Merge pull request #1164 from fluxcd/update-components

Update toolkit components

.github/aur/flux-bin/PKGBUILD.template

@@ -8,18 +8,20 @@ pkgdesc="Open and extensible continuous delivery solution for Kubernetes"
 url="https://fluxcd.io/"
 arch=("x86_64" "armv6h" "armv7h" "aarch64")
 license=("APACHE")
-optdepends=("kubectl")
+optdepends=('kubectl: for apply actions on the Kubernetes cluster',
+'bash-completion: auto-completion for flux in Bash',
+'zsh-completions: auto-completion for flux in ZSH')
 source_x86_64=(
-  "$pkgname-$pkgver.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_amd64.tar.gz"
+  "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_amd64.tar.gz"
 )
 source_armv6h=(
-  "$pkgname-$pkgver.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
+  "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
 )
 source_armv7h=(
-  "$pkgname-$pkgver.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
+  "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
 )
 source_aarch64=(
-  "$pkgname-$pkgver.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm64.tar.gz"
+  "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm64.tar.gz"
 )
 sha256sums_x86_64=(
   ${SHA256SUM_AMD64}
@@ -33,7 +35,12 @@ sha256sums_armv7h=(
 sha256sums_aarch64=(
   ${SHA256SUM_ARM64}
 )
+_srcname=flux
 
 package() {
-	install -Dm755 flux "$pkgdir/usr/bin/flux"
+	install -Dm755 ${_srcname} "${pkgdir}/usr/bin/${_srcname}"
+
+    "${pkgdir}/usr/bin/${_srcname}" completion bash | install -Dm644 /dev/stdin "${pkgdir}/usr/share/bash-completion/completions/${_srcname}"
+    "${pkgdir}/usr/bin/${_srcname}" completion fish | install -Dm644 /dev/stdin "${pkgdir}/usr/share/fish/vendor_completions.d/${_srcname}.fish"
+    "${pkgdir}/usr/bin/${_srcname}" completion zsh | install -Dm644 /dev/stdin "${pkgdir}/usr/share/zsh/site-functions/_${_srcname}"
 }

.github/aur/flux-go/PKGBUILD.template

@@ -12,32 +12,40 @@ provides=("flux-bin")
 conflicts=("flux-bin")
 replaces=("flux-cli")
 depends=("glibc")
-makedepends=("go")
+makedepends=('go>=1.16', 'kustomize>=3.0')
-optdepends=("kubectl")
+optdepends=('kubectl: for apply actions on the Kubernetes cluster',
+'bash-completion: auto-completion for flux in Bash',
+'zsh-completions: auto-completion for flux in ZSH')
 source=(
-  "$pkgname-$pkgver.tar.gz::https://github.com/fluxcd/flux2/archive/v$pkgver.tar.gz"
+  "${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/archive/v${pkgver}.tar.gz"
 )
 sha256sums=(
   ${SHA256SUM}
 )
+_srcname=flux
 
 build() {
-  cd "flux2-$pkgver"
+  cd "flux2-${pkgver}"
   export CGO_LDFLAGS="$LDFLAGS"
   export CGO_CFLAGS="$CFLAGS"
   export CGO_CXXFLAGS="$CXXFLAGS"
   export CGO_CPPFLAGS="$CPPFLAGS"
-  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+  export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
-  go build -ldflags "-X main.VERSION=$pkgver" -o flux-bin ./cmd/flux
+  ./manifests/scripts/bundle.sh "${PWD}/manifests" "${PWD}/cmd/flux/manifests"
+  go build -ldflags "-linkmode=external -X main.VERSION=${pkgver}" -o ${_srcname} ./cmd/flux
 }
 
 check() {
-  cd "flux2-$pkgver"
+  cd "flux2-${pkgver}"
   make test
 }
 
 package() {
-  cd "flux2-$pkgver"
+  cd "flux2-${pkgver}"
-  install -Dm755 flux-bin "$pkgdir/usr/bin/flux"
+  install -Dm755 ${_srcname} "${pkgdir}/usr/bin/${_srcname}"
-  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+  "${pkgdir}/usr/bin/${_srcname}" completion bash | install -Dm644 /dev/stdin "${pkgdir}/usr/share/bash-completion/completions/${_srcname}"
+  "${pkgdir}/usr/bin/${_srcname}" completion fish | install -Dm644 /dev/stdin "${pkgdir}/usr/share/fish/vendor_completions.d/${_srcname}.fish"
+  "${pkgdir}/usr/bin/${_srcname}" completion zsh | install -Dm644 /dev/stdin "${pkgdir}/usr/share/zsh/site-functions/_${_srcname}"
 }

.github/aur/flux-scm/PKGBUILD.template

@@ -11,12 +11,15 @@ license=("APACHE")
 provides=("flux-bin")
 conflicts=("flux-bin")
 depends=("glibc")
-makedepends=("go")
+makedepends=('go>=1.16', 'kustomize>=3.0')
-optdepends=("kubectl")
+optdepends=('kubectl: for apply actions on the Kubernetes cluster',
+'bash-completion: auto-completion for flux in Bash',
+'zsh-completions: auto-completion for flux in ZSH')
 source=(
   "git+https://github.com/fluxcd/flux2.git"
 )
 md5sums=('SKIP')
+_srcname=flux
 
 pkgver() {
   cd "flux2"
@@ -29,8 +32,9 @@ build() {
   export CGO_CFLAGS="$CFLAGS"
   export CGO_CXXFLAGS="$CXXFLAGS"
   export CGO_CPPFLAGS="$CPPFLAGS"
-  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+  export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
-  go build -ldflags "-X main.VERSION=$pkgver" -o flux-bin ./cmd/flux
+  make cmd/flux/manifests
+  go build -ldflags "-linkmode=external -X main.VERSION=${pkgver}" -o ${_srcname} ./cmd/flux
 }
 
 check() {
@@ -40,6 +44,10 @@ check() {
 
 package() {
   cd "flux2"
-  install -Dm755 flux-bin "$pkgdir/usr/bin/flux"
+  install -Dm755 ${_srcname} "${pkgdir}/usr/bin/${_srcname}"
-  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+
+  "${pkgdir}/usr/bin/${_srcname}" completion bash | install -Dm644 /dev/stdin "${pkgdir}/usr/share/bash-completion/completions/${_srcname}"
+  "${pkgdir}/usr/bin/${_srcname}" completion fish | install -Dm644 /dev/stdin "${pkgdir}/usr/share/fish/vendor_completions.d/${_srcname}.fish"
+  "${pkgdir}/usr/bin/${_srcname}" completion zsh | install -Dm644 /dev/stdin "${pkgdir}/usr/share/zsh/site-functions/_${_srcname}"
 }

.github/workflows/bootstrap.yaml

@@ -9,7 +9,7 @@ on:
 jobs:
   github:
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'fluxcd' }}
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -17,59 +17,69 @@ jobs:
         uses: actions/cache@v1
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go1.16-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go-
+            ${{ runner.os }}-go1.16-
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.15.x
+          go-version: 1.16.x
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.5.0
+      - name: Setup Kustomize
+        uses: fluxcd/pkg//actions/kustomize@main
+      - name: Build
+        run: |
+          make cmd/flux/manifests
+          go build -o /tmp/flux ./cmd/flux
       - name: Set outputs
         id: vars
-        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+        run: |
-      - name: Build
+          REPOSITORY_NAME=${{ github.event.repository.name }}
-        run: sudo go build -o ./bin/flux ./cmd/flux
+          BRANCH_NAME=${GITHUB_REF##*/}
+          COMMIT_SHA=$(git rev-parse HEAD)
+          PSEUDO_RAND_SUFFIX=$(echo "${BRANCH_NAME}-${COMMIT_SHA}" | shasum | awk '{print $1}')
+          TEST_REPO_NAME="${REPOSITORY_NAME}-${PSEUDO_RAND_SUFFIX}"
+          echo "::set-output name=test_repo_name::$TEST_REPO_NAME"
       - name: bootstrap init
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
-          --repository=flux-test-${{ steps.vars.outputs.sha_short }} \
+          --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
       - name: bootstrap no-op
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
-          --repository=flux-test-${{ steps.vars.outputs.sha_short }} \
+          --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
       - name: uninstall
         run: |
-          ./bin/flux uninstall -s --keep-namespace
+          /tmp/flux uninstall -s --keep-namespace
           kubectl delete ns flux-system --timeout=10m --wait=true
       - name: bootstrap reinstall
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          /tmp/flux bootstrap github --manifests ./manifests/install/ \
           --owner=fluxcd-testing \
-          --repository=flux-test-${{ steps.vars.outputs.sha_short }} \
+          --repository=${{ steps.vars.outputs.test_repo_name }} \
           --branch=main \
           --path=test-cluster
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
       - name: delete repository
         run: |
-          ./bin/flux bootstrap github --manifests ./manifests/install/ \
+          curl \
-          --owner=fluxcd-testing \
+            -X DELETE \
-          --repository=flux-test-${{ steps.vars.outputs.sha_short }} \
+            -H "Accept: application/vnd.github.v3+json" \
-          --branch=main \
+            -H "Authorization: token ${GITHUB_TOKEN}" \
-          --path=test-cluster \
+            --fail --silent \
-          --delete
+            https://api.github.com/repos/fluxcd-testing/${{ steps.vars.outputs.test_repo_name }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
       - name: Debug failure

.github/workflows/docs.yaml

@@ -16,7 +16,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           controller_version() {
-            sed -n "s/.*$1\/archive\/\(.*\).zip.*/\1/p;n" manifests/bases/$1/kustomization.yaml
+            sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p;n" manifests/bases/$1/kustomization.yaml
           }
 
           {

.github/workflows/e2e.yaml

@@ -16,13 +16,13 @@ jobs:
         uses: actions/cache@v1
         with:
           path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go1.16-${{ hashFiles('**/go.sum') }}
           restore-keys: |
-            ${{ runner.os }}-go-
+            ${{ runner.os }}-go1.16-
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.15.x
+          go-version: 1.16.x
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.5.0
         with:
@@ -33,6 +33,8 @@ jobs:
         run: |
           kubectl apply -f https://docs.projectcalico.org/v3.16/manifests/calico.yaml
           kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
+      - name: Setup Kustomize
+        uses: fluxcd/pkg//actions/kustomize@main
       - name: Run test
         run: make test
       - name: Check if working tree is dirty
@@ -43,43 +45,44 @@ jobs:
             exit 1
           fi
       - name: Build
-        run: sudo go build -o ./bin/flux ./cmd/flux
+        run: |
+          go build -o /tmp/flux ./cmd/flux
       - name: flux check --pre
         run: |
-          ./bin/flux check --pre
+          /tmp/flux check --pre
       - name: flux install --manifests
         run: |
-          ./bin/flux install --manifests ./manifests/install/
+          /tmp/flux install --manifests ./manifests/install/
       - name: flux create secret
         run: |
-          ./bin/flux create secret git git-ssh-test \
+          /tmp/flux create secret git git-ssh-test \
             --url ssh://git@github.com/stefanprodan/podinfo
-          ./bin/flux create secret git git-https-test \
+          /tmp/flux create secret git git-https-test \
             --url https://github.com/stefanprodan/podinfo \
             --username=test --password=test
-          ./bin/flux create secret helm helm-test \
+          /tmp/flux create secret helm helm-test \
             --username=test --password=test
       - name: flux create source git
         run: |
-          ./bin/flux create source git podinfo \
+          /tmp/flux create source git podinfo \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=3.2.3"
       - name: flux create source git export apply
         run: |
-          ./bin/flux create source git podinfo-export \
+          /tmp/flux create source git podinfo-export \
             --url https://github.com/stefanprodan/podinfo  \
             --tag-semver=">=3.2.3" \
             --export | kubectl apply -f -
-          ./bin/flux delete source git podinfo-export --silent
+          /tmp/flux delete source git podinfo-export --silent
       - name: flux get sources git
         run: |
-          ./bin/flux get sources git
+          /tmp/flux get sources git
       - name: flux get sources git --all-namespaces
         run: |
-          ./bin/flux get sources git --all-namespaces
+          /tmp/flux get sources git --all-namespaces
       - name: flux create kustomization
         run: |
-          ./bin/flux create kustomization podinfo \
+          /tmp/flux create kustomization podinfo \
             --source=podinfo \
             --path="./deploy/overlays/dev" \
             --prune=true \
@@ -90,112 +93,112 @@ jobs:
             --health-check-timeout=3m
       - name: flux reconcile kustomization --with-source
         run: |
-          ./bin/flux reconcile kustomization podinfo --with-source
+          /tmp/flux reconcile kustomization podinfo --with-source
       - name: flux get kustomizations
         run: |
-          ./bin/flux get kustomizations
+          /tmp/flux get kustomizations
       - name: flux get kustomizations --all-namespaces
         run: |
-          ./bin/flux get kustomizations --all-namespaces
+          /tmp/flux get kustomizations --all-namespaces
       - name: flux suspend kustomization
         run: |
-          ./bin/flux suspend kustomization podinfo
+          /tmp/flux suspend kustomization podinfo
       - name: flux resume kustomization
         run: |
-          ./bin/flux resume kustomization podinfo
+          /tmp/flux resume kustomization podinfo
       - name: flux export
         run: |
-          ./bin/flux export source git --all
+          /tmp/flux export source git --all
-          ./bin/flux export kustomization --all
+          /tmp/flux export kustomization --all
       - name: flux delete kustomization
         run: |
-          ./bin/flux delete kustomization podinfo --silent
+          /tmp/flux delete kustomization podinfo --silent
       - name: flux create source helm
         run: |
-          ./bin/flux create source helm podinfo \
+          /tmp/flux create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
       - name: flux create helmrelease --source=HelmRepository/podinfo
         run: |
-          ./bin/flux create hr podinfo-helm \
+          /tmp/flux create hr podinfo-helm \
             --target-namespace=default \
             --source=HelmRepository/podinfo \
             --chart=podinfo \
             --chart-version=">4.0.0 <5.0.0"
       - name: flux create helmrelease --source=GitRepository/podinfo
         run: |
-          ./bin/flux create hr podinfo-git \
+          /tmp/flux create hr podinfo-git \
             --target-namespace=default \
             --source=GitRepository/podinfo \
             --chart=./charts/podinfo
       - name: flux reconcile helmrelease --with-source
         run: |
-          ./bin/flux reconcile helmrelease podinfo-git --with-source
+          /tmp/flux reconcile helmrelease podinfo-git --with-source
       - name: flux get helmreleases
         run: |
-          ./bin/flux get helmreleases
+          /tmp/flux get helmreleases
       - name: flux get helmreleases --all-namespaces
         run: |
-          ./bin/flux get helmreleases --all-namespaces
+          /tmp/flux get helmreleases --all-namespaces
       - name: flux export helmrelease
         run: |
-          ./bin/flux export hr --all
+          /tmp/flux export hr --all
       - name: flux delete helmrelease podinfo-helm
         run: |
-          ./bin/flux delete hr podinfo-helm --silent
+          /tmp/flux delete hr podinfo-helm --silent
       - name: flux delete helmrelease podinfo-git
         run: |
-          ./bin/flux delete hr podinfo-git --silent
+          /tmp/flux delete hr podinfo-git --silent
       - name: flux delete source helm
         run: |
-          ./bin/flux delete source helm podinfo --silent
+          /tmp/flux delete source helm podinfo --silent
       - name: flux delete source git
         run: |
-          ./bin/flux delete source git podinfo --silent
+          /tmp/flux delete source git podinfo --silent
       - name: flux create tenant
         run: |
-          ./bin/flux create tenant dev-team --with-namespace=apps
+          /tmp/flux create tenant dev-team --with-namespace=apps
-          ./bin/flux -n apps create source helm podinfo \
+          /tmp/flux -n apps create source helm podinfo \
             --url https://stefanprodan.github.io/podinfo
-          ./bin/flux -n apps create hr podinfo-helm \
+          /tmp/flux -n apps create hr podinfo-helm \
             --source=HelmRepository/podinfo \
             --chart=podinfo \
             --chart-version="5.0.x" \
             --service-account=dev-team
       - name: flux create image repository
         run: |
-          ./bin/flux create image repository podinfo \
+          /tmp/flux create image repository podinfo \
             --image=ghcr.io/stefanprodan/podinfo \
             --interval=1m
       - name: flux create image policy
         run: |
-          ./bin/flux create image policy podinfo \
+          /tmp/flux create image policy podinfo \
             --image-ref=podinfo \
             --interval=1m \
             --select-semver=5.0.x
       - name: flux create image policy podinfo-select-alpha
         run: |
-          ./bin/flux create image policy podinfo-alpha \
+          /tmp/flux create image policy podinfo-alpha \
             --image-ref=podinfo \
             --interval=1m \
             --select-alpha=desc
       - name: flux get image policy
         run: |
-          ./bin/flux get image policy podinfo | grep '5.0.3'
+          /tmp/flux get image policy podinfo | grep '5.0.3'
       - name: flux2-kustomize-helm-example
         run: |
-          ./bin/flux create source git flux-system \
+          /tmp/flux create source git flux-system \
           --url=https://github.com/fluxcd/flux2-kustomize-helm-example \
           --branch=main
-          ./bin/flux create kustomization flux-system \
+          /tmp/flux create kustomization flux-system \
           --source=flux-system \
           --path=./clusters/staging
           kubectl -n flux-system wait kustomization/apps --for=condition=ready --timeout=2m
       - name: flux check
         run: |
-          ./bin/flux check
+          /tmp/flux check
       - name: flux uninstall
         run: |
-          ./bin/flux uninstall --silent
+          /tmp/flux uninstall --silent
       - name: Debug failure
         if: failure()
         run: |

.github/workflows/release.yaml

@@ -2,7 +2,7 @@ name: release
 
 on:
   push:
-    tags: [ '*' ]
+    tags: [ 'v*' ]
 
 jobs:
   goreleaser:
@@ -15,7 +15,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.15.x
+          go-version: 1.16.x
       - name: Download release notes utility
         env:
           GH_REL_URL: https://github.com/buchanae/github-release-notes/releases/download/0.2.0/github-release-notes-linux-amd64-0.2.0.tar.gz
@@ -28,38 +28,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup Kustomize
         uses: fluxcd/pkg//actions/kustomize@main
-      - name: Generate manifests tarball
+      - name: Generate manifests
-        run: |
-          mkdir -p ./output
-          files=""
-
-          # build controllers
-          for controller in ./manifests/bases/*/; do
-              output_path="./output/$(basename $controller).yaml"
-              echo "building $controller to $output_path"
-
-              kustomize build $controller > $output_path
-              files+=" $(basename $output_path)"
-          done
-
-          # build rbac
-          rbac_path="./manifests/rbac"
-          rbac_output_path="./output/rbac.yaml"
-          echo "building $rbac_path to $rbac_output_path"
-          kustomize build $rbac_path > $rbac_output_path
-          files+=" $(basename $rbac_output_path)"
-
-          # build policies
-          policies_path="./manifests/policies"
-          policies_output_path="./output/policies.yaml"
-          echo "building $policies_path to $policies_output_path"
-          kustomize build $policies_path > $policies_output_path
-          files+=" $(basename $policies_output_path)"
-
-          # create tarball
-          cd ./output && tar -cvzf manifests.tar.gz $files
-      - name: Generate install manifest
         run: |
+          make cmd/flux/manifests
+          ./manifests/scripts/bundle.sh "" ./output manifests.tar.gz
           kustomize build ./manifests/install > ./output/install.yaml
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v1

.github/workflows/scan.yaml

@@ -24,9 +24,14 @@ jobs:
   snyk:
     name: Snyk
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'fluxcd' }}
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - uses: actions/checkout@v2
+      - name: Setup Kustomize
+        uses: fluxcd/pkg//actions/kustomize@main
+      - name: Build manifests
+        run: |
+          make cmd/flux/manifests
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/golang@master
         continue-on-error: true

.github/workflows/update.yaml

@@ -13,7 +13,10 @@ jobs:
     steps:
       - name: Check out code
         uses: actions/checkout@v2
-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16.x
       - name: Update component versions
         id: update
         run: |
@@ -21,13 +24,13 @@ jobs:
 
           bump_version() {
             local RELEASE_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
-            local CURRENT_VERSION=$(sed -n "s/.*$1\/archive\/\(.*\).zip.*/\1/p;n" manifests/bases/$1/kustomization.yaml)
+            local CURRENT_VERSION=$(sed -n "s/.*$1\/releases\/download\/\(.*\)\/.*/\1/p;n" manifests/bases/$1/kustomization.yaml)
 
             if [[ "${RELEASE_VERSION}" != "${CURRENT_VERSION}" ]]; then
               # bump kustomize
-              sed -i "s/\($1\/archive\/\)v.*\(.zip\/\/$1-\).*\(\/config.*\)/\1${RELEASE_VERSION}\2${RELEASE_VERSION/v}\3/g" "manifests/bases/$1/kustomization.yaml"
+              sed -i "s/\($1\/releases\/download\/\)v.*\(\/.*\)/\1${RELEASE_VERSION}\2/g" "manifests/bases/$1/kustomization.yaml"
 
-              if [[ ! -z $(go list -m all | grep "github.com/fluxcd/$1/api" | awk '{print $2}') ]]; then
+              if [[ ! -z $(grep "github.com/fluxcd/$1/api" go.mod | awk '{print $2}') ]]; then
                 # bump go mod
                 go mod edit -require="github.com/fluxcd/$1/api@${RELEASE_VERSION}"
               fi

.gitignore

@@ -15,3 +15,4 @@
 # vendor/
 bin/
 output/
+cmd/flux/manifests/

.goreleaser.yml

@@ -22,6 +22,7 @@ builds:
       - darwin
     goarch:
       - amd64
+      - arm64
   - <<: *build_defaults
     id: windows
     goos:

CONTRIBUTING.md

@@ -48,11 +48,13 @@ you might want to take a look at the [introductory talk and demo](https://www.yo
 
 This project is composed of:
 
-- [/f/flux2](https://github.com/fluxcd/flux2): The Flux CLI
+- [flux2](https://github.com/fluxcd/flux2): The Flux CLI
-- [/f/source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources
+- [source-manager](https://github.com/fluxcd/source-controller): Kubernetes operator for managing sources (Git and Helm repositories, S3-compatible Buckets)
-- [/f/kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
+- [kustomize-controller](https://github.com/fluxcd/kustomize-controller): Kubernetes operator for building GitOps pipelines with Kustomize
-- [/f/helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
+- [helm-controller](https://github.com/fluxcd/helm-controller): Kubernetes operator for building GitOps pipelines with Helm
-- [/f/notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events
+- [notification-controller](https://github.com/fluxcd/notification-controller): Kubernetes operator for handling inbound and outbound events
+- [image-reflector-controller](https://github.com/fluxcd/image-reflector-controller): Kubernetes operator for scanning container registries
+- [image-automation-controller](https://github.com/fluxcd/image-automation-controller): Kubernetes operator for patches container image tags in Git
 
 ### Understanding the code
 
@@ -63,6 +65,12 @@ for source changes.
 
