Merge pull request #2071 from fluxcd/flux-tree-exclude-remote-clusters

Skip remote clusters in flux tree cmd

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -48,19 +48,18 @@ body:
     required: true
   attributes:
     label: Flux version
-    description: Run `flux --version` to check. If not applicable, write `N/A`.
-    placeholder: e.g. 0.16.1
+    description: Run `flux version --client`. If not applicable, write `N/A`.
+    placeholder: e.g. v0.20.1
 - type: textarea
   validations:
     required: true
   attributes:
     label: Flux check
-    description: Run `flux check` to check. If not applicable, write `N/A`.
+    description: Run `flux check`. If not applicable, write `N/A`.
     placeholder: |
       For example:
       ► checking prerequisites
-      ✔ kubectl 1.21.0 >=1.18.0-0
-      ✔ Kubernetes 1.21.1 >=1.16.0-0
+      ✔ Kubernetes 1.21.1 >=1.19.0-0
       ► checking controllers
       ✔ all checks passed
 - type: input

.github/workflows/bootstrap.yaml

@@ -64,6 +64,22 @@ jobs:
           --team=team-z
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+      - name: bootstrap customize
+        run: |
+          make setup-bootstrap-patch
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
+          --owner=fluxcd-testing \
+          --repository=${{ steps.vars.outputs.test_repo_name }} \
+          --branch=main \
+          --path=test-cluster \
+          --team=team-z
+          if [ $(kubectl get deployments.apps source-controller -o jsonpath='{.spec.template.spec.securityContext.runAsUser}') != "10000" ]; then
+          echo "Bootstrap not customized as controller is not running as user 10000" && exit 1
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+          GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
+          GITHUB_ORG_NAME: fluxcd-testing
       - name: libgit2
         run: |
           /tmp/flux create source git test-libgit2 \

.github/workflows/e2e.yaml

@@ -191,7 +191,14 @@ jobs:
           /tmp/flux create kustomization flux-system \
           --source=flux-system \
           --path=./clusters/staging
+          kubectl -n flux-system wait kustomization/infrastructure --for=condition=ready --timeout=5m
           kubectl -n flux-system wait kustomization/apps --for=condition=ready --timeout=5m
+          kubectl -n nginx wait helmrelease/nginx --for=condition=ready --timeout=5m
+          kubectl -n redis wait helmrelease/redis --for=condition=ready --timeout=5m
+          kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
+      - name: flux tree
+        run: |
+          /tmp/flux tree kustomization flux-system | grep Service/podinfo
       - name: flux check
         run: |
           /tmp/flux check

CONTRIBUTING.md

@@ -30,7 +30,7 @@ you can sign your commit automatically with `git commit -s`.
 
 For realtime communications we use Slack: To join the conversation, simply
 join the [CNCF](https://slack.cncf.io/) Slack workspace and use the
-[#flux-dev](https://cloud-native.slack.com/messages/flux-dev/) channel.
+[#flux-contributors](https://cloud-native.slack.com/messages/flux-contributors/) channel.
 
 To discuss ideas and specifications we use [Github
 Discussions](https://github.com/fluxcd/flux2/discussions).

MAINTAINERS

@@ -17,3 +17,4 @@ Hidde Beydals, Weaveworks <hidde@weave.works> (github: @hiddeco, slack: hidde)
 Max Jonas Werner, D2iQ <mwerner@d2iq.com> (github: @makkes, slack: max)
 Philip Laine, Xenit <philip.laine@xenit.se> (github: @phillebaba, slack: phillebaba)
 Stefan Prodan, Weaveworks <stefan@weave.works> (github: @stefanprodan, slack: stefanprodan)
+Sunny, Weaveworks <sunny@weave.works> (github: @darkowlzz, slack: darkowlzz)

Makefile

@@ -58,10 +58,12 @@ install:
 install-dev:
 	CGO_ENABLED=0 go build -o /usr/local/bin ./cmd/flux
 
-
 install-envtest:  setup-envtest
 	 $(SETUP_ENVTEST) use $(ENVTEST_BIN_VERSION)
 
+setup-bootstrap-patch:
+	go run ./tests/bootstrap/main.go
+
 # Find or download setup-envtest
 setup-envtest:
 ifeq (, $(shell which setup-envtest))

cmd/flux/bootstrap.go

@@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}

cmd/flux/bootstrap_github.go

@@ -111,7 +111,11 @@ func init() {
 func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	ghToken := os.Getenv(ghTokenEnvVar)
 	if ghToken == "" {
-		return fmt.Errorf("%s environment variable not found", ghTokenEnvVar)
+		var err error
+		ghToken, err = readPasswordFromStdin("Please enter your GitHub personal access token (PAT): ")
+		if err != nil {
+			return fmt.Errorf("could not read token: %w", err)
+		}
 	}
 
 	if err := bootstrapValidate(); err != nil {

cmd/flux/bootstrap_gitlab.go

@@ -108,7 +108,11 @@ func init() {
 func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	glToken := os.Getenv(glTokenEnvVar)
 	if glToken == "" {
-		return fmt.Errorf("%s environment variable not found", glTokenEnvVar)
+		var err error
+		glToken, err = readPasswordFromStdin("Please enter your GitLab personal access token (PAT): ")
+		if err != nil {
+			return fmt.Errorf("could not read token: %w", err)
+		}
 	}
 
 	if projectNameIsValid, err := regexp.MatchString(gitlabProjectRegex, gitlabArgs.repository); err != nil || !projectNameIsValid {

cmd/flux/check.go

@@ -30,6 +30,7 @@ import (
 	"github.com/fluxcd/pkg/version"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/status"
 )
@@ -191,7 +192,7 @@ func componentsCheck() bool {
 	}
 
 	ok := true
-	selector := client.MatchingLabels{"app.kubernetes.io/instance": rootArgs.namespace}
+	selector := client.MatchingLabels{manifestgen.PartOfLabelKey: manifestgen.PartOfLabelValue}
 	var list v1.DeploymentList
 	if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err == nil {
 		for _, d := range list.Items {

cmd/flux/create_secret_git.go

@@ -105,7 +105,7 @@ func init() {
 
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}

cmd/flux/create_source.go

@@ -17,6 +17,8 @@ limitations under the License.
 package main
 
 import (
+	"time"
+
 	"github.com/spf13/cobra"
 )
 
@@ -26,6 +28,14 @@ var createSourceCmd = &cobra.Command{
 	Long:  "The create source sub-commands generate sources.",
 }
 
+type createSourceFlags struct {
+	fetchTimeout time.Duration
+}
+
+var createSourceArgs createSourceFlags
+
 func init() {
+	createSourceCmd.PersistentFlags().DurationVar(&createSourceArgs.fetchTimeout, "fetch-timeout", createSourceArgs.fetchTimeout,
+		"set a timeout for fetch operations performed by source-controller (e.g. 'git clone' or 'helm repo update')")
 	createCmd.AddCommand(createSourceCmd)
 }

cmd/flux/create_source_bucket.go

@@ -134,6 +134,11 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 			},
 		},
 	}
+
+	if createSourceArgs.fetchTimeout > 0 {
+		bucket.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
 	if sourceBucketArgs.secretRef != "" {
 		bucket.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: sourceBucketArgs.secretRef,

cmd/flux/create_source_git.go

@@ -143,7 +143,7 @@ func init() {
 
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -206,6 +206,10 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if createSourceArgs.fetchTimeout > 0 {
+		gitRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
 	if sourceGitArgs.gitImplementation != "" {
 		gitRepository.Spec.GitImplementation = sourceGitArgs.gitImplementation.String()
 	}

cmd/flux/create_source_helm.go

@@ -129,6 +129,10 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if createSourceArgs.fetchTimeout > 0 {
+		helmRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
+	}
+
 	if sourceHelmArgs.secretRef != "" {
 		helmRepository.Spec.SecretRef = &meta.LocalObjectReference{
 			Name: sourceHelmArgs.secretRef,

cmd/flux/export.go

@@ -113,8 +113,8 @@ func printExport(export interface{}) error {
 	if err != nil {
 		return err
 	}
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
+	rootCmd.Println("---")
+	rootCmd.Println(resourceToString(data))
 	return nil
 }
 

