Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-03-01 11:16:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirrors:v2.1.0
Branches Tags
Mirrors:main Mirrors:dependabot/github_actions/ci-ef60ad99c8 Mirrors:release/v2.8.x Mirrors:dependabot/go_modules/github.com/cloudflare/circl-1.6.3 Mirrors:dependabot/go_modules/tests/integration/github.com/cloudflare/circl-1.6.3 Mirrors:rfc-creds Mirrors:release/v2.7.x Mirrors:dependabot/go_modules/golang.org/x/crypto-0.45.0 Mirrors:dependabot/go_modules/tests/integration/golang.org/x/crypto-0.45.0 Mirrors:release/v2.6.x Mirrors:conform-k8s-1.33 Mirrors:release/v2.5.x Mirrors:release/v2.4.x Mirrors:remove-notation-validation Mirrors:release/v2.3.x Mirrors:release/v2.2.x Mirrors:RFC Mirrors:fix-commit-log Mirrors:flux-audit Mirrors:release/v2.1.x Mirrors:context-ns Mirrors:ksm-dashboard Mirrors:rfc-passwordless-git-auth Mirrors:release/v2.0.x Mirrors:rfc-gating Mirrors:release/v0.27.4 Mirrors:rfc-0003 Mirrors:rfc-0002 Mirrors:rfc-0001 Mirrors:prompt-for-tokens Mirrors:encrypt-init-cmd
Mirrors:v2.8.1 Mirrors:v2.8.0 Mirrors:v2.7.5 Mirrors:v2.7.4 Mirrors:v2.7.3 Mirrors:v2.7.2 Mirrors:v2.7.1 Mirrors:v2.7.0 Mirrors:v2.6.4 Mirrors:v2.6.3 Mirrors:v2.6.2 Mirrors:v2.6.1 Mirrors:v2.6.0 Mirrors:v2.5.1 Mirrors:v2.5.0 Mirrors:v2.4.0 Mirrors:v2.3.0 Mirrors:v2.2.3 Mirrors:v2.2.2 Mirrors:v2.2.1 Mirrors:v2.2.0 Mirrors:v2.1.2 Mirrors:v2.1.1 Mirrors:v2.1.0 Mirrors:v2.0.1 Mirrors:v2.0.0 Mirrors:v2.0.0-rc.5 Mirrors:v2.0.0-rc.4 Mirrors:v2.0.0-rc.3 Mirrors:v2.0.0-rc.2 Mirrors:v2.0.0-rc.1 Mirrors:v0.41.2 Mirrors:v0.41.1 Mirrors:v0.41.0 Mirrors:v0.40.2 Mirrors:v0.40.1 Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.3 Mirrors:v0.38.2 Mirrors:v0.38.1 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.5 Mirrors:v0.31.4 Mirrors:v0.31.3 Mirrors:v0.31.2 Mirrors:v0.31.1 Mirrors:v0.31.0 Mirrors:v0.30.2 Mirrors:v0.30.1 Mirrors:v0.30.0 Mirrors:v0.29.5 Mirrors:v0.29.4 Mirrors:v0.29.3 Mirrors:v0.29.2 Mirrors:v0.29.1 Mirrors:v0.29.0 Mirrors:v0.28.5 Mirrors:v0.28.4 Mirrors:v0.28.3 Mirrors:v0.28.2 Mirrors:v0.28.1 Mirrors:v0.28.0 Mirrors:v0.27.4 Mirrors:v0.27.3 Mirrors:v0.27.2 Mirrors:v0.27.1 Mirrors:v0.27.0 Mirrors:v0.26.3 Mirrors:v0.26.2 Mirrors:v0.26.1 Mirrors:v0.26.0 Mirrors:v0.25.3 Mirrors:v0.25.2 Mirrors:v0.25.1 Mirrors:v0.25.0 Mirrors:v0.24.1 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.1 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.1 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.3 Mirrors:v0.18.2 Mirrors:v0.18.1 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.2 Mirrors:v0.16.1 Mirrors:v0.16.0 Mirrors:v0.15.3 Mirrors:v0.15.2 Mirrors:v0.15.1 Mirrors:v0.15.0 Mirrors:v0.14.2 Mirrors:v0.14.1 Mirrors:v0.14.0 Mirrors:v0.13.4 Mirrors:v0.13.3 Mirrors:v0.13.2 Mirrors:v0.13.1 