 	Example: `  # Delete an Alert and the Kubernetes resources created by it
   flux delete alert main`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.AlertKind)),
 	RunE: deleteCommand{
 		apiType: alertType,
 		object:  universalAdapter{&notificationv1.Alert{}},

cmd/flux/delete_alertprovider.go

@@ -28,6 +28,7 @@ var deleteAlertProviderCmd = &cobra.Command{
 	Long:  "The delete alert-provider command removes the given Provider from the cluster.",
 	Example: `  # Delete a Provider and the Kubernetes resources created by it
   flux delete alert-provider slack`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ProviderKind)),
 	RunE: deleteCommand{
 		apiType: alertProviderType,
 		object:  universalAdapter{&notificationv1.Provider{}},

cmd/flux/delete_helmrelease.go

@@ -29,6 +29,7 @@ var deleteHelmReleaseCmd = &cobra.Command{
 	Long:    "The delete helmrelease command removes the given HelmRelease from the cluster.",
 	Example: `  # Delete a Helm release and the Kubernetes resources created by it
   flux delete hr podinfo`,
+	ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),
 	RunE: deleteCommand{
 		apiType: helmReleaseType,
 		object:  universalAdapter{&helmv2.HelmRelease{}},

cmd/flux/delete_image_policy.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var deleteImagePolicyCmd = &cobra.Command{
@@ -28,6 +28,7 @@ var deleteImagePolicyCmd = &cobra.Command{
 	Long:  "The delete image policy command deletes the given ImagePolicy from the cluster.",
 	Example: `  # Delete an image policy
   flux delete image policy alpine3.x`,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImagePolicyKind)),
 	RunE: deleteCommand{
 		apiType: imagePolicyType,
 		object:  universalAdapter{&imagev1.ImagePolicy{}},

cmd/flux/delete_image_repository.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var deleteImageRepositoryCmd = &cobra.Command{
@@ -28,6 +28,7 @@ var deleteImageRepositoryCmd = &cobra.Command{
 	Long:  "The delete image repository command deletes the given ImageRepository from the cluster.",
 	Example: `  # Delete an image repository
   flux delete image repository alpine`,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImageRepositoryKind)),
 	RunE: deleteCommand{
 		apiType: imageRepositoryType,
 		object:  universalAdapter{&imagev1.ImageRepository{}},

cmd/flux/delete_image_update.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var deleteImageUpdateCmd = &cobra.Command{
@@ -28,6 +28,7 @@ var deleteImageUpdateCmd = &cobra.Command{
 	Long:  "The delete image update command deletes the given ImageUpdateAutomation from the cluster.",
 	Example: `  # Delete an image update automation
   flux delete image update latest-images`,
+	ValidArgsFunction: resourceNamesCompletionFunc(autov1.GroupVersion.WithKind(autov1.ImageUpdateAutomationKind)),
 	RunE: deleteCommand{
 		apiType: imageUpdateAutomationType,
 		object:  universalAdapter{&autov1.ImageUpdateAutomation{}},

cmd/flux/delete_kustomization.go

@@ -19,7 +19,7 @@ package main
 import (
 	"github.com/spf13/cobra"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 )
 
 var deleteKsCmd = &cobra.Command{
@@ -29,6 +29,7 @@ var deleteKsCmd = &cobra.Command{
 	Long:    "The delete kustomization command deletes the given Kustomization from the cluster.",
 	Example: `  # Delete a kustomization and the Kubernetes resources created by it
   flux delete kustomization podinfo`,
+	ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
 	RunE: deleteCommand{
 		apiType: kustomizationType,
 		object:  universalAdapter{&kustomizev1.Kustomization{}},

cmd/flux/delete_receiver.go

@@ -28,6 +28,7 @@ var deleteReceiverCmd = &cobra.Command{
 	Long:  "The delete receiver command removes the given Receiver from the cluster.",
 	Example: `  # Delete an Receiver and the Kubernetes resources created by it
   flux delete receiver main`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ReceiverKind)),
 	RunE: deleteCommand{
 		apiType: receiverType,
 		object:  universalAdapter{&notificationv1.Receiver{}},

cmd/flux/delete_source_bucket.go

@@ -28,6 +28,7 @@ var deleteSourceBucketCmd = &cobra.Command{
 	Long:  "The delete source bucket command deletes the given Bucket from the cluster.",
 	Example: `  # Delete a Bucket source
   flux delete source bucket podinfo`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)),
 	RunE: deleteCommand{
 		apiType: bucketType,
 		object:  universalAdapter{&sourcev1.Bucket{}},