 ### How to run the test suite
 
+Prerequisites:
+
+* go >= 1.16
+* kubectl >= 1.18
+* kustomize >= 3.1
+
 You can run the unit tests by simply doing
 
 ```bash

Makefile

@@ -1,4 +1,7 @@
 VERSION?=$(shell grep 'VERSION' cmd/flux/main.go | awk '{ print $$4 }' | tr -d '"')
+EMBEDDED_MANIFESTS_TARGET=cmd/flux/manifests
+
+rwildcard=$(foreach d,$(wildcard $(addsuffix *,$(1))),$(call rwildcard,$(d)/,$(2)) $(filter $(subst *,%,$(2)),$(d)))
 
 all: test build
 
@@ -11,10 +14,13 @@ fmt:
 vet:
 	go vet ./...
 
-test: tidy fmt vet docs
+test: $(EMBEDDED_MANIFESTS_TARGET) tidy fmt vet docs
 	go test ./... -coverprofile cover.out
 
-build:
+$(EMBEDDED_MANIFESTS_TARGET): $(call rwildcard,manifests/,*.yaml *.json)
+	./manifests/scripts/bundle.sh
+
+build: $(EMBEDDED_MANIFESTS_TARGET)
 	CGO_ENABLED=0 go build -o ./bin/flux ./cmd/flux
 
 install:
@@ -22,7 +28,7 @@ install:
 
 .PHONY: docs
 docs:
-	rm docs/cmd/*
+	rm -rf docs/cmd/*
 	mkdir -p ./docs/cmd && go run ./cmd/flux/ docgen
 
 install-dev:

README.md

@@ -74,7 +74,7 @@ runtime for Flux v2. The APIs comprise Kubernetes custom resources,
 which can be created and updated by a cluster user, or by other
 automation tooling.
 
-![overview](docs/diagrams/gitops-toolkit.png)
+![overview](docs/_files/gitops-toolkit.png)
 
 You can use the toolkit to extend Flux, or to build your own systems
 for continuous delivery -- see [the developer

cmd/flux/alert.go

@@ -0,0 +1,51 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// notificationv1.Alert
+
+var alertType = apiType{
+	kind:      notificationv1.AlertKind,
+	humanKind: "alert",
+}
+
+type alertAdapter struct {
+	*notificationv1.Alert
+}
+
+func (a alertAdapter) asClientObject() client.Object {
+	return a.Alert
+}
+
+// notificationv1.Alert
+
+type alertListAdapter struct {
+	*notificationv1.AlertList
+}
+
+func (a alertListAdapter) asClientList() client.ObjectList {
+	return a.AlertList
+}
+
+func (a alertListAdapter) len() int {
+	return len(a.AlertList.Items)
+}

cmd/flux/alert_provider.go

@@ -0,0 +1,51 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// notificationv1.Provider
+
+var alertProviderType = apiType{
+	kind:      notificationv1.ProviderKind,
+	humanKind: "alert provider",
+}
+
+type alertProviderAdapter struct {
+	*notificationv1.Provider
+}
+
+func (a alertProviderAdapter) asClientObject() client.Object {
+	return a.Provider
+}
+
+// notificationv1.Provider
+
+type alertProviderListAdapter struct {
+	*notificationv1.ProviderList
+}
+
+func (a alertProviderListAdapter) asClientList() client.ObjectList {
+	return a.ProviderList
+}
+
+func (a alertProviderListAdapter) len() int {
+	return len(a.ProviderList.Items)
+}

cmd/flux/bootstrap.go

@@ -19,13 +19,11 @@ package main
 import (
 	"context"
 	"fmt"
-	"net/url"
 	"path/filepath"
 	"time"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -36,7 +34,9 @@ import (
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
+	kus "github.com/fluxcd/flux2/pkg/manifestgen/kustomization"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
+	"github.com/fluxcd/flux2/pkg/status"
 )
 
 var bootstrapCmd = &cobra.Command{
@@ -70,8 +70,8 @@ const (
 var bootstrapArgs = NewBootstrapFlags()
 
 func init() {
-	bootstrapCmd.PersistentFlags().StringVarP(&bootstrapArgs.version, "version", "v", rootArgs.defaults.Version,
+	bootstrapCmd.PersistentFlags().StringVarP(&bootstrapArgs.version, "version", "v", "",
-		"toolkit version")
+		"toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.defaultComponents, "components", rootArgs.defaults.Components,
 		"list of components, accepts comma-separated values")
 	bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.extraComponents, "components-extra", nil,
@@ -126,23 +126,18 @@ func bootstrapValidate() error {
 }
 
 func generateInstallManifests(targetPath, namespace, tmpDir string, localManifests string) (string, error) {
-	if bootstrapArgs.version == install.MakeDefaultOptions().Version {
+	if ver, err := getVersion(bootstrapArgs.version); err != nil {
-		version, err := install.GetLatestVersion()
+		return "", err
-		if err != nil {
-			return "", err
-		}
-		bootstrapArgs.version = version
 	} else {
-		if ok, err := install.ExistingVersion(bootstrapArgs.version); err != nil || !ok {
+		bootstrapArgs.version = ver
-			if err == nil {
-				err = fmt.Errorf("targeted version '%s' does not exist", bootstrapArgs.version)
-			}
-			return "", err
-		}
 	}
 
-	if !utils.CompatibleVersion(VERSION, bootstrapArgs.version) {
+	manifestsBase := ""
-		return "", fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", bootstrapArgs.version, VERSION)
+	if isEmbeddedVersion(bootstrapArgs.version) {
+		if err := writeEmbeddedManifests(tmpDir); err != nil {
+			return "", err
+		}
+		manifestsBase = tmpDir
 	}
 
 	opts := install.Options{
@@ -167,7 +162,7 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
 		opts.BaseURL = rootArgs.defaults.BaseURL
 	}
 
-	output, err := install.Generate(opts)
+	output, err := install.Generate(opts, manifestsBase)
 	if err != nil {
 		return "", fmt.Errorf("generating install manifests failed: %w", err)
 	}
@@ -182,19 +177,24 @@ func generateInstallManifests(targetPath, namespace, tmpDir string, localManifes
 func applyInstallManifests(ctx context.Context, manifestPath string, components []string) error {
 	kubectlArgs := []string{"apply", "-f", manifestPath}
 	if _, err := utils.ExecKubectlCommand(ctx, utils.ModeOS, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err != nil {
-		return fmt.Errorf("install failed")
+		return fmt.Errorf("install failed: %w", err)
 	}
-
+	kubeConfig, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
-	statusChecker, err := NewStatusChecker(time.Second, rootArgs.timeout)
+	if err != nil {
+		return fmt.Errorf("install failed: %w", err)
+	}
+	statusChecker, err := status.NewStatusChecker(kubeConfig, time.Second, rootArgs.timeout, logger)
+	if err != nil {
+		return fmt.Errorf("install failed: %w", err)
+	}
+	componentRefs, err := buildComponentObjectRefs(components...)
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
-
 	logger.Waitingf("verifying installation")
-	if err := statusChecker.Assess(components...); err != nil {
+	if err := statusChecker.Assess(componentRefs...); err != nil {
 		return fmt.Errorf("install failed")
 	}
-
 	return nil
 }
 
@@ -205,6 +205,7 @@ func generateSyncManifests(url, branch, name, namespace, targetPath, tmpDir stri
 		URL:          url,
 		Branch:       branch,
 		Interval:     interval,
+		Secret:       namespace,
 		TargetPath:   targetPath,
 		ManifestFile: sync.MakeDefaultOptions().ManifestFile,
 	}
@@ -219,9 +220,19 @@ func generateSyncManifests(url, branch, name, namespace, targetPath, tmpDir stri
 		return "", err
 	}
 	outputDir := filepath.Dir(output)
-	if err := utils.GenerateKustomizationYaml(outputDir); err != nil {
+
+	kusOpts := kus.MakeDefaultOptions()
+	kusOpts.BaseDir = tmpDir
+	kusOpts.TargetPath = filepath.Dir(manifest.Path)
+
+	kustomization, err := kus.Generate(kusOpts)
+	if err != nil {
 		return "", err
 	}
+	if _, err = kustomization.WriteFile(tmpDir); err != nil {
+		return "", err
+	}
+
 	return outputDir, nil
 }
 
@@ -274,35 +285,6 @@ func shouldCreateDeployKey(ctx context.Context, kubeClient client.Client, namesp
 	return false
 }
 
-func generateDeployKey(ctx context.Context, kubeClient client.Client, url *url.URL, namespace string) (string, error) {
-	pair, err := generateKeyPair(ctx, sourceGitArgs.keyAlgorithm, sourceGitArgs.keyRSABits, sourceGitArgs.keyECDSACurve)
-	if err != nil {
-		return "", err
-	}
-
-	hostKey, err := scanHostKey(ctx, url)
-	if err != nil {
-		return "", err
-	}
-
-	secret := corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      namespace,
-			Namespace: namespace,
-		},
-		StringData: map[string]string{
-			"identity":     string(pair.PrivateKey),
-			"identity.pub": string(pair.PublicKey),
-			"known_hosts":  string(hostKey),
-		},
-	}
-	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
-		return "", err
-	}
-
-	return string(pair.PublicKey), nil
-}
-
 func checkIfBootstrapPathDiffers(ctx context.Context, kubeClient client.Client, namespace string, path string) (string, bool) {
 	namespacedName := types.NamespacedName{
 		Name:      namespace,

cmd/flux/bootstrap_github.go

@@ -26,14 +26,14 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/fluxcd/pkg/git"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/pkg/git"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var bootstrapGitHubCmd = &cobra.Command{
@@ -47,27 +47,26 @@ the bootstrap command will perform an upgrade if needed.`,
 	Example: `  # Create a GitHub personal access token and export it as an env var
   export GITHUB_TOKEN=<my-token>
 
-  # Run bootstrap for a private repo owned by a GitHub organization
+  # Run bootstrap for a private repository owned by a GitHub organization
-  flux bootstrap github --owner=<organization> --repository=<repo name>
+  flux bootstrap github --owner=<organization> --repository=<repository name>
 
-  # Run bootstrap for a private repo and assign organization teams to it
+  # Run bootstrap for a private repository and assign organization teams to it
-  flux bootstrap github --owner=<organization> --repository=<repo name> --team=<team1 slug> --team=<team2 slug>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug>
 
   # Run bootstrap for a repository path
-  flux bootstrap github --owner=<organization> --repository=<repo name> --path=dev-cluster
+  flux bootstrap github --owner=<organization> --repository=<repository name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  flux bootstrap github --owner=<user> --repository=<repo name> --private=false --personal=true
+  flux bootstrap github --owner=<user> --repository=<repository name> --private=false --personal=true
 
-  # Run bootstrap for a private repo hosted on GitHub Enterprise using SSH auth
+  # Run bootstrap for a private repository hosted on GitHub Enterprise using SSH auth
-  flux bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain> --ssh-hostname=<domain>
+  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --ssh-hostname=<domain>
 
-  # Run bootstrap for a private repo hosted on GitHub Enterprise using HTTPS auth
+  # Run bootstrap for a private repository hosted on GitHub Enterprise using HTTPS auth
-  flux bootstrap github --owner=<organization> --repository=<repo name> --hostname=<domain> --token-auth
+  flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --token-auth
 
-  # Run bootstrap for a an existing repository with a branch named main
+  # Run bootstrap for an existing repository with a branch named main
-  flux bootstrap github --owner=<organization> --repository=<repo name> --branch=main
+  flux bootstrap github --owner=<organization> --repository=<repository name> --branch=main`,
-`,
 	RunE: bootstrapGitHubCmdRun,
 }
 
@@ -80,7 +79,6 @@ type githubFlags struct {
 	hostname    string
 	path        flags.SafeRelativePath
 	teams       []string
-	delete      bool
 	sshHostname string
 }
 
@@ -101,9 +99,6 @@ func init() {
 	bootstrapGitHubCmd.Flags().StringVar(&githubArgs.sshHostname, "ssh-hostname", "", "GitHub SSH hostname, to be used when the SSH host differs from the HTTPS one")
 	bootstrapGitHubCmd.Flags().Var(&githubArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
 
-	bootstrapGitHubCmd.Flags().BoolVar(&githubArgs.delete, "delete", false, "delete repository (used for testing only)")
-	bootstrapGitHubCmd.Flags().MarkHidden("delete")
-
 	bootstrapCmd.AddCommand(bootstrapGitHubCmd)
 }
 
@@ -163,14 +158,6 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	defer os.RemoveAll(tmpDir)
 
-	if githubArgs.delete {
-		if err := provider.DeleteRepository(ctx, repository); err != nil {
-			return err
-		}
-		logger.Successf("repository deleted")
-		return nil
-	}
-
 	// create GitHub repository if doesn't exists
 	logger.Actionf("connecting to %s", githubArgs.hostname)
 	changed, err := provider.CreateRepository(ctx, repository)
@@ -232,7 +219,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("components are up to date")
 	}
 
-	// determine if repo synchronization is working
+	// determine if repository synchronization is working
 	isInstall := shouldInstallManifests(ctx, kubeClient, rootArgs.namespace)
 
 	if isInstall {
@@ -244,44 +231,48 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("install completed")
 	}
 
-	repoURL := repository.GetURL()
+	repoURL := repository.GetSSH()
-
+	secretOpts := sourcesecret.Options{
+		Name:      rootArgs.namespace,
+		Namespace: rootArgs.namespace,
+	}
 	if bootstrapArgs.tokenAuth {
-		// setup HTTPS token auth
+		// Setup HTTPS token auth
-		secret := corev1.Secret{
+		repoURL = repository.GetURL()
-			ObjectMeta: metav1.ObjectMeta{
+		secretOpts.Username = "git"
-				Name:      rootArgs.namespace,
+		secretOpts.Password = ghToken
-				Namespace: rootArgs.namespace,
+	} else if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
-			},
+		// Setup SSH auth
-			StringData: map[string]string{
+		u, err := url.Parse(repoURL)
-				"username": "git",
+		if err != nil {
-				"password": ghToken,
+			return fmt.Errorf("git URL parse failed: %w", err)
-			},
 		}
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+		secretOpts.SSHHostname = u.Host
+		secretOpts.PrivateKeyAlgorithm = sourcesecret.RSAPrivateKeyAlgorithm
+		secretOpts.RSAKeyBits = 2048
+	}
+
+	secret, err := sourcesecret.Generate(secretOpts)
+	if err != nil {
+		return err
+	}
+	var s corev1.Secret
+	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+		return err
+	}
+	if len(s.StringData) > 0 {
+		logger.Actionf("configuring deploy key")
+		if err := upsertSecret(ctx, kubeClient, s); err != nil {
 			return err
 		}
-	} else {
-		// setup SSH deploy key
-		repoURL = repository.GetSSH()
-		if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
-			logger.Actionf("configuring deploy key")
-			u, err := url.Parse(repository.GetSSH())
-			if err != nil {
-				return fmt.Errorf("git URL parse failed: %w", err)
-			}
-
-			key, err := generateDeployKey(ctx, kubeClient, u, rootArgs.namespace)
-			if err != nil {
-				return fmt.Errorf("generating deploy key failed: %w", err)
-			}
 
+		if ppk, ok := s.StringData[sourcesecret.PublicKeySecretKey]; ok {
 			keyName := "flux"
 			if githubArgs.path != "" {
 				keyName = fmt.Sprintf("flux-%s", githubArgs.path)
 			}
 
-			if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
+			if changed, err := provider.AddDeployKey(ctx, repository, ppk, keyName); err != nil {
 				return err
 			} else if changed {
 				logger.Successf("deploy key configured")
@@ -289,7 +280,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	// configure repo synchronization
+	// configure repository synchronization
 	logger.Actionf("generating sync manifests")
 	syncManifests, err := generateSyncManifests(
 		repoURL,

cmd/flux/bootstrap_gitlab.go

@@ -29,12 +29,13 @@ import (
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/pkg/git"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var bootstrapGitLabCmd = &cobra.Command{
@@ -48,24 +49,23 @@ the bootstrap command will perform an upgrade if needed.`,
 	Example: `  # Create a GitLab API token and export it as an env var
   export GITLAB_TOKEN=<my-token>
 
-  # Run bootstrap for a private repo using HTTPS token authentication
+  # Run bootstrap for a private repository using HTTPS token authentication
-  flux bootstrap gitlab --owner=<group> --repository=<repo name> --token-auth
+  flux bootstrap gitlab --owner=<group> --repository=<repository name> --token-auth
 
-  # Run bootstrap for a private repo using SSH authentication
+  # Run bootstrap for a private repository using SSH authentication
-  flux bootstrap gitlab --owner=<group> --repository=<repo name>
+  flux bootstrap gitlab --owner=<group> --repository=<repository name>
 
   # Run bootstrap for a repository path
-  flux bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
+  flux bootstrap gitlab --owner=<group> --repository=<repository name> --path=dev-cluster
 
   # Run bootstrap for a public repository on a personal account
-  flux bootstrap gitlab --owner=<user> --repository=<repo name> --private=false --personal --token-auth
+  flux bootstrap gitlab --owner=<user> --repository=<repository name> --private=false --personal --token-auth
 
-  # Run bootstrap for a private repo hosted on a GitLab server
+  # Run bootstrap for a private repository hosted on a GitLab server
-  flux bootstrap gitlab --owner=<group> --repository=<repo name> --hostname=<domain> --token-auth
+  flux bootstrap gitlab --owner=<group> --repository=<repository name> --hostname=<domain> --token-auth
 
   # Run bootstrap for a an existing repository with a branch named main
-  flux bootstrap gitlab --owner=<organization> --repository=<repo name> --branch=main --token-auth
+  flux bootstrap gitlab --owner=<organization> --repository=<repository name> --branch=main --token-auth`,
-`,
 	RunE: bootstrapGitLabCmdRun,
 }
 
@@ -206,7 +206,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("components are up to date")
 	}
 
-	// determine if repo synchronization is working
+	// determine if repository synchronization is working
 	isInstall := shouldInstallManifests(ctx, kubeClient, rootArgs.namespace)
 
 	if isInstall {
@@ -218,44 +218,48 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Successf("install completed")
 	}
 
-	repoURL := repository.GetURL()
+	repoURL := repository.GetSSH()
-
+	secretOpts := sourcesecret.Options{
+		Name:      rootArgs.namespace,
+		Namespace: rootArgs.namespace,
+	}
 	if bootstrapArgs.tokenAuth {
-		// setup HTTPS token auth
+		// Setup HTTPS token auth
-		secret := corev1.Secret{
+		repoURL = repository.GetURL()
-			ObjectMeta: metav1.ObjectMeta{
+		secretOpts.Username = "git"
-				Name:      rootArgs.namespace,
+		secretOpts.Password = glToken
-				Namespace: rootArgs.namespace,
+	} else if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
-			},
+		// Setup SSH auth
-			StringData: map[string]string{
+		u, err := url.Parse(repoURL)
-				"username": "git",
+		if err != nil {
-				"password": glToken,
+			return fmt.Errorf("git URL parse failed: %w", err)
-			},
 		}
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+		secretOpts.SSHHostname = u.Host
+		secretOpts.PrivateKeyAlgorithm = sourcesecret.RSAPrivateKeyAlgorithm
+		secretOpts.RSAKeyBits = 2048
+	}
+
+	secret, err := sourcesecret.Generate(secretOpts)
+	if err != nil {
+		return err
+	}
+	var s corev1.Secret
+	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+		return err
+	}
+	if len(s.StringData) > 0 {
+		logger.Actionf("configuring deploy key")
+		if err := upsertSecret(ctx, kubeClient, s); err != nil {
 			return err
 		}
-	} else {
-		// setup SSH deploy key
-		repoURL = repository.GetSSH()
-		if shouldCreateDeployKey(ctx, kubeClient, rootArgs.namespace) {
-			logger.Actionf("configuring deploy key")
-			u, err := url.Parse(repoURL)
-			if err != nil {
-				return fmt.Errorf("git URL parse failed: %w", err)
-			}
-
-			key, err := generateDeployKey(ctx, kubeClient, u, rootArgs.namespace)
-			if err != nil {
-				return fmt.Errorf("generating deploy key failed: %w", err)
-			}
 
+		if ppk, ok := s.StringData[sourcesecret.PublicKeySecretKey]; ok {
 			keyName := "flux"
 			if gitlabArgs.path != "" {
 				keyName = fmt.Sprintf("flux-%s", gitlabArgs.path)
 			}
 
-			if changed, err := provider.AddDeployKey(ctx, repository, key, keyName); err != nil {
+			if changed, err := provider.AddDeployKey(ctx, repository, ppk, keyName); err != nil {
 				return err
 			} else if changed {
 				logger.Successf("deploy key configured")
@@ -263,7 +267,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	// configure repo synchronization
+	// configure repository synchronization
 	logger.Actionf("generating sync manifests")
 	syncManifests, err := generateSyncManifests(
 		repoURL,

cmd/flux/check.go

@@ -34,6 +34,7 @@ import (
 
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
+	"github.com/fluxcd/flux2/pkg/status"
 )
 
 var checkCmd = &cobra.Command{
@@ -45,8 +46,7 @@ the local environment is configured correctly and if the installed components ar
   flux check --pre
 
   # Run installation checks
-  flux check
+  flux check`,
-`,
 	RunE: runCheckCmd,
 }
 
@@ -205,12 +205,17 @@ func componentsCheck() bool {
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	kubeConfig, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return false
 	}
 
-	statusChecker, err := NewStatusChecker(time.Second, rootArgs.timeout)
+	statusChecker, err := status.NewStatusChecker(kubeConfig, time.Second, rootArgs.timeout, logger)
+	if err != nil {
+		return false
+	}
+
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return false
 	}
@@ -220,10 +225,10 @@ func componentsCheck() bool {
 	var list v1.DeploymentList
 	if err := kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace), selector); err == nil {
 		for _, d := range list.Items {
-			if err := statusChecker.Assess(d.Name); err != nil {
+			if ref, err := buildComponentObjectRefs(d.Name); err == nil {
-				ok = false