cmd/flux/export_test.go

@@ -0,0 +1,88 @@
+// +build unit
+
+package main
+
+import (
+	"testing"
+)
+
+func TestExport(t *testing.T) {
+	cases := []struct {
+		name       string
+		arg        string
+		goldenFile string
+	}{
+		{
+			"alert-provider",
+			"export alert-provider slack",
+			"testdata/export/provider.yaml",
+		},
+		{
+			"alert",
+			"export alert flux-system",
+			"testdata/export/alert.yaml",
+		},
+		{
+			"image policy",
+			"export image policy flux-system",
+			"testdata/export/image-policy.yaml",
+		},
+		{
+			"image repository",
+			"export image repository flux-system",
+			"testdata/export/image-repo.yaml",
+		},
+		{
+			"image update",
+			"export image update flux-system",
+			"testdata/export/image-update.yaml",
+		},
+		{
+			"source git",
+			"export source git flux-system",
+			"testdata/export/git-repo.yaml",
+		},
+		{
+			"source helm",
+			"export source helm flux-system",
+			"testdata/export/helm-repo.yaml",
+		},
+		{
+			"receiver",
+			"export receiver flux-system",
+			"testdata/export/receiver.yaml",
+		},
+		{
+			"kustomization",
+			"export kustomization flux-system",
+			"testdata/export/ks.yaml",
+		},
+		{
+			"helmrelease",
+			"export helmrelease flux-system",
+			"testdata/export/helm-release.yaml",
+		},
+		{
+			"bucket",
+			"export source bucket flux-system",
+			"testdata/export/bucket.yaml",
+		},
+	}
+
+	objectFile := "testdata/export/objects.yaml"
+	tmpl := map[string]string{
+		"fluxns": allocateNamespace("flux-system"),
+	}
+	testEnv.CreateObjectFile(objectFile, tmpl, t)
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			cmd := cmdTestCase{
+				args:   tt.arg + " -n=" + tmpl["fluxns"],
+				assert: assertGoldenTemplateFile(tt.goldenFile, tmpl),
+			}
+
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/install.go

@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -177,9 +176,6 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if installArgs.export {
-		fmt.Println("---")
-		fmt.Println("# Flux version:", installArgs.version)
-		fmt.Println("# Components:", strings.Join(components, ","))
 		fmt.Print(manifest.Content)
 		fmt.Println("---")
 		return nil

cmd/flux/logs.go

@@ -39,6 +39,7 @@ import (
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 )
 
 var logsCmd = &cobra.Command{
@@ -93,7 +94,7 @@ func init() {
 }
 
 func logsCmdRun(cmd *cobra.Command, args []string) error {
-	fluxSelector := fmt.Sprintf("app.kubernetes.io/instance=%s", logsArgs.fluxNamespace)
+	fluxSelector := fmt.Sprintf("%s=%s", manifestgen.PartOfLabelKey, manifestgen.PartOfLabelValue)
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()

cmd/flux/main.go

@@ -17,12 +17,16 @@ limitations under the License.
 package main
 
 import (
+	"bufio"
+	"fmt"
 	"log"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
+	"golang.org/x/term"
 	corev1 "k8s.io/api/core/v1"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
@@ -107,7 +111,8 @@ type rootFlags struct {
 var rootArgs = NewRootFlags()
 
 func init() {
-	rootCmd.PersistentFlags().StringVarP(&rootArgs.namespace, "namespace", "n", rootArgs.defaults.Namespace, "the namespace scope for this operation")
+	rootCmd.PersistentFlags().StringVarP(&rootArgs.namespace, "namespace", "n", rootArgs.defaults.Namespace,
+		"the namespace scope for this operation, can be set with FLUX_SYSTEM_NAMESPACE env var")
 	rootCmd.RegisterFlagCompletionFunc("namespace", resourceNamesCompletionFunc(corev1.SchemeGroupVersion.WithKind("Namespace")))
 
 	rootCmd.PersistentFlags().DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
@@ -134,6 +139,7 @@ func NewRootFlags() rootFlags {
 func main() {
 	log.SetFlags(0)
 	configureKubeconfig()
+	configureDefaultNamespace()
 	if err := rootCmd.Execute(); err != nil {
 		logger.Failuref("%v", err)
 		os.Exit(1)
@@ -152,9 +158,38 @@ func configureKubeconfig() {
 	}
 }
 
+func configureDefaultNamespace() {
+	fromEnv := os.Getenv("FLUX_SYSTEM_NAMESPACE")
+	if fromEnv != "" && rootArgs.namespace == rootArgs.defaults.Namespace {
+		rootArgs.namespace = fromEnv
+	}
+}
+
 func homeDir() string {
 	if h := os.Getenv("HOME"); h != "" {
 		return h
 	}
 	return os.Getenv("USERPROFILE") // windows
 }
+
+// readPasswordFromStdin reads a password from stdin and returns the input
+// with trailing newline and/or carriage return removed. It also makes sure that terminal
+// echoing is turned off if stdin is a terminal.
+func readPasswordFromStdin(prompt string) (string, error) {
+	var out string
+	var err error
+	fmt.Fprint(os.Stdout, prompt)
+	stdinFD := int(os.Stdin.Fd())
+	if term.IsTerminal(stdinFD) {
+		var inBytes []byte
+		inBytes, err = term.ReadPassword(int(os.Stdin.Fd()))
+		out = string(inBytes)
+	} else {
+		out, err = bufio.NewReader(os.Stdin).ReadString('\n')
+	}
+	if err != nil {
+		return "", fmt.Errorf("could not read from stdin: %w", err)
+	}
+	fmt.Println()
+	return strings.TrimRight(out, "\r\n"), nil
+}

cmd/flux/reconcile.go

@@ -122,7 +122,7 @@ func (reconcile reconcileCommand) run(cmd *cobra.Command, args []string) error {
 	}
 
 	if readyCond.Status != metav1.ConditionTrue {
-		return fmt.Errorf("%s reconciliation failed: ''%s", reconcile.kind, readyCond.Message)
+		return fmt.Errorf("%s reconciliation failed: '%s'", reconcile.kind, readyCond.Message)
 	}
 	logger.Successf(reconcile.object.successMessage())
 	return nil

cmd/flux/testdata/export/alert.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Alert
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  eventSeverity: info
+  eventSources:
+  - kind: GitRepository
+    name: '*'
+  - kind: Kustomization
+    name: '*'
+  providerRef:
+    name: slack
+  summary: Slacktest Notification
+

cmd/flux/testdata/export/bucket.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: Bucket
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  bucketName: podinfo
+  endpoint: s3.amazonaws.com
+  interval: 5m0s
+  provider: aws
+  region: us-east-1
+  timeout: 30s
+

cmd/flux/testdata/export/git-repo.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  gitImplementation: go-git
+  interval: 5m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  timeout: 20s
+  url: ssh://git@github.com/example/repo
+

cmd/flux/testdata/export/helm-release.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  chart:
+    spec:
+      chart: podinfo
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: flux-systen
+        namespace: {{ .fluxns }}
+      version: '*'
+  interval: 5m0s
+

cmd/flux/testdata/export/helm-repo.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 5m0s
+  timeout: 1m0s
+  url: https://stefanprodan.github.io/podinfo
+

cmd/flux/testdata/export/image-policy.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  imageRepositoryRef:
+    name: flux-system
+  policy:
+    semver:
+      range: 5.0.x
+

cmd/flux/testdata/export/image-repo.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  image: ghcr.io/test/podinfo
+  interval: 1m0s
+

cmd/flux/testdata/export/image-update.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  git:
+    commit:
+      author:
+        email: fluxcdbot@users.noreply.github.com
+        name: fluxcdbot
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  update:
+    path: ./clusters/my-cluster
+    strategy: Setters
+

cmd/flux/testdata/export/ks.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 5m0s
+  path: ./infrastructure/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+