cmd/flux/delete_source_git.go

@@ -28,6 +28,7 @@ var deleteSourceGitCmd = &cobra.Command{
 	Long:  "The delete source git command deletes the given GitRepository from the cluster.",
 	Example: `  # Delete a Git repository
   flux delete source git podinfo`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)),
 	RunE: deleteCommand{
 		apiType: gitRepositoryType,
 		object:  universalAdapter{&sourcev1.GitRepository{}},

cmd/flux/delete_source_helm.go

@@ -28,6 +28,7 @@ var deleteSourceHelmCmd = &cobra.Command{
 	Long:  "The delete source helm command deletes the given HelmRepository from the cluster.",
 	Example: `  # Delete a Helm repository
   flux delete source helm podinfo`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)),
 	RunE: deleteCommand{
 		apiType: helmRepositoryType,
 		object:  universalAdapter{&sourcev1.HelmRepository{}},

cmd/flux/docgen.go

@@ -59,7 +59,7 @@ func docgenCmdRun(cmd *cobra.Command, args []string) error {
 func frontmatterPrepender(filename string) string {
 	name := filepath.Base(filename)
 	base := strings.TrimSuffix(name, path.Ext(name))
-	title := strings.Replace(base, "_", " ", -1) + " command"
+	title := strings.Replace(base, "_", " ", -1)
 	return fmt.Sprintf(fmTemplate, title)
 }
 

cmd/flux/export.go

@@ -113,8 +113,8 @@ func printExport(export interface{}) error {
 	if err != nil {
 		return err
 	}
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
+	rootCmd.Println("---")
+	rootCmd.Println(resourceToString(data))
 	return nil
 }
 

cmd/flux/export_alert.go

@@ -32,6 +32,7 @@ var exportAlertCmd = &cobra.Command{
 
   # Export a Alert
   flux export alert main > main.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.AlertKind)),
 	RunE: exportCommand{
 		object: alertAdapter{&notificationv1.Alert{}},
 		list:   alertListAdapter{&notificationv1.AlertList{}},

cmd/flux/export_alertprovider.go

@@ -32,6 +32,7 @@ var exportAlertProviderCmd = &cobra.Command{
 
   # Export a Provider
   flux export alert-provider slack > slack.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ProviderKind)),
 	RunE: exportCommand{
 		object: alertProviderAdapter{&notificationv1.Provider{}},
 		list:   alertProviderListAdapter{&notificationv1.ProviderList{}},

cmd/flux/export_helmrelease.go

@@ -33,6 +33,7 @@ var exportHelmReleaseCmd = &cobra.Command{
 
   # Export a HelmRelease
   flux export hr my-app > app-release.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),
 	RunE: exportCommand{
 		object: helmReleaseAdapter{&helmv2.HelmRelease{}},
 		list:   helmReleaseListAdapter{&helmv2.HelmReleaseList{}},

cmd/flux/export_image_policy.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var exportImagePolicyCmd = &cobra.Command{
@@ -32,6 +32,7 @@ var exportImagePolicyCmd = &cobra.Command{
 
   # Export a specific policy
   flux export image policy alpine1x > alpine1x.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImagePolicyKind)),
 	RunE: exportCommand{
 		object: imagePolicyAdapter{&imagev1.ImagePolicy{}},
 		list:   imagePolicyListAdapter{&imagev1.ImagePolicyList{}},

cmd/flux/export_image_repository.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var exportImageRepositoryCmd = &cobra.Command{
@@ -32,6 +32,7 @@ var exportImageRepositoryCmd = &cobra.Command{
 
   # Export a specific ImageRepository resource
   flux export image repository alpine > alpine.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImageRepositoryKind)),
 	RunE: exportCommand{
 		object: imageRepositoryAdapter{&imagev1.ImageRepository{}},
 		list:   imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},

cmd/flux/export_image_update.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var exportImageUpdateCmd = &cobra.Command{
@@ -32,6 +32,7 @@ var exportImageUpdateCmd = &cobra.Command{
 