+				if err := statusChecker.Assess(ref...); err != nil {
-			} else {
+					ok = false
-				logger.Successf("%s: healthy", d.Name)
+				}
 			}
 			for _, c := range d.Spec.Template.Spec.Containers {
 				logger.Actionf(c.Image)

cmd/flux/completion_bash.go

@@ -32,8 +32,7 @@ var completionBashCmd = &cobra.Command{
 To configure your bash shell to load completions for each session add to your bashrc
 
 # ~/.bashrc or ~/.profile
-command -v flux >/dev/null && . <(flux completion bash)
+command -v flux >/dev/null && . <(flux completion bash)`,
-`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenBashCompletion(os.Stdout)
 	},

cmd/flux/completion_fish.go

@@ -25,16 +25,11 @@ import (
 var completionFishCmd = &cobra.Command{
 	Use:   "fish",
 	Short: "Generates fish completion scripts",
-	Example: `To load completion run
+	Example: `To configure your fish shell to load completions for each session write this script to your completions dir:
 
-. <(flux completion fish)
+flux completion fish > ~/.config/fish/completions/flux.fish
 
-To configure your fish shell to load completions for each session write this script to your completions dir:
+See http://fishshell.com/docs/current/index.html#completion-own for more details`,
-
-flux completion fish > ~/.config/fish/completions/flux
-
-See http://fishshell.com/docs/current/index.html#completion-own for more details
-`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenFishCompletion(os.Stdout, true)
 	},

cmd/flux/completion_powershell.go

@@ -39,8 +39,7 @@ flux completion >> flux-completion.ps1
 Linux:
 
 cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
-flux completion >> flux-completions.ps1
+flux completion >> flux-completions.ps1`,
-`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenPowerShellCompletion(os.Stdout)
 	},

cmd/flux/completion_zsh.go

@@ -40,8 +40,7 @@ echo "${fpath// /\n}" | grep -i completion
 flux completion zsh > _flux
 
 mv _flux ~/.oh-my-zsh/completions  # oh-my-zsh
-mv _flux ~/.zprezto/modules/completion/external/src/  # zprezto
+mv _flux ~/.zprezto/modules/completion/external/src/  # zprezto`,
-`,
 	Run: func(cmd *cobra.Command, args []string) {
 		rootCmd.GenZshCompletion(os.Stdout)
 	},

cmd/flux/create_alert.go

@@ -43,8 +43,7 @@ var createAlertCmd = &cobra.Command{
   --event-severity info \
   --event-source Kustomization/flux-system \
   --provider-ref slack \
-  flux-system
+  flux-system`,
-`,
 	RunE: createAlertCmdRun,
 }
 
@@ -116,7 +115,7 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportAlert(alert)
+		return printExport(exportAlert(&alert))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_alertprovider.go

@@ -49,8 +49,7 @@ var createAlertProviderCmd = &cobra.Command{
   flux create alert-provider github-podinfo \
   --type github \
   --address https://github.com/stefanprodan/podinfo \
-  --secret-ref github-token
+  --secret-ref github-token`,
-`,
 	RunE: createAlertProviderCmdRun,
 }
 
@@ -113,7 +112,7 @@ func createAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportAlertProvider(provider)
+		return printExport(exportAlertProvider(&provider))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_helmrelease.go

@@ -96,8 +96,7 @@ var createHelmReleaseCmd = &cobra.Command{
     --source=HelmRepository/podinfo \
     --chart=podinfo \
     --values=./values.yaml \
-    --export > podinfo-release.yaml
+    --export > podinfo-release.yaml`,
-`,
 	RunE: createHelmReleaseCmdRun,
 }
 
@@ -219,7 +218,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportHelmRelease(helmRelease)
+		return printExport(exportHelmRelease(&helmRelease))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_image.go

@@ -17,20 +17,17 @@ limitations under the License.
 package main
 
 import (
-	"strings"
-
 	"github.com/spf13/cobra"
 )
 
-const createImageLong = `
+const createImageLong = `The create image sub-commands work with image automation objects; that is,
-The create image sub-commands work with image automation objects; that is,
 object controlling updates to git based on e.g., new container images
 being available.`
 
 var createImageCmd = &cobra.Command{
 	Use:   "image",
 	Short: "Create or update resources dealing with image automation",
-	Long:  strings.TrimSpace(createImageLong),
+	Long:  createImageLong,
 }
 
 func init() {

cmd/flux/create_image_policy.go

@@ -32,7 +32,7 @@ import (
 )
 
 var createImagePolicyCmd = &cobra.Command{
-	Use:   "policy <name>",
+	Use:   "policy [name]",
 	Short: "Create or update an ImagePolicy object",
 	Long: `The create image policy command generates an ImagePolicy resource.
 An ImagePolicy object calculates a "latest image" given an image
@@ -40,6 +40,17 @@ repository and a policy, e.g., semver.
 
 The image that sorts highest according to the policy is recorded in
 the status of the object.`,
+	Example: `  # Create an ImagePolicy to select the latest stable release
+  flux create image policy podinfo \
+    --image-ref=podinfo \
+    --select-semver=">=1.0.0"
+
+  # Create an ImagePolicy to select the latest main branch build tagged as "${GIT_BRANCH}-${GIT_SHA:0:7}-$(date +%s)"
+  flux create image policy podinfo \
+    --image-ref=podinfo \
+    --select-numeric=asc \
+	--filter-regex='^main-[a-f0-9]+-(?P<ts>[0-9]+)' \
+	--filter-extract='$ts'`,
 	RunE: createImagePolicyRun}
 
 type imagePolicyFlags struct {

cmd/flux/create_image_repository.go

@@ -30,7 +30,7 @@ import (
 )
 
 var createImageRepositoryCmd = &cobra.Command{
-	Use:   "repository <name>",
+	Use:   "repository [name]",
 	Short: "Create or update an ImageRepository object",
 	Long: `The create image repository command generates an ImageRepository resource.
 An ImageRepository object specifies an image repository to scan.`,
@@ -57,8 +57,7 @@ An ImageRepository object specifies an image repository to scan.`,
     --cert-file client.crt --key-file client.key
   flux create image repository app-repo \
     --cert-secret-ref client-cert \
-    --image registry.example.com/private/app --interval 5m
+    --image registry.example.com/private/app --interval 5m`,
-`,
 	RunE: createImageRepositoryRun,
 }
 

cmd/flux/create_image_update.go

@@ -28,19 +28,37 @@ import (
 )
 
 var createImageUpdateCmd = &cobra.Command{
-	Use:   "update <name>",
+	Use:   "update [name]",
 	Short: "Create or update an ImageUpdateAutomation object",
 	Long: `The create image update command generates an ImageUpdateAutomation resource.
 An ImageUpdateAutomation object specifies an automated update to images
 mentioned in YAMLs in a git repository.`,
+	Example: `  # Configure image updates for the main repository created by flux bootstrap
+  flux create image update flux-system \
+    --git-repo-ref=flux-system \
+    --git-repo-path="./clusters/my-cluster" \
+    --checkout-branch=main \
+    --author-name=flux \
+    --author-email=flux@example.com \
+    --commit-template="{{range .Updated.Images}}{{println .}}{{end}}"
+
+  # Configure image updates to push changes to a different branch, if the branch doesn't exists it will be created
+  flux create image update flux-system \
+    --git-repo-ref=flux-system \
+    --git-repo-path="./clusters/my-cluster" \
+    --checkout-branch=main \
+    --push-branch=image-updates \
+    --author-name=flux \
+    --author-email=flux@example.com \
+    --commit-template="{{range .Updated.Images}}{{println .}}{{end}}"`,
 	RunE: createImageUpdateRun,
 }
 
 type imageUpdateFlags struct {
-	// git checkout spec
+	gitRepoRef     string
-	gitRepoRef string
+	gitRepoPath    string
-	branch     string
+	checkoutBranch string
-	// commit spec
+	pushBranch     string
 	commitTemplate string
 	authorName     string
 	authorEmail    string
@@ -50,8 +68,10 @@ var imageUpdateArgs = imageUpdateFlags{}
 
 func init() {
 	flags := createImageUpdateCmd.Flags()
-	flags.StringVar(&imageUpdateArgs.gitRepoRef, "git-repo-ref", "", "the name of a GitRepository resource with details of the upstream git repository")
+	flags.StringVar(&imageUpdateArgs.gitRepoRef, "git-repo-ref", "", "the name of a GitRepository resource with details of the upstream Git repository")
-	flags.StringVar(&imageUpdateArgs.branch, "branch", "", "the branch to checkout and push commits to")
+	flags.StringVar(&imageUpdateArgs.gitRepoPath, "git-repo-path", "", "path to the directory containing the manifests to be updated, defaults to the repository root")
+	flags.StringVar(&imageUpdateArgs.checkoutBranch, "checkout-branch", "", "the branch to checkout")
+	flags.StringVar(&imageUpdateArgs.pushBranch, "push-branch", "", "the branch to push commits to, defaults to the checkout branch if not specified")
 	flags.StringVar(&imageUpdateArgs.commitTemplate, "commit-template", "", "a template for commit messages")
 	flags.StringVar(&imageUpdateArgs.authorName, "author-name", "", "the name to use for commit author")
 	flags.StringVar(&imageUpdateArgs.authorEmail, "author-email", "", "the email to use for commit author")
@@ -69,8 +89,16 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("a reference to a GitRepository is required (--git-repo-ref)")
 	}
 
-	if imageUpdateArgs.branch == "" {
+	if imageUpdateArgs.checkoutBranch == "" {
-		return fmt.Errorf("the Git repository branch is required (--branch)")
+		return fmt.Errorf("the Git repository branch is required (--checkout-branch)")
+	}
+
+	if imageUpdateArgs.authorName == "" {
+		return fmt.Errorf("the author name is required (--author-name)")
+	}
+
+	if imageUpdateArgs.authorEmail == "" {
+		return fmt.Errorf("the author email is required (--author-email)")
 	}
 
 	labels, err := parseLabels()
@@ -89,9 +117,11 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 				GitRepositoryRef: meta.LocalObjectReference{
 					Name: imageUpdateArgs.gitRepoRef,
 				},
-				Branch: imageUpdateArgs.branch,
+				Branch: imageUpdateArgs.checkoutBranch,
+			},
+			Interval: metav1.Duration{
+				Duration: createArgs.interval,
 			},
-			Interval: metav1.Duration{Duration: createArgs.interval},
 			Commit: autov1.CommitSpec{
 				AuthorName:      imageUpdateArgs.authorName,
 				AuthorEmail:     imageUpdateArgs.authorEmail,
@@ -100,6 +130,19 @@ func createImageUpdateRun(cmd *cobra.Command, args []string) error {
 		},
 	}
 
+	if imageUpdateArgs.pushBranch != "" {
+		update.Spec.Push = &autov1.PushSpec{
+			Branch: imageUpdateArgs.pushBranch,
+		}
+	}
+
+	if imageUpdateArgs.gitRepoPath != "" {
+		update.Spec.Update = &autov1.UpdateStrategy{
+			Path:     imageUpdateArgs.gitRepoPath,
+			Strategy: autov1.UpdateStrategySetters,
+		}
+	}
+
 	if createArgs.export {
 		return printExport(exportImageUpdate(&update))
 	}

cmd/flux/create_kustomization.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -67,8 +68,7 @@ var createKsCmd = &cobra.Command{
   flux create kustomization secrets \
     --source=Bucket/secrets \
     --prune=true \
-    --interval=5m
+    --interval=5m`,
-`,
 	RunE: createKsCmdRun,
 }
 
@@ -142,7 +142,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 			Interval: metav1.Duration{
 				Duration: createArgs.interval,
 			},
-			Path:  kustomizationArgs.path.String(),
+			Path:  filepath.ToSlash(kustomizationArgs.path.String()),
 			Prune: kustomizationArgs.prune,
 			SourceRef: kustomizev1.CrossNamespaceSourceReference{
 				Kind: kustomizationArgs.source.Kind,
@@ -210,7 +210,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportKs(kustomization)
+		return printExport(exportKs(&kustomization))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_receiver.go

@@ -45,8 +45,7 @@ var createReceiverCmd = &cobra.Command{
 	--event push \
 	--secret-ref webhook-token \
 	--resource GitRepository/webapp \
-	--resource HelmRepository/webapp
+	--resource HelmRepository/webapp`,
-`,
 	RunE: createReceiverCmdRun,
 }
 
@@ -125,7 +124,7 @@ func createReceiverCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportReceiver(receiver)
+		return printExport(exportReceiver(&receiver))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_secret.go

@@ -18,15 +18,12 @@ package main
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
 )
 
 var createSecretCmd = &cobra.Command{
@@ -39,23 +36,6 @@ func init() {
 	createCmd.AddCommand(createSecretCmd)
 }
 
-func makeSecret(name string) (corev1.Secret, error) {
-	secretLabels, err := parseLabels()
-	if err != nil {
-		return corev1.Secret{}, err
-	}
-
-	return corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: rootArgs.namespace,
-			Labels:    secretLabels,
-		},
-		StringData: map[string]string{},
-		Data:       nil,
-	}, nil
-}
-
 func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.Secret) error {
 	namespacedName := types.NamespacedName{
 		Namespace: secret.GetNamespace(),
@@ -81,19 +61,3 @@ func upsertSecret(ctx context.Context, kubeClient client.Client, secret corev1.S
 	}
 	return nil
 }
-
-func exportSecret(secret corev1.Secret) error {
-	secret.TypeMeta = metav1.TypeMeta{
-		APIVersion: "v1",
-		Kind:       "Secret",
-	}
-
-	data, err := yaml.Marshal(secret)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
-	return nil
-}

cmd/flux/create_secret_git.go

@@ -20,22 +20,21 @@ import (
 	"context"
 	"crypto/elliptic"
 	"fmt"
-	"io/ioutil"
 	"net/url"
-	"time"
 
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
-	"github.com/fluxcd/pkg/ssh"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var createSecretGitCmd = &cobra.Command{
 	Use:   "git [name]",
 	Short: "Create or update a Kubernetes secret for Git authentication",
-	Long: `
+	Long: `The create secret git command generates a Kubernetes secret with Git credentials.
-The create secret git command generates a Kubernetes secret with Git credentials.
 For Git over SSH, the host and SSH keys are automatically generated and stored in the secret.
 For Git over HTTP/S, the provided basic authentication credentials are stored in the secret.`,
 	Example: `  # Create a Git SSH authentication secret using an ECDSA P-521 curve public key
@@ -45,6 +44,12 @@ For Git over HTTP/S, the provided basic authentication credentials are stored in
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
+  # Create a Git SSH authentication secret with a passwordless private key from file
+  # The public SSH host key will still be gathered from the host
+  flux create secret git podinfo-auth \
+    --url=ssh://git@github.com/stefanprodan/podinfo \
+    --private-key-file=./private.key
+
   # Create a secret for a Git repository using basic authentication
   flux create secret git podinfo-auth \
     --url=https://github.com/stefanprodan/podinfo \
@@ -65,19 +70,19 @@ For Git over HTTP/S, the provided basic authentication credentials are stored in
     --export > podinfo-auth.yaml
 
   sops --encrypt --encrypted-regex '^(data|stringData)$' \
-    --in-place podinfo-auth.yaml
+    --in-place podinfo-auth.yaml`,
-`,
 	RunE: createSecretGitCmdRun,
 }
 
 type secretGitFlags struct {
-	url          string
+	url            string
-	username     string
+	username       string
-	password     string
+	password       string
-	keyAlgorithm flags.PublicKeyAlgorithm
+	keyAlgorithm   flags.PublicKeyAlgorithm
-	rsaBits      flags.RSAKeyBits
+	rsaBits        flags.RSAKeyBits
-	ecdsaCurve   flags.ECDSACurve
+	ecdsaCurve     flags.ECDSACurve
-	caFile       string
+	caFile         string
+	privateKeyFile string
 }
 
 var secretGitArgs = NewSecretGitFlags()
@@ -90,13 +95,14 @@ func init() {
 	createSecretGitCmd.Flags().Var(&secretGitArgs.rsaBits, "ssh-rsa-bits", secretGitArgs.rsaBits.Description())
 	createSecretGitCmd.Flags().Var(&secretGitArgs.ecdsaCurve, "ssh-ecdsa-curve", secretGitArgs.ecdsaCurve.Description())
 	createSecretGitCmd.Flags().StringVar(&secretGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
+	createSecretGitCmd.Flags().StringVar(&secretGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
 
 	createSecretCmd.AddCommand(createSecretGitCmd)
 }
 
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: "rsa",
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -107,11 +113,6 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
-	secret, err := makeSecret(name)
-	if err != nil {
-		return err
-	}
-
 	if secretGitArgs.url == "" {
 		return fmt.Errorf("url is required")
 	}
@@ -121,96 +122,64 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
 
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	labels, err := parseLabels()
-	defer cancel()
-
-	switch u.Scheme {
-	case "ssh":
-		pair, err := generateKeyPair(ctx, secretGitArgs.keyAlgorithm, secretGitArgs.rsaBits, secretGitArgs.ecdsaCurve)
-		if err != nil {
-			return err
-		}
-
-		hostKey, err := scanHostKey(ctx, u)
-		if err != nil {
-			return err
-		}
-
-		secret.StringData = map[string]string{
-			"identity":     string(pair.PrivateKey),
-			"identity.pub": string(pair.PublicKey),
-			"known_hosts":  string(hostKey),
-		}
-
-		if !createArgs.export {
-			logger.Generatef("deploy key: %s", string(pair.PublicKey))
-		}
-	case "http", "https":
-		if secretGitArgs.username == "" || secretGitArgs.password == "" {
-			return fmt.Errorf("for Git over HTTP/S the username and password are required")
-		}
-
-		secret.StringData = map[string]string{
-			"username": secretGitArgs.username,
-			"password": secretGitArgs.password,
-		}
-
-		if secretGitArgs.caFile != "" {
-			ca, err := ioutil.ReadFile(secretGitArgs.caFile)
-			if err != nil {
-				return fmt.Errorf("failed to read CA file '%s': %w", secretGitArgs.caFile, err)
-			}
-			secret.StringData["caFile"] = string(ca)
-		}
-
-	default:
-		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
-	}
-
-	if createArgs.export {
-		return exportSecret(secret)
-	}
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
 
-	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+	opts := sourcesecret.Options{
+		Name:         name,
+		Namespace:    rootArgs.namespace,
+		Labels:       labels,
+		ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
+	}
+	switch u.Scheme {
+	case "ssh":
+		opts.SSHHostname = u.Host
+		opts.PrivateKeyPath = secretGitArgs.privateKeyFile
+		opts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(secretGitArgs.keyAlgorithm)
+		opts.RSAKeyBits = int(secretGitArgs.rsaBits)
+		opts.ECDSACurve = secretGitArgs.ecdsaCurve.Curve
+	case "http", "https":
+		if secretGitArgs.username == "" || secretGitArgs.password == "" {
+			return fmt.Errorf("for Git over HTTP/S the username and password are required")
+		}
+		opts.Username = secretGitArgs.username
+		opts.Password = secretGitArgs.password
+		opts.CAFilePath = secretGitArgs.caFile
+	default:
+		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
+	}
+
+	secret, err := sourcesecret.Generate(opts)
+	if err != nil {
+		return err
+	}
+
+	if createArgs.export {
+		fmt.Println(secret.Content)
+		return nil
+	}
+
+	var s corev1.Secret
+	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+		return err
+	}
+
+	if ppk, ok := s.StringData[sourcesecret.PublicKeySecretKey]; ok {
+		logger.Generatef("deploy key: %s", ppk)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return err
+	}
+	if err := upsertSecret(ctx, kubeClient, s); err != nil {
 		return err
 	}
 	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 
 	return nil
 }
-
-func generateKeyPair(ctx context.Context, alg flags.PublicKeyAlgorithm, rsa flags.RSAKeyBits, ecdsa flags.ECDSACurve) (*ssh.KeyPair, error) {
-	var keyGen ssh.KeyPairGenerator
-	switch algorithm := alg.String(); algorithm {
-	case "rsa":
-		keyGen = ssh.NewRSAGenerator(int(rsa))
-	case "ecdsa":
-		keyGen = ssh.NewECDSAGenerator(ecdsa.Curve)
-	case "ed25519":
-		keyGen = ssh.NewEd25519Generator()
-	default:
-		return nil, fmt.Errorf("unsupported public key algorithm: %s", algorithm)
-	}
-	pair, err := keyGen.Generate()
-	if err != nil {
-		return nil, fmt.Errorf("key pair generation failed, error: %w", err)
-	}
-	return pair, nil
-}
-
-func scanHostKey(ctx context.Context, url *url.URL) ([]byte, error) {
-	host := url.Host
-	if url.Port() == "" {
-		host = host + ":22"
-	}
-	hostKey, err := ssh.ScanHostKey(host, 30*time.Second)
-	if err != nil {
-		return nil, fmt.Errorf("SSH key scan for host %s failed, error: %w", host, err)
-	}
-	return hostKey, nil
-}

cmd/flux/create_secret_helm.go

@@ -21,17 +21,18 @@ import (
 	"fmt"
 
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var createSecretHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Create or update a Kubernetes secret for Helm repository authentication",
-	Long: `
+	Long:  `The create secret helm command generates a Kubernetes secret with basic authentication credentials.`,
-The create secret helm command generates a Kubernetes secret with basic authentication credentials.`,
+	Example: ` # Create a Helm authentication secret on disk and encrypt it with Mozilla SOPS
-	Example: `    # Create a Helm authentication secret on disk and encrypt it with Mozilla SOPS
-
   flux create secret helm repo-auth \
     --namespace=my-namespace \
     --username=my-username \
@@ -41,14 +42,13 @@ The create secret helm command generates a Kubernetes secret with basic authenti
   sops --encrypt --encrypted-regex '^(data|stringData)$' \
     --in-place repo-auth.yaml
 
-  # Create an authentication secret using a custom TLS cert