cmd/flux/testdata/export/objects.yaml

@@ -0,0 +1,153 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .fluxns }}
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Provider
+metadata:
+  name: slack
+  namespace: {{ .fluxns }}
+spec:
+  type: slack
+  channel: 'A channel with spacess'
+  address: https://hooks.slack.com/services/mock
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Alert
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  summary: "Slacktest Notification"
+  providerRef:
+    name: slack
+  eventSeverity: info
+  eventSources:
+    - kind: "GitRepository"
+      name: "*"
+    - kind: "Kustomization"
+      name: "*"
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  image: ghcr.io/test/podinfo
+  interval: 1m0s
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImagePolicy
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  imageRepositoryRef:
+    name: flux-system
+  policy:
+    semver:
+      range: 5.0.x
+---
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  git:
+    commit:
+      author:
+        email: fluxcdbot@users.noreply.github.com
+        name: fluxcdbot
+      messageTemplate: '{{range .Updated.Images}}{{println .}}{{end}}'
+  update:
+    path: ./clusters/my-cluster
+    strategy: Setters
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  interval: 5m
+  url: ssh://git@github.com/example/repo
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  path: ./infrastructure/
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  interval: 5m
+  prune: true
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Receiver
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  type: github
+  events:
+    - "ping"
+    - "push"
+  secretRef:
+    name: webhook-token
+  resources:
+    - kind: GitRepository
+      name: flux-system
+      namespace: flux-system
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 5m
+  timeout: 1m0s
+  url: https://stefanprodan.github.io/podinfo
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: podinfo
+      sourceRef:
+        kind: HelmRepository
+        name: flux-systen
+        namespace: {{ .fluxns }}
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: Bucket
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  interval: 5m
+  provider: aws
+  bucketName: podinfo
+  endpoint: s3.amazonaws.com
+  region: us-east-1
+  timeout: 30s

cmd/flux/testdata/export/provider.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Provider
+metadata:
+  name: slack
+  namespace: {{ .fluxns }}
+spec:
+  address: https://hooks.slack.com/services/mock
+  channel: A channel with spacess
+  type: slack
+

cmd/flux/testdata/export/receiver.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Receiver
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  events:
+  - ping
+  - push
+  resources:
+  - kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  secretRef:
+    name: webhook-token
+  type: github
+

cmd/flux/testdata/tree/kustomizations.yaml

@@ -0,0 +1,88 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .fluxns }}
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: flux-system
+  namespace: {{ .fluxns }}
+spec:
+  path: ./clusters/production
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  interval: 5m
+  prune: true
+status:
+  conditions:
+  - lastTransitionTime: "2021-08-01T04:52:56Z"
+    message: 'Applied revision: main/696f056df216eea4f9401adbee0ff744d4df390f'
+    reason: ReconciliationSucceeded
+    status: "True"
+    type: Ready
+  inventory:
+    entries:
+      - id: _{{ .fluxns }}__Namespace
+        v: v1
+      - id: {{ .fluxns }}_helm-controller_apps_Deployment
+        v: v1
+      - id: {{ .fluxns }}_kustomize-controller_apps_Deployment
+        v: v1
+      - id: {{ .fluxns }}_notification-controller_apps_Deployment
+        v: v1
+      - id: {{ .fluxns }}_source-controller_apps_Deployment
+        v: v1
+      - id: {{ .fluxns }}_infrastructure_kustomize.toolkit.fluxcd.io_Kustomization
+        v: v1beta2
+      - id: {{ .fluxns }}_flux-system_source.toolkit.fluxcd.io_GitRepository
+        v: v1beta1
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: infrastructure
+  namespace: {{ .fluxns }}
+spec:
+  path: ./infrastructure/production
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  interval: 5m
+  prune: true
+status:
+  conditions:
+    - lastTransitionTime: "2021-08-01T04:52:56Z"
+      message: 'Applied revision: main/696f056df216eea4f9401adbee0ff744d4df390f'
+      reason: ReconciliationSucceeded
+      status: "True"
+      type: Ready
+  inventory:
+    entries:
+      - id: _cert-manager__Namespace
+        v: v1
+      - id: cert-manager_cert-manager_source.toolkit.fluxcd.io_HelmRepository
+        v: v1beta1
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: empty
+  namespace: {{ .fluxns }}
+spec:
+  path: ./apps/todo
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  interval: 5m
+  prune: true
+status:
+  conditions:
+    - lastTransitionTime: "2021-08-01T04:52:56Z"
+      message: 'Applied revision: main/696f056df216eea4f9401adbee0ff744d4df390f'
+      reason: ReconciliationSucceeded
+      status: "True"
+      type: Ready
+---

cmd/flux/testdata/tree/tree-compact.golden

@@ -0,0 +1,5 @@
+Kustomization/{{ .fluxns }}/flux-system
+├── Kustomization/{{ .fluxns }}/infrastructure
+│   └── HelmRepository/cert-manager/cert-manager
+└── GitRepository/{{ .fluxns }}/flux-system
+

cmd/flux/testdata/tree/tree-empty.golden

@@ -0,0 +1,2 @@
+Kustomization/{{ .fluxns }}/empty
+

cmd/flux/testdata/tree/tree.golden

@@ -0,0 +1,11 @@
+Kustomization/{{ .fluxns }}/flux-system
+├── Namespace/{{ .fluxns }}
+├── Deployment/{{ .fluxns }}/helm-controller
+├── Deployment/{{ .fluxns }}/kustomize-controller
+├── Deployment/{{ .fluxns }}/notification-controller
+├── Deployment/{{ .fluxns }}/source-controller
+├── Kustomization/{{ .fluxns }}/infrastructure
+│   ├── Namespace/cert-manager
+│   └── HelmRepository/cert-manager/cert-manager
+└── GitRepository/{{ .fluxns }}/flux-system
+

cmd/flux/tree.go

@@ -0,0 +1,31 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var treeCmd = &cobra.Command{
+	Use:   "tree",
+	Short: "Print the resources reconciled by Flux",
+	Long:  `The tree command shows the list of resources reconciled by a Flux object.'`,
+}
+
+func init() {
+	rootCmd.AddCommand(treeCmd)
+}