   # Export a specific automation
   flux export image update latest-images > latest.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(autov1.GroupVersion.WithKind(autov1.ImageUpdateAutomationKind)),
 	RunE: exportCommand{
 		object: imageUpdateAutomationAdapter{&autov1.ImageUpdateAutomation{}},
 		list:   imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},

cmd/flux/export_kustomization.go

@@ -20,7 +20,7 @@ import (
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 )
 
 var exportKsCmd = &cobra.Command{
@@ -33,6 +33,7 @@ var exportKsCmd = &cobra.Command{
 
   # Export a Kustomization
   flux export kustomization my-app > kustomization.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
 	RunE: exportCommand{
 		object: kustomizationAdapter{&kustomizev1.Kustomization{}},
 		list:   kustomizationListAdapter{&kustomizev1.KustomizationList{}},

cmd/flux/export_receiver.go

@@ -32,6 +32,7 @@ var exportReceiverCmd = &cobra.Command{
 
   # Export a Receiver
   flux export receiver main > main.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ReceiverKind)),
 	RunE: exportCommand{
 		list:   receiverListAdapter{&notificationv1.ReceiverList{}},
 		object: receiverAdapter{&notificationv1.Receiver{}},

cmd/flux/export_source_bucket.go

@@ -33,6 +33,7 @@ var exportSourceBucketCmd = &cobra.Command{
 
   # Export a Bucket source including the static credentials
   flux export source bucket my-bucket --with-credentials > source.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)),
 	RunE: exportWithSecretCommand{
 		list:   bucketListAdapter{&sourcev1.BucketList{}},
 		object: bucketAdapter{&sourcev1.Bucket{}},

cmd/flux/export_source_git.go

@@ -33,6 +33,7 @@ var exportSourceGitCmd = &cobra.Command{
 
   # Export a GitRepository source including the SSH key pair or basic auth credentials
   flux export source git my-private-repo --with-credentials > source.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)),
 	RunE: exportWithSecretCommand{
 		object: gitRepositoryAdapter{&sourcev1.GitRepository{}},
 		list:   gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},

cmd/flux/export_source_helm.go

@@ -33,6 +33,7 @@ var exportSourceHelmCmd = &cobra.Command{
 
   # Export a HelmRepository source including the basic auth credentials
   flux export source helm my-private-repo --with-credentials > source.yaml`,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)),
 	RunE: exportWithSecretCommand{
 		list:   helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
 		object: helmRepositoryAdapter{&sourcev1.HelmRepository{}},

cmd/flux/export_test.go

@@ -0,0 +1,88 @@
+// +build unit
+
+package main
+
+import (
+	"testing"
+)
+
+func TestExport(t *testing.T) {
+	cases := []struct {
+		name       string
+		arg        string
+		goldenFile string
+	}{
+		{
+			"alert-provider",
+			"export alert-provider slack",
+			"testdata/export/provider.yaml",
+		},
+		{
+			"alert",
+			"export alert flux-system",
+			"testdata/export/alert.yaml",
+		},
+		{
+			"image policy",
+			"export image policy flux-system",
+			"testdata/export/image-policy.yaml",
+		},
+		{
+			"image repository",
+			"export image repository flux-system",
+			"testdata/export/image-repo.yaml",
+		},
+		{
+			"image update",
+			"export image update flux-system",
+			"testdata/export/image-update.yaml",
+		},
+		{
+			"source git",
+			"export source git flux-system",
+			"testdata/export/git-repo.yaml",
+		},
+		{
+			"source helm",
+			"export source helm flux-system",
+			"testdata/export/helm-repo.yaml",
+		},
+		{
+			"receiver",
+			"export receiver flux-system",
+			"testdata/export/receiver.yaml",
+		},
+		{
+			"kustomization",
+			"export kustomization flux-system",
+			"testdata/export/ks.yaml",
+		},
+		{
+			"helmrelease",
+			"export helmrelease flux-system",
+			"testdata/export/helm-release.yaml",
+		},
+		{
+			"bucket",
+			"export source bucket flux-system",
+			"testdata/export/bucket.yaml",
+		},
+	}
+
+	objectFile := "testdata/export/objects.yaml"
+	tmpl := map[string]string{
+		"fluxns": allocateNamespace("flux-system"),
+	}
+	testEnv.CreateObjectFile(objectFile, tmpl, t)
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := cmdTestCase{
+				args:   tt.arg + " -n=" + tmpl["fluxns"],
+				assert: assertGoldenTemplateFile(tt.goldenFile, tmpl),
+			}
+
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/get.go