+  # Create a Helm authentication secret using a custom TLS cert
   flux create secret helm repo-auth \
     --username=username \
     --password=password \
     --cert-file=./cert.crt \
     --key-file=./key.crt \
-    --ca-file=./ca.crt
+    --ca-file=./ca.crt`,
-`,
 	RunE: createSecretHelmCmdRun,
 }
 
@@ -72,36 +72,45 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
-	secret, err := makeSecret(name)
+
+	labels, err := parseLabels()
 	if err != nil {
 		return err
 	}
 
-	if secretHelmArgs.username != "" && secretHelmArgs.password != "" {
+	opts := sourcesecret.Options{
-		secret.StringData["username"] = secretHelmArgs.username
+		Name:         name,
-		secret.StringData["password"] = secretHelmArgs.password
+		Namespace:    rootArgs.namespace,
+		Labels:       labels,
+		Username:     secretHelmArgs.username,
+		Password:     secretHelmArgs.password,
+		CAFilePath:   secretHelmArgs.caFile,
+		CertFilePath: secretHelmArgs.certFile,
+		KeyFilePath:  secretHelmArgs.keyFile,
 	}
-
+	secret, err := sourcesecret.Generate(opts)
-	if err = populateSecretTLS(&secret, secretHelmArgs.secretTLSFlags); err != nil {
+	if err != nil {
 		return err
 	}
 
 	if createArgs.export {
-		return exportSecret(secret)
+		fmt.Println(secret.Content)
+		return nil
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-
 	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-
+	var s corev1.Secret
-	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+		return err
+	}
+	if err := upsertSecret(ctx, kubeClient, s); err != nil {
 		return err
 	}
-	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 
 	return nil
 }

cmd/flux/create_secret_tls.go

@@ -19,22 +19,21 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/yaml"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var createSecretTLSCmd = &cobra.Command{
 	Use:   "tls [name]",
 	Short: "Create or update a Kubernetes secret with TLS certificates",
-	Long: `
+	Long:  `The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`,
-The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`,
+	Example: ` # Create a TLS secret on disk and encrypt it with Mozilla SOPS.
-	Example: `
-  # Create a TLS secret on disk and encrypt it with Mozilla SOPS.
   # Files are expected to be PEM-encoded.
   flux create secret tls certs \
     --namespace=my-namespace \
@@ -43,8 +42,7 @@ The create secret tls command generates a Kubernetes secret with certificates fo
     --export > certs.yaml
 
   sops --encrypt --encrypted-regex '^(data|stringData)$' \
-    --in-place certs.yaml
+    --in-place certs.yaml`,
-`,
 	RunE: createSecretTLSCmdRun,
 }
 
@@ -68,61 +66,48 @@ func init() {
 	createSecretCmd.AddCommand(createSecretTLSCmd)
 }
 
-func populateSecretTLS(secret *corev1.Secret, args secretTLSFlags) error {
-	if args.certFile != "" && args.keyFile != "" {
-		cert, err := ioutil.ReadFile(args.certFile)
-		if err != nil {
-			return fmt.Errorf("failed to read repository cert file '%s': %w", args.certFile, err)
-		}
-		secret.StringData["certFile"] = string(cert)
-
-		key, err := ioutil.ReadFile(args.keyFile)
-		if err != nil {
-			return fmt.Errorf("failed to read repository key file '%s': %w", args.keyFile, err)
-		}
-		secret.StringData["keyFile"] = string(key)
-	}
-
-	if args.caFile != "" {
-		ca, err := ioutil.ReadFile(args.caFile)
-		if err != nil {
-			return fmt.Errorf("failed to read repository CA file '%s': %w", args.caFile, err)
-		}
-		secret.StringData["caFile"] = string(ca)
-	}
-	return nil
-}
-
 func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error {
 	if len(args) < 1 {
 		return fmt.Errorf("secret name is required")
 	}
 	name := args[0]
-	secret, err := makeSecret(name)
+
+	labels, err := parseLabels()
 	if err != nil {
 		return err
 	}
 
-	if err = populateSecretTLS(&secret, secretTLSArgs); err != nil {
+	opts := sourcesecret.Options{
+		Name:         name,
+		Namespace:    rootArgs.namespace,
+		Labels:       labels,
+		CAFilePath:   secretTLSArgs.caFile,
+		CertFilePath: secretTLSArgs.certFile,
+		KeyFilePath:  secretTLSArgs.keyFile,
+	}
+	secret, err := sourcesecret.Generate(opts)
+	if err != nil {
 		return err
 	}
 
 	if createArgs.export {
-		return exportSecret(secret)
+		fmt.Println(secret.Content)
+		return nil
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
-
 	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
 	if err != nil {
 		return err
 	}
-
+	var s corev1.Secret
-	if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+	if err := yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+		return err
+	}
+	if err := upsertSecret(ctx, kubeClient, s); err != nil {
 		return err
 	}
-	logger.Actionf("secret '%s' created in '%s' namespace", name, rootArgs.namespace)
 
 	return nil
 }

cmd/flux/create_source_bucket.go

@@ -40,10 +40,9 @@ import (
 var createSourceBucketCmd = &cobra.Command{
 	Use:   "bucket [name]",
 	Short: "Create or update a Bucket source",
-	Long: `
+	Long: `The create source bucket command generates a Bucket resource and waits for it to be downloaded.
-The create source bucket command generates a Bucket resource and waits for it to be downloaded.
 For Buckets with static authentication, the credentials are stored in a Kubernetes secret.`,
-	Example: `  # Create a source from a Buckets using static authentication
+	Example: `  # Create a source for a Bucket using static authentication
   flux create source bucket podinfo \
 	--bucket-name=podinfo \
     --endpoint=minio.minio.svc.cluster.local:9000 \
@@ -52,14 +51,13 @@ For Buckets with static authentication, the credentials are stored in a Kubernet
 	--secret-key=mysecretkey \
     --interval=10m
 
-  # Create a source from an Amazon S3 Bucket using IAM authentication
+  # Create a source for an Amazon S3 Bucket using IAM authentication
   flux create source bucket podinfo \
 	--bucket-name=podinfo \
 	--provider=aws \
     --endpoint=s3.amazonaws.com \
 	--region=us-east-1 \
-    --interval=10m
+    --interval=10m`,
-`,
 	RunE: createSourceBucketCmdRun,
 }
 
@@ -144,7 +142,7 @@ func createSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportBucket(*bucket)
+		return printExport(exportBucket(bucket))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)

cmd/flux/create_source_git.go

@@ -24,6 +24,8 @@ import (
 	"net/url"
 	"os"
 
+	"github.com/fluxcd/pkg/apis/meta"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
 	corev1 "k8s.io/api/core/v1"
@@ -33,12 +35,11 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-
+	"sigs.k8s.io/yaml"
-	"github.com/fluxcd/pkg/apis/meta"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 type sourceGitFlags struct {
@@ -48,19 +49,19 @@ type sourceGitFlags struct {
 	semver            string
 	username          string
 	password          string
-	caFile            string
 	keyAlgorithm      flags.PublicKeyAlgorithm
 	keyRSABits        flags.RSAKeyBits
 	keyECDSACurve     flags.ECDSACurve
 	secretRef         string
 	gitImplementation flags.GitImplementation
+	caFile            string
+	privateKeyFile    string
 }
 
 var createSourceGitCmd = &cobra.Command{
 	Use:   "git [name]",
 	Short: "Create or update a GitRepository source",
-	Long: `
+	Long: `The create source git command generates a GitRepository resource and waits for it to sync.
-The create source git command generates a GitRepository resource and waits for it to sync.
 For Git over SSH, host and SSH keys are automatically generated and stored in a Kubernetes secret.
 For private Git repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
 	Example: `  # Create a source from a public Git repository master branch
@@ -68,7 +69,7 @@ For private Git repositories, the basic authentication credentials are stored in
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master
 
-  # Create a source from a Git repository pinned to specific git tag
+  # Create a source for a Git repository pinned to specific git tag
   flux create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --tag="3.2.3"
@@ -78,12 +79,12 @@ For private Git repositories, the basic authentication credentials are stored in
     --url=https://github.com/stefanprodan/podinfo \
     --tag-semver=">=3.2.0 <3.3.0"
 
-  # Create a source from a Git repository using SSH authentication
+  # Create a source for a Git repository using SSH authentication
   flux create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
     --branch=master
 
-  # Create a source from a Git repository using SSH authentication and an
+  # Create a source for a Git repository using SSH authentication and an
   # ECDSA P-521 curve public key
   flux create source git podinfo \
     --url=ssh://git@github.com/stefanprodan/podinfo \
@@ -91,12 +92,19 @@ For private Git repositories, the basic authentication credentials are stored in
     --ssh-key-algorithm=ecdsa \
     --ssh-ecdsa-curve=p521
 
-  # Create a source from a Git repository using basic authentication
+  # Create a source for a Git repository using SSH authentication and a
+  #	passwordless private key from file
+  # The public SSH host key will still be gathered from the host
+  flux create source git podinfo \
+    --url=ssh://git@github.com/stefanprodan/podinfo \
+    --branch=master \
+    --private-key-file=./private.key
+
+  # Create a source for a Git repository using basic authentication
   flux create source git podinfo \
     --url=https://github.com/stefanprodan/podinfo \
     --username=username \
-    --password=password
+    --password=password`,
-`,
 	RunE: createSourceGitCmdRun,
 }
 
@@ -115,13 +123,14 @@ func init() {
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials")
 	createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description())
 	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates, requires libgit2")
+	createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
 
 	createSourceCmd.AddCommand(createSourceGitCmd)
 }
 
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  "rsa",
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
@@ -151,6 +160,9 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return fmt.Errorf("git URL parse failed: %w", err)
 	}
+	if u.Scheme != "ssh" && u.Scheme != "http" && u.Scheme != "https" {
+		return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
+	}
 
 	sourceLabels, err := parseLabels()
 	if err != nil {
@@ -184,13 +196,14 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		gitRepository.Spec.Reference.Branch = sourceGitArgs.branch
 	}
 
-	if createArgs.export {
+	if sourceGitArgs.secretRef != "" {
-		if sourceGitArgs.secretRef != "" {
+		gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
-			gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
+			Name: sourceGitArgs.secretRef,
-				Name: sourceGitArgs.secretRef,
-			}
 		}
-		return exportGit(gitRepository)
+	}
+
+	if createArgs.export {
+		return printExport(exportGit(&gitRepository))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
@@ -201,91 +214,55 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	withAuth := false
-	// TODO(hidde): move all auth prep to separate func?
-	if sourceGitArgs.secretRef != "" {
-		withAuth = true
-	} else if u.Scheme == "ssh" {
-		logger.Generatef("generating deploy key pair")
-		pair, err := generateKeyPair(ctx, sourceGitArgs.keyAlgorithm, sourceGitArgs.keyRSABits, sourceGitArgs.keyECDSACurve)
-		if err != nil {
-			return err
-		}
-
-		logger.Successf("deploy key: %s", pair.PublicKey)
-		prompt := promptui.Prompt{
-			Label:     "Have you added the deploy key to your repository",
-			IsConfirm: true,
-		}
-		if _, err := prompt.Run(); err != nil {
-			return fmt.Errorf("aborting")
-		}
-
-		logger.Actionf("collecting preferred public key from SSH server")
-		hostKey, err := scanHostKey(ctx, u)
-		if err != nil {
-			return err
-		}
-		logger.Successf("collected public key from SSH server:\n%s", hostKey)
-
-		logger.Actionf("applying secret with keys")
-		secret := corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      name,
-				Namespace: rootArgs.namespace,
-				Labels:    sourceLabels,
-			},
-			StringData: map[string]string{
-				"identity":     string(pair.PrivateKey),
-				"identity.pub": string(pair.PublicKey),
-				"known_hosts":  string(hostKey),
-			},
-		}
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
-			return err
-		}
-		withAuth = true
-	} else if sourceGitArgs.username != "" && sourceGitArgs.password != "" {
-		logger.Actionf("applying secret with basic auth credentials")
-		secret := corev1.Secret{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      name,
-				Namespace: rootArgs.namespace,
-				Labels:    sourceLabels,
-			},
-			StringData: map[string]string{
-				"username": sourceGitArgs.username,
-				"password": sourceGitArgs.password,
-			},
-		}
-
-		if sourceGitArgs.caFile != "" {
-			ca, err := ioutil.ReadFile(sourceGitArgs.caFile)
-			if err != nil {
-				return fmt.Errorf("failed to read CA file '%s': %w", sourceGitArgs.caFile, err)
-			}
-			secret.StringData["caFile"] = string(ca)
-		}
-
-		if err := upsertSecret(ctx, kubeClient, secret); err != nil {
-			return err
-		}
-		withAuth = true
-	}
-
-	if withAuth {
-		logger.Successf("authentication configured")
-	}
-
 	logger.Generatef("generating GitRepository source")
-
+	if sourceGitArgs.secretRef == "" {
-	if withAuth {
+		secretOpts := sourcesecret.Options{
-		secretName := name
+			Name:         name,
-		if sourceGitArgs.secretRef != "" {
+			Namespace:    rootArgs.namespace,
-			secretName = sourceGitArgs.secretRef
+			ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
 		}
-		gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
+		switch u.Scheme {
-			Name: secretName,
+		case "ssh":
+			secretOpts.SSHHostname = u.Host
+			secretOpts.PrivateKeyPath = sourceGitArgs.privateKeyFile
+			secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(sourceGitArgs.keyAlgorithm)
+			secretOpts.RSAKeyBits = int(sourceGitArgs.keyRSABits)
+			secretOpts.ECDSACurve = sourceGitArgs.keyECDSACurve.Curve
+		case "https":
+			secretOpts.Username = sourceGitArgs.username
+			secretOpts.Password = sourceGitArgs.password
+			secretOpts.CAFilePath = sourceGitArgs.caFile
+		}
+		secret, err := sourcesecret.Generate(secretOpts)
+		if err != nil {
+			return err
+		}
+		var s corev1.Secret
+		if err = yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
+			return err
+		}
+		if len(s.StringData) > 0 {
+			if hk, ok := s.StringData[sourcesecret.KnownHostsSecretKey]; ok {
+				logger.Successf("collected public key from SSH server:\n%s", hk)
+			}
+			if ppk, ok := s.StringData[sourcesecret.PublicKeySecretKey]; ok {
+				logger.Generatef("deploy key: %s", ppk)
+				prompt := promptui.Prompt{
+					Label:     "Have you added the deploy key to your repository",
+					IsConfirm: true,
+				}
+				if _, err := prompt.Run(); err != nil {
+					return fmt.Errorf("aborting")
+				}
+			}
+			logger.Actionf("applying secret with repository credentials")
+			if err := upsertSecret(ctx, kubeClient, s); err != nil {
+				return err
+			}
+			gitRepository.Spec.SecretRef = &meta.LocalObjectReference{
+				Name: s.Name,
+			}
+			logger.Successf("authentication configured")
 		}
 	}
 

cmd/flux/create_source_helm.go

@@ -32,36 +32,36 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
 
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
 var createSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Create or update a HelmRepository source",
-	Long: `
+	Long: `The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
-The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
 For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
-	Example: `  # Create a source from a public Helm repository
+	Example: `  # Create a source for a public Helm repository
   flux create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \
     --interval=10m
 
-  # Create a source from a Helm repository using basic authentication
+  # Create a source for a Helm repository using basic authentication
   flux create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \
     --username=username \
     --password=password
 
-  # Create a source from a Helm repository using TLS authentication
+  # Create a source for a Helm repository using TLS authentication
   flux create source helm podinfo \
     --url=https://stefanprodan.github.io/podinfo \
     --cert-file=./cert.crt \
     --key-file=./key.crt \
-    --ca-file=./ca.crt
+    --ca-file=./ca.crt`,
-`,
 	RunE: createSourceHelmCmdRun,
 }
 
@@ -135,7 +135,7 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	if createArgs.export {
-		return exportHelmRepository(*helmRepository)
+		return printExport(exportHelmRepository(helmRepository))
 	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
@@ -149,46 +149,27 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
 	logger.Generatef("generating HelmRepository source")
 	if sourceHelmArgs.secretRef == "" {
 		secretName := fmt.Sprintf("helm-%s", name)
-
+		secretOpts := sourcesecret.Options{
-		secret := corev1.Secret{
+			Name:         secretName,
-			ObjectMeta: metav1.ObjectMeta{
+			Namespace:    rootArgs.namespace,
-				Name:      secretName,
+			Username:     sourceHelmArgs.username,
-				Namespace: rootArgs.namespace,
+			Password:     sourceHelmArgs.password,
-				Labels:    sourceLabels,
+			CertFilePath: sourceHelmArgs.certFile,
-			},
+			KeyFilePath:  sourceHelmArgs.keyFile,
-			StringData: map[string]string{},
+			CAFilePath:   sourceHelmArgs.caFile,
+			ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
 		}
-
+		secret, err := sourcesecret.Generate(secretOpts)
-		if sourceHelmArgs.username != "" && sourceHelmArgs.password != "" {
+		if err != nil {
-			secret.StringData["username"] = sourceHelmArgs.username
+			return err
-			secret.StringData["password"] = sourceHelmArgs.password
 		}
-
+		var s corev1.Secret
-		if sourceHelmArgs.certFile != "" && sourceHelmArgs.keyFile != "" {
+		if err = yaml.Unmarshal([]byte(secret.Content), &s); err != nil {
-			cert, err := ioutil.ReadFile(sourceHelmArgs.certFile)
+			return err
-			if err != nil {
-				return fmt.Errorf("failed to read repository cert file '%s': %w", sourceHelmArgs.certFile, err)
-			}
-			secret.StringData["certFile"] = string(cert)
-
-			key, err := ioutil.ReadFile(sourceHelmArgs.keyFile)
-			if err != nil {
-				return fmt.Errorf("failed to read repository key file '%s': %w", sourceHelmArgs.keyFile, err)
-			}
-			secret.StringData["keyFile"] = string(key)
 		}
-
+		if len(s.StringData) > 0 {
-		if sourceHelmArgs.caFile != "" {
-			ca, err := ioutil.ReadFile(sourceHelmArgs.caFile)
-			if err != nil {
-				return fmt.Errorf("failed to read repository CA file '%s': %w", sourceHelmArgs.caFile, err)
-			}
-			secret.StringData["caFile"] = string(ca)
-		}
-
-		if len(secret.StringData) > 0 {
 			logger.Actionf("applying secret with repository credentials")
-			if err := upsertSecret(ctx, kubeClient, secret); err != nil {
+			if err := upsertSecret(ctx, kubeClient, s); err != nil {
 				return err
 			}
 			helmRepository.Spec.SecretRef = &meta.LocalObjectReference{

cmd/flux/create_tenant.go

@@ -37,8 +37,7 @@ import (
 var createTenantCmd = &cobra.Command{
 	Use:   "tenant",
 	Short: "Create or update a tenant",
-	Long: `
+	Long: `The create tenant command generates namespaces, service accounts and role bindings to limit the
-The create tenant command generates namespaces, service accounts and role bindings to limit the
 reconcilers scope to the tenant namespaces.`,
 	Example: `  # Create a tenant with access to a namespace 
   flux create tenant dev-team \
@@ -49,8 +48,7 @@ reconcilers scope to the tenant namespaces.`,
   flux create tenant dev-team \
     --with-namespace=frontend \
     --with-namespace=backend \
-	--export > dev-team.yaml
+	--export > dev-team.yaml`,
-`,
 	RunE: createTenantCmdRun,
 }
 

cmd/flux/delete_alert.go

@@ -17,15 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"fmt"
-
-	"github.com/manifoldco/promptui"
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/types"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"github.com/spf13/cobra"
 )
 
 var deleteAlertCmd = &cobra.Command{
@@ -33,56 +26,13 @@ var deleteAlertCmd = &cobra.Command{
 	Short: "Delete a Alert resource",
 	Long:  "The delete alert command removes the given Alert from the cluster.",
 	Example: `  # Delete an Alert and the Kubernetes resources created by it
-  flux delete alert main
+  flux delete alert main`,
-`,
+	RunE: deleteCommand{
-	RunE: deleteAlertCmdRun,
+		apiType: alertType,
+		object:  universalAdapter{&notificationv1.Alert{}},
+	}.run,
 }
 
 func init() {
 	deleteCmd.AddCommand(deleteAlertCmd)
 }
-
-func deleteAlertCmdRun(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 {
-		return fmt.Errorf("alert name is required")
-	}
-	name := args[0]
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	namespacedName := types.NamespacedName{
-		Namespace: rootArgs.namespace,
-		Name:      name,
-	}
-
-	var alert notificationv1.Alert
-	err = kubeClient.Get(ctx, namespacedName, &alert)
-	if err != nil {
-		return err
-	}
-
-	if !deleteArgs.silent {
-		prompt := promptui.Prompt{