cmd/flux/tree_kustomization.go

@@ -0,0 +1,277 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"bytes"
+	"compress/gzip"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"strings"
+
+	"github.com/fluxcd/flux2/internal/tree"
+	"github.com/fluxcd/flux2/internal/utils"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
+	"github.com/fluxcd/pkg/ssa"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/cli-utils/pkg/object"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+)
+
+var treeKsCmd = &cobra.Command{
+	Use:     "kustomization [name]",
+	Aliases: []string{"ks", "kustomization"},
+	Short:   "Print the resource inventory of a Kustomization",
+	Long:    `The tree command prints the resource list reconciled by a Kustomization.'`,
+	Example: `  # Print the resources managed by the root Kustomization
+  flux tree kustomization flux-system
+
+  # Print the Flux resources managed by the root Kustomization
+  flux tree kustomization flux-system --compact`,
+	RunE:              treeKsCmdRun,
+	ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
+}
+
+type TreeKsFlags struct {
+	compact bool
+	output  string
+}
+
+var treeKsArgs TreeKsFlags
+
+func init() {
+	treeKsCmd.Flags().BoolVar(&treeKsArgs.compact, "compact", false, "list Flux resources only.")
+	treeKsCmd.Flags().StringVarP(&treeKsArgs.output, "output", "o", "",
+		"the format in which the tree should be printed. can be 'json' or 'yaml'")
+	treeCmd.AddCommand(treeKsCmd)
+}
+
+func treeKsCmdRun(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("kustomization name is required")
+	}
+	name := args[0]
+
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return err
+	}
+
+	k := &kustomizev1.Kustomization{}
+	err = kubeClient.Get(ctx, client.ObjectKey{
+		Namespace: rootArgs.namespace,
+		Name:      name,
+	}, k)
+	if err != nil {
+		return err
+	}
+
+	kMeta, err := object.CreateObjMetadata(k.Namespace, k.Name,
+		schema.GroupKind{Group: kustomizev1.GroupVersion.Group, Kind: kustomizev1.KustomizationKind})
+	if err != nil {
+		return err
+	}
+
+	kTree := tree.New(kMeta)
+	err = treeKustomization(ctx, kTree, k, kubeClient, treeKsArgs.compact)
+	if err != nil {
+		return err
+	}
+
+	switch treeKsArgs.output {
+	case "json":
+		data, err := json.MarshalIndent(kTree, "", "  ")
+		if err != nil {
+			return err
+		}
+		rootCmd.Println(string(data))
+	case "yaml":
+		data, err := yaml.Marshal(kTree)
+		if err != nil {
+			return err
+		}
+		rootCmd.Println(string(data))
+	default:
+		rootCmd.Println(kTree.Print())
+	}
+
+	return nil
+}
+
+func treeKustomization(ctx context.Context, tree tree.ObjMetadataTree, item *kustomizev1.Kustomization, kubeClient client.Client, compact bool) error {
+	if item.Status.Inventory == nil || len(item.Status.Inventory.Entries) == 0 {
+		return nil
+	}
+
+	compactGroup := "toolkit.fluxcd.io"
+
+	for _, entry := range item.Status.Inventory.Entries {
+		objMetadata, err := object.ParseObjMetadata(entry.ID)
+		if err != nil {
+			return err
+		}
+
+		if compact && !strings.Contains(objMetadata.GroupKind.Group, compactGroup) {
+			continue
+		}
+
+		if objMetadata.GroupKind.Group == kustomizev1.GroupVersion.Group &&
+			objMetadata.GroupKind.Kind == kustomizev1.KustomizationKind &&
+			objMetadata.Namespace == item.Namespace &&
+			objMetadata.Name == item.Name {
+			continue
+		}
+
+		ks := tree.Add(objMetadata)
+
+		if objMetadata.GroupKind.Group == helmv2.GroupVersion.Group &&
+			objMetadata.GroupKind.Kind == helmv2.HelmReleaseKind {
+			objects, err := getHelmReleaseInventory(
+				ctx, client.ObjectKey{
+					Namespace: objMetadata.Namespace,
+					Name:      objMetadata.Name,
+				}, kubeClient)
+			if err != nil {
+				return err
+			}
+
+			for _, obj := range objects {
+				if compact && !strings.Contains(obj.GroupKind.Group, compactGroup) {
+					continue
+				}
+				ks.Add(obj)
+			}
+		}
+
+		if objMetadata.GroupKind.Group == kustomizev1.GroupVersion.Group &&
+			objMetadata.GroupKind.Kind == kustomizev1.KustomizationKind &&
+			// skip kustomization if it targets a remote clusters
+			item.Spec.KubeConfig == nil {
+			k := &kustomizev1.Kustomization{}
+			err = kubeClient.Get(ctx, client.ObjectKey{
+				Namespace: objMetadata.Namespace,
+				Name:      objMetadata.Name,
+			}, k)
+			if err != nil {
+				return fmt.Errorf("failed to find object: %w", err)
+			}
+			err := treeKustomization(ctx, ks, k, kubeClient, compact)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+type hrStorage struct {
+	Name     string `json:"name,omitempty"`
+	Manifest string `json:"manifest,omitempty"`
+}
+
+func getHelmReleaseInventory(ctx context.Context, objectKey client.ObjectKey, kubeClient client.Client) ([]object.ObjMetadata, error) {
+	hr := &helmv2.HelmRelease{}
+	if err := kubeClient.Get(ctx, objectKey, hr); err != nil {
+		return nil, err
+	}
+
+	// skip release if it targets a remote clusters
+	if hr.Spec.KubeConfig != nil {
+		return nil, nil
+	}
+
+	storageNamespace := hr.GetNamespace()
+	if hr.Spec.StorageNamespace != "" {
+		storageNamespace = hr.Spec.StorageNamespace
+	}
+
+	storageName := hr.GetName()
+	if hr.Spec.ReleaseName != "" {
+		storageName = hr.Spec.ReleaseName
+	} else if hr.Spec.TargetNamespace != "" {
+		storageName = strings.Join([]string{hr.Spec.TargetNamespace, hr.Name}, "-")
+	}
+
+	storageVersion := hr.Status.LastReleaseRevision
+	// skip release if it failed to install
+	if storageVersion < 1 {
+		return nil, nil
+	}
+
+	storageKey := client.ObjectKey{
+		Namespace: storageNamespace,
+		Name:      fmt.Sprintf("sh.helm.release.v1.%s.v%v", storageName, storageVersion),
+	}
+
+	storageSecret := &corev1.Secret{}
+	if err := kubeClient.Get(ctx, storageKey, storageSecret); err != nil {
+		// skip release if it has no storage
+		if apierrors.IsNotFound(err) {
+			return nil, nil
+		}
+		return nil, fmt.Errorf("failed to find the Helm storage object for HelmRelease '%s': %w", objectKey.String(), err)
+	}
+
+	releaseData, releaseFound := storageSecret.Data["release"]
+	if !releaseFound {
+		return nil, fmt.Errorf("failed to decode the Helm storage object for HelmRelease '%s'", objectKey.String())
+	}
+
+	// adapted from https://github.com/helm/helm/blob/02685e94bd3862afcb44f6cd7716dbeb69743567/pkg/storage/driver/util.go
+	var b64 = base64.StdEncoding
+	b, err := b64.DecodeString(string(releaseData))
+	if err != nil {
+		return nil, err
+	}
+	var magicGzip = []byte{0x1f, 0x8b, 0x08}
+	if bytes.Equal(b[0:3], magicGzip) {
+		r, err := gzip.NewReader(bytes.NewReader(b))
+		if err != nil {
+			return nil, err
+		}
+		defer r.Close()
+		b2, err := ioutil.ReadAll(r)
+		if err != nil {
+			return nil, err
+		}
+		b = b2
+	}
+
+	var rls hrStorage
+	if err := json.Unmarshal(b, &rls); err != nil {
+		return nil, fmt.Errorf("failed to decode the Helm storage object for HelmRelease '%s': %w", objectKey.String(), err)
+	}
+
+	objects, err := ssa.ReadObjects(strings.NewReader(rls.Manifest))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read the Helm storage object for HelmRelease '%s': %w", objectKey.String(), err)
+	}
+
+	return object.UnstructuredsToObjMetas(objects)
+}

cmd/flux/tree_kustomization_test.go

@@ -0,0 +1,64 @@
+// +build unit
+
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"testing"
+)
+
+func TestTree(t *testing.T) {
+	cases := []struct {
+		name       string
+		args       string
+		objectFile string
+		goldenFile string
+	}{
+		{
+			"tree kustomization",
+			"tree kustomization flux-system",
+			"testdata/tree/kustomizations.yaml",
+			"testdata/tree/tree.golden",
+		},
+		{
+			"tree kustomization compact",
+			"tree kustomization flux-system --compact",
+			"testdata/tree/kustomizations.yaml",
+			"testdata/tree/tree-compact.golden",
+		},
+		{
+			"tree kustomization empty",
+			"tree kustomization empty",
+			"testdata/tree/kustomizations.yaml",
+			"testdata/tree/tree-empty.golden",
+		},
+	}
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			tmpl := map[string]string{
+				"fluxns": allocateNamespace("flux-system"),
+			}
+			testEnv.CreateObjectFile(tc.objectFile, tmpl, t)
+			cmd := cmdTestCase{
+				args:   tc.args + " -n=" + tmpl["fluxns"],
+				assert: assertGoldenTemplateFile(tc.goldenFile, tmpl),
+			}
+			cmd.runTestCmd(t)
+		})
+	}
+}

cmd/flux/uninstall.go

@@ -31,6 +31,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
@@ -93,7 +94,7 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 	uninstallFinalizers(ctx, kubeClient, uninstallArgs.dryRun)
 
 	logger.Actionf("deleting toolkit.fluxcd.io custom resource definitions")
-	uninstallCustomResourceDefinitions(ctx, kubeClient, rootArgs.namespace, uninstallArgs.dryRun)
+	uninstallCustomResourceDefinitions(ctx, kubeClient, uninstallArgs.dryRun)
 
 	if !uninstallArgs.keepNamespace {
 		uninstallNamespace(ctx, kubeClient, rootArgs.namespace, uninstallArgs.dryRun)
@@ -105,7 +106,7 @@ func uninstallCmdRun(cmd *cobra.Command, args []string) error {
 
 func uninstallComponents(ctx context.Context, kubeClient client.Client, namespace string, dryRun bool) {
 	opts, dryRunStr := getDeleteOptions(dryRun)
-	selector := client.MatchingLabels{"app.kubernetes.io/instance": namespace}
+	selector := client.MatchingLabels{manifestgen.PartOfLabelKey: manifestgen.PartOfLabelValue}
 	{
 		var list appsv1.DeploymentList
 		if err := kubeClient.List(ctx, &list, client.InNamespace(namespace), selector); err == nil {
@@ -262,9 +263,9 @@ func uninstallFinalizers(ctx context.Context, kubeClient client.Client, dryRun b
 	}
 }
 