Mirrors:v0.13.0 Mirrors:v0.12.3 Mirrors:v0.12.2 Mirrors:v0.12.1 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.10.0 Mirrors:v0.9.1 Mirrors:v0.9.0 Mirrors:v0.8.2 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.7 Mirrors:v0.7.6 Mirrors:v0.7.5 Mirrors:v0.7.4 Mirrors:v0.7.3 Mirrors:v0.7.2 Mirrors:v0.7.1 Mirrors:v0.7.0 Mirrors:v0.6.3 Mirrors:v0.6.2 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.9 Mirrors:v0.5.8 Mirrors:v0.5.7 Mirrors:v0.5.6 Mirrors:v0.5.5 Mirrors:v0.5.4 Mirrors:v0.5.3 Mirrors:v0.5.2 Mirrors:v0.5.1 Mirrors:v0.5.0 Mirrors:v0.4.3 Mirrors:v0.4.2 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.0 Mirrors:v0.2.6 Mirrors:v0.2.5 Mirrors:v0.2.4 Mirrors:v0.2.3 Mirrors:v0.2.2 Mirrors:v0.2.1 Mirrors:v0.2.0 Mirrors:v0.1.8 Mirrors:v0.1.7 Mirrors:v0.1.6 Mirrors:v0.1.5 Mirrors:v0.1.4 Mirrors:v0.1.3 Mirrors:v0.1.2 Mirrors:v0.1.1 Mirrors:v0.1.0 Mirrors:v0.0.28 Mirrors:v0.0.27 Mirrors:v0.0.26 Mirrors:v0.0.25 Mirrors:v0.0.24 Mirrors:v0.0.23 Mirrors:v0.0.22 Mirrors:v0.0.21 Mirrors:v0.0.20 Mirrors:v0.0.19 Mirrors:v0.0.18 Mirrors:v0.0.17 Mirrors:v0.0.16 Mirrors:v0.0.15 Mirrors:v0.0.14 Mirrors:v0.0.13 Mirrors:v0.0.12 Mirrors:v0.0.11 Mirrors:v0.0.10 Mirrors:v0.0.9 Mirrors:v0.0.8 Mirrors:v0.0.7 Mirrors:v0.0.6 Mirrors:v0.0.5 Mirrors:v0.0.4 Mirrors:v0.0.3 Mirrors:v0.0.2 Mirrors:v0.0.1 Mirrors:v0.0.1-beta.4 Mirrors:v0.0.1-beta.3 Mirrors:v0.0.1-beta.2 Mirrors:v0.0.1-beta.1 Mirrors:v0.0.1-alpha.1
..
compare: Mirrors:rfc-gating
Branches Tags
Mirrors:dependabot/github_actions/ci-ef60ad99c8 Mirrors:main Mirrors:release/v2.8.x Mirrors:dependabot/go_modules/github.com/cloudflare/circl-1.6.3 Mirrors:dependabot/go_modules/tests/integration/github.com/cloudflare/circl-1.6.3 Mirrors:rfc-creds Mirrors:release/v2.7.x Mirrors:dependabot/go_modules/golang.org/x/crypto-0.45.0 Mirrors:dependabot/go_modules/tests/integration/golang.org/x/crypto-0.45.0 Mirrors:release/v2.6.x Mirrors:conform-k8s-1.33 Mirrors:release/v2.5.x Mirrors:release/v2.4.x Mirrors:remove-notation-validation Mirrors:release/v2.3.x Mirrors:release/v2.2.x Mirrors:RFC Mirrors:fix-commit-log Mirrors:flux-audit Mirrors:release/v2.1.x Mirrors:context-ns Mirrors:ksm-dashboard Mirrors:rfc-passwordless-git-auth Mirrors:release/v2.0.x Mirrors:rfc-gating Mirrors:release/v0.27.4 Mirrors:rfc-0003 Mirrors:rfc-0002 Mirrors:rfc-0001 Mirrors:prompt-for-tokens Mirrors:encrypt-init-cmd