-			Label:     "Are you sure you want to delete this Alert",
-			IsConfirm: true,
-		}
-		if _, err := prompt.Run(); err != nil {
-			return fmt.Errorf("aborting")
-		}
-	}
-
-	logger.Actionf("deleting alert %s in %s namespace", name, rootArgs.namespace)
-	err = kubeClient.Delete(ctx, &alert)
-	if err != nil {
-		return err
-	}
-	logger.Successf("alert deleted")
-
-	return nil
-}

cmd/flux/delete_alertprovider.go

@@ -17,15 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"fmt"
-
-	"github.com/manifoldco/promptui"
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/types"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"github.com/spf13/cobra"
 )
 
 var deleteAlertProviderCmd = &cobra.Command{
@@ -33,56 +26,13 @@ var deleteAlertProviderCmd = &cobra.Command{
 	Short: "Delete a Provider resource",
 	Long:  "The delete alert-provider command removes the given Provider from the cluster.",
 	Example: `  # Delete a Provider and the Kubernetes resources created by it
-  flux delete alert-provider slack
+  flux delete alert-provider slack`,
-`,
+	RunE: deleteCommand{
-	RunE: deleteAlertProviderCmdRun,
+		apiType: alertProviderType,
+		object:  universalAdapter{&notificationv1.Provider{}},
+	}.run,
 }
 
 func init() {
 	deleteCmd.AddCommand(deleteAlertProviderCmd)
 }
-
-func deleteAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 {
-		return fmt.Errorf("provider name is required")
-	}
-	name := args[0]
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	namespacedName := types.NamespacedName{
-		Namespace: rootArgs.namespace,
-		Name:      name,
-	}
-
-	var alertProvider notificationv1.Provider
-	err = kubeClient.Get(ctx, namespacedName, &alertProvider)
-	if err != nil {
-		return err
-	}
-
-	if !deleteArgs.silent {
-		prompt := promptui.Prompt{
-			Label:     "Are you sure you want to delete this Provider",
-			IsConfirm: true,
-		}
-		if _, err := prompt.Run(); err != nil {
-			return fmt.Errorf("aborting")
-		}
-	}
-
-	logger.Actionf("deleting provider %s in %s namespace", name, rootArgs.namespace)
-	err = kubeClient.Delete(ctx, &alertProvider)
-	if err != nil {
-		return err
-	}
-	logger.Successf("provider deleted")
-
-	return nil
-}

cmd/flux/delete_helmrelease.go

@@ -27,8 +27,7 @@ var deleteHelmReleaseCmd = &cobra.Command{
 	Short:   "Delete a HelmRelease resource",
 	Long:    "The delete helmrelease command removes the given HelmRelease from the cluster.",
 	Example: `  # Delete a Helm release and the Kubernetes resources created by it
-  flux delete hr podinfo
+  flux delete hr podinfo`,
-`,
 	RunE: deleteCommand{
 		apiType: helmReleaseType,
 		object:  universalAdapter{&helmv2.HelmRelease{}},

cmd/flux/delete_image_policy.go

@@ -27,8 +27,7 @@ var deleteImagePolicyCmd = &cobra.Command{
 	Short: "Delete an ImagePolicy object",
 	Long:  "The delete image policy command deletes the given ImagePolicy from the cluster.",
 	Example: `  # Delete an image policy
-  flux delete image policy alpine3.x
+  flux delete image policy alpine3.x`,
-`,
 	RunE: deleteCommand{
 		apiType: imagePolicyType,
 		object:  universalAdapter{&imagev1.ImagePolicy{}},

cmd/flux/delete_image_repository.go

@@ -27,8 +27,7 @@ var deleteImageRepositoryCmd = &cobra.Command{
 	Short: "Delete an ImageRepository object",
 	Long:  "The delete image repository command deletes the given ImageRepository from the cluster.",
 	Example: `  # Delete an image repository
-  flux delete image repository alpine
+  flux delete image repository alpine`,
-`,
 	RunE: deleteCommand{
 		apiType: imageRepositoryType,
 		object:  universalAdapter{&imagev1.ImageRepository{}},

cmd/flux/delete_image_update.go

@@ -27,8 +27,7 @@ var deleteImageUpdateCmd = &cobra.Command{
 	Short: "Delete an ImageUpdateAutomation object",
 	Long:  "The delete image update command deletes the given ImageUpdateAutomation from the cluster.",
 	Example: `  # Delete an image update automation
-  flux delete image update latest-images
+  flux delete image update latest-images`,
-`,
 	RunE: deleteCommand{
 		apiType: imageUpdateAutomationType,
 		object:  universalAdapter{&autov1.ImageUpdateAutomation{}},

cmd/flux/delete_kustomization.go

@@ -27,8 +27,7 @@ var deleteKsCmd = &cobra.Command{
 	Short:   "Delete a Kustomization resource",
 	Long:    "The delete kustomization command deletes the given Kustomization from the cluster.",
 	Example: `  # Delete a kustomization and the Kubernetes resources created by it
-  flux delete kustomization podinfo
+  flux delete kustomization podinfo`,
-`,
 	RunE: deleteCommand{
 		apiType: kustomizationType,
 		object:  universalAdapter{&kustomizev1.Kustomization{}},

cmd/flux/delete_receiver.go

@@ -17,15 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"fmt"
-
-	"github.com/manifoldco/promptui"
-	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/types"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"github.com/spf13/cobra"
 )
 
 var deleteReceiverCmd = &cobra.Command{
@@ -33,56 +26,13 @@ var deleteReceiverCmd = &cobra.Command{
 	Short: "Delete a Receiver resource",
 	Long:  "The delete receiver command removes the given Receiver from the cluster.",
 	Example: `  # Delete an Receiver and the Kubernetes resources created by it
-  flux delete receiver main
+  flux delete receiver main`,
-`,
+	RunE: deleteCommand{
-	RunE: deleteReceiverCmdRun,
+		apiType: receiverType,
+		object:  universalAdapter{&notificationv1.Receiver{}},
+	}.run,
 }
 
 func init() {
 	deleteCmd.AddCommand(deleteReceiverCmd)
 }
-
-func deleteReceiverCmdRun(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 {
-		return fmt.Errorf("receiver name is required")
-	}
-	name := args[0]
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	namespacedName := types.NamespacedName{
-		Namespace: rootArgs.namespace,
-		Name:      name,
-	}
-
-	var receiver notificationv1.Receiver
-	err = kubeClient.Get(ctx, namespacedName, &receiver)
-	if err != nil {
-		return err
-	}
-
-	if !deleteArgs.silent {
-		prompt := promptui.Prompt{
-			Label:     "Are you sure you want to delete this Receiver",
-			IsConfirm: true,
-		}
-		if _, err := prompt.Run(); err != nil {
-			return fmt.Errorf("aborting")
-		}
-	}
-
-	logger.Actionf("deleting receiver %s in %s namespace", name, rootArgs.namespace)
-	err = kubeClient.Delete(ctx, &receiver)
-	if err != nil {
-		return err
-	}
-	logger.Successf("receiver deleted")
-
-	return nil
-}

cmd/flux/delete_source_bucket.go

@@ -26,8 +26,7 @@ var deleteSourceBucketCmd = &cobra.Command{
 	Short: "Delete a Bucket source",
 	Long:  "The delete source bucket command deletes the given Bucket from the cluster.",
 	Example: `  # Delete a Bucket source
-  flux delete source bucket podinfo
+  flux delete source bucket podinfo`,
-`,
 	RunE: deleteCommand{
 		apiType: bucketType,
 		object:  universalAdapter{&sourcev1.Bucket{}},

cmd/flux/delete_source_git.go

@@ -26,8 +26,7 @@ var deleteSourceGitCmd = &cobra.Command{
 	Short: "Delete a GitRepository source",
 	Long:  "The delete source git command deletes the given GitRepository from the cluster.",
 	Example: `  # Delete a Git repository
-  flux delete source git podinfo
+  flux delete source git podinfo`,
-`,
 	RunE: deleteCommand{
 		apiType: gitRepositoryType,
 		object:  universalAdapter{&sourcev1.GitRepository{}},

cmd/flux/delete_source_helm.go

@@ -17,14 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"fmt"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
-	"github.com/manifoldco/promptui"
 	"github.com/spf13/cobra"
-	"k8s.io/apimachinery/pkg/types"
 )
 
 var deleteSourceHelmCmd = &cobra.Command{
@@ -32,8 +26,7 @@ var deleteSourceHelmCmd = &cobra.Command{
 	Short: "Delete a HelmRepository source",
 	Long:  "The delete source helm command deletes the given HelmRepository from the cluster.",
 	Example: `  # Delete a Helm repository
-  flux delete source helm podinfo
+  flux delete source helm podinfo`,
-`,
 	RunE: deleteCommand{
 		apiType: helmRepositoryType,
 		object:  universalAdapter{&sourcev1.HelmRepository{}},
@@ -43,48 +36,3 @@ var deleteSourceHelmCmd = &cobra.Command{
 func init() {
 	deleteSourceCmd.AddCommand(deleteSourceHelmCmd)
 }
-
-func deleteSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
-	if len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-	name := args[0]
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	namespacedName := types.NamespacedName{
-		Namespace: rootArgs.namespace,
-		Name:      name,
-	}
-
-	var helmRepository sourcev1.HelmRepository
-	err = kubeClient.Get(ctx, namespacedName, &helmRepository)
-	if err != nil {
-		return err
-	}
-
-	if !deleteArgs.silent {
-		prompt := promptui.Prompt{
-			Label:     "Are you sure you want to delete this source",
-			IsConfirm: true,
-		}
-		if _, err := prompt.Run(); err != nil {
-			return fmt.Errorf("aborting")
-		}
-	}
-
-	logger.Actionf("deleting source %s in %s namespace", name, rootArgs.namespace)
-	err = kubeClient.Delete(ctx, &helmRepository)
-	if err != nil {
-		return err
-	}
-	logger.Successf("source deleted")
-
-	return nil
-}

cmd/flux/docgen.go

@@ -0,0 +1,69 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/cobra/doc"
+)
+
+const fmTemplate = `---
+title: "%s"
+---
+`
+
+var (
+	cmdDocPath string
+)
+
+var docgenCmd = &cobra.Command{
+	Use:    "docgen",
+	Short:  "Generate the documentation for the CLI commands.",
+	Hidden: true,
+	RunE:   docgenCmdRun,
+}
+
+func init() {
+	docgenCmd.Flags().StringVar(&cmdDocPath, "path", "./docs/cmd", "path to write the generated documentation to")
+
+	rootCmd.AddCommand(docgenCmd)
+}
+
+func docgenCmdRun(cmd *cobra.Command, args []string) error {
+	err := doc.GenMarkdownTreeCustom(rootCmd, cmdDocPath, frontmatterPrepender, linkHandler)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func frontmatterPrepender(filename string) string {
+	name := filepath.Base(filename)
+	base := strings.TrimSuffix(name, path.Ext(name))
+	title := strings.Replace(base, "_", " ", -1) + " command"
+	return fmt.Sprintf(fmTemplate, title)
+}
+
+func linkHandler(name string) string {
+	base := strings.TrimSuffix(name, path.Ext(name))
+	return "../" + strings.ToLower(base) + "/"
+}

cmd/flux/export.go

@@ -20,7 +20,6 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -86,8 +85,7 @@ func (export exportCommand) run(cmd *cobra.Command, args []string) error {
 		}
 
 		if export.list.len() == 0 {
-			logger.Failuref("no objects found in %s namespace", rootArgs.namespace)
+			return fmt.Errorf("no objects found in %s namespace", rootArgs.namespace)
-			return nil
 		}
 
 		for i := 0; i < export.list.len(); i++ {

cmd/flux/export_alert.go

@@ -17,17 +17,9 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
 
 var exportAlertCmd = &cobra.Command{
@@ -38,62 +30,18 @@ var exportAlertCmd = &cobra.Command{
   flux export alert --all > alerts.yaml
 
   # Export a Alert
-  flux export alert main > main.yaml
+  flux export alert main > main.yaml`,
-`,
+	RunE: exportCommand{
-	RunE: exportAlertCmdRun,
+		object: alertAdapter{&notificationv1.Alert{}},
+		list:   alertListAdapter{&notificationv1.AlertList{}},
+	}.run,
 }
 
 func init() {
 	exportCmd.AddCommand(exportAlertCmd)
 }
 
-func exportAlertCmdRun(cmd *cobra.Command, args []string) error {
+func exportAlert(alert *notificationv1.Alert) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list notificationv1.AlertList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no alerts found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, alert := range list.Items {
-			if err := exportAlert(alert); err != nil {
-				return err
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var alert notificationv1.Alert
-		err = kubeClient.Get(ctx, namespacedName, &alert)
-		if err != nil {
-			return err
-		}
-		return exportAlert(alert)
-	}
-	return nil
-}
-
-func exportAlert(alert notificationv1.Alert) error {
 	gvk := notificationv1.GroupVersion.WithKind("Alert")
 	export := notificationv1.Alert{
 		TypeMeta: metav1.TypeMeta{
@@ -109,12 +57,13 @@ func exportAlert(alert notificationv1.Alert) error {
 		Spec: alert.Spec,
 	}
 
-	data, err := yaml.Marshal(export)
+	return export
-	if err != nil {
+}
-		return err
+
-	}
+func (ex alertAdapter) export() interface{} {
-
+	return exportAlert(ex.Alert)
-	fmt.Println("---")
+}
-	fmt.Println(resourceToString(data))
+
-	return nil
+func (ex alertListAdapter) exportItem(i int) interface{} {
+	return exportAlert(&ex.AlertList.Items[i])
 }

cmd/flux/export_alertprovider.go

@@ -17,17 +17,9 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
 
 var exportAlertProviderCmd = &cobra.Command{
@@ -38,62 +30,18 @@ var exportAlertProviderCmd = &cobra.Command{
   flux export alert-provider --all > alert-providers.yaml
 
   # Export a Provider
-  flux export alert-provider slack > slack.yaml
+  flux export alert-provider slack > slack.yaml`,
-`,
+	RunE: exportCommand{
-	RunE: exportAlertProviderCmdRun,
+		object: alertProviderAdapter{&notificationv1.Provider{}},
+		list:   alertProviderListAdapter{&notificationv1.ProviderList{}},
+	}.run,
 }
 
 func init() {
 	exportCmd.AddCommand(exportAlertProviderCmd)
 }
 
-func exportAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
+func exportAlertProvider(alertProvider *notificationv1.Provider) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list notificationv1.ProviderList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no alertproviders found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, alertProvider := range list.Items {
-			if err := exportAlertProvider(alertProvider); err != nil {
-				return err
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var alertProvider notificationv1.Provider
-		err = kubeClient.Get(ctx, namespacedName, &alertProvider)
-		if err != nil {
-			return err
-		}
-		return exportAlertProvider(alertProvider)
-	}
-	return nil
-}
-
-func exportAlertProvider(alertProvider notificationv1.Provider) error {
 	gvk := notificationv1.GroupVersion.WithKind("Provider")
 	export := notificationv1.Provider{
 		TypeMeta: metav1.TypeMeta{
@@ -108,13 +56,13 @@ func exportAlertProvider(alertProvider notificationv1.Provider) error {
 		},
 		Spec: alertProvider.Spec,
 	}
-
+	return export
-	data, err := yaml.Marshal(export)
+}
-	if err != nil {
+
-		return err
+func (ex alertProviderAdapter) export() interface{} {
-	}
+	return exportAlertProvider(ex.Provider)
-
+}
-	fmt.Println("---")
+
-	fmt.Println(resourceToString(data))
+func (ex alertProviderListAdapter) exportItem(i int) interface{} {
-	return nil
+	return exportAlertProvider(&ex.ProviderList.Items[i])
 }

cmd/flux/export_helmrelease.go

@@ -17,17 +17,9 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
 )
 
 var exportHelmReleaseCmd = &cobra.Command{
@@ -39,62 +31,18 @@ var exportHelmReleaseCmd = &cobra.Command{
   flux export helmrelease --all > kustomizations.yaml
 
   # Export a HelmRelease
-  flux export hr my-app > app-release.yaml
+  flux export hr my-app > app-release.yaml`,
-`,
+	RunE: exportCommand{
-	RunE: exportHelmReleaseCmdRun,
+		object: helmReleaseAdapter{&helmv2.HelmRelease{}},
+		list:   helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
+	}.run,
 }
 
 func init() {
 	exportCmd.AddCommand(exportHelmReleaseCmd)
 }
 
-func exportHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
+func exportHelmRelease(helmRelease *helmv2.HelmRelease) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list helmv2.HelmReleaseList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no helmrelease found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, helmRelease := range list.Items {
-			if err := exportHelmRelease(helmRelease); err != nil {
-				return err
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var helmRelease helmv2.HelmRelease
-		err = kubeClient.Get(ctx, namespacedName, &helmRelease)
-		if err != nil {
-			return err
-		}
-		return exportHelmRelease(helmRelease)
-	}
-	return nil
-}
-
-func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 	gvk := helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)
 	export := helmv2.HelmRelease{
 		TypeMeta: metav1.TypeMeta{
@@ -109,13 +57,13 @@ func exportHelmRelease(helmRelease helmv2.HelmRelease) error {
 		},
 		Spec: helmRelease.Spec,
 	}
-
+	return export
-	data, err := yaml.Marshal(export)
+}
-	if err != nil {
+
-		return err
+func (ex helmReleaseAdapter) export() interface{} {
-	}
+	return exportHelmRelease(ex.HelmRelease)
-
+}
-	fmt.Println("---")
+
-	fmt.Println(resourceToString(data))
+func (ex helmReleaseListAdapter) exportItem(i int) interface{} {
-	return nil
+	return exportHelmRelease(&ex.HelmReleaseList.Items[i])
 }

cmd/flux/export_image_policy.go

@@ -31,8 +31,7 @@ var exportImagePolicyCmd = &cobra.Command{
   flux export image policy --all > image-policies.yaml
 
   # Export a specific policy
-  flux export image policy alpine1x > alpine1x.yaml
+  flux export image policy alpine1x > alpine1x.yaml`,
-`,
 	RunE: exportCommand{
 		object: imagePolicyAdapter{&imagev1.ImagePolicy{}},
 		list:   imagePolicyListAdapter{&imagev1.ImagePolicyList{}},

cmd/flux/export_image_repository.go

@@ -31,8 +31,7 @@ var exportImageRepositoryCmd = &cobra.Command{
   flux export image repository --all > image-repositories.yaml
 
   # Export a specific ImageRepository resource
-  flux export image repository alpine > alpine.yaml
+  flux export image repository alpine > alpine.yaml`,
-`,
 	RunE: exportCommand{
 		object: imageRepositoryAdapter{&imagev1.ImageRepository{}},
 		list:   imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},

cmd/flux/export_image_update.go

@@ -31,8 +31,7 @@ var exportImageUpdateCmd = &cobra.Command{
   flux export image update --all > updates.yaml
 
   # Export a specific automation
-  flux export image update latest-images > latest.yaml
+  flux export image update latest-images > latest.yaml`,
-`,
 	RunE: exportCommand{
 		object: imageUpdateAutomationAdapter{&autov1.ImageUpdateAutomation{}},
 		list:   imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},

cmd/flux/export_kustomization.go

@@ -17,17 +17,9 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta1"
 )
 
 var exportKsCmd = &cobra.Command{
@@ -39,62 +31,18 @@ var exportKsCmd = &cobra.Command{
   flux export kustomization --all > kustomizations.yaml
 
   # Export a Kustomization
-  flux export kustomization my-app > kustomization.yaml
+  flux export kustomization my-app > kustomization.yaml`,
-`,
+	RunE: exportCommand{
-	RunE: exportKsCmdRun,
+		object: kustomizationAdapter{&kustomizev1.Kustomization{}},
+		list:   kustomizationListAdapter{&kustomizev1.KustomizationList{}},
+	}.run,
 }
 
 func init() {
 	exportCmd.AddCommand(exportKsCmd)
 }
 
-func exportKsCmdRun(cmd *cobra.Command, args []string) error {
+func exportKs(kustomization *kustomizev1.Kustomization) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("kustomization name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list kustomizev1.KustomizationList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no kustomizations found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, kustomization := range list.Items {
-			if err := exportKs(kustomization); err != nil {
-				return err
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var kustomization kustomizev1.Kustomization
-		err = kubeClient.Get(ctx, namespacedName, &kustomization)
-		if err != nil {
-			return err
-		}
-		return exportKs(kustomization)
-	}
-	return nil
-}
-
-func exportKs(kustomization kustomizev1.Kustomization) error {
 	gvk := kustomizev1.GroupVersion.WithKind("Kustomization")
 	export := kustomizev1.Kustomization{
 		TypeMeta: metav1.TypeMeta{
@@ -110,12 +58,13 @@ func exportKs(kustomization kustomizev1.Kustomization) error {
 		Spec: kustomization.Spec,
 	}
 
-	data, err := yaml.Marshal(export)
+	return export
-	if err != nil {
+}
-		return err
+
-	}
+func (ex kustomizationAdapter) export() interface{} {
-
+	return exportKs(ex.Kustomization)
-	fmt.Println("---")
+}
-	fmt.Println(resourceToString(data))
+
-	return nil
+func (ex kustomizationListAdapter) exportItem(i int) interface{} {
+	return exportKs(&ex.KustomizationList.Items[i])
 }

cmd/flux/export_receiver.go

@@ -17,17 +17,9 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
 )
 
 var exportReceiverCmd = &cobra.Command{
@@ -38,62 +30,18 @@ var exportReceiverCmd = &cobra.Command{
   flux export receiver --all > receivers.yaml
 
   # Export a Receiver
-  flux export receiver main > main.yaml
+  flux export receiver main > main.yaml`,
-`,
+	RunE: exportCommand{
-	RunE: exportReceiverCmdRun,
+		list:   receiverListAdapter{&notificationv1.ReceiverList{}},
+		object: receiverAdapter{&notificationv1.Receiver{}},
+	}.run,
 }
 
 func init() {
 	exportCmd.AddCommand(exportReceiverCmd)
 }
 
-func exportReceiverCmdRun(cmd *cobra.Command, args []string) error {
+func exportReceiver(receiver *notificationv1.Receiver) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list notificationv1.ReceiverList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no receivers found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, receiver := range list.Items {
-			if err := exportReceiver(receiver); err != nil {
-				return err
