Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c4261399b5 | ||
|
|
b4edb46269 | ||
|
|
a20ed0e630 | ||
|
|
cea869e285 | ||
|
|
e12db14d1e | ||
|
|
296bf3cc6c | ||
|
|
1789aa180d | ||
|
|
bd255800db | ||
|
|
1355962b3c | ||
|
|
bb0114e379 | ||
|
|
f9622a5b9e | ||
|
|
3a74fcd75c | ||
|
|
7265276cc2 | ||
|
|
b98027b528 | ||
|
|
b6ae7d2cdd | ||
|
|
aa887c61c3 |
16
README.md
16
README.md
@@ -22,13 +22,19 @@ Delivery on top of Kubernetes.
|
||||
|
||||
## Flux installation
|
||||
|
||||
With Homebrew:
|
||||
With [Homebrew](https://brew.sh) for macOS and Linux:
|
||||
|
||||
```sh
|
||||
brew install fluxcd/tap/flux
|
||||
```
|
||||
|
||||
With Bash:
|
||||
With [GoFish](https://gofi.sh) for Windows, macOS and Linux:
|
||||
|
||||
```sh
|
||||
gofish install flux
|
||||
```
|
||||
|
||||
With Bash for macOS and Linux:
|
||||
|
||||
```sh
|
||||
curl -s https://fluxcd.io/install.sh | sudo bash
|
||||
@@ -46,10 +52,10 @@ Arch Linux (AUR) packages:
|
||||
- [flux-scm](https://aur.archlinux.org/packages/flux-scm): build the latest
|
||||
(unstable) version from source code from our git `main` branch
|
||||
|
||||
Binaries for macOS, Windows and Linux AMD64/ARM are available to download on the
|
||||
[release page](https://github.com/fluxcd/flux2/releases).
|
||||
Binaries for macOS AMD64/ARM64, Linux AMD64/ARM/ARM64 and Windows are available to
|
||||
download on the [release page](https://github.com/fluxcd/flux2/releases).
|
||||
|
||||
A container image with `kubectl` and `flux` is available on Docker Hub and GitHub:
|
||||
A multi-arch container image with `kubectl` and `flux` is available on Docker Hub and GitHub:
|
||||
|
||||
* `docker.io/fluxcd/flux-cli:<version>`
|
||||
* `ghcr.io/fluxcd/flux-cli:<version>`
|
||||
|
||||
8
go.mod
8
go.mod
@@ -7,17 +7,17 @@ require (
|
||||
github.com/cyphar/filepath-securejoin v0.2.2
|
||||
github.com/fluxcd/go-git-providers v0.1.1
|
||||
github.com/fluxcd/helm-controller/api v0.10.1
|
||||
github.com/fluxcd/image-automation-controller/api v0.10.0
|
||||
github.com/fluxcd/image-automation-controller/api v0.11.0
|
||||
github.com/fluxcd/image-reflector-controller/api v0.9.1
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.1
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.2
|
||||
github.com/fluxcd/notification-controller/api v0.14.1
|
||||
github.com/fluxcd/pkg/apis/meta v0.9.0
|
||||
github.com/fluxcd/pkg/runtime v0.11.0
|
||||
github.com/fluxcd/pkg/ssh v0.0.5
|
||||
github.com/fluxcd/pkg/untar v0.0.5
|
||||
github.com/fluxcd/pkg/version v0.0.1
|
||||
github.com/fluxcd/source-controller/api v0.13.0
|
||||
github.com/go-git/go-git/v5 v5.4.1
|
||||
github.com/fluxcd/source-controller/api v0.13.2
|
||||
github.com/go-git/go-git/v5 v5.4.2
|
||||
github.com/google/go-containerregistry v0.2.0
|
||||
github.com/manifoldco/promptui v0.7.0
|
||||
github.com/olekukonko/tablewriter v0.0.4
|
||||
|
||||
16
go.sum
16
go.sum
@@ -196,12 +196,12 @@ github.com/fluxcd/go-git-providers v0.1.1 h1:R4VafMOo1IlfEZcImApCeElge/HajhFvRzD
|
||||
github.com/fluxcd/go-git-providers v0.1.1/go.mod h1:nRgNpHZmZhrsyNSma1JcAhjUG9xrqMGJcIUr9K7M7vk=
|
||||
github.com/fluxcd/helm-controller/api v0.10.1 h1:p0zlz6Z8SLgN+xXNPgCC8mUKMDQHnhMwt80NZA1qecs=
|
||||
github.com/fluxcd/helm-controller/api v0.10.1/go.mod h1:IZ/d5VdxolemPILdN4xeVnHO7kXpUTND/9vJ/rnS/7U=
|
||||
github.com/fluxcd/image-automation-controller/api v0.10.0 h1:iZJAxD3Zyh2p1+TCI6oRASzORL67x+zMTDDkeatcF3A=
|
||||
github.com/fluxcd/image-automation-controller/api v0.10.0/go.mod h1:fsRQZMN60ZJ8uNW79ikiEJE0UeL4tmRQdSBWC1wSgbU=
|
||||
github.com/fluxcd/image-automation-controller/api v0.11.0 h1:YWO3tBM+rcKJ1JMVPYhRR+yC8HwnY6EjpSxCusRTxdU=
|
||||
github.com/fluxcd/image-automation-controller/api v0.11.0/go.mod h1:L6m0LDs0sDhLH0+LRqTNlVt+6H3RyMgFbaLCaMV46ss=
|
||||
github.com/fluxcd/image-reflector-controller/api v0.9.1 h1:l1PrkVcdjb5hR3xaKX1ULv2LaMPYAfky/xYHAwhvro0=