-func uninstallCustomResourceDefinitions(ctx context.Context, kubeClient client.Client, namespace string, dryRun bool) {
+func uninstallCustomResourceDefinitions(ctx context.Context, kubeClient client.Client, dryRun bool) {
 	opts, dryRunStr := getDeleteOptions(dryRun)
-	selector := client.MatchingLabels{"app.kubernetes.io/instance": namespace}
+	selector := client.MatchingLabels{manifestgen.PartOfLabelKey: manifestgen.PartOfLabelValue}
 	{
 		var list apiextensionsv1.CustomResourceDefinitionList
 		if err := kubeClient.List(ctx, &list, selector); err == nil {

cmd/flux/version.go

@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 )
 
 var versionCmd = &cobra.Command{
@@ -78,7 +79,7 @@ func versionCmdRun(cmd *cobra.Command, args []string) error {
 			return err
 		}
 
-		selector := client.MatchingLabels{"app.kubernetes.io/instance": rootArgs.namespace}
+		selector := client.MatchingLabels{manifestgen.PartOfLabelKey: manifestgen.PartOfLabelValue}
 		var list v1.DeploymentList
 		if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err != nil {
 			return err

go.mod

@@ -6,40 +6,37 @@ require (
 	github.com/Masterminds/semver/v3 v3.1.0
 	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7
 	github.com/cyphar/filepath-securejoin v0.2.2
-	github.com/fluxcd/go-git-providers v0.1.1
+	github.com/fluxcd/go-git-providers v0.3.1
 	github.com/fluxcd/helm-controller/api v0.12.1
-	github.com/fluxcd/image-automation-controller/api v0.15.0
+	github.com/fluxcd/image-automation-controller/api v0.17.0
 	github.com/fluxcd/image-reflector-controller/api v0.13.0
-	github.com/fluxcd/kustomize-controller/api v0.16.0
+	github.com/fluxcd/kustomize-controller/api v0.17.0
 	github.com/fluxcd/notification-controller/api v0.18.1
 	github.com/fluxcd/pkg/apis/meta v0.10.0
 	github.com/fluxcd/pkg/runtime v0.12.0
-	github.com/fluxcd/pkg/ssa v0.2.0
+	github.com/fluxcd/pkg/ssa v0.3.1
 	github.com/fluxcd/pkg/ssh v0.0.5
 	github.com/fluxcd/pkg/untar v0.0.5
 	github.com/fluxcd/pkg/version v0.0.1
-	github.com/fluxcd/source-controller/api v0.16.1
+	github.com/fluxcd/source-controller/api v0.17.2
 	github.com/go-errors/errors v1.4.0 // indirect
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/google/go-cmp v0.5.6
 	github.com/google/go-containerregistry v0.2.0
-	github.com/manifoldco/promptui v0.7.0
+	github.com/manifoldco/promptui v0.9.0
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/olekukonko/tablewriter v0.0.4
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
 	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d
 	k8s.io/api v0.22.2
 	k8s.io/apiextensions-apiserver v0.22.2
 	k8s.io/apimachinery v0.22.2
 	k8s.io/client-go v0.22.2
 	k8s.io/kubectl v0.21.1
 	sigs.k8s.io/cli-utils v0.26.0
-	sigs.k8s.io/controller-runtime v0.10.1
+	sigs.k8s.io/controller-runtime v0.10.2
 	sigs.k8s.io/kustomize/api v0.8.10
 	sigs.k8s.io/yaml v1.3.0
 )
-
-// drop LGPL dependency manifoldco/promptui -> juju/ansiterm
-// undo replacement when https://github.com/manifoldco/promptui/pull/181 is merged
-replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797