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var receiver notificationv1.Receiver
-		err = kubeClient.Get(ctx, namespacedName, &receiver)
-		if err != nil {
-			return err
-		}
-		return exportReceiver(receiver)
-	}
-	return nil
-}
-
-func exportReceiver(receiver notificationv1.Receiver) error {
 	gvk := notificationv1.GroupVersion.WithKind("Receiver")
 	export := notificationv1.Receiver{
 		TypeMeta: metav1.TypeMeta{
@@ -109,12 +57,13 @@ func exportReceiver(receiver notificationv1.Receiver) error {
 		Spec: receiver.Spec,
 	}
 
-	data, err := yaml.Marshal(export)
+	return export
-	if err != nil {
+}
-		return err
+
-	}
+func (ex receiverAdapter) export() interface{} {
-
+	return exportReceiver(ex.Receiver)
-	fmt.Println("---")
+}
-	fmt.Println(resourceToString(data))
+
-	return nil
+func (ex receiverListAdapter) exportItem(i int) interface{} {
+	return exportReceiver(&ex.ReceiverList.Items[i])
 }

cmd/flux/export_secret.go

@@ -0,0 +1,133 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// exportableWithSecret represents a type that you can fetch from the Kubernetes
+// API, get a secretRef from the spec, then tidy up for serialising.
+type exportableWithSecret interface {
+	adapter
+	exportable
+	secret() *types.NamespacedName
+}
+
+// exportableWithSecretList represents a type that has a list of values, each of
+// which is exportableWithSecret.
+type exportableWithSecretList interface {
+	listAdapter
+	exportableList
+	secretItem(i int) *types.NamespacedName
+}
+
+type exportWithSecretCommand struct {
+	apiType
+	object exportableWithSecret
+	list   exportableWithSecretList
+}
+
+func (export exportWithSecretCommand) run(cmd *cobra.Command, args []string) error {
+	if !exportArgs.all && len(args) < 1 {
+		return fmt.Errorf("name is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return err
+	}
+
+	if exportArgs.all {
+		err = kubeClient.List(ctx, export.list.asClientList(), client.InNamespace(rootArgs.namespace))
+		if err != nil {
+			return err
+		}
+
+		if export.list.len() == 0 {
+			return fmt.Errorf("no objects found in %s namespace", rootArgs.namespace)
+		}
+
+		for i := 0; i < export.list.len(); i++ {
+			if err = printExport(export.list.exportItem(i)); err != nil {
+				return err
+			}
+
+			if exportSourceWithCred {
+				if export.list.secretItem(i) != nil {
+					namespacedName := *export.list.secretItem(i)
+					return printSecretCredentials(ctx, kubeClient, namespacedName)
+				}
+			}
+		}
+	} else {
+		name := args[0]
+		namespacedName := types.NamespacedName{
+			Namespace: rootArgs.namespace,
+			Name:      name,
+		}
+		err = kubeClient.Get(ctx, namespacedName, export.object.asClientObject())
+		if err != nil {
+			return err
+		}
+
+		if err := printExport(export.object.export()); err != nil {
+			return err
+		}
+
+		if exportSourceWithCred {
+			if export.object.secret() != nil {
+				namespacedName := *export.object.secret()
+				return printSecretCredentials(ctx, kubeClient, namespacedName)
+			}
+		}
+
+	}
+	return nil
+}
+
+func printSecretCredentials(ctx context.Context, kubeClient client.Client, nsName types.NamespacedName) error {
+	var cred corev1.Secret
+	err := kubeClient.Get(ctx, nsName, &cred)
+	if err != nil {
+		return fmt.Errorf("failed to retrieve secret %s, error: %w", nsName.Name, err)
+	}
+
+	exported := corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      nsName.Name,
+			Namespace: nsName.Namespace,
+		},
+		Data: cred.Data,
+		Type: cred.Type,
+	}
+	return printExport(exported)
+}

cmd/flux/export_source_bucket.go

@@ -17,94 +17,32 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceBucketCmd = &cobra.Command{
 	Use:   "bucket [name]",
 	Short: "Export Bucket sources in YAML format",
-	Long:  "The export source git command exports on or all Bucket sources in YAML format.",
+	Long:  "The export source git command exports one or all Bucket sources in YAML format.",
 	Example: `  # Export all Bucket sources
   flux export source bucket --all > sources.yaml
 
   # Export a Bucket source including the static credentials
-  flux export source bucket my-bucket --with-credentials > source.yaml
+  flux export source bucket my-bucket --with-credentials > source.yaml`,
-`,
+	RunE: exportWithSecretCommand{
-	RunE: exportSourceBucketCmdRun,
+		list:   bucketListAdapter{&sourcev1.BucketList{}},
+		object: bucketAdapter{&sourcev1.Bucket{}},
+	}.run,
 }
 
 func init() {
 	exportSourceCmd.AddCommand(exportSourceBucketCmd)
 }
 
-func exportSourceBucketCmdRun(cmd *cobra.Command, args []string) error {
+func exportBucket(source *sourcev1.Bucket) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list sourcev1.BucketList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, bucket := range list.Items {
-			if err := exportBucket(bucket); err != nil {
-				return err
-			}
-			if exportSourceWithCred {
-				if err := exportBucketCredentials(ctx, kubeClient, bucket); err != nil {
-					return err
-				}
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var bucket sourcev1.Bucket
-		err = kubeClient.Get(ctx, namespacedName, &bucket)
-		if err != nil {
-			return err
-		}
-		if err := exportBucket(bucket); err != nil {
-			return err
-		}
-		if exportSourceWithCred {
-			return exportBucketCredentials(ctx, kubeClient, bucket)
-		}
-	}
-	return nil
-}
-
-func exportBucket(source sourcev1.Bucket) error {
 	gvk := sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)
 	export := sourcev1.Bucket{
 		TypeMeta: metav1.TypeMeta{
@@ -119,49 +57,34 @@ func exportBucket(source sourcev1.Bucket) error {
 		},
 		Spec: source.Spec,
 	}
-
+	return export
-	data, err := yaml.Marshal(export)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
-	return nil
 }
 
-func exportBucketCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.Bucket) error {
+func getBucketSecret(source *sourcev1.Bucket) *types.NamespacedName {
 	if source.Spec.SecretRef != nil {
 		namespacedName := types.NamespacedName{
 			Namespace: source.Namespace,
 			Name:      source.Spec.SecretRef.Name,
 		}
-		var cred corev1.Secret
-		err := kubeClient.Get(ctx, namespacedName, &cred)
-		if err != nil {
-			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
-		}
 
-		exported := corev1.Secret{
+		return &namespacedName
-			TypeMeta: metav1.TypeMeta{
-				APIVersion: "v1",
-				Kind:       "Secret",
-			},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      namespacedName.Name,
-				Namespace: namespacedName.Namespace,
-			},
-			Data: cred.Data,
-			Type: cred.Type,
-		}
-
-		data, err := yaml.Marshal(exported)
-		if err != nil {
-			return err
-		}
-
-		fmt.Println("---")
-		fmt.Println(resourceToString(data))
 	}
+
 	return nil
 }
+
+func (ex bucketAdapter) secret() *types.NamespacedName {
+	return getBucketSecret(ex.Bucket)
+}
+
+func (ex bucketListAdapter) secretItem(i int) *types.NamespacedName {
+	return getBucketSecret(&ex.BucketList.Items[i])
+}
+
+func (ex bucketAdapter) export() interface{} {
+	return exportBucket(ex.Bucket)
+}
+
+func (ex bucketListAdapter) exportItem(i int) interface{} {
+	return exportBucket(&ex.BucketList.Items[i])
+}

cmd/flux/export_source_git.go

@@ -17,94 +17,32 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceGitCmd = &cobra.Command{
 	Use:   "git [name]",
 	Short: "Export GitRepository sources in YAML format",
-	Long:  "The export source git command exports on or all GitRepository sources in YAML format.",
+	Long:  "The export source git command exports one or all GitRepository sources in YAML format.",
 	Example: `  # Export all GitRepository sources
   flux export source git --all > sources.yaml
 
   # Export a GitRepository source including the SSH key pair or basic auth credentials
-  flux export source git my-private-repo --with-credentials > source.yaml
+  flux export source git my-private-repo --with-credentials > source.yaml`,
-`,
+	RunE: exportWithSecretCommand{
-	RunE: exportSourceGitCmdRun,
+		object: gitRepositoryAdapter{&sourcev1.GitRepository{}},
+		list:   gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
+	}.run,
 }
 
 func init() {
 	exportSourceCmd.AddCommand(exportSourceGitCmd)
 }
 
-func exportSourceGitCmdRun(cmd *cobra.Command, args []string) error {
+func exportGit(source *sourcev1.GitRepository) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list sourcev1.GitRepositoryList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, repository := range list.Items {
-			if err := exportGit(repository); err != nil {
-				return err
-			}
-			if exportSourceWithCred {
-				if err := exportGitCredentials(ctx, kubeClient, repository); err != nil {
-					return err
-				}
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var repository sourcev1.GitRepository
-		err = kubeClient.Get(ctx, namespacedName, &repository)
-		if err != nil {
-			return err
-		}
-		if err := exportGit(repository); err != nil {
-			return err
-		}
-		if exportSourceWithCred {
-			return exportGitCredentials(ctx, kubeClient, repository)
-		}
-	}
-	return nil
-}
-
-func exportGit(source sourcev1.GitRepository) error {
 	gvk := sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)
 	export := sourcev1.GitRepository{
 		TypeMeta: metav1.TypeMeta{
@@ -120,48 +58,33 @@ func exportGit(source sourcev1.GitRepository) error {
 		Spec: source.Spec,
 	}
 
-	data, err := yaml.Marshal(export)
+	return export
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
-	return nil
 }
 
-func exportGitCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.GitRepository) error {
+func getGitSecret(source *sourcev1.GitRepository) *types.NamespacedName {
 	if source.Spec.SecretRef != nil {
 		namespacedName := types.NamespacedName{
 			Namespace: source.Namespace,
 			Name:      source.Spec.SecretRef.Name,
 		}
-		var cred corev1.Secret
+		return &namespacedName
-		err := kubeClient.Get(ctx, namespacedName, &cred)
-		if err != nil {
-			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
-		}
-
-		exported := corev1.Secret{
-			TypeMeta: metav1.TypeMeta{
-				APIVersion: "v1",
-				Kind:       "Secret",
-			},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      namespacedName.Name,
-				Namespace: namespacedName.Namespace,
-			},
-			Data: cred.Data,
-			Type: cred.Type,
-		}
-
-		data, err := yaml.Marshal(exported)
-		if err != nil {
-			return err
-		}
-
-		fmt.Println("---")
-		fmt.Println(resourceToString(data))
 	}
+
 	return nil
 }
+
+func (ex gitRepositoryAdapter) secret() *types.NamespacedName {
+	return getGitSecret(ex.GitRepository)
+}
+
+func (ex gitRepositoryListAdapter) secretItem(i int) *types.NamespacedName {
+	return getGitSecret(&ex.GitRepositoryList.Items[i])
+}
+
+func (ex gitRepositoryAdapter) export() interface{} {
+	return exportGit(ex.GitRepository)
+}
+
+func (ex gitRepositoryListAdapter) exportItem(i int) interface{} {
+	return exportGit(&ex.GitRepositoryList.Items[i])
+}

cmd/flux/export_source_helm.go

@@ -17,94 +17,32 @@ limitations under the License.
 package main
 
 import (
-	"context"
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
-	"fmt"
-
 	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/yaml"
-
-	"github.com/fluxcd/flux2/internal/utils"
-	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
 )
 
 var exportSourceHelmCmd = &cobra.Command{
 	Use:   "helm [name]",
 	Short: "Export HelmRepository sources in YAML format",
-	Long:  "The export source git command exports on or all HelmRepository sources in YAML format.",
+	Long:  "The export source git command exports one or all HelmRepository sources in YAML format.",
 	Example: `  # Export all HelmRepository sources
   flux export source helm --all > sources.yaml
 
   # Export a HelmRepository source including the basic auth credentials
-  flux export source helm my-private-repo --with-credentials > source.yaml
+  flux export source helm my-private-repo --with-credentials > source.yaml`,
-`,
+	RunE: exportWithSecretCommand{
-	RunE: exportSourceHelmCmdRun,
+		list:   helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
+		object: helmRepositoryAdapter{&sourcev1.HelmRepository{}},
+	}.run,
 }
 
 func init() {
 	exportSourceCmd.AddCommand(exportSourceHelmCmd)
 }
 
-func exportSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
+func exportHelmRepository(source *sourcev1.HelmRepository) interface{} {
-	if !exportArgs.all && len(args) < 1 {
-		return fmt.Errorf("name is required")
-	}
-
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
-	defer cancel()
-
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
-	if err != nil {
-		return err
-	}
-
-	if exportArgs.all {
-		var list sourcev1.HelmRepositoryList
-		err = kubeClient.List(ctx, &list, client.InNamespace(rootArgs.namespace))
-		if err != nil {
-			return err
-		}
-
-		if len(list.Items) == 0 {
-			logger.Failuref("no source found in %s namespace", rootArgs.namespace)
-			return nil
-		}
-
-		for _, repository := range list.Items {
-			if err := exportHelmRepository(repository); err != nil {
-				return err
-			}
-			if exportSourceWithCred {
-				if err := exportHelmCredentials(ctx, kubeClient, repository); err != nil {
-					return err
-				}
-			}
-		}
-	} else {
-		name := args[0]
-		namespacedName := types.NamespacedName{
-			Namespace: rootArgs.namespace,
-			Name:      name,
-		}
-		var repository sourcev1.HelmRepository
-		err = kubeClient.Get(ctx, namespacedName, &repository)
-		if err != nil {
-			return err
-		}
-		if err := exportHelmRepository(repository); err != nil {
-			return err
-		}
-		if exportSourceWithCred {
-			return exportHelmCredentials(ctx, kubeClient, repository)
-		}
-	}
-	return nil
-}
-
-func exportHelmRepository(source sourcev1.HelmRepository) error {
 	gvk := sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)
 	export := sourcev1.HelmRepository{
 		TypeMeta: metav1.TypeMeta{
@@ -119,49 +57,32 @@ func exportHelmRepository(source sourcev1.HelmRepository) error {
 		},
 		Spec: source.Spec,
 	}
-
+	return export
-	data, err := yaml.Marshal(export)
-	if err != nil {
-		return err
-	}
-
-	fmt.Println("---")
-	fmt.Println(resourceToString(data))
-	return nil
 }
 
-func exportHelmCredentials(ctx context.Context, kubeClient client.Client, source sourcev1.HelmRepository) error {
+func getHelmSecret(source *sourcev1.HelmRepository) *types.NamespacedName {
 	if source.Spec.SecretRef != nil {
 		namespacedName := types.NamespacedName{
 			Namespace: source.Namespace,
 			Name:      source.Spec.SecretRef.Name,
 		}
-		var cred corev1.Secret
+		return &namespacedName
-		err := kubeClient.Get(ctx, namespacedName, &cred)
-		if err != nil {
-			return fmt.Errorf("failed to retrieve secret %s, error: %w", namespacedName.Name, err)
-		}
-
-		exported := corev1.Secret{
-			TypeMeta: metav1.TypeMeta{
-				APIVersion: "v1",
-				Kind:       "Secret",
-			},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      namespacedName.Name,
-				Namespace: namespacedName.Namespace,
-			},
-			Data: cred.Data,
-			Type: cred.Type,
-		}
-
-		data, err := yaml.Marshal(exported)
-		if err != nil {
-			return err
-		}
-
-		fmt.Println("---")
-		fmt.Println(resourceToString(data))
 	}
 	return nil
 }
+
+func (ex helmRepositoryAdapter) secret() *types.NamespacedName {
+	return getHelmSecret(ex.HelmRepository)
+}
+
+func (ex helmRepositoryListAdapter) secretItem(i int) *types.NamespacedName {
+	return getHelmSecret(&ex.HelmRepositoryList.Items[i])
+}
+
+func (ex helmRepositoryAdapter) export() interface{} {
+	return exportHelmRepository(ex.HelmRepository)
+}
+
+func (ex helmRepositoryListAdapter) exportItem(i int) interface{} {
+	return exportHelmRepository(&ex.HelmRepositoryList.Items[i])
+}

cmd/flux/get.go

@@ -18,7 +18,9 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"os"
+	"strings"
 
 	"github.com/spf13/cobra"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
@@ -32,8 +34,8 @@ import (
 
 var getCmd = &cobra.Command{
 	Use:   "get",
-	Short: "Get sources and resources",
+	Short: "Get the resources and their status",
-	Long:  "The get sub-commands print the statuses of sources and resources.",
+	Long:  "The get sub-commands print the statuses of Flux resources.",
 }
 
 type GetFlags struct {
@@ -50,7 +52,7 @@ func init() {
 
 type summarisable interface {
 	listAdapter
-	summariseItem(i int, includeNamespace bool) []string
+	summariseItem(i int, includeNamespace bool, includeKind bool) []string
 	headers(includeNamespace bool) []string
 }
 
@@ -63,11 +65,17 @@ func statusAndMessage(conditions []metav1.Condition) (string, string) {
 	return string(metav1.ConditionFalse), "waiting to be reconciled"
 }
 
-func nameColumns(item named, includeNamespace bool) []string {
+func nameColumns(item named, includeNamespace bool, includeKind bool) []string {
-	if includeNamespace {
+	name := item.GetName()
-		return []string{item.GetNamespace(), item.GetName()}
+	if includeKind {
+		name = fmt.Sprintf("%s/%s",
+			strings.ToLower(item.GetObjectKind().GroupVersionKind().Kind),
+			item.GetName())
 	}
-	return []string{item.GetName()}
+	if includeNamespace {
+		return []string{item.GetNamespace(), name}
+	}
+	return []string{name}
 }
 
 var namespaceHeader = []string{"Namespace"}
@@ -100,17 +108,25 @@ func (get getCommand) run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	getAll := cmd.Use == "all"
+
 	if get.list.len() == 0 {
-		logger.Failuref("no %s objects found in %s namespace", get.kind, rootArgs.namespace)
+		if !getAll {
+			logger.Failuref("no %s objects found in %s namespace", get.kind, rootArgs.namespace)
+		}
 		return nil
 	}
 
 	header := get.list.headers(getArgs.allNamespaces)
 	var rows [][]string
 	for i := 0; i < get.list.len(); i++ {
-		row := get.list.summariseItem(i, getArgs.allNamespaces)
+		row := get.list.summariseItem(i, getArgs.allNamespaces, getAll)
 		rows = append(rows, row)
 	}
 	utils.PrintTable(os.Stdout, header, rows)
+
+	if getAll {
+		fmt.Println()
+	}
 	return nil
 }

cmd/flux/get_alert.go

@@ -17,19 +17,11 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"os"
 	"strconv"
 	"strings"
 
-	"github.com/spf13/cobra"
-	apimeta "k8s.io/apimachinery/pkg/api/meta"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/spf13/cobra"
 )
 
 var getAlertCmd = &cobra.Command{
@@ -38,66 +30,27 @@ var getAlertCmd = &cobra.Command{
 	Short:   "Get Alert statuses",
 	Long:    "The get alert command prints the statuses of the resources.",
 	Example: `  # List all Alerts and their status
-  flux get alerts
+  flux get alerts`,
-`,
+	RunE: getCommand{
-	RunE: getAlertCmdRun,
+		apiType: alertType,
+		list:    &alertListAdapter{&notificationv1.AlertList{}},
+	}.run,
 }
 
 func init() {
 	getCmd.AddCommand(getAlertCmd)
 }
 
-func getAlertCmdRun(cmd *cobra.Command, args []string) error {
+func (s alertListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	item := s.Items[i]
-	defer cancel()
+	status, msg := statusAndMessage(item.Status.Conditions)
-
+	return append(nameColumns(&item, includeNamespace, includeKind), status, msg, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+}
-	if err != nil {
+
-		return err
+func (s alertListAdapter) headers(includeNamespace bool) []string {
-	}
+	headers := []string{"Name", "Ready", "Message", "Suspended"}
-
+	if includeNamespace {
-	var listOpts []client.ListOption
+		return append(namespaceHeader, headers...)
-	if !getArgs.allNamespaces {
+	}
-		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
+	return headers
-	}
-	var list notificationv1.AlertList
-	err = kubeClient.List(ctx, &list, listOpts...)
-	if err != nil {
-		return err
-	}
-
-	if len(list.Items) == 0 {
-		logger.Failuref("no alerts found in %s namespace", rootArgs.namespace)
-		return nil
-	}
-
-	header := []string{"Name", "Ready", "Message", "Suspended"}
-	if getArgs.allNamespaces {
-		header = append([]string{"Namespace"}, header...)
-	}
-	var rows [][]string
-	for _, alert := range list.Items {
-		row := []string{}
-		if c := apimeta.FindStatusCondition(alert.Status.Conditions, meta.ReadyCondition); c != nil {
-			row = []string{
-				alert.GetName(),
-				string(c.Status),
-				c.Message,
-				strings.Title(strconv.FormatBool(alert.Spec.Suspend)),
-			}
-		} else {
-			row = []string{
-				alert.GetName(),
-				string(metav1.ConditionFalse),
-				"waiting to be reconciled",
-				strings.Title(strconv.FormatBool(alert.Spec.Suspend)),
-			}
-		}
-		if getArgs.allNamespaces {
-			row = append([]string{alert.Namespace}, row...)
-		}
-		rows = append(rows, row)
-	}
-	utils.PrintTable(os.Stdout, header, rows)
-	return nil
 }

cmd/flux/get_alertprovider.go

@@ -17,17 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"os"
-
-	"github.com/spf13/cobra"
-	apimeta "k8s.io/apimachinery/pkg/api/meta"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/spf13/cobra"
 )
 
 var getAlertProviderCmd = &cobra.Command{
@@ -36,64 +27,27 @@ var getAlertProviderCmd = &cobra.Command{
 	Short:   "Get Provider statuses",
 	Long:    "The get alert-provider command prints the statuses of the resources.",
 	Example: `  # List all Providers and their status
-  flux get alert-providers
+  flux get alert-providers`,
-`,
+	RunE: getCommand{
-	RunE: getAlertProviderCmdRun,
+		apiType: alertProviderType,