Mirrors:v2.8.1 Mirrors:v2.8.0 Mirrors:v2.7.5 Mirrors:v2.7.4 Mirrors:v2.7.3 Mirrors:v2.7.2 Mirrors:v2.7.1 Mirrors:v2.7.0 Mirrors:v2.6.4 Mirrors:v2.6.3 Mirrors:v2.6.2 Mirrors:v2.6.1 Mirrors:v2.6.0 Mirrors:v2.5.1 Mirrors:v2.5.0 Mirrors:v2.4.0 Mirrors:v2.3.0 Mirrors:v2.2.3 Mirrors:v2.2.2 Mirrors:v2.2.1 Mirrors:v2.2.0 Mirrors:v2.1.2 Mirrors:v2.1.1 Mirrors:v2.1.0 Mirrors:v2.0.1 Mirrors:v2.0.0 Mirrors:v2.0.0-rc.5 Mirrors:v2.0.0-rc.4 Mirrors:v2.0.0-rc.3 Mirrors:v2.0.0-rc.2 Mirrors:v2.0.0-rc.1 Mirrors:v0.41.2 Mirrors:v0.41.1 Mirrors:v0.41.0 Mirrors:v0.40.2 Mirrors:v0.40.1 Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.3 Mirrors:v0.38.2 Mirrors:v0.38.1 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.5 Mirrors:v0.31.4 Mirrors:v0.31.3 Mirrors:v0.31.2 Mirrors:v0.31.1 Mirrors:v0.31.0 Mirrors:v0.30.2 Mirrors:v0.30.1 Mirrors:v0.30.0 Mirrors:v0.29.5 Mirrors:v0.29.4 Mirrors:v0.29.3 Mirrors:v0.29.2 Mirrors:v0.29.1 Mirrors:v0.29.0 Mirrors:v0.28.5 Mirrors:v0.28.4 Mirrors:v0.28.3 Mirrors:v0.28.2 Mirrors:v0.28.1 Mirrors:v0.28.0 Mirrors:v0.27.4 Mirrors:v0.27.3 Mirrors:v0.27.2 Mirrors:v0.27.1 Mirrors:v0.27.0 Mirrors:v0.26.3 Mirrors:v0.26.2 Mirrors:v0.26.1 Mirrors:v0.26.0 Mirrors:v0.25.3 Mirrors:v0.25.2 Mirrors:v0.25.1 Mirrors:v0.25.0 Mirrors:v0.24.1 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.1 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.1 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.3 Mirrors:v0.18.2 Mirrors:v0.18.1 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.2 Mirrors:v0.16.1 Mirrors:v0.16.0 Mirrors:v0.15.3 Mirrors:v0.15.2 Mirrors:v0.15.1 Mirrors:v0.15.0 Mirrors:v0.14.2 Mirrors:v0.14.1 Mirrors:v0.14.0 Mirrors:v0.13.4 Mirrors:v0.13.3 Mirrors:v0.13.2 Mirrors:v0.13.1 Mirrors:v0.13.0 Mirrors:v0.12.3 Mirrors:v0.12.2 Mirrors:v0.12.1 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.10.0 Mirrors:v0.9.1 Mirrors:v0.9.0 Mirrors:v0.8.2 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.7 Mirrors:v0.7.6 Mirrors:v0.7.5 Mirrors:v0.7.4 Mirrors:v0.7.3 Mirrors:v0.7.2 Mirrors:v0.7.1 Mirrors:v0.7.0 Mirrors:v0.6.3 Mirrors:v0.6.2 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.9 Mirrors:v0.5.8 Mirrors:v0.5.7 Mirrors:v0.5.6 Mirrors:v0.5.5 Mirrors:v0.5.4 Mirrors:v0.5.3 Mirrors:v0.5.2 Mirrors:v0.5.1 Mirrors:v0.5.0 Mirrors:v0.4.3 Mirrors:v0.4.2 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.0 Mirrors:v0.2.6 Mirrors:v0.2.5 Mirrors:v0.2.4 Mirrors:v0.2.3 Mirrors:v0.2.2 Mirrors:v0.2.1 Mirrors:v0.2.0 Mirrors:v0.1.8 Mirrors:v0.1.7 Mirrors:v0.1.6 Mirrors:v0.1.5 Mirrors:v0.1.4 Mirrors:v0.1.3 Mirrors:v0.1.2 Mirrors:v0.1.1 Mirrors:v0.1.0 Mirrors:v0.0.28 Mirrors:v0.0.27 Mirrors:v0.0.26 Mirrors:v0.0.25 Mirrors:v0.0.24 Mirrors:v0.0.23 Mirrors:v0.0.22 Mirrors:v0.0.21 Mirrors:v0.0.20 Mirrors:v0.0.19 Mirrors:v0.0.18 Mirrors:v0.0.17 Mirrors:v0.0.16 Mirrors:v0.0.15 Mirrors:v0.0.14 Mirrors:v0.0.13 Mirrors:v0.0.12 Mirrors:v0.0.11 Mirrors:v0.0.10 Mirrors:v0.0.9 Mirrors:v0.0.8 Mirrors:v0.0.7 Mirrors:v0.0.6 Mirrors:v0.0.5 Mirrors:v0.0.4 Mirrors:v0.0.3 Mirrors:v0.0.2 Mirrors:v0.0.1 Mirrors:v0.0.1-beta.4 Mirrors:v0.0.1-beta.3 Mirrors:v0.0.1-beta.2 Mirrors:v0.0.1-beta.1 Mirrors:v0.0.1-alpha.1