|
||||
github.com/fluxcd/image-reflector-controller/api v0.9.1/go.mod h1:gFoTJFs977JhE1H6RQSlGwYJGw12aIFDi5ljAn3rtUc=
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.1 h1:ynwdZtUqD6yLCbgXcf25En2Yk/EWNHuZEvBNk3k8eo0=
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.1/go.mod h1:jBVfw3uQ09Iitt83lZVbCKO7ep+diWprt8CoP6yeSsw=
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.2 h1:Tl0ZmytU5bDJxncZeugyCgj6ImfXIsneNsuf3VE4t90=
|
||||
github.com/fluxcd/kustomize-controller/api v0.12.2/go.mod h1:jBVfw3uQ09Iitt83lZVbCKO7ep+diWprt8CoP6yeSsw=
|
||||
github.com/fluxcd/notification-controller/api v0.14.1 h1:K24AyIz2UDlnAaYTwYpL0BqOjjJrkO7RxrZCQIKCZYg=
|
||||
github.com/fluxcd/notification-controller/api v0.14.1/go.mod h1:0ndWAtU/nlhbiWhOk8ai4/M9q7csjbWVcXcWREs2A10=
|
||||
github.com/fluxcd/pkg/apis/kustomize v0.0.1 h1:TkA80R0GopRY27VJqzKyS6ifiKIAfwBd7OHXtV3t2CI=
|
||||
@@ -216,8 +216,8 @@ github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7g
|
||||
github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
|
||||
github.com/fluxcd/pkg/version v0.0.1 h1:/8asQoDXSThz3csiwi4Qo8Zb6blAxLXbtxNgeMJ9bCg=
|
||||
github.com/fluxcd/pkg/version v0.0.1/go.mod h1:WAF4FEEA9xyhngF8TDxg3UPu5fA1qhEYV8Pmi2Il01Q=
|
||||
github.com/fluxcd/source-controller/api v0.13.0 h1:p7SWHPpxco1EsGu2jnF0aCZcQcl4IYQzjcXf4K5GpcY=
|
||||
github.com/fluxcd/source-controller/api v0.13.0/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
|
||||
github.com/fluxcd/source-controller/api v0.13.2 h1:LdWeapRXal3FmxTKEMh6wshg7u8Z3V3IDiB8TOPwM9o=
|
||||
github.com/fluxcd/source-controller/api v0.13.2/go.mod h1:+EPyhxC7Y+hUnq7EwAkkLtfbwCxJxF5yfmiyzDk43KY=
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
@@ -241,8 +241,8 @@ github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Ai
|
||||
github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
|
||||
github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8=
|
||||
github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
|
||||
github.com/go-git/go-git/v5 v5.4.1 h1:2RJXJuTMac944e419pJJJ3mOJBcr3A3M6SN6wQKZ/Gs=
|
||||
github.com/go-git/go-git/v5 v5.4.1/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
|
||||
github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4=
|
||||
github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
|
||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.10.0/image-automation-controller.crds.yaml
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.10.0/image-automation-controller.deployment.yaml
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.11.0/image-automation-controller.crds.yaml
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.11.0/image-automation-controller.deployment.yaml
|
||||
- account.yaml
|
||||
patchesJson6902:
|
||||
- target:
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.1/kustomize-controller.crds.yaml
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.1/kustomize-controller.deployment.yaml
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.2/kustomize-controller.crds.yaml
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.2/kustomize-controller.deployment.yaml
|
||||
- account.yaml
|
||||
patchesJson6902:
|
||||
- target:
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.0/source-controller.crds.yaml
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.0/source-controller.deployment.yaml
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.2/source-controller.crds.yaml
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.2/source-controller.deployment.yaml
|
||||
- account.yaml
|
||||
patchesJson6902:
|
||||
- target:
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.0/source-controller.crds.yaml
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.1/kustomize-controller.crds.yaml
|
||||
- https://github.com/fluxcd/source-controller/releases/download/v0.13.2/source-controller.crds.yaml
|
||||