@@ -25,6 +25,9 @@ import (
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/watch"
+	watchtools "k8s.io/client-go/tools/watch"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/fluxcd/pkg/apis/meta"
@@ -32,6 +35,26 @@ import (
 	"github.com/fluxcd/flux2/internal/utils"
 )
 
+type deriveType func(runtime.Object) (summarisable, error)
+
+type typeMap map[string]deriveType
+
+func (m typeMap) registerCommand(t string, f deriveType) error {
+	if _, ok := m[t]; ok {
+		return fmt.Errorf("duplicate type function %s", t)
+	}
+	m[t] = f
+	return nil
+}
+
+func (m typeMap) execute(t string, obj runtime.Object) (summarisable, error) {
+	f, ok := m[t]
+	if !ok {
+		return nil, fmt.Errorf("unsupported type %s", t)
+	}
+	return f(obj)
+}
+
 var getCmd = &cobra.Command{
 	Use:   "get",
 	Short: "Get the resources and their status",
@@ -39,7 +62,10 @@ var getCmd = &cobra.Command{
 }
 
 type GetFlags struct {
-	allNamespaces bool
+	allNamespaces  bool
+	noHeader       bool
+	statusSelector string
+	watch          bool
 }
 
 var getArgs GetFlags
@@ -47,6 +73,10 @@ var getArgs GetFlags
 func init() {
 	getCmd.PersistentFlags().BoolVarP(&getArgs.allNamespaces, "all-namespaces", "A", false,
 		"list the requested object(s) across all namespaces")
+	getCmd.PersistentFlags().BoolVarP(&getArgs.noHeader, "no-header", "", false, "skip the header when printing the results")
+	getCmd.PersistentFlags().BoolVarP(&getArgs.watch, "watch", "w", false, "After listing/getting the requested object, watch for changes.")
+	getCmd.PersistentFlags().StringVar(&getArgs.statusSelector, "status-selector", "",
+		"specify the status condition name and the desired state to filter the get result, e.g. ready=false")
 	rootCmd.AddCommand(getCmd)
 }
 
@@ -54,6 +84,7 @@ type summarisable interface {
 	listAdapter
 	summariseItem(i int, includeNamespace bool, includeKind bool) []string
 	headers(includeNamespace bool) []string
+	statusSelectorMatches(i int, conditionType, conditionStatus string) bool
 }
 
 // --- these help with implementations of summarisable
@@ -65,6 +96,20 @@ func statusAndMessage(conditions []metav1.Condition) (string, string) {
 	return string(metav1.ConditionFalse), "waiting to be reconciled"
 }
 
+func statusMatches(conditionType, conditionStatus string, conditions []metav1.Condition) bool {
+	// we don't use apimeta.FindStatusCondition because we'd like to use EqualFold to compare two strings
+	var c *metav1.Condition
+	for i := range conditions {
+		if strings.EqualFold(conditions[i].Type, conditionType) {
+			c = &conditions[i]
+		}
+	}
+	if c != nil {
+		return strings.EqualFold(string(c.Status), conditionStatus)
+	}
+	return false
+}
+
 func nameColumns(item named, includeNamespace bool, includeKind bool) []string {
 	name := item.GetName()
 	if includeKind {
@@ -82,7 +127,8 @@ var namespaceHeader = []string{"Namespace"}
 
 type getCommand struct {
 	apiType
-	list summarisable
+	list    summarisable
+	funcMap typeMap
 }
 
 func (get getCommand) run(cmd *cobra.Command, args []string) error {
@@ -103,13 +149,17 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 		listOpts = append(listOpts, client.MatchingFields{"metadata.name": args[0]})
 	}
 
+	getAll := cmd.Use == "all"
+
+	if getArgs.watch {
+		return get.watch(ctx, kubeClient, cmd, args, listOpts)
+	}
+
 	err = kubeClient.List(ctx, get.list.asClientList(), listOpts...)
 	if err != nil {
 		return err
 	}
 
-	getAll := cmd.Use == "all"
-
 	if get.list.len() == 0 {
 		if !getAll {
 			logger.Failuref("no %s objects found in %s namespace", get.kind, rootArgs.namespace)
@@ -117,16 +167,97 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 		return nil
 	}
 