go.sum

@@ -223,16 +223,16 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM
 github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/fluxcd/go-git-providers v0.1.1 h1:R4VafMOo1IlfEZcImApCeElge/HajhFvRzDKGlot+/c=
-github.com/fluxcd/go-git-providers v0.1.1/go.mod h1:nRgNpHZmZhrsyNSma1JcAhjUG9xrqMGJcIUr9K7M7vk=
+github.com/fluxcd/go-git-providers v0.3.1 h1:9B3b7mK3XmMxZzcbes3xEJTnQlhkNURhmOY1kLijnZA=
+github.com/fluxcd/go-git-providers v0.3.1/go.mod h1:enIPrXnSOBxahS6rngohpG3d/QZ3yjjy/w+agbp97ZI=
 github.com/fluxcd/helm-controller/api v0.12.1 h1:rDyhMPvbhCxslqiNNG4nlfDCeYgrk6D+1ZKLsBS/Irs=
 github.com/fluxcd/helm-controller/api v0.12.1/go.mod h1:zWmzV0s2SU4rEIGLPTt+dsaMs40OsNQgSgOATgJmxB0=
-github.com/fluxcd/image-automation-controller/api v0.15.0 h1:KI350vt5JahE43D17VyLZFH4ZxtbnyHrekAd8AJsT5E=
-github.com/fluxcd/image-automation-controller/api v0.15.0/go.mod h1:XvrEEpM1rVU+x1gQeXB/dj56w1dmOJRraTxQWOiuNME=
+github.com/fluxcd/image-automation-controller/api v0.17.0 h1:RMcfydsElwyyYWUzsPRbYOZy9h9E/3sJZ1e7/kK9/nY=
+github.com/fluxcd/image-automation-controller/api v0.17.0/go.mod h1:wn6XjTpUnrQ2bakHhgJNAUj53snw50J0/+36pY4zXSE=
 github.com/fluxcd/image-reflector-controller/api v0.13.0 h1:5kq0Jqh+ndZIye+4csfEbuos5GaXIiK77Gpx+ojo+f8=
 github.com/fluxcd/image-reflector-controller/api v0.13.0/go.mod h1:lgQHGFz29OHmDU5Jwg689C/M+P/f9ujt6NS0zCLT0BQ=
-github.com/fluxcd/kustomize-controller/api v0.16.0 h1:L/LRxS6oroGZe1AdElP3k1mnNIKGCpi0ntgHwJzdNYY=
-github.com/fluxcd/kustomize-controller/api v0.16.0/go.mod h1:OhnZuXBeDl4NqbDZgpYKRg8nmsmeUIddH3vX8wxym9A=
+github.com/fluxcd/kustomize-controller/api v0.17.0 h1:jOJegj2odhvK/NfKGLa6O/ee8theBvRrIGGezu/Mx38=
+github.com/fluxcd/kustomize-controller/api v0.17.0/go.mod h1:OhnZuXBeDl4NqbDZgpYKRg8nmsmeUIddH3vX8wxym9A=
 github.com/fluxcd/notification-controller/api v0.18.1 h1:by9+1WCgPUEMXqOiFNOFFIQROabA3Ja4hzgGaF8bLms=
 github.com/fluxcd/notification-controller/api v0.18.1/go.mod h1:t28GMWMLiLqho+ikpZrldv22/vmCsFdQR8vdJluxknc=
 github.com/fluxcd/pkg/apis/kustomize v0.1.0/go.mod h1:gEl+W5cVykCC3RfrCaqe+Pz+j4lKl2aeR4dxsom/zII=
@@ -242,17 +242,16 @@ github.com/fluxcd/pkg/apis/meta v0.10.0 h1:N7wVGHC1cyPdT87hrDC7UwCwRwnZdQM46PBSL
 github.com/fluxcd/pkg/apis/meta v0.10.0/go.mod h1:CW9X9ijMTpNe7BwnokiUOrLl/h13miwVr/3abEQLbKE=
 github.com/fluxcd/pkg/runtime v0.12.0 h1:BPZZ8bBkimpqGAPXqOf3LTaw+tcw6HgbWyCuzbbsJGs=
 github.com/fluxcd/pkg/runtime v0.12.0/go.mod h1:EyaTR2TOYcjL5U//C4yH3bt2tvTgIOSXpVRbWxUn/C4=
-github.com/fluxcd/pkg/ssa v0.2.0 h1:5GTBnnWJhiSIKI1TZQ20ioWjTPNkEof2V2uN0ZHUxDs=
-github.com/fluxcd/pkg/ssa v0.2.0/go.mod h1:rFhWBX9/TfNwSFR+5NHOGnpl9OsWdaQrG5CggN+74EQ=
+github.com/fluxcd/pkg/ssa v0.3.1 h1:lKjTRQmSWFEXpKJadK9Fu0GSLL8lv0k5muIcc+7hZIs=
+github.com/fluxcd/pkg/ssa v0.3.1/go.mod h1:rFhWBX9/TfNwSFR+5NHOGnpl9OsWdaQrG5CggN+74EQ=
 github.com/fluxcd/pkg/ssh v0.0.5 h1:rnbFZ7voy2JBlUfMbfyqArX2FYaLNpDhccGFC3qW83A=
 github.com/fluxcd/pkg/ssh v0.0.5/go.mod h1:7jXPdXZpc0ttMNz2kD9QuMi3RNn/e0DOFbj0Tij/+Hs=
 github.com/fluxcd/pkg/untar v0.0.5 h1:UGI3Ch1UIEIaqQvMicmImL1s9npQa64DJ/ozqHKB7gk=
 github.com/fluxcd/pkg/untar v0.0.5/go.mod h1:O6V9+rtl8c1mHBafgqFlJN6zkF1HS5SSYn7RpQJ/nfw=
 github.com/fluxcd/pkg/version v0.0.1 h1:/8asQoDXSThz3csiwi4Qo8Zb6blAxLXbtxNgeMJ9bCg=
 github.com/fluxcd/pkg/version v0.0.1/go.mod h1:WAF4FEEA9xyhngF8TDxg3UPu5fA1qhEYV8Pmi2Il01Q=
-github.com/fluxcd/source-controller/api v0.16.0/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
-github.com/fluxcd/source-controller/api v0.16.1 h1:3K0OueH0UA4iwIjKAXS72NaPBMO9OFx0xnB5S2am/AM=
-github.com/fluxcd/source-controller/api v0.16.1/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
+github.com/fluxcd/source-controller/api v0.17.2 h1:noePJGsevuvxWols6ErbowujuAHGWb/ZO8irtRHcVAc=
+github.com/fluxcd/source-controller/api v0.17.2/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
@@ -416,8 +415,8 @@ github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-containerregistry v0.2.0 h1:cWFYx+kOkKdyOET0pcp7GMCmxj7da40StvluSuSXWCg=
 github.com/google/go-containerregistry v0.2.0/go.mod h1:Ts3Wioz1r5ayWx8sS6vLcWltWcM1aqFjd/eVrkFhrWM=
-github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II=
-github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
+github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
+github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
@@ -478,7 +477,7 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs=
 github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
@@ -550,13 +549,12 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/ktrysmt/go-bitbucket v0.6.2/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
+github.com/ktrysmt/go-bitbucket v0.9.28/go.mod h1:FWxy2UK7GlK5b0NSJGc5hPqnssVlkNnsChvyuOf/Xno=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
 github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
-github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -568,6 +566,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
+github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
 github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
@@ -623,8 +623,6 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
 github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797 h1:unCiBzwNjcuVbP3bgM76z0ORyIuI4sspop1qhkQJ044=
-github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797/go.mod h1:CBMXL3a2sC3Q8TjpLcQt8w/3aQ23VSy6r7UFeCG6phA=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -800,8 +798,8 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
 github.com/vdemeester/k8s-pkg-credentialprovider v1.18.1-0.20201019120933-f1d16962a4db/go.mod h1:grWy0bkr1XO6hqbaaCKaPXqkBVlMGHYG6PGykktwbJc=
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
-github.com/xanzy/go-gitlab v0.43.0 h1:rpOZQjxVJGW/ch+Jy4j7W4o7BB1mxkXJNVGuplZ7PUs=
-github.com/xanzy/go-gitlab v0.43.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
+github.com/xanzy/go-gitlab v0.51.1 h1:wWKLalwx4omxFoHh3PLs9zDgAD4GXDP/uoxwMRCSiWM=
+github.com/xanzy/go-gitlab v0.51.1/go.mod h1:Q+hQhV508bDPoBijv7YjK/Lvlb4PhVhJdKqXVQrUoAE=
 github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
@@ -929,7 +927,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1137,6 +1134,7 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1368,8 +1366,9 @@ sigs.k8s.io/cli-utils v0.26.0/go.mod h1:myCFn83XMe7vC1ZX5CEJJIY2cqsl6IxYI727mLW1
 sigs.k8s.io/controller-runtime v0.9.0-beta.5.0.20210524185538-7181f1162e79/go.mod h1:rgf+cBz72pYlKXDRNhI1WFQv/S86EMUV4/ySmsEYgHk=
 sigs.k8s.io/controller-runtime v0.9.0/go.mod h1:TgkfvrhhEw3PlI0BRL/5xM+89y3/yc0ZDfdbTl84si8=
 sigs.k8s.io/controller-runtime v0.9.5/go.mod h1:q6PpkM5vqQubEKUKOM6qr06oXGzOBcCby1DA9FbyZeA=
-sigs.k8s.io/controller-runtime v0.10.1 h1:+eLHgY/VrJWnfg6iXUqhCUqNXgPH1NZeP9drNAAgWlg=
 sigs.k8s.io/controller-runtime v0.10.1/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY=
+sigs.k8s.io/controller-runtime v0.10.2 h1:jW8qiY+yMnnPx6O9hu63tgcwaKzd1yLYui+mpvClOOc=
+sigs.k8s.io/controller-runtime v0.10.2/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkGylwsLgOQi1WY=
 sigs.k8s.io/kustomize/api v0.8.8/go.mod h1:He1zoK0nk43Pc6NlV085xDXDXTNprtcyKZVm3swsdNY=
 sigs.k8s.io/kustomize/api v0.8.10 h1:CqbdK/qT7JE+uVETkrVMk7pQf0fPFXk9+QQ//Q7sAtc=
 sigs.k8s.io/kustomize/api v0.8.10/go.mod h1:ImeIkhUU7GIhamOtKPlkllt+fkBKL5f6/4NLhVwkinA=

internal/bootstrap/provider/factory.go

@@ -32,21 +32,21 @@ func BuildGitProvider(config Config) (gitprovider.Client, error) {
 	var err error
 	switch config.Provider {
 	case GitProviderGitHub:
-		opts := []github.ClientOption{
-			github.WithOAuth2Token(config.Token),
+		opts := []gitprovider.ClientOption{
+			gitprovider.WithOAuth2Token(config.Token),
 		}
 		if config.Hostname != "" {
-			opts = append(opts, github.WithDomain(config.Hostname))
+			opts = append(opts, gitprovider.WithDomain(config.Hostname))
 		}
 		if client, err = github.NewClient(opts...); err != nil {
 			return nil, err
 		}
 	case GitProviderGitLab:
-		opts := []gitlab.ClientOption{
-			gitlab.WithConditionalRequests(true),
+		opts := []gitprovider.ClientOption{
+			gitprovider.WithConditionalRequests(true),
 		}
 		if config.Hostname != "" {
-			opts = append(opts, gitlab.WithDomain(config.Hostname))
+			opts = append(opts, gitprovider.WithDomain(config.Hostname))
 		}
 		if client, err = gitlab.NewClient(config.Token, "", opts...); err != nil {
 			return nil, err