+		list:    alertProviderListAdapter{&notificationv1.ProviderList{}},
+	}.run,
 }
 
 func init() {
 	getCmd.AddCommand(getAlertProviderCmd)
 }
 
-func getAlertProviderCmdRun(cmd *cobra.Command, args []string) error {
+func (s alertProviderListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	item := s.Items[i]
-	defer cancel()
+	status, msg := statusAndMessage(item.Status.Conditions)
-
+	return append(nameColumns(&item, includeNamespace, includeKind), status, msg)
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+}
-	if err != nil {
+
-		return err
+func (s alertProviderListAdapter) headers(includeNamespace bool) []string {
-	}
+	headers := []string{"Name", "Ready", "Message"}
-
+	if includeNamespace {
-	var listOpts []client.ListOption
+		return append(namespaceHeader, headers...)
-	if !getArgs.allNamespaces {
+	}
-		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
+	return headers
-	}
-	var list notificationv1.ProviderList
-	err = kubeClient.List(ctx, &list, listOpts...)
-	if err != nil {
-		return err
-	}
-
-	if len(list.Items) == 0 {
-		logger.Failuref("no providers found in %s namespace", rootArgs.namespace)
-		return nil
-	}
-
-	header := []string{"Name", "Ready", "Message"}
-	if getArgs.allNamespaces {
-		header = append([]string{"Namespace"}, header...)
-	}
-	var rows [][]string
-	for _, provider := range list.Items {
-		row := []string{}
-		if c := apimeta.FindStatusCondition(provider.Status.Conditions, meta.ReadyCondition); c != nil {
-			row = []string{
-				provider.GetName(),
-				string(c.Status),
-				c.Message,
-			}
-		} else {
-			row = []string{
-				provider.GetName(),
-				string(metav1.ConditionFalse),
-				"waiting to be reconciled",
-			}
-		}
-		if getArgs.allNamespaces {
-			row = append([]string{provider.Namespace}, row...)
-		}
-		rows = append(rows, row)
-	}
-	utils.PrintTable(os.Stdout, header, rows)
-	return nil
 }

cmd/flux/get_helmrelease.go

@@ -30,8 +30,7 @@ var getHelmReleaseCmd = &cobra.Command{
 	Short:   "Get HelmRelease statuses",
 	Long:    "The get helmreleases command prints the statuses of the resources.",
 	Example: `  # List all Helm releases and their status
-  flux get helmreleases
+  flux get helmreleases`,
-`,
 	RunE: getCommand{
 		apiType: helmReleaseType,
 		list:    &helmReleaseListAdapter{&helmv2.HelmReleaseList{}},
@@ -42,11 +41,11 @@ func init() {
 	getCmd.AddCommand(getHelmReleaseCmd)
 }
 
-func (a helmReleaseListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a helmReleaseListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	revision := item.Status.LastAppliedRevision
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_image_all.go

@@ -0,0 +1,65 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	autov1 "github.com/fluxcd/image-automation-controller/api/v1alpha1"
+	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	"github.com/spf13/cobra"
+)
+
+var getImageAllCmd = &cobra.Command{
+	Use:   "all",
+	Short: "Get all image statuses",
+	Long:  "The get image sub-commands print the statuses of all image objects.",
+	Example: `  # List all image objects in a namespace
+  flux get images all --namespace=flux-system
+
+  # List all image objects in all namespaces
+  flux get images all --all-namespaces`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		c := getCommand{
+			apiType: imageRepositoryType,
+			list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		c = getCommand{
+			apiType: imagePolicyType,
+			list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		c = getCommand{
+			apiType: imageUpdateAutomationType,
+			list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	getImageCmd.AddCommand(getImageAllCmd)
+}

cmd/flux/get_image_policy.go

@@ -30,8 +30,7 @@ var getImagePolicyCmd = &cobra.Command{
   flux get image policy
 
  # List image policies from all namespaces
-  flux get image policy --all-namespaces
+  flux get image policy --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: imagePolicyType,
 		list:    &imagePolicyListAdapter{&imagev1.ImagePolicyList{}},
@@ -42,10 +41,10 @@ func init() {
 	getImageCmd.AddCommand(getImagePolicyCmd)
 }
 
-func (s imagePolicyListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (s imagePolicyListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := s.Items[i]
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace), status, msg, item.Status.LatestImage)
+	return append(nameColumns(&item, includeNamespace, includeKind), status, msg, item.Status.LatestImage)
 }
 
 func (s imagePolicyListAdapter) headers(includeNamespace bool) []string {

cmd/flux/get_image_repository.go

@@ -34,8 +34,7 @@ var getImageRepositoryCmd = &cobra.Command{
   flux get image repository
 
  # List image repositories from all namespaces
-  flux get image repository --all-namespaces
+  flux get image repository --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: imageRepositoryType,
 		list:    imageRepositoryListAdapter{&imagev1.ImageRepositoryList{}},
@@ -46,14 +45,14 @@ func init() {
 	getImageCmd.AddCommand(getImageRepositoryCmd)
 }
 
-func (s imageRepositoryListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (s imageRepositoryListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := s.Items[i]
 	status, msg := statusAndMessage(item.Status.Conditions)
 	var lastScan string
 	if item.Status.LastScanResult != nil {
 		lastScan = item.Status.LastScanResult.ScanTime.Time.Format(time.RFC3339)
 	}
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, lastScan, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_image_update.go

@@ -34,8 +34,7 @@ var getImageUpdateCmd = &cobra.Command{
   flux get image update
 
  # List image update automations from all namespaces
-  flux get image update --all-namespaces
+  flux get image update --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: imageUpdateAutomationType,
 		list:    &imageUpdateAutomationListAdapter{&autov1.ImageUpdateAutomationList{}},
@@ -46,14 +45,14 @@ func init() {
 	getImageCmd.AddCommand(getImageUpdateCmd)
 }
 
-func (s imageUpdateAutomationListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (s imageUpdateAutomationListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := s.Items[i]
 	status, msg := statusAndMessage(item.Status.Conditions)
 	var lastRun string
 	if item.Status.LastAutomationRunTime != nil {
 		lastRun = item.Status.LastAutomationRunTime.Time.Format(time.RFC3339)
 	}
-	return append(nameColumns(&item, includeNamespace), status, msg, lastRun, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
+	return append(nameColumns(&item, includeNamespace, includeKind), status, msg, lastRun, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 
 func (s imageUpdateAutomationListAdapter) headers(includeNamespace bool) []string {

cmd/flux/get_kustomization.go

@@ -30,8 +30,7 @@ var getKsCmd = &cobra.Command{
 	Short:   "Get Kustomization statuses",
 	Long:    "The get kustomizations command prints the statuses of the resources.",
 	Example: `  # List all kustomizations and their status
-  flux get kustomizations
+  flux get kustomizations`,
-`,
 	RunE: getCommand{
 		apiType: kustomizationType,
 		list:    &kustomizationListAdapter{&kustomizev1.KustomizationList{}},
@@ -42,11 +41,11 @@ func init() {
 	getCmd.AddCommand(getKsCmd)
 }
 
-func (a kustomizationListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a kustomizationListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	revision := item.Status.LastAppliedRevision
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_receiver.go

@@ -17,19 +17,11 @@ limitations under the License.
 package main
 
 import (
-	"context"
-	"os"
 	"strconv"
 	"strings"
 
-	"github.com/spf13/cobra"
-	apimeta "k8s.io/apimachinery/pkg/api/meta"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
-	"github.com/fluxcd/flux2/internal/utils"
 	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
-	"github.com/fluxcd/pkg/apis/meta"
+	"github.com/spf13/cobra"
 )
 
 var getReceiverCmd = &cobra.Command{
@@ -38,63 +30,27 @@ var getReceiverCmd = &cobra.Command{
 	Short:   "Get Receiver statuses",
 	Long:    "The get receiver command prints the statuses of the resources.",
 	Example: `  # List all Receiver and their status
-  flux get receivers
+  flux get receivers`,
-`,
+	RunE: getCommand{
-	RunE: getReceiverCmdRun,
+		apiType: receiverType,
+		list:    receiverListAdapter{&notificationv1.ReceiverList{}},
+	}.run,
 }
 
 func init() {
 	getCmd.AddCommand(getReceiverCmd)
 }
 
-func getReceiverCmdRun(cmd *cobra.Command, args []string) error {
+func (s receiverListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
-	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	item := s.Items[i]
-	defer cancel()
+	status, msg := statusAndMessage(item.Status.Conditions)
-
+	return append(nameColumns(&item, includeNamespace, includeKind), status, msg, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
-	kubeClient, err := utils.KubeClient(rootArgs.kubeconfig, rootArgs.kubecontext)
+}
-	if err != nil {
+
-		return err
+func (s receiverListAdapter) headers(includeNamespace bool) []string {
-	}
+	headers := []string{"Name", "Ready", "Message", "Suspended"}
-
+	if includeNamespace {
-	var listOpts []client.ListOption
+		return append(namespaceHeader, headers...)
-	if !getArgs.allNamespaces {
+	}
-		listOpts = append(listOpts, client.InNamespace(rootArgs.namespace))
+	return headers
-	}
-	var list notificationv1.ReceiverList
-	err = kubeClient.List(ctx, &list, listOpts...)
-	if err != nil {
-		return err
-	}
-
-	if len(list.Items) == 0 {
-		logger.Failuref("no receivers found in %s namespace", rootArgs.namespace)
-		return nil
-	}
-
-	header := []string{"Name", "Ready", "Message", "Suspended"}
-	if getArgs.allNamespaces {
-		header = append([]string{"Namespace"}, header...)
-	}
-	var rows [][]string
-	for _, receiver := range list.Items {
-		row := []string{}
-		if c := apimeta.FindStatusCondition(receiver.Status.Conditions, meta.ReadyCondition); c != nil {
-			row = []string{
-				receiver.GetName(),
-				string(c.Status),
-				c.Message,
-				strings.Title(strconv.FormatBool(receiver.Spec.Suspend)),
-			}
-		} else {
-			row = []string{
-				receiver.GetName(),
-				string(metav1.ConditionFalse),
-				"waiting to be reconciled",
-				strings.Title(strconv.FormatBool(receiver.Spec.Suspend)),
-			}
-		}
-		rows = append(rows, row)
-	}
-	utils.PrintTable(os.Stdout, header, rows)
-	return nil
 }

cmd/flux/get_source_all.go

@@ -0,0 +1,72 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	sourcev1 "github.com/fluxcd/source-controller/api/v1beta1"
+	"github.com/spf13/cobra"
+)
+
+var getSourceAllCmd = &cobra.Command{
+	Use:   "all",
+	Short: "Get all source statuses",
+	Long:  "The get sources all command print the statuses of all sources.",
+	Example: `  # List all sources in a namespace
+  flux get sources all --namespace=flux-system
+
+  # List all sources in all namespaces
+  flux get sources all --all-namespaces`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		c := getCommand{
+			apiType: bucketType,
+			list:    &bucketListAdapter{&sourcev1.BucketList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		c = getCommand{
+			apiType: gitRepositoryType,
+			list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		c = getCommand{
+			apiType: helmRepositoryType,
+			list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		c = getCommand{
+			apiType: helmChartType,
+			list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
+		}
+		if err := c.run(cmd, args); err != nil {
+			logger.Failuref(err.Error())
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	getSourceCmd.AddCommand(getSourceAllCmd)
+}

cmd/flux/get_source_bucket.go

@@ -32,8 +32,7 @@ var getSourceBucketCmd = &cobra.Command{
   flux get sources bucket
 
  # List buckets from all namespaces
-  flux get sources helm --all-namespaces
+  flux get sources helm --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: bucketType,
 		list:    &bucketListAdapter{&sourcev1.BucketList{}},
@@ -44,14 +43,14 @@ func init() {
 	getSourceCmd.AddCommand(getSourceBucketCmd)
 }
 
-func (a *bucketListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a *bucketListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	var revision string
 	if item.GetArtifact() != nil {
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_source_chart.go

@@ -32,8 +32,7 @@ var getSourceHelmChartCmd = &cobra.Command{
   flux get sources chart
 
  # List Helm charts from all namespaces
-  flux get sources chart --all-namespaces
+  flux get sources chart --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: helmChartType,
 		list:    &helmChartListAdapter{&sourcev1.HelmChartList{}},
@@ -44,14 +43,14 @@ func init() {
 	getSourceCmd.AddCommand(getSourceHelmChartCmd)
 }
 
-func (a *helmChartListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a *helmChartListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	var revision string
 	if item.GetArtifact() != nil {
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_source_git.go

@@ -32,8 +32,7 @@ var getSourceGitCmd = &cobra.Command{
   flux get sources git
 
  # List Git repositories from all namespaces
-  flux get sources git --all-namespaces
+  flux get sources git --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: gitRepositoryType,
 		list:    &gitRepositoryListAdapter{&sourcev1.GitRepositoryList{}},
@@ -44,14 +43,14 @@ func init() {
 	getSourceCmd.AddCommand(getSourceGitCmd)
 }
 
-func (a *gitRepositoryListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a *gitRepositoryListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	var revision string
 	if item.GetArtifact() != nil {
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/get_source_helm.go

@@ -32,8 +32,7 @@ var getSourceHelmCmd = &cobra.Command{
   flux get sources helm
 
  # List Helm repositories from all namespaces
-  flux get sources helm --all-namespaces
+  flux get sources helm --all-namespaces`,
-`,
 	RunE: getCommand{
 		apiType: helmRepositoryType,
 		list:    &helmRepositoryListAdapter{&sourcev1.HelmRepositoryList{}},
@@ -44,14 +43,14 @@ func init() {
 	getSourceCmd.AddCommand(getSourceHelmCmd)
 }
 
-func (a *helmRepositoryListAdapter) summariseItem(i int, includeNamespace bool) []string {
+func (a *helmRepositoryListAdapter) summariseItem(i int, includeNamespace bool, includeKind bool) []string {
 	item := a.Items[i]
 	var revision string
 	if item.GetArtifact() != nil {
 		revision = item.GetArtifact().Revision
 	}
 	status, msg := statusAndMessage(item.Status.Conditions)
-	return append(nameColumns(&item, includeNamespace),
+	return append(nameColumns(&item, includeNamespace, includeKind),
 		status, msg, revision, strings.Title(strconv.FormatBool(item.Spec.Suspend)))
 }
 

cmd/flux/install.go

@@ -30,6 +30,7 @@ import (
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
+	"github.com/fluxcd/flux2/pkg/status"
 )
 
 var installCmd = &cobra.Command{
@@ -50,84 +51,85 @@ If a previous version is installed, then an in-place upgrade will be performed.`
   flux install --dry-run --verbose
 
   # Write install manifests to file
-  flux install --export > flux-system.yaml
+  flux install --export > flux-system.yaml`,
-`,
 	RunE: installCmdRun,
 }
 
-var (
+type installFlags struct {
-	installExport             bool
+	export             bool
-	installDryRun             bool
+	dryRun             bool
-	installManifestsPath      string
+	version            string
-	installVersion            string
+	defaultComponents  []string
-	installDefaultComponents  []string
+	extraComponents    []string
-	installExtraComponents    []string
+	registry           string
-	installRegistry           string
+	imagePullSecret    string
-	installImagePullSecret    string
+	branch             string
-	installWatchAllNamespaces bool
+	watchAllNamespaces bool
-	installNetworkPolicy      bool
+	networkPolicy      bool
-	installArch               flags.Arch
+	manifestsPath      string
-	installLogLevel           = flags.LogLevel(rootArgs.defaults.LogLevel)
+	arch               flags.Arch
-	installClusterDomain      string
+	logLevel           flags.LogLevel
-	installTolerationKeys     []string
+	tokenAuth          bool
-)
+	clusterDomain      string
+	tolerationKeys     []string
+}
+
+var installArgs = NewInstallFlags()
 
 func init() {
-	installCmd.Flags().BoolVar(&installExport, "export", false,
+	installCmd.Flags().BoolVar(&installArgs.export, "export", false,
 		"write the install manifests to stdout and exit")
-	installCmd.Flags().BoolVarP(&installDryRun, "dry-run", "", false,
+	installCmd.Flags().BoolVarP(&installArgs.dryRun, "dry-run", "", false,
 		"only print the object that would be applied")
-	installCmd.Flags().StringVarP(&installVersion, "version", "v", rootArgs.defaults.Version,
+	installCmd.Flags().StringVarP(&installArgs.version, "version", "v", "",
-		"toolkit version")
+		"toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases")
-	installCmd.Flags().StringSliceVar(&installDefaultComponents, "components", rootArgs.defaults.Components,
+	installCmd.Flags().StringSliceVar(&installArgs.defaultComponents, "components", rootArgs.defaults.Components,
 		"list of components, accepts comma-separated values")
-	installCmd.Flags().StringSliceVar(&installExtraComponents, "components-extra", nil,
+	installCmd.Flags().StringSliceVar(&installArgs.extraComponents, "components-extra", nil,
 		"list of components in addition to those supplied or defaulted, accepts comma-separated values")
-	installCmd.Flags().StringVar(&installManifestsPath, "manifests", "", "path to the manifest directory")
+	installCmd.Flags().StringVar(&installArgs.manifestsPath, "manifests", "", "path to the manifest directory")
-	installCmd.Flags().StringVar(&installRegistry, "registry", rootArgs.defaults.Registry,
+	installCmd.Flags().StringVar(&installArgs.registry, "registry", rootArgs.defaults.Registry,
 		"container registry where the toolkit images are published")
-	installCmd.Flags().StringVar(&installImagePullSecret, "image-pull-secret", "",
+	installCmd.Flags().StringVar(&installArgs.imagePullSecret, "image-pull-secret", "",
 		"Kubernetes secret name used for pulling the toolkit images from a private registry")
-	installCmd.Flags().Var(&installArch, "arch", installArch.Description())
+	installCmd.Flags().Var(&installArgs.arch, "arch", installArgs.arch.Description())
-	installCmd.Flags().BoolVar(&installWatchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces,
+	installCmd.Flags().BoolVar(&installArgs.watchAllNamespaces, "watch-all-namespaces", rootArgs.defaults.WatchAllNamespaces,
 		"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
-	installCmd.Flags().Var(&installLogLevel, "log-level", installLogLevel.Description())
+	installCmd.Flags().Var(&installArgs.logLevel, "log-level", installArgs.logLevel.Description())
-	installCmd.Flags().BoolVar(&installNetworkPolicy, "network-policy", rootArgs.defaults.NetworkPolicy,
+	installCmd.Flags().BoolVar(&installArgs.networkPolicy, "network-policy", rootArgs.defaults.NetworkPolicy,
 		"deny ingress access to the toolkit controllers from other namespaces using network policies")
-	installCmd.Flags().StringVar(&installClusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
+	installCmd.Flags().StringVar(&installArgs.clusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
-	installCmd.Flags().StringSliceVar(&installTolerationKeys, "toleration-keys", nil,
+	installCmd.Flags().StringSliceVar(&installArgs.tolerationKeys, "toleration-keys", nil,
 		"list of toleration keys used to schedule the components pods onto nodes with matching taints")
 	installCmd.Flags().MarkHidden("manifests")
 	installCmd.Flags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
 	rootCmd.AddCommand(installCmd)
 }
 
+func NewInstallFlags() installFlags {
+	return installFlags{
+		logLevel: flags.LogLevel(rootArgs.defaults.LogLevel),
+	}
+}
+
 func installCmdRun(cmd *cobra.Command, args []string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
 	defer cancel()
 
-	components := append(installDefaultComponents, installExtraComponents...)
+	components := append(installArgs.defaultComponents, installArgs.extraComponents...)
 	err := utils.ValidateComponents(components)
 	if err != nil {
 		return err
 	}
 
-	if installVersion == install.MakeDefaultOptions().Version {
+	if ver, err := getVersion(installArgs.version); err != nil {
-		installVersion, err = install.GetLatestVersion()
+		return err
-		if err != nil {
-			return err
-		}
 	} else {
-		if ok, err := install.ExistingVersion(installVersion); err != nil || !ok {
+		installArgs.version = ver
-			if err == nil {
-				err = fmt.Errorf("targeted version '%s' does not exist", installVersion)
-			}
-			return err
-		}
 	}
 
-	if !utils.CompatibleVersion(VERSION, installVersion) {
+	if !installArgs.export {
-		return fmt.Errorf("targeted version '%s' is not compatible with your current version of flux (%s)", installVersion, VERSION)
+		logger.Generatef("generating manifests")
 	}
 
 	tmpDir, err := ioutil.TempDir("", rootArgs.namespace)
@@ -136,32 +138,36 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 	defer os.RemoveAll(tmpDir)
 