- https://github.com/fluxcd/kustomize-controller/releases/download/v0.12.2/kustomize-controller.crds.yaml
|
||||
- https://github.com/fluxcd/helm-controller/releases/download/v0.10.1/helm-controller.crds.yaml
|
||||
- https://github.com/fluxcd/notification-controller/releases/download/v0.14.1/notification-controller.crds.yaml
|
||||
- https://github.com/fluxcd/image-reflector-controller/releases/download/v0.9.1/image-reflector-controller.crds.yaml
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.10.0/image-automation-controller.crds.yaml
|
||||
- https://github.com/fluxcd/image-automation-controller/releases/download/v0.11.0/image-automation-controller.crds.yaml
|
||||
|
||||
14
manifests/integrations/Makefile
Normal file
14
manifests/integrations/Makefile
Normal file
@@ -0,0 +1,14 @@
|
||||
|
||||
bases := $(shell dirname $(shell find | grep kustomization.yaml | sort))
|
||||
|
||||
all: $(bases)
|
||||
|
||||
permutations := $(bases) $(addsuffix /,$(bases))
|
||||
.PHONY: $(permutations)
|
||||
$(permutations):
|
||||
@echo $@
|
||||
@warnings=$$(kustomize build $@ -o /dev/null 2>&1); \
|
||||
if [ "$$warnings" ]; then \
|
||||
echo "$$warnings"; \
|
||||
false; \
|
||||
fi
|
||||
@@ -7,6 +7,9 @@ commonLabels:
|
||||
resources:
|
||||
- sync.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- kubectl-patch.yaml
|
||||
|
||||
vars:
|
||||
- name: KUBE_SECRET
|
||||
objref:
|
||||
@@ -15,13 +18,6 @@ vars:
|
||||
apiVersion: v1
|
||||
fieldref:
|
||||
fieldpath: data.KUBE_SECRET
|
||||
- name: ADDRESS
|
||||
objref:
|
||||
kind: ConfigMap
|
||||
name: credentials-sync-eventhub
|
||||
apiVersion: v1
|
||||
fieldref:
|
||||
fieldpath: data.ADDRESS
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
|
||||
@@ -109,9 +109,9 @@ rules:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
# # Lock this down to the specific Secret name (Optional)
|
||||
#resourceNames:
|
||||
# - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
|
||||
# Lock this down to the specific Secret name (Optional)
|
||||
resourceNames:
|
||||
- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: credentials-sync
|
||||
name: credentials-sync-eventhub
|
||||
namespace: flux-system
|
||||
spec:
|
||||
jobTemplate:
|
||||
@@ -7,6 +7,9 @@ commonLabels:
|
||||
resources:
|
||||
- sync.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- kubectl-patch.yaml
|
||||
|
||||
vars:
|
||||
- name: KUBE_SECRET
|
||||
objref:
|
||||
@@ -15,13 +18,6 @@ vars:
|
||||
apiVersion: v1
|
||||
fieldref:
|
||||
fieldpath: data.KUBE_SECRET
|
||||
- name: ADDRESS
|
||||
objref:
|
||||
kind: ConfigMap
|
||||
name: credentials-sync-eventhub
|
||||
apiVersion: v1
|
||||
fieldref:
|
||||
fieldpath: data.ADDRESS
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
|
||||
@@ -85,9 +85,9 @@ rules:
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
# # Lock this down to the specific Secret name (Optional)
|
||||
#resourceNames:
|
||||
# - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
|
||||
# Lock this down to the specific Secret name (Optional)
|
||||
resourceNames:
|
||||
- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
@@ -12,5 +12,5 @@ metadata:
|
||||
name: lab
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: lab
|
||||
selector: lab
|
||||
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
|
||||
@@ -23,15 +23,6 @@ spec:
|
||||
clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
|
||||
resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
|
||||
type: 0
|
||||
---
|
||||
apiVersion: aadpodidentity.k8s.io/v1
|
||||
kind: AzureIdentityBinding
|
||||
metadata:
|
||||
name: lab
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: jwt-lab
|
||||
selector: jwt-lab
|
||||
|
||||
# Set the reconcile period + specify the pod-identity via the aadpodidbinding label
|
||||
---
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: credentials-sync-eventhub