internal/tree/tree.go

@@ -0,0 +1,141 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Derived work from https://github.com/d6o/GoTree
+Copyright (c) 2017 Diego Siqueira
+*/
+
+package tree
+
+import (
+	"strings"
+
+	"github.com/fluxcd/pkg/ssa"
+	"sigs.k8s.io/cli-utils/pkg/object"
+)
+
+const (
+	newLine      = "\n"
+	emptySpace   = "    "
+	middleItem   = "├── "
+	continueItem = "│   "
+	lastItem     = "└── "
+)
+
+type (
+	objMetadataTree struct {
+		Resource     object.ObjMetadata `json:"resource"`
+		ResourceTree []ObjMetadataTree  `json:"resources,omitempty"`
+	}
+
+	ObjMetadataTree interface {
+		Add(objMetadata object.ObjMetadata) ObjMetadataTree
+		AddTree(tree ObjMetadataTree)
+		Items() []ObjMetadataTree
+		Text() string
+		Print() string
+	}
+
+	printer struct {
+	}
+
+	Printer interface {
+		Print(ObjMetadataTree) string
+	}
+)
+
+func New(objMetadata object.ObjMetadata) ObjMetadataTree {
+	return &objMetadataTree{
+		Resource:     objMetadata,
+		ResourceTree: []ObjMetadataTree{},
+	}
+}
+
+func (t *objMetadataTree) Add(objMetadata object.ObjMetadata) ObjMetadataTree {
+	n := New(objMetadata)
+	t.ResourceTree = append(t.ResourceTree, n)
+	return n
+}
+
+func (t *objMetadataTree) AddTree(tree ObjMetadataTree) {
+	t.ResourceTree = append(t.ResourceTree, tree)
+}
+
+func (t *objMetadataTree) Text() string {
+	return ssa.FmtObjMetadata(t.Resource)
+}
+
+func (t *objMetadataTree) Items() []ObjMetadataTree {
+	return t.ResourceTree
+}
+
+func (t *objMetadataTree) Print() string {
+	return newPrinter().Print(t)
+}
+
+func newPrinter() Printer {
+	return &printer{}
+}
+
+func (p *printer) Print(t ObjMetadataTree) string {
+	return t.Text() + newLine + p.printItems(t.Items(), []bool{})
+}
+
+func (p *printer) printText(text string, spaces []bool, last bool) string {
+	var result string
+	for _, space := range spaces {
+		if space {
+			result += emptySpace
+		} else {
+			result += continueItem
+		}
+	}
+
+	indicator := middleItem
+	if last {
+		indicator = lastItem
+	}
+
+	var out string
+	lines := strings.Split(text, "\n")
+	for i := range lines {
+		text := lines[i]
+		if i == 0 {
+			out += result + indicator + text + newLine
+			continue
+		}
+		if last {
+			indicator = emptySpace
+		} else {
+			indicator = continueItem
+		}
+		out += result + indicator + text + newLine
+	}
+
+	return out
+}
+
+func (p *printer) printItems(t []ObjMetadataTree, spaces []bool) string {
+	var result string
+	for i, f := range t {
+		last := i == len(t)-1
+		result += p.printText(f.Text(), spaces, last)
+		if len(f.Items()) > 0 {
+			spacesChild := append(spaces, last)
+			result += p.printItems(f.Items(), spacesChild)
+		}
+	}
+	return result
+}

internal/utils/apply.go

@@ -23,7 +23,6 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"time"
 
 	"github.com/fluxcd/pkg/ssa"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -70,7 +69,7 @@ func Apply(ctx context.Context, kubeConfigPath string, kubeContext string, manif
 		return "", err
 	}
 
-	changeSet, err := resourceManager.ApplyAllStaged(ctx, objs, false, time.Minute)
+	changeSet, err := resourceManager.ApplyAllStaged(ctx, objs, ssa.DefaultApplyOptions())
 	if err != nil {
 		return "", err
 	}

manifests/bases/image-automation-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/image-automation-controller/releases/download/v0.15.0/image-automation-controller.crds.yaml
-- https://github.com/fluxcd/image-automation-controller/releases/download/v0.15.0/image-automation-controller.deployment.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.17.0/image-automation-controller.crds.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.17.0/image-automation-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/kustomize-controller/releases/download/v0.16.0/kustomize-controller.crds.yaml
-- https://github.com/fluxcd/kustomize-controller/releases/download/v0.16.0/kustomize-controller.deployment.yaml
+- https://github.com/fluxcd/kustomize-controller/releases/download/v0.17.0/kustomize-controller.crds.yaml
+- https://github.com/fluxcd/kustomize-controller/releases/download/v0.17.0/kustomize-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:

manifests/bases/source-controller/kustomization.yaml

@@ -1,8 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.16.1/source-controller.crds.yaml
-- https://github.com/fluxcd/source-controller/releases/download/v0.16.1/source-controller.deployment.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.deployment.yaml
 - account.yaml
 patchesJson6902:
 - target:

manifests/crds/kustomization.yaml

@@ -1,9 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/fluxcd/source-controller/releases/download/v0.16.1/source-controller.crds.yaml
-- https://github.com/fluxcd/kustomize-controller/releases/download/v0.16.0/kustomize-controller.crds.yaml
+- https://github.com/fluxcd/source-controller/releases/download/v0.17.2/source-controller.crds.yaml
+- https://github.com/fluxcd/kustomize-controller/releases/download/v0.17.0/kustomize-controller.crds.yaml
 - https://github.com/fluxcd/helm-controller/releases/download/v0.12.1/helm-controller.crds.yaml
 - https://github.com/fluxcd/notification-controller/releases/download/v0.18.1/notification-controller.crds.yaml
 - https://github.com/fluxcd/image-reflector-controller/releases/download/v0.13.0/image-reflector-controller.crds.yaml
-- https://github.com/fluxcd/image-automation-controller/releases/download/v0.15.0/image-automation-controller.crds.yaml
+- https://github.com/fluxcd/image-automation-controller/releases/download/v0.17.0/image-automation-controller.crds.yaml

pkg/manifestgen/install/install.go

@@ -84,7 +84,7 @@ func Generate(options Options, manifestsBase string) (*manifestgen.Manifest, err
 
 	return &manifestgen.Manifest{
 		Path:    path.Join(options.TargetPath, options.Namespace, options.ManifestFile),
-		Content: string(content),
+		Content: fmt.Sprintf("%s\n%s", GetGenWarning(options), string(content)),
 	}, nil
 }
 
@@ -142,3 +142,11 @@ func ExistingVersion(version string) (bool, error) {
 		return false, fmt.Errorf("GitHub API returned an unexpected status code (%d)", res.StatusCode)
 	}
 }
+
+// GetGenWarning generates a consistent generation warning in the install and bootstrap case in the following format:
+// # This manifest was generated by flux. DO NOT EDIT.
+// # Flux version: v0.21.1
+// # Components: source-controller,kustomize-controller,helm-controller,notification-controller,image-reflector-controller,image-automation-controller
+func GetGenWarning(options Options) string {
+	return fmt.Sprintf("---\n%s\n# Flux Version: %s\n# Components: %s", manifestgen.GenWarning, options.Version, strings.Join(options.Components, ","))
+}

pkg/manifestgen/install/install_test.go

@@ -41,5 +41,10 @@ func TestGenerate(t *testing.T) {
 		t.Errorf("toleration key '%s' not found", opts.TolerationKeys[0])
 	}
 
+	warning := GetGenWarning(opts)
+	if !strings.HasPrefix(output.Content, warning) {
+		t.Errorf("Generation warning '%s' not found", warning)
+	}
+
 	fmt.Println(output)
 }

pkg/manifestgen/install/manifests.go

@@ -65,7 +65,15 @@ func fetch(ctx context.Context, url, version, dir string) error {
 
 func generate(base string, options Options) error {
 	if containsItemString(options.Components, options.NotificationController) {
-		options.EventsAddr = fmt.Sprintf("http://%s/", options.NotificationController)
+		// We need to use full domain name here, as some users may deploy flux
+		// in environments that use http proxy.
+		//
+		// In such environments they normally add `.cluster.local` and `.local`
+		// suffixes to `no_proxy` variable in order to prevent cluster-local
+		// traffic from going through http proxy. Without fully specified
+		// domain they need to mention `notifications-controller` explicity in
+		// `no_proxy` variable after debugging http proxy logs.
+		options.EventsAddr = fmt.Sprintf("http://%s.%s.svc.%s/", options.NotificationController, options.Namespace, options.ClusterDomain)
 	}
 
 	if err := execTemplate(options, namespaceTmpl, path.Join(base, "namespace.yaml")); err != nil {

pkg/manifestgen/labels.go

@@ -0,0 +1,26 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package manifestgen
+
+// These labels can be used to track down the namespace, custom resource definitions, deployments,
+// services, network policies, service accounts, cluster roles and cluster role bindings belonging to Flux.
+const (
+	PartOfLabelKey   = "app.kubernetes.io/part-of"
+	PartOfLabelValue = "flux"
+	InstanceLabelKey = "app.kubernetes.io/instance"
+	VersionLabelKey  = "app.kubernetes.io/version"
+)

pkg/manifestgen/manifest.go

@@ -24,6 +24,8 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 )
 