-	header := get.list.headers(getArgs.allNamespaces)
-	var rows [][]string
-	for i := 0; i < get.list.len(); i++ {
-		row := get.list.summariseItem(i, getArgs.allNamespaces, getAll)
-		rows = append(rows, row)
+	var header []string
+	if !getArgs.noHeader {
+		header = get.list.headers(getArgs.allNamespaces)
 	}
-	utils.PrintTable(os.Stdout, header, rows)
+
+	rows, err := getRowsToPrint(getAll, get.list)
+	if err != nil {
+		return err
+	}
+
+	utils.PrintTable(cmd.OutOrStdout(), header, rows)
 
 	if getAll {
 		fmt.Println()
 	}
+
+	return nil
+}
+
+func getRowsToPrint(getAll bool, list summarisable) ([][]string, error) {
+	noFilter := true
+	var conditionType, conditionStatus string
+	if getArgs.statusSelector != "" {
+		parts := strings.SplitN(getArgs.statusSelector, "=", 2)
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("expected status selector in type=status format, but found: %s", getArgs.statusSelector)
+		}
+		conditionType = parts[0]
+		conditionStatus = parts[1]
+		noFilter = false
+	}
+	var rows [][]string
+	for i := 0; i < list.len(); i++ {
+		if noFilter || list.statusSelectorMatches(i, conditionType, conditionStatus) {
+			row := list.summariseItem(i, getArgs.allNamespaces, getAll)
+			rows = append(rows, row)
+		}
+	}
+	return rows, nil
+}
+
+//
+// watch starts a client-side watch of one or more resources.
+func (get *getCommand) watch(ctx context.Context, kubeClient client.WithWatch, cmd *cobra.Command, args []string, listOpts []client.ListOption) error {
+	w, err := kubeClient.Watch(ctx, get.list.asClientList(), listOpts...)
+	if err != nil {
+		return err
+	}
+
+	_, err = watchUntil(ctx, w, get)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func watchUntil(ctx context.Context, w watch.Interface, get *getCommand) (bool, error) {
+	firstIteration := true
+	_, error := watchtools.UntilWithoutRetry(ctx, w, func(e watch.Event) (bool, error) {
+		objToPrint := e.Object
+		sink, err := get.funcMap.execute(get.apiType.kind, objToPrint)
+		if err != nil {
+			return false, err
+		}
+
+		var header []string
+		if !getArgs.noHeader {
+			header = sink.headers(getArgs.allNamespaces)
+		}
+		rows, err := getRowsToPrint(false, sink)
+		if err != nil {
+			return false, err
+		}
+		if firstIteration {
+			utils.PrintTable(os.Stdout, header, rows)
+			firstIteration = false
+		} else {
+			utils.PrintTable(os.Stdout, []string{}, rows)
+		}
+
+		return false, nil
+	})
+
+	return false, error
+}
+
+func validateWatchOption(cmd *cobra.Command, toMatch string) error {
+	w, _ := cmd.Flags().GetBool("watch")
+	if cmd.Use == toMatch && w {
+		return fmt.Errorf("expected a single resource type, but found %s", cmd.Use)
+	}
 	return nil
 }

cmd/flux/get_alert.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
@@ -32,10 +34,40 @@ var getAlertCmd = &cobra.Command{
 	Long:    "The get alert command prints the statuses of the resources.",
 	Example: `  # List all Alerts and their status
   flux get alerts`,
-	RunE: getCommand{
-		apiType: alertType,
-		list:    &alertListAdapter{&notificationv1.AlertList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.AlertKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: alertType,
+			list:    &alertListAdapter{&notificationv1.AlertList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*notificationv1.Alert)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v alert", obj)
+			}
+
+			sink := alertListAdapter{
+				&notificationv1.AlertList{
+					Items: []notificationv1.Alert{
+						*o,
+					},
+				},
+			}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -55,3 +87,8 @@ func (s alertListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (s alertListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_alertprovider.go

@@ -17,7 +17,10 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
+
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
@@ -29,10 +32,40 @@ var getAlertProviderCmd = &cobra.Command{
 	Long:    "The get alert-provider command prints the statuses of the resources.",
 	Example: `  # List all Providers and their status
   flux get alert-providers`,
-	RunE: getCommand{
-		apiType: alertProviderType,
-		list:    alertProviderListAdapter{&notificationv1.ProviderList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ProviderKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: alertProviderType,
+			list:    alertProviderListAdapter{&notificationv1.ProviderList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*notificationv1.Provider)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v alert-provider", obj)
+			}
+
+			sink := alertProviderListAdapter{
+				&notificationv1.ProviderList{
+					Items: []notificationv1.Provider{
+						*o,
+					},
+				},
+			}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -52,3 +85,8 @@ func (s alertProviderListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (s alertProviderListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_all.go