|
||||
namespace: flux-system
|
||||
spec:
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- image: bitnami/kubectl
|
||||
securityContext:
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
name: copy-kubectl
|
||||
# it's okay to do this because kubectl is a statically linked binary
|
||||
command:
|
||||
- sh
|
||||
- -ceu
|
||||
- cp $(which kubectl) /kbin/
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
containers:
|
||||
- name: sync
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
volumes:
|
||||
- name: kbin
|
||||
emptyDir: {}
|
||||
@@ -14,7 +14,6 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
vars:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
varReference:
|
||||
- path: spec/jobTemplate/spec/template/metadata/labels
|
||||
kind: CronJob
|
||||
- path: spec/jobTemplate/spec/template/metadata/labels
|
||||
kind: CronJob
|
||||
- path: spec/azureIdentity
|
||||
kind: AzureIdentityBinding
|
||||
- path: spec/selector
|
||||
kind: AzureIdentityBinding
|
||||
|
||||
@@ -3,7 +3,6 @@ apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: credentials-sync-eventhub
|
||||
namespace: flux-system
|
||||
data:
|
||||
KUBE_SECRET: webhook-url # does not yet exist -- will be created in the same Namespace
|
||||
ADDRESS: "fluxv2" # the Azure Event Hub name
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: credentials-sync-eventhub
|
||||
namespace: flux-system
|
||||
spec:
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- image: bitnami/kubectl
|
||||
securityContext:
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
name: copy-kubectl
|
||||
# it's okay to do this because kubectl is a statically linked binary
|
||||
command:
|
||||
- sh
|
||||
- -ceu
|
||||
- cp $(which kubectl) /kbin/
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
containers:
|
||||
- name: sync
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
volumes:
|
||||
- name: kbin
|
||||
emptyDir: {}
|
||||
@@ -14,8 +14,4 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
varReference:
|
||||
- path: spec/jobTemplate/spec/template/metadata/labels
|
||||
kind: CronJob
|
||||
@@ -9,8 +9,8 @@ metadata:
|
||||
apiVersion: aadpodidentity.k8s.io/v1
|
||||
kind: AzureIdentityBinding
|
||||
metadata:
|
||||
name: lab
|
||||
name: lab # this can have a different name, but it's nice to keep them the same
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: lab
|
||||
selector: lab
|
||||
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
|
||||
@@ -24,15 +24,6 @@ spec:
|
||||
clientID: 82d01fb0-7799-4d9d-92c7-21e7632c0000
|
||||
resourceID: /subscriptions/82d01fb0-7799-4d9d-92c7-21e7632c0000/resourceGroups/stealthybox/providers/Microsoft.ManagedIdentity/userAssignedIdentities/eventhub-write
|
||||
type: 0
|
||||
---
|
||||
apiVersion: aadpodidentity.k8s.io/v1
|
||||
kind: AzureIdentityBinding
|
||||
metadata:
|
||||
name: lab
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: jwt-lab
|
||||
selector: jwt-lab
|
||||
|
||||
# Specify the pod-identity via the aadpodidbinding label
|
||||
---
|
||||
|
||||
@@ -14,7 +14,6 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
vars:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
varReference:
|
||||
- path: spec/template/metadata/labels
|
||||
kind: Deployment
|
||||
- path: spec/azureIdentity
|
||||
kind: AzureIdentityBinding
|
||||
- path: spec/selector
|
||||
kind: AzureIdentityBinding
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: credentials-sync-eventhub
|
||||
namespace: flux-system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- image: bitnami/kubectl
|
||||
securityContext:
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
name: copy-kubectl
|
||||
# it's okay to do this because kubectl is a statically linked binary
|
||||
command:
|
||||
- sh
|
||||
- -ceu
|
||||
- cp $(which kubectl) /kbin/
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