2 Commits
v2.1.0 ... rfc-gating

Author SHA1 Message Date
Paulo Gomes
35785b8a6f rfc: Add story 2 and alternatives 
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
 2022-10-04 16:06:09 +01:00
Stefan Prodan
650bea497f Add proposal for adding a gating mechanism to Flux 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-09-29 17:57:30 +03:00
384 changed files with 5747 additions and 8724 deletions
Expand all files Collapse all files

8
.github/aur/flux-bin/.SRCINFO.template vendored
View File

@@ -10,13 +10,13 @@ pkgbase = flux-bin
license = APACHE
optdepends = bash-completion: auto-completion for flux in Bash
optdepends = zsh-completions: auto-completion for flux in ZSH
source_x86_64 = flux-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_amd64.tar.gz
source_x86_64 = ${PKGNAME}-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${PKGVER}/flux_${PKGVER}_linux_amd64.tar.gz
sha256sums_x86_64 = ${SHA256SUM_AMD64}
source_armv6h = flux-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_arm.tar.gz
source_armv6h = ${PKGNAME}-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${PKGVER}/flux_${PKGVER}_linux_arm.tar.gz
sha256sums_armv6h = ${SHA256SUM_ARM}
source_armv7h = flux-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_arm.tar.gz
source_armv7h = ${PKGNAME}-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${PKGVER}/flux_${PKGVER}_linux_arm.tar.gz
sha256sums_armv7h = ${SHA256SUM_ARM}
source_aarch64 = flux-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_arm64.tar.gz
source_aarch64 = ${PKGNAME}-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${PKGVER}/flux_${PKGVER}_linux_arm64.tar.gz
sha256sums_aarch64 = ${SHA256SUM_ARM64}
pkgname = flux-bin