@@ -0,0 +1,96 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+)
+
+var getAllCmd = &cobra.Command{
+	Use:   "all",
+	Short: "Get all resources and statuses",
+	Long:  "The get all command print the statuses of all resources.",
+	Example: `  # List all resources in a namespace
+  flux get all --namespace=flux-system
+
+  # List all resources in all namespaces
+  flux get all --all-namespaces`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		err := validateWatchOption(cmd, "all")
+		if err != nil {
+			return err
+		}
+
+		err = getSourceAllCmd.RunE(cmd, args)
+		if err != nil {
+			logError(err)
+		}
+
+		// all get command
+		var allCmd = []getCommand{
+			{
+				apiType: helmReleaseType,
+				list:    &helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
+			},
+			{
+				apiType: kustomizationType,
+				list:    &kustomizationListAdapter{&kustomizev1.KustomizationList{}},
+			},
+			{
+				apiType: receiverType,
+				list:    receiverListAdapter{&notificationv1.ReceiverList{}},
+			},
+			{
+				apiType: alertProviderType,
+				list:    alertProviderListAdapter{&notificationv1.ProviderList{}},
+			},
+			{
+				apiType: alertType,
+				list:    &alertListAdapter{&notificationv1.AlertList{}},
+			},
+		}
+
+		err = getImageAllCmd.RunE(cmd, args)
+		if err != nil {
+			logError(err)
+		}
+
+		for _, c := range allCmd {
+			if err := c.run(cmd, args); err != nil {
+				logError(err)
+			}
+		}
+
+		return nil
+	},
+}
+
+func logError(err error) {
+	if !strings.Contains(err.Error(), "no matches for kind") {
+		logger.Failuref(err.Error())
+	}
+}
+
+func init() {
+	getCmd.AddCommand(getAllCmd)
+}

cmd/flux/get_helmrelease.go

@@ -17,11 +17,13 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 var getHelmReleaseCmd = &cobra.Command{
@@ -31,10 +33,37 @@ var getHelmReleaseCmd = &cobra.Command{
 	Long:    "The get helmreleases command prints the statuses of the resources.",
 	Example: `  # List all Helm releases and their status
   flux get helmreleases`,
-	RunE: getCommand{
-		apiType: helmReleaseType,
-		list:    &helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: helmReleaseType,
+			list:    &helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*helmv2.HelmRelease)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v helmrelease", obj)
+			}
+
+			sink := helmReleaseListAdapter{&helmv2.HelmReleaseList{
+				Items: []helmv2.HelmRelease{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -56,3 +85,8 @@ func (a helmReleaseListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (a helmReleaseListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := a.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_image.go

@@ -25,6 +25,9 @@ var getImageCmd = &cobra.Command{
 	Aliases: []string{"image"},
 	Short:   "Get image automation object status",
 	Long:    "The get image sub-commands print the status of image automation objects.",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return validateWatchOption(cmd, "images")
+	},
 }
 
 func init() {

cmd/flux/get_image_all.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"strings"
+
 	"github.com/spf13/cobra"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var getImageAllCmd = &cobra.Command{
@@ -33,28 +35,32 @@ var getImageAllCmd = &cobra.Command{
   # List all image objects in all namespaces
   flux get images all --all-namespaces`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		c := getCommand{
-			apiType: imageRepositoryType,
-			list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		err := validateWatchOption(cmd, "all")
+		if err != nil {
+			return err
 		}
 
-		c = getCommand{
-			apiType: imagePolicyType,
-			list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		var allImageCmd = []getCommand{
+			{
+				apiType: imageRepositoryType,
+				list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
+			},
+			{
+				apiType: imagePolicyType,
+				list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
+			},
+			{
+				apiType: imageUpdateAutomationType,
+				list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
+			},
 		}
 
-		c = getCommand{
-			apiType: imageUpdateAutomationType,
-			list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		for _, c := range allImageCmd {
+			if err := c.run(cmd, args); err != nil {
+				if !strings.Contains(err.Error(), "no matches for kind") {
+					logger.Failuref(err.Error())
+				}
+			}
 		}
 
 		return nil

cmd/flux/get_image_policy.go

@@ -17,9 +17,12 @@ limitations under the License.
 package main
 
 import (
-	"github.com/spf13/cobra"
+	"fmt"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var getImagePolicyCmd = &cobra.Command{
@@ -31,10 +34,37 @@ var getImagePolicyCmd = &cobra.Command{
 