-	if !installExport {
+	manifestsBase := ""
-		logger.Generatef("generating manifests")
+	if isEmbeddedVersion(installArgs.version) {
+		if err := writeEmbeddedManifests(tmpDir); err != nil {
+			return err
+		}
+		manifestsBase = tmpDir
 	}
 
 	opts := install.Options{
-		BaseURL:                installManifestsPath,
+		BaseURL:                installArgs.manifestsPath,
-		Version:                installVersion,
+		Version:                installArgs.version,
 		Namespace:              rootArgs.namespace,
 		Components:             components,
-		Registry:               installRegistry,
+		Registry:               installArgs.registry,
-		ImagePullSecret:        installImagePullSecret,
+		ImagePullSecret:        installArgs.imagePullSecret,
-		WatchAllNamespaces:     installWatchAllNamespaces,
+		WatchAllNamespaces:     installArgs.watchAllNamespaces,
-		NetworkPolicy:          installNetworkPolicy,
+		NetworkPolicy:          installArgs.networkPolicy,
-		LogLevel:               installLogLevel.String(),
+		LogLevel:               installArgs.logLevel.String(),
 		NotificationController: rootArgs.defaults.NotificationController,
 		ManifestFile:           fmt.Sprintf("%s.yaml", rootArgs.namespace),
 		Timeout:                rootArgs.timeout,
-		ClusterDomain:          installClusterDomain,
+		ClusterDomain:          installArgs.clusterDomain,
-		TolerationKeys:         installTolerationKeys,
+		TolerationKeys:         installArgs.tolerationKeys,
 	}
 
-	if installManifestsPath == "" {
+	if installArgs.manifestsPath == "" {
 		opts.BaseURL = install.MakeDefaultOptions().BaseURL
 	}
 
-	manifest, err := install.Generate(opts)
+	manifest, err := install.Generate(opts, manifestsBase)
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
@@ -172,9 +178,9 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 
 	if rootArgs.verbose {
 		fmt.Print(manifest.Content)
-	} else if installExport {
+	} else if installArgs.export {
 		fmt.Println("---")
-		fmt.Println("# Flux version:", installVersion)
+		fmt.Println("# Flux version:", installArgs.version)
 		fmt.Println("# Components:", strings.Join(components, ","))
 		fmt.Print(manifest.Content)
 		fmt.Println("---")
@@ -189,26 +195,33 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	kubectlArgs := []string{"apply", "-f", filepath.Join(tmpDir, manifest.Path)}
-	if installDryRun {
+	if installArgs.dryRun {
 		kubectlArgs = append(kubectlArgs, "--dry-run=client")
 		applyOutput = utils.ModeOS
 	}
 	if _, err := utils.ExecKubectlCommand(ctx, applyOutput, rootArgs.kubeconfig, rootArgs.kubecontext, kubectlArgs...); err != nil {
-		return fmt.Errorf("install failed")
+		return fmt.Errorf("install failed: %w", err)
 	}
 
-	if installDryRun {
+	if installArgs.dryRun {
 		logger.Successf("install dry-run finished")
 		return nil
 	}
 
-	statusChecker, err := NewStatusChecker(time.Second, time.Minute)
+	kubeConfig, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return fmt.Errorf("install failed: %w", err)
+	}
+	statusChecker, err := status.NewStatusChecker(kubeConfig, time.Second, rootArgs.timeout, logger)
+	if err != nil {
+		return fmt.Errorf("install failed: %w", err)
+	}
+	componentRefs, err := buildComponentObjectRefs(components...)
 	if err != nil {
 		return fmt.Errorf("install failed: %w", err)
 	}
-
 	logger.Waitingf("verifying installation")
-	if err := statusChecker.Assess(components...); err != nil {
+	if err := statusChecker.Assess(componentRefs...); err != nil {
 		return fmt.Errorf("install failed")
 	}
 

cmd/flux/logs.go

@@ -0,0 +1,261 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"bufio"
+	"context"
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"io"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+
+	"github.com/fluxcd/flux2/internal/flags"
+	"github.com/fluxcd/flux2/internal/utils"
+)
+
+var logsCmd = &cobra.Command{
+	Use:   "logs",
+	Short: "Display formatted logs for Flux components",
+	Long:  "The logs command displays formatted logs from various Flux components.",
+	Example: `  # Print the reconciliation logs of all Flux custom resources in your cluster
+	 flux logs --all-namespaces
+
+	# Stream logs for a particular log level
+	flux logs --follow --level=error --all-namespaces
+
+	# Filter logs by kind, name and namespace
+	flux logs --kind=Kustomization --name=podinfo --namespace=default
+
+	# Print logs when Flux is installed in a different namespace than flux-system
+	flux logs --flux-namespace=my-namespace
+    `,
+	RunE: logsCmdRun,
+}
+
+type logsFlags struct {
+	logLevel      flags.LogLevel
+	follow        bool
+	tail          int64
+	kind          string
+	name          string
+	fluxNamespace string
+	allNamespaces bool
+}
+
+var logsArgs = &logsFlags{
+	tail: -1,
+}
+
+func init() {
+	logsCmd.Flags().Var(&logsArgs.logLevel, "level", logsArgs.logLevel.Description())
+	logsCmd.Flags().StringVarP(&logsArgs.kind, "kind", "", logsArgs.kind, "displays errors of a particular toolkit kind e.g GitRepository")
+	logsCmd.Flags().StringVarP(&logsArgs.name, "name", "", logsArgs.name, "specifies the name of the object logs to be displayed")
+	logsCmd.Flags().BoolVarP(&logsArgs.follow, "follow", "f", logsArgs.follow, "specifies if the logs should be streamed")
+	logsCmd.Flags().Int64VarP(&logsArgs.tail, "tail", "", logsArgs.tail, "lines of recent log file to display")
+	logsCmd.Flags().StringVarP(&logsArgs.fluxNamespace, "flux-namespace", "", rootArgs.defaults.Namespace, "the namespace where the Flux components are running")
+	logsCmd.Flags().BoolVarP(&logsArgs.allNamespaces, "all-namespaces", "A", false, "displays logs for objects across all namespaces")
+	rootCmd.AddCommand(logsCmd)
+}
+
+func logsCmdRun(cmd *cobra.Command, args []string) error {
+	fluxSelector := fmt.Sprintf("app.kubernetes.io/instance=%s", logsArgs.fluxNamespace)
+
+	ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
+	defer cancel()
+
+	var pods []corev1.Pod
+	cfg, err := utils.KubeConfig(rootArgs.kubeconfig, rootArgs.kubecontext)
+	if err != nil {
+		return err
+	}
+
+	clientset, err := kubernetes.NewForConfig(cfg)
+	if err != nil {
+		return err
+	}
+
+	if len(args) > 0 {
+		return fmt.Errorf("no argument required")
+	}
+
+	pods, err = getPods(ctx, clientset, fluxSelector)
+	if err != nil {
+		return err
+	}
+
+	logOpts := &corev1.PodLogOptions{
+		Follow: logsArgs.follow,
+	}
+
+	if logsArgs.tail > -1 {
+		logOpts.TailLines = &logsArgs.tail
+	}
+
+	var requests []rest.ResponseWrapper
+	for _, pod := range pods {
+		req := clientset.CoreV1().Pods(logsArgs.fluxNamespace).GetLogs(pod.Name, logOpts)
+		requests = append(requests, req)
+	}
+
+	if logsArgs.follow && len(requests) > 1 {
+		return parallelPodLogs(ctx, requests)
+	}
+
+	return podLogs(ctx, requests)
+}
+
+func getPods(ctx context.Context, c *kubernetes.Clientset, label string) ([]corev1.Pod, error) {
+	var ret []corev1.Pod
+
+	opts := metav1.ListOptions{
+		LabelSelector: label,
+	}
+	deployList, err := c.AppsV1().Deployments(logsArgs.fluxNamespace).List(ctx, opts)
+	if err != nil {
+		return ret, err
+	}
+
+	for _, deploy := range deployList.Items {
+		label := deploy.Spec.Template.Labels
+		opts := metav1.ListOptions{
+			LabelSelector: createLabelStringFromMap(label),
+		}
+		podList, err := c.CoreV1().Pods(logsArgs.fluxNamespace).List(ctx, opts)
+		if err != nil {
+			return ret, err
+		}
+		ret = append(ret, podList.Items...)
+	}
+
+	return ret, nil
+}
+
+func parallelPodLogs(ctx context.Context, requests []rest.ResponseWrapper) error {
+	reader, writer := io.Pipe()
+	wg := &sync.WaitGroup{}
+	wg.Add(len(requests))
+
+	var mutex = &sync.Mutex{}
+
+	for _, request := range requests {
+		go func(req rest.ResponseWrapper) {
+			defer wg.Done()
+			if err := logRequest(mutex, ctx, req, os.Stdout); err != nil {
+				writer.CloseWithError(err)
+				return
+			}
+		}(request)
+	}
+
+	go func() {
+		wg.Wait()
+		writer.Close()
+	}()
+
+	_, err := io.Copy(os.Stdout, reader)
+	return err
+}
+
+func podLogs(ctx context.Context, requests []rest.ResponseWrapper) error {
+	mutex := &sync.Mutex{}
+	for _, req := range requests {
+		if err := logRequest(mutex, ctx, req, os.Stdout); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func createLabelStringFromMap(m map[string]string) string {
+	var strArr []string
+	for key, val := range m {
+		pair := fmt.Sprintf("%v=%v", key, val)
+		strArr = append(strArr, pair)
+	}
+
+	return strings.Join(strArr, ",")
+}
+
+func logRequest(mu *sync.Mutex, ctx context.Context, request rest.ResponseWrapper, w io.Writer) error {
+	stream, err := request.Stream(ctx)
+	if err != nil {
+		return err
+	}
+	defer stream.Close()
+
+	scanner := bufio.NewScanner(stream)
+
+	const logTmpl = "{{.Timestamp}} {{.Level}} {{.Kind}}{{if .Name}}/{{.Name}}.{{.Namespace}}{{end}} - {{.Message}} {{.Error}}\n"
+	t, err := template.New("log").Parse(logTmpl)
+	if err != nil {
+		return fmt.Errorf("unable to create template, err: %s", err)
+	}
+
+	for scanner.Scan() {
+		line := scanner.Text()
+		if !strings.HasPrefix(line, "{") {
+			continue
+		}
+		var l ControllerLogEntry
+		if err := json.Unmarshal([]byte(line), &l); err != nil {
+			logger.Failuref("parse error: %s", err)
+			break
+		}
+
+		mu.Lock()
+		filterPrintLog(t, &l)
+		mu.Unlock()
+	}
+
+	return nil
+}
+
+func filterPrintLog(t *template.Template, l *ControllerLogEntry) {
+	if logsArgs.logLevel != "" && logsArgs.logLevel != l.Level ||
+		logsArgs.kind != "" && strings.ToLower(logsArgs.kind) != strings.ToLower(l.Kind) ||
+		logsArgs.name != "" && strings.ToLower(logsArgs.name) != strings.ToLower(l.Name) ||
+		!logsArgs.allNamespaces && strings.ToLower(rootArgs.namespace) != strings.ToLower(l.Namespace) {
+		return
+	}
+
+	err := t.Execute(os.Stdout, l)
+	if err != nil {
+		logger.Failuref("log template error: %s", err)
+	}
+}
+
+type ControllerLogEntry struct {
+	Timestamp string         `json:"ts"`
+	Level     flags.LogLevel `json:"level"`
+	Message   string         `json:"msg"`
+	Error     string         `json:"error,omitempty"`
+	Logger    string         `json:"logger"`
+	Kind      string         `json:"reconciler kind,omitempty"`
+	Name      string         `json:"name,omitempty"`
+	Namespace string         `json:"namespace,omitempty"`
+}

cmd/flux/main.go

@@ -23,7 +23,6 @@ import (
 	"time"
 
 	"github.com/spf13/cobra"
-	"github.com/spf13/cobra/doc"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
@@ -37,14 +36,15 @@ var rootCmd = &cobra.Command{
 	SilenceUsage:  true,
 	SilenceErrors: true,
 	Short:         "Command line utility for assembling Kubernetes CD pipelines",
-	Long:          `Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
+	Long: `
+Command line utility for assembling Kubernetes CD pipelines the GitOps way.`,
 	Example: `  # Check prerequisites
   flux check --pre
 
   # Install the latest version of Flux
   flux install --version=master
 
-  # Create a source from a public Git repository
+  # Create a source for a public Git repository
   flux create source git webapp-latest \
     --url=https://github.com/stefanprodan/podinfo \
     --branch=master \
@@ -89,8 +89,7 @@ var rootCmd = &cobra.Command{
   flux delete source git webapp-latest
 
   # Uninstall Flux and delete CRDs
-  flux uninstall
+  flux uninstall`,
-`,
 }
 
 var logger = stderrLogger{stderr: os.Stderr}
@@ -111,51 +110,40 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&rootArgs.namespace, "namespace", "n", rootArgs.defaults.Namespace, "the namespace scope for this operation")
 	rootCmd.PersistentFlags().DurationVar(&rootArgs.timeout, "timeout", 5*time.Minute, "timeout for this operation")
 	rootCmd.PersistentFlags().BoolVar(&rootArgs.verbose, "verbose", false, "print generated objects")
+	rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", "",
+		"absolute path to the kubeconfig file")
 	rootCmd.PersistentFlags().StringVarP(&rootArgs.kubecontext, "context", "", "", "kubernetes context to use")
+
+	rootCmd.DisableAutoGenTag = true
 }
 
 func NewRootFlags() rootFlags {
-	return rootFlags{
+	rf := rootFlags{
 		pollInterval: 2 * time.Second,
 		defaults:     install.MakeDefaultOptions(),
 	}
+	rf.defaults.Version = "v" + VERSION
+	return rf
 }
 
 func main() {
 	log.SetFlags(0)
-	generateDocs()
+	configureKubeconfig()
-	kubeconfigFlag()
 	if err := rootCmd.Execute(); err != nil {
 		logger.Failuref("%v", err)
 		os.Exit(1)
 	}
 }
 
-func kubeconfigFlag() {
+func configureKubeconfig() {
-	if home := homeDir(); home != "" {
+	switch {
-		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", filepath.Join(home, ".kube", "config"),
+	case len(rootArgs.kubeconfig) > 0:
-			"path to the kubeconfig file")
+	case len(os.Getenv("KUBECONFIG")) > 0:
-	} else {
-		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", "",
-			"absolute path to the kubeconfig file")
-	}
-
-	if len(os.Getenv("KUBECONFIG")) > 0 {
 		rootArgs.kubeconfig = os.Getenv("KUBECONFIG")
-	}
+	default:
-}
+		if home := homeDir(); len(home) > 0 {
-
+			rootArgs.kubeconfig = filepath.Join(home, ".kube", "config")
-func generateDocs() {
-	args := os.Args[1:]
-	if len(args) > 0 && args[0] == "docgen" {
-		rootCmd.PersistentFlags().StringVarP(&rootArgs.kubeconfig, "kubeconfig", "", "~/.kube/config",
-			"path to the kubeconfig file")
-		rootCmd.DisableAutoGenTag = true
-		err := doc.GenMarkdownTree(rootCmd, "./docs/cmd")
-		if err != nil {
-			log.Fatal(err)
 		}
-		os.Exit(0)
 	}
 }
 

cmd/flux/manifests.embed.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"embed"
+	"fmt"
+	"io/fs"
+	"os"
+	"path"
+)
+
+//go:embed manifests/*.yaml
+var embeddedManifests embed.FS
+
+func writeEmbeddedManifests(dir string) error {
+	manifests, err := fs.ReadDir(embeddedManifests, "manifests")
+	if err != nil {
+		return err
+	}
+	for _, manifest := range manifests {
+		data, err := fs.ReadFile(embeddedManifests, path.Join("manifests", manifest.Name()))
+		if err != nil {
+			return fmt.Errorf("reading file failed: %w", err)
+		}
+
+		err = os.WriteFile(path.Join(dir, manifest.Name()), data, 0666)
+		if err != nil {
+			return fmt.Errorf("writing file failed: %w", err)
+		}
+	}
+	return nil
+}

cmd/flux/object.go

@@ -17,6 +17,7 @@ limitations under the License.
 package main
 
 import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -62,6 +63,7 @@ func (c universalAdapter) asClientObject() client.Object {
 type named interface {
 	GetName() string
 	GetNamespace() string
+	GetObjectKind() schema.ObjectKind
 	SetName(string)
 	SetNamespace(string)
 }

cmd/flux/receiver.go

@@ -0,0 +1,51 @@
+/*
+Copyright 2021 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// notificationv1.Receiver
+
+var receiverType = apiType{
+	kind:      notificationv1.ReceiverKind,
+	humanKind: "receiver",
+}
+
+type receiverAdapter struct {
+	*notificationv1.Receiver
+}
+
+func (a receiverAdapter) asClientObject() client.Object {
+	return a.Receiver
+}
+
+// notificationv1.Receiver
+
+type receiverListAdapter struct {
+	*notificationv1.ReceiverList
+}
+
+func (a receiverListAdapter) asClientList() client.ObjectList {
+	return a.ReceiverList
+}
+
+func (a receiverListAdapter) len() int {
+	return len(a.ReceiverList.Items)
+}

cmd/flux/reconcile_alert.go

@@ -36,8 +36,7 @@ var reconcileAlertCmd = &cobra.Command{
 	Short: "Reconcile an Alert",
 	Long:  `The reconcile alert command triggers a reconciliation of an Alert resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing alert
-  flux reconcile alert main
+  flux reconcile alert main`,
-`,
 	RunE: reconcileAlertCmdRun,
 }
 

cmd/flux/reconcile_alertprovider.go

@@ -36,8 +36,7 @@ var reconcileAlertProviderCmd = &cobra.Command{
 	Short: "Reconcile a Provider",
 	Long:  `The reconcile alert-provider command triggers a reconciliation of a Provider resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing provider
-  flux reconcile alert-provider slack
+  flux reconcile alert-provider slack`,
-`,
 	RunE: reconcileAlertProviderCmdRun,
 }
 

cmd/flux/reconcile_helmrelease.go

@@ -46,8 +46,7 @@ The reconcile kustomization command triggers a reconciliation of a HelmRelease r
   flux reconcile hr podinfo
 
   # Trigger a reconciliation of the HelmRelease's source and apply changes
-  flux reconcile hr podinfo --with-source
+  flux reconcile hr podinfo --with-source`,
-`,
 	RunE: reconcileHrCmdRun,
 }
 

cmd/flux/reconcile_image_repository.go

@@ -29,8 +29,7 @@ var reconcileImageRepositoryCmd = &cobra.Command{
 	Short: "Reconcile an ImageRepository",
 	Long:  `The reconcile image repository command triggers a reconciliation of an ImageRepository resource and waits for it to finish.`,
 	Example: `  # Trigger an scan for an existing image repository
-  flux reconcile image repository alpine
+  flux reconcile image repository alpine`,
-`,
 	RunE: reconcileCommand{
 		apiType: imageRepositoryType,
 		object:  imageRepositoryAdapter{&imagev1.ImageRepository{}},

cmd/flux/reconcile_image_updateauto.go

@@ -31,8 +31,7 @@ var reconcileImageUpdateCmd = &cobra.Command{
 	Short: "Reconcile an ImageUpdateAutomation",
 	Long:  `The reconcile image update command triggers a reconciliation of an ImageUpdateAutomation resource and waits for it to finish.`,
 	Example: `  # Trigger an automation run for an existing image update automation
-  flux reconcile image update latest-images
+  flux reconcile image update latest-images`,
-`,
 	RunE: reconcileCommand{
 		apiType: imageUpdateAutomationType,
 		object:  imageUpdateAutomationAdapter{&autov1.ImageUpdateAutomation{}},

cmd/flux/reconcile_kustomization.go

@@ -45,8 +45,7 @@ The reconcile kustomization command triggers a reconciliation of a Kustomization
   flux reconcile kustomization podinfo
 
   # Trigger a sync of the Kustomization's source and apply changes
-  flux reconcile kustomization podinfo --with-source
+  flux reconcile kustomization podinfo --with-source`,
-`,
 	RunE: reconcileKsCmdRun,
 }
 

cmd/flux/reconcile_receiver.go

@@ -36,8 +36,7 @@ var reconcileReceiverCmd = &cobra.Command{
 	Short: "Reconcile a Receiver",
 	Long:  `The reconcile receiver command triggers a reconciliation of a Receiver resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing receiver
-  flux reconcile receiver main
+  flux reconcile receiver main`,
-`,
 	RunE: reconcileReceiverCmdRun,
 }
 

cmd/flux/reconcile_source_bucket.go

@@ -35,8 +35,7 @@ var reconcileSourceBucketCmd = &cobra.Command{
 	Short: "Reconcile a Bucket source",
 	Long:  `The reconcile source command triggers a reconciliation of a Bucket resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing source
-  flux reconcile source bucket podinfo
+  flux reconcile source bucket podinfo`,
-`,
 	RunE: reconcileCommand{
 		apiType: bucketType,
 		object:  bucketAdapter{&sourcev1.Bucket{}},

cmd/flux/reconcile_source_git.go

@@ -27,8 +27,7 @@ var reconcileSourceGitCmd = &cobra.Command{
 	Short: "Reconcile a GitRepository source",
 	Long:  `The reconcile source command triggers a reconciliation of a GitRepository resource and waits for it to finish.`,
 	Example: `  # Trigger a git pull for an existing source
-  flux reconcile source git podinfo
+  flux reconcile source git podinfo`,
-`,
 	RunE: reconcileCommand{
 		apiType: gitRepositoryType,
 		object:  gitRepositoryAdapter{&sourcev1.GitRepository{}},

cmd/flux/reconcile_source_helm.go

@@ -27,8 +27,7 @@ var reconcileSourceHelmCmd = &cobra.Command{
 	Short: "Reconcile a HelmRepository source",
 	Long:  `The reconcile source command triggers a reconciliation of a HelmRepository resource and waits for it to finish.`,
 	Example: `  # Trigger a reconciliation for an existing source
-  flux reconcile source helm podinfo
+  flux reconcile source helm podinfo`,
-`,
 	RunE: reconcileCommand{
 		apiType: helmRepositoryType,
 		object:  helmRepositoryAdapter{&sourcev1.HelmRepository{}},

cmd/flux/resume_alert.go

@@ -39,8 +39,7 @@ var resumeAlertCmd = &cobra.Command{
 	Long: `The resume command marks a previously suspended Alert resource for reconciliation and waits for it to
 finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Alert
-  flux resume alert main
+  flux resume alert main`,
-`,
 	RunE: resumeAlertCmdRun,
 }
 

cmd/flux/resume_helmrelease.go

@@ -29,8 +29,7 @@ var resumeHrCmd = &cobra.Command{
 	Long: `The resume command marks a previously suspended HelmRelease resource for reconciliation and waits for it to
 finish the apply.`,
 	Example: `  # Resume reconciliation for an existing Helm release
-  flux resume hr podinfo
+  flux resume hr podinfo`,
-`,
 	RunE: resumeCommand{
 		apiType: helmReleaseType,
 		object:  helmReleaseAdapter{&helmv2.HelmRelease{}},

cmd/flux/resume_image_repository.go

@@ -27,8 +27,7 @@ var resumeImageRepositoryCmd = &cobra.Command{
 	Short: "Resume a suspended ImageRepository",
 	Long:  `The resume command marks a previously suspended ImageRepository resource for reconciliation and waits for it to finish.`,
 	Example: `  # Resume reconciliation for an existing ImageRepository
-  flux resume image repository alpine
+  flux resume image repository alpine`,
-`,
 	RunE: resumeCommand{
 		apiType: imageRepositoryType,
 		object:  imageRepositoryAdapter{&imagev1.ImageRepository{}},