11
.github/aur/flux-bin/PKGBUILD.template vendored
View File

@@ -4,8 +4,6 @@
pkgname=flux-bin
pkgver=${PKGVER}
pkgrel=${PKGREL}
_srcname=flux
_srcver=${VERSION}
pkgdesc="Open and extensible continuous delivery solution for Kubernetes"
url="https://fluxcd.io/"
arch=("x86_64" "armv6h" "armv7h" "aarch64")
@@ -13,16 +11,16 @@ license=("APACHE")
optdepends=('bash-completion: auto-completion for flux in Bash'
'zsh-completions: auto-completion for flux in ZSH')
source_x86_64=(
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${_srcver}/flux_${_srcver}_linux_amd64.tar.gz"
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_amd64.tar.gz"
)
source_armv6h=(
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${_srcver}/flux_${_srcver}_linux_arm.tar.gz"
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
)
source_armv7h=(
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${_srcver}/flux_${_srcver}_linux_arm.tar.gz"
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm.tar.gz"
)
source_aarch64=(
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${_srcver}/flux_${_srcver}_linux_arm64.tar.gz"
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/releases/download/v${pkgver}/flux_${pkgver}_linux_arm64.tar.gz"
)
sha256sums_x86_64=(
${SHA256SUM_AMD64}
@@ -36,6 +34,7 @@ sha256sums_armv7h=(
sha256sums_aarch64=(
${SHA256SUM_ARM64}
)
_srcname=flux
package() {
install -Dm755 ${_srcname} "${pkgdir}/usr/bin/${_srcname}"

11
.github/aur/flux-bin/publish.sh vendored
View File

@@ -28,7 +28,6 @@ git clone aur@aur.archlinux.org:$PKGNAME $GITDIR 2>&1
CURRENT_PKGVER=$(cat $GITDIR/.SRCINFO | grep pkgver | awk '{ print $3 }')
CURRENT_PKGREL=$(cat $GITDIR/.SRCINFO | grep pkgrel | awk '{ print $3 }')
# Transform pre-release to AUR compatible version format
export PKGVER=${VERSION/-/}
if [[ "${CURRENT_PKGVER}" == "${PKGVER}" ]]; then
@@ -37,12 +36,12 @@ else
export PKGREL=1
fi
export SHA256SUM_ARM=$(sha256sum ${ROOT}/dist/flux_${VERSION}_linux_arm.tar.gz | awk '{ print $1 }')
export SHA256SUM_ARM64=$(sha256sum ${ROOT}/dist/flux_${VERSION}_linux_arm64.tar.gz | awk '{ print $1 }')
export SHA256SUM_AMD64=$(sha256sum ${ROOT}/dist/flux_${VERSION}_linux_amd64.tar.gz | awk '{ print $1 }')
export SHA256SUM_ARM=$(sha256sum ${ROOT}/dist/flux_${PKGVER}_linux_arm.tar.gz | awk '{ print $1 }')
export SHA256SUM_ARM64=$(sha256sum ${ROOT}/dist/flux_${PKGVER}_linux_arm64.tar.gz | awk '{ print $1 }')
export SHA256SUM_AMD64=$(sha256sum ${ROOT}/dist/flux_${PKGVER}_linux_amd64.tar.gz | awk '{ print $1 }')
envsubst '$VERSION $PKGVER $PKGREL $SHA256SUM_AMD64 $SHA256SUM_ARM $SHA256SUM_ARM64' < .SRCINFO.template > $GITDIR/.SRCINFO
envsubst '$VERSION $PKGVER $PKGREL $SHA256SUM_AMD64 $SHA256SUM_ARM $SHA256SUM_ARM64' < PKGBUILD.template > $GITDIR/PKGBUILD
envsubst '$PKGVER $PKGREL $SHA256SUM_AMD64 $SHA256SUM_ARM $SHA256SUM_ARM64' < .SRCINFO.template > $GITDIR/.SRCINFO
envsubst '$PKGVER $PKGREL $SHA256SUM_AMD64 $SHA256SUM_ARM $SHA256SUM_ARM64' < PKGBUILD.template > $GITDIR/PKGBUILD
cd $GITDIR
git config user.name "fluxcdbot"