  # List image policies from all namespaces
   flux get image policy --all-namespaces`,
-	RunE: getCommand{
-		apiType: imagePolicyType,
-		list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImagePolicyKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: imagePolicyType,
+			list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*imagev1.ImagePolicy)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v policy", obj)
+			}
+
+			sink := imagePolicyListAdapter{&imagev1.ImagePolicyList{
+				Items: []imagev1.ImagePolicy{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -54,3 +84,8 @@ func (s imagePolicyListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (s imagePolicyListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_image_repository.go

@@ -17,13 +17,15 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
-	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
 )
 
 var getImageRepositoryCmd = &cobra.Command{
@@ -35,10 +37,37 @@ var getImageRepositoryCmd = &cobra.Command{
 
  # List image repositories from all namespaces
   flux get image repository --all-namespaces`,
-	RunE: getCommand{
-		apiType: imageRepositoryType,
-		list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImageRepositoryKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: imageRepositoryType,
+			list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*imagev1.ImageRepository)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v repository", obj)
+			}
+
+			sink := imageRepositoryListAdapter{&imagev1.ImageRepositoryList{
+				Items: []imagev1.ImageRepository{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -63,3 +92,8 @@ func (s imageRepositoryListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (s imageRepositoryListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_image_update.go

@@ -17,13 +17,15 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
-	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
 )
 
 var getImageUpdateCmd = &cobra.Command{
@@ -35,10 +37,37 @@ var getImageUpdateCmd = &cobra.Command{
 
  # List image update automations from all namespaces
   flux get image update --all-namespaces`,
-	RunE: getCommand{
-		apiType: imageUpdateAutomationType,
-		list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(autov1.GroupVersion.WithKind(autov1.ImageUpdateAutomationKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: imageUpdateAutomationType,
+			list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*autov1.ImageUpdateAutomation)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v update", obj)
+			}
+
+			sink := imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{
+				Items: []autov1.ImageUpdateAutomation{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -62,3 +91,8 @@ func (s imageUpdateAutomationListAdapter) headers(includeNamespace bool) []strin
 	}
 	return headers
 }
+
+func (s imageUpdateAutomationListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_kustomization.go

@@ -17,12 +17,14 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 )
 
 var getKsCmd = &cobra.Command{
@@ -32,10 +34,40 @@ var getKsCmd = &cobra.Command{
 	Long:    "The get kustomizations command prints the statuses of the resources.",
 	Example: `  # List all kustomizations and their status
   flux get kustomizations`,
-	RunE: getCommand{
-		apiType: kustomizationType,
-		list:    &kustomizationListAdapter{&kustomizev1.KustomizationList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: kustomizationType,
+			list:    &kustomizationListAdapter{&kustomizev1.KustomizationList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*kustomizev1.Kustomization)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v kustomization", obj)
+			}
+
+			sink := kustomizationListAdapter{
+				&kustomizev1.KustomizationList{
+					Items: []kustomizev1.Kustomization{
+						*o,
+					},
+				},
+			}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -57,3 +89,8 @@ func (a kustomizationListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (a kustomizationListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := a.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_receiver.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
@@ -32,10 +34,37 @@ var getReceiverCmd = &cobra.Command{
 	Long:    "The get receiver command prints the statuses of the resources.",
 	Example: `  # List all Receiver and their status
   flux get receivers`,
-	RunE: getCommand{
-		apiType: receiverType,
-		list:    receiverListAdapter{&notificationv1.ReceiverList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ReceiverKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: receiverType,
+			list:    receiverListAdapter{&notificationv1.ReceiverList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*notificationv1.Receiver)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v receiver", obj)
+			}
+
+			sink := receiverListAdapter{&notificationv1.ReceiverList{
+				Items: []notificationv1.Receiver{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -55,3 +84,8 @@ func (s receiverListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (s receiverListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := s.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_source.go