containers:
|
||||
- name: sync
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
volumes:
|
||||
- name: kbin
|
||||
emptyDir: {}
|
||||
@@ -14,8 +14,4 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
varReference:
|
||||
- path: spec/template/metadata/labels
|
||||
kind: Deployment
|
||||
@@ -7,6 +7,9 @@ commonLabels:
|
||||
resources:
|
||||
- sync.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- kubectl-patch.yaml
|
||||
|
||||
vars:
|
||||
- name: KUBE_SECRET
|
||||
objref:
|
||||
|
||||
@@ -7,6 +7,9 @@ commonLabels:
|
||||
resources:
|
||||
- sync.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- kubectl-patch.yaml
|
||||
|
||||
vars:
|
||||
- name: KUBE_SECRET
|
||||
objref:
|
||||
|
||||
@@ -14,7 +14,6 @@ bases:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
## uncomment if using encrypted-secret.yaml
|
||||
|
||||
@@ -5,3 +5,12 @@ kind: AzureIdentity
|
||||
metadata:
|
||||
name: credentials-sync # if this is changed, also change in config-patches.yaml
|
||||
namespace: flux-system
|
||||
---
|
||||
apiVersion: aadpodidentity.k8s.io/v1
|
||||
kind: AzureIdentityBinding
|
||||
metadata:
|
||||
name: credentials-sync # this can have a different name, but it's nice to keep them the same
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
|
||||
@@ -14,7 +14,6 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
vars:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
varReference:
|
||||
- path: spec/jobTemplate/spec/template/metadata/labels
|
||||
kind: Deployment
|
||||
kind: CronJob
|
||||
- path: spec/azureIdentity
|
||||
kind: AzureIdentityBinding
|
||||
- path: spec/selector
|
||||
kind: AzureIdentityBinding
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: sync
|
||||
image: aws/aws-cli
|
||||
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
|
||||
env:
|
||||
- name: RECONCILE_SH
|
||||
value: |-
|
||||
|
||||
@@ -14,7 +14,6 @@ bases:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
## uncomment if using encrypted-secret.yaml
|
||||
|
||||
@@ -5,3 +5,12 @@ kind: AzureIdentity
|
||||
metadata:
|
||||
name: credentials-sync # if this is changed, also change in config-patches.yaml
|
||||
namespace: flux-system
|
||||
---
|
||||
apiVersion: aadpodidentity.k8s.io/v1
|
||||
kind: AzureIdentityBinding
|
||||
metadata:
|
||||
name: credentials-sync # this can have a different name, but it's nice to keep them the same
|
||||
namespace: flux-system
|
||||
spec:
|
||||
azureIdentity: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
selector: $(AZ_IDENTITY_NAME) # match the AzureIdentity name
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: credentials-sync
|
||||
namespace: flux-system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- image: bitnami/kubectl
|
||||
name: copy-kubectl
|
||||
# it's okay to do this because kubectl is a statically linked binary
|
||||
command:
|
||||
- sh
|
||||
- -ceu
|
||||
- cp $(which kubectl) /kbin/
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
containers:
|
||||
- name: sync
|
||||
volumeMounts:
|
||||
- name: kbin
|
||||
mountPath: /kbin
|
||||
volumes:
|
||||
- name: kbin
|
||||
emptyDir: {}
|
||||
@@ -14,7 +14,6 @@ resources:
|
||||
|
||||
patchesStrategicMerge:
|
||||
- config-patches.yaml
|
||||
- kubectl-patch.yaml
|
||||
- reconcile-patch.yaml
|
||||
|
||||
vars:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
varReference:
|
||||
- path: spec/template/metadata/labels
|
||||
kind: Deployment
|
||||
- path: spec/azureIdentity
|
||||
kind: AzureIdentityBinding
|
||||
- path: spec/selector
|
||||
kind: AzureIdentityBinding
|
||||
|
||||
@@ -9,7 +9,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: sync
|
||||
image: aws/aws-cli
|
||||
image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
|
||||
env:
|
||||
- name: RECONCILE_SH
|
||||
value: |-
|
||||
|
||||
Reference in New Issue
Block a user