+const GenWarning = "# This manifest was generated by flux. DO NOT EDIT."
+
 // Manifest holds the data of a multi-doc YAML
 type Manifest struct {
 	// Relative path to the YAML file

pkg/manifestgen/sync/sync.go

@@ -107,7 +107,7 @@ func Generate(options Options) (*manifestgen.Manifest, error) {
 
 	return &manifestgen.Manifest{
 		Path:    path.Join(options.TargetPath, options.Namespace, options.ManifestFile),
-		Content: fmt.Sprintf("---\n%s---\n%s", resourceToString(gitData), resourceToString(ksData)),
+		Content: fmt.Sprintf("%s\n---\n%s---\n%s", manifestgen.GenWarning, resourceToString(gitData), resourceToString(ksData)),
 	}, nil
 }
 

tests/azure/go.mod

@@ -5,13 +5,13 @@ go 1.16
 require (
 	github.com/Azure/azure-event-hubs-go/v3 v3.3.13
 	github.com/fluxcd/helm-controller/api v0.12.1
-	github.com/fluxcd/image-automation-controller/api v0.15.0
+	github.com/fluxcd/image-automation-controller/api v0.16.0
 	github.com/fluxcd/image-reflector-controller/api v0.13.0
 	github.com/fluxcd/kustomize-controller/api v0.16.0
 	github.com/fluxcd/notification-controller/api v0.18.1
 	github.com/fluxcd/pkg/apis/meta v0.10.1
 	github.com/fluxcd/pkg/runtime v0.12.1
-	github.com/fluxcd/source-controller/api v0.16.1
+	github.com/fluxcd/source-controller/api v0.17.0
 	github.com/hashicorp/terraform-exec v0.14.0
 	github.com/libgit2/git2go/v31 v31.6.1
 	github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5

tests/azure/go.sum

@@ -193,8 +193,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fluxcd/helm-controller/api v0.12.1 h1:rDyhMPvbhCxslqiNNG4nlfDCeYgrk6D+1ZKLsBS/Irs=
 github.com/fluxcd/helm-controller/api v0.12.1/go.mod h1:zWmzV0s2SU4rEIGLPTt+dsaMs40OsNQgSgOATgJmxB0=
-github.com/fluxcd/image-automation-controller/api v0.15.0 h1:KI350vt5JahE43D17VyLZFH4ZxtbnyHrekAd8AJsT5E=
-github.com/fluxcd/image-automation-controller/api v0.15.0/go.mod h1:XvrEEpM1rVU+x1gQeXB/dj56w1dmOJRraTxQWOiuNME=
+github.com/fluxcd/image-automation-controller/api v0.16.0 h1:pPvEdb8Q7LgNVfugF3+/z2JQdUZ4ecYWrXiezLPov0w=
+github.com/fluxcd/image-automation-controller/api v0.16.0/go.mod h1:tEQCFKGgxii7zfXti2MxixwFbxhEXnVJqLGM2x9zlGw=
 github.com/fluxcd/image-reflector-controller/api v0.13.0 h1:5kq0Jqh+ndZIye+4csfEbuos5GaXIiK77Gpx+ojo+f8=
 github.com/fluxcd/image-reflector-controller/api v0.13.0/go.mod h1:lgQHGFz29OHmDU5Jwg689C/M+P/f9ujt6NS0zCLT0BQ=
 github.com/fluxcd/kustomize-controller/api v0.16.0 h1:L/LRxS6oroGZe1AdElP3k1mnNIKGCpi0ntgHwJzdNYY=
@@ -210,9 +210,8 @@ github.com/fluxcd/pkg/apis/meta v0.10.1/go.mod h1:yUblM2vg+X8TE3A2VvJfdhkGmg+uqB
 github.com/fluxcd/pkg/runtime v0.12.0/go.mod h1:EyaTR2TOYcjL5U//C4yH3bt2tvTgIOSXpVRbWxUn/C4=
 github.com/fluxcd/pkg/runtime v0.12.1 h1:r0KQG80gKY1NMp62FggSEdFBV60ZfbnA2RHL9y06DOY=
 github.com/fluxcd/pkg/runtime v0.12.1/go.mod h1:9czAjokV0w22eYGR9/SQKUHXhvh7ISNVgc/6a6YMBE8=
-github.com/fluxcd/source-controller/api v0.16.0/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
-github.com/fluxcd/source-controller/api v0.16.1 h1:3K0OueH0UA4iwIjKAXS72NaPBMO9OFx0xnB5S2am/AM=
-github.com/fluxcd/source-controller/api v0.16.1/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
+github.com/fluxcd/source-controller/api v0.17.0 h1:skXx2H5SeziUTwJrp9MPJNwTtYTctJMQ7ZIJfLmg9b0=
+github.com/fluxcd/source-controller/api v0.17.0/go.mod h1:guUCCapjzE2kocwFreQTM/IGvtAglIJc4L97mokairo=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=

tests/azure/util_test.go

@@ -19,7 +19,6 @@ package test
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -49,7 +48,7 @@ const defaultBranch = "main"
 
 // getKubernetesCredentials returns a path to a kubeconfig file and a kube client instance.
 func getKubernetesCredentials(kubeconfig, aksHost, aksCert, aksKey, aksCa string) (string, client.Client, error) {
-	tmpDir, err := ioutil.TempDir("", "*-azure-e2e")
+	tmpDir, err := os.MkdirTemp("", "*-azure-e2e")
 	if err != nil {
 		return "", nil, err
 	}
@@ -309,7 +308,7 @@ func getRepository(url, branchName string, overrideBranch bool, password string)
 		checkoutBranch = branchName
 	}
 
-	tmpDir, err := ioutil.TempDir("", "*-repository")
+	tmpDir, err := os.MkdirTemp("", "*-repository")
 	if err != nil {
 		return nil, "", err
 	}

tests/bootstrap/main.go

@@ -0,0 +1,99 @@
+package main
+
+import (
+	"context"
+	"log"
+	"os"
+
+	"github.com/fluxcd/go-git-providers/github"
+	"github.com/fluxcd/go-git-providers/gitprovider"
+	"k8s.io/client-go/util/retry"
+)
+
+func main() {
+	ks := "test-cluster/flux-system/kustomization.yaml"
+	patchName := "test-cluster/flux-system/gotk-patches.yaml"
+	ksContent := `apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml
+patches:
+  - path: gotk-patches.yaml
+    target:
+      kind: Deployment`
+	patchContent := `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: all-flux-components
+spec:
+  template:
+    metadata:
+      annotations:
+        # Required by Kubernetes node autoscaler
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+    spec:
+      securityContext:
+        runAsUser: 10000
+        fsGroup: 1337
+      containers:
+        - name: manager
+          securityContext:
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+`
+	commitFiles := []gitprovider.CommitFile{
+		{
+			Path:    &ks,
+			Content: &ksContent,
+		},
+		{
+			Path:    &patchName,
+			Content: &patchContent,
+		},
+	}
+
+	orgName := os.Getenv("GITHUB_ORG_NAME")
+	repoName := os.Getenv("GITHUB_REPO_NAME")
+	githubToken := os.Getenv(github.TokenVariable)
+	client, err := github.NewClient(gitprovider.WithOAuth2Token(githubToken))
+	if err != nil {
+		log.Fatalf("error initializing github client: %s", err)
+	}
+
+	repoRef := gitprovider.OrgRepositoryRef{
+		OrganizationRef: gitprovider.OrganizationRef{
+			Organization: orgName,
+			Domain:       github.DefaultDomain,
+		},
+		RepositoryName: repoName,
+	}
+
+	if ok, err := client.HasTokenPermission(context.Background(), gitprovider.TokenPermissionRWRepository); err != nil {
+		log.Fatalf("error getting token permission: %s", err)
+	} else {
+		if !ok {
+			log.Fatal("token has no write permissions")
+		}
+	}
+
+	var repo gitprovider.OrgRepository
+	err = retry.OnError(retry.DefaultRetry, func(err error) bool {
+		return err != nil
+	}, func() error {
+		repo, err = client.OrgRepositories().Get(context.Background(), repoRef)
+		return err
+	})
+	if err != nil {
+		log.Fatalf("error getting %s repository in org %s: %s", repoRef.RepositoryName, repoRef.Organization, err)
+	}
+
+	_, err = repo.Commits().Create(context.Background(), "main", "add patch manifest 3", commitFiles)
+	if err != nil {
+		log.Fatalf("error making commit: %s", err)
+	}
+}