@@ -25,6 +25,10 @@ var getSourceCmd = &cobra.Command{
 	Aliases: []string{"source"},
 	Short:   "Get source statuses",
 	Long:    "The get source sub-commands print the statuses of the sources.",
+	RunE: func(cmd *cobra.Command, args []string) error {
+
+		return validateWatchOption(cmd, "sources")
+	},
 }
 
 func init() {

cmd/flux/get_source_all.go

@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"strings"
+
 	"github.com/spf13/cobra"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
@@ -32,36 +34,36 @@ var getSourceAllCmd = &cobra.Command{
   # List all sources in all namespaces
   flux get sources all --all-namespaces`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		c := getCommand{
-			apiType: bucketType,
-			list:    &bucketListAdapter{&sourcev1.BucketList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		err := validateWatchOption(cmd, "all")
+		if err != nil {
+			return err
 		}
 
-		c = getCommand{
-			apiType: gitRepositoryType,
-			list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		var allSourceCmd = []getCommand{
+			{
+				apiType: bucketType,
+				list:    &bucketListAdapter{&sourcev1.BucketList{}},
+			},
+			{
+				apiType: gitRepositoryType,
+				list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
+			},
+			{
+				apiType: helmRepositoryType,
+				list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
+			},
+			{
+				apiType: helmChartType,
+				list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
+			},
 		}
 
-		c = getCommand{
-			apiType: helmRepositoryType,
-			list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
-		}
-
-		c = getCommand{
-			apiType: helmChartType,
-			list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
-		}
-		if err := c.run(cmd, args); err != nil {
-			logger.Failuref(err.Error())
+		for _, c := range allSourceCmd {
+			if err := c.run(cmd, args); err != nil {
+				if !strings.Contains(err.Error(), "no matches for kind") {
+					logger.Failuref(err.Error())
+				}
+			}
 		}
 
 		return nil

cmd/flux/get_source_bucket.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
@@ -34,10 +36,37 @@ var getSourceBucketCmd = &cobra.Command{
 
  # List buckets from all namespaces
   flux get sources helm --all-namespaces`,
-	RunE: getCommand{
-		apiType: bucketType,
-		list:    &bucketListAdapter{&sourcev1.BucketList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: bucketType,
+			list:    &bucketListAdapter{&sourcev1.BucketList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*sourcev1.Bucket)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v bucket", obj)
+			}
+
+			sink := &bucketListAdapter{&sourcev1.BucketList{
+				Items: []sourcev1.Bucket{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -62,3 +91,8 @@ func (a bucketListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (a bucketListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := a.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_source_chart.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
@@ -34,10 +36,37 @@ var getSourceHelmChartCmd = &cobra.Command{
 
  # List Helm charts from all namespaces
   flux get sources chart --all-namespaces`,
-	RunE: getCommand{
-		apiType: helmChartType,
-		list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmChartKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: helmChartType,
+			list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*sourcev1.HelmChart)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v chart", obj)
+			}
+
+			sink := &helmChartListAdapter{&sourcev1.HelmChartList{
+				Items: []sourcev1.HelmChart{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -62,3 +91,8 @@ func (a helmChartListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (a helmChartListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := a.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}

cmd/flux/get_source_git.go

@@ -17,10 +17,12 @@ limitations under the License.
 package main
 
 import (
+	"fmt"
 	"strconv"
 	"strings"
 
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/runtime"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
@@ -34,10 +36,37 @@ var getSourceGitCmd = &cobra.Command{
 
  # List Git repositories from all namespaces
   flux get sources git --all-namespaces`,
-	RunE: getCommand{
-		apiType: gitRepositoryType,
-		list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
-	}.run,
+	ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		get := getCommand{
+			apiType: gitRepositoryType,
+			list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
+			funcMap: make(typeMap),
+		}
+
+		err := get.funcMap.registerCommand(get.apiType.kind, func(obj runtime.Object) (summarisable, error) {
+			o, ok := obj.(*sourcev1.GitRepository)
+			if !ok {
+				return nil, fmt.Errorf("Impossible to cast type %#v git", obj)
+			}
+
+			sink := &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{
+				Items: []sourcev1.GitRepository{
+					*o,
+				}}}
+			return sink, nil
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if err := get.run(cmd, args); err != nil {
+			return err
+		}
+
+		return nil
+	},
 }
 
 func init() {
@@ -62,3 +91,8 @@ func (a gitRepositoryListAdapter) headers(includeNamespace bool) []string {
 	}
 	return headers
 }
+
+func (a gitRepositoryListAdapter) statusSelectorMatches(i int, conditionType, conditionStatus string) bool {
+	item := a.Items[i]
+	return statusMatches(conditionType, conditionStatus, item.Status.Conditions)
+}