2
.github/aur/flux-go/.SRCINFO.template vendored
View File

@@ -13,6 +13,6 @@ pkgbase = flux-go
provides = flux-bin
conflicts = flux-bin
replaces = flux-cli
source = flux-go-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/archive/v${VERSION}.tar.gz
source = flux-go-${PKGVER}.tar.gz::https://github.com/fluxcd/flux2/archive/v${PKGVER}.tar.gz
pkgname = flux-go

15
.github/aur/flux-go/PKGBUILD.template vendored
View File

@@ -4,8 +4,6 @@
pkgname=flux-go
pkgver=${PKGVER}
pkgrel=${PKGREL}
_srcname=flux
_srcver=${VERSION}
pkgdesc="Open and extensible continuous delivery solution for Kubernetes"
url="https://fluxcd.io/"
arch=("x86_64" "armv6h" "armv7h" "aarch64")
@@ -14,29 +12,30 @@ provides=("flux-bin")
conflicts=("flux-bin")
replaces=("flux-cli")
depends=("glibc")
makedepends=('go>=1.20', 'kustomize>=5.0')
makedepends=('go>=1.17', 'kustomize>=3.0')
optdepends=('bash-completion: auto-completion for flux in Bash',
'zsh-completions: auto-completion for flux in ZSH')
source=(
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/archive/v${_srcver}.tar.gz"
"${pkgname}-${pkgver}.tar.gz::https://github.com/fluxcd/flux2/archive/v${pkgver}.tar.gz"
)
sha256sums=(
${SHA256SUM}
)
_srcname=flux
build() {
cd "flux2-${_srcver}"
cd "flux2-${pkgver}"
export CGO_LDFLAGS="$LDFLAGS"
export CGO_CFLAGS="$CFLAGS"
export CGO_CXXFLAGS="$CXXFLAGS"
export CGO_CPPFLAGS="$CPPFLAGS"
export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
make cmd/flux/.manifests.done
go build -ldflags "-linkmode=external -X main.VERSION=${_srcver}" -o ${_srcname} ./cmd/flux
go build -ldflags "-linkmode=external -X main.VERSION=${pkgver}" -o ${_srcname} ./cmd/flux
}
check() {
cd "flux2-${_srcver}"
cd "flux2-${pkgver}"
case $CARCH in
aarch64)
export ENVTEST_ARCH=arm64
@@ -49,7 +48,7 @@ check() {
}
package() {
cd "flux2-${_srcver}"
cd "flux2-${pkgver}"
install -Dm755 ${_srcname} "${pkgdir}/usr/bin/${_srcname}"
install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"

7
.github/aur/flux-go/publish.sh vendored
View File

@@ -28,7 +28,6 @@ git clone aur@aur.archlinux.org:$PKGNAME $GITDIR 2>&1
CURRENT_PKGVER=$(cat $GITDIR/.SRCINFO | grep pkgver | awk '{ print $3 }')
CURRENT_PKGREL=$(cat $GITDIR/.SRCINFO | grep pkgrel | awk '{ print $3 }')
# Transform pre-release to AUR compatible version format
export PKGVER=${VERSION/-/}
if [[ "${CURRENT_PKGVER}" == "${PKGVER}" ]]; then
@@ -37,10 +36,10 @@ else
export PKGREL=1
fi
export SHA256SUM=$(curl -sL https://github.com/fluxcd/flux2/archive/v${VERSION}.tar.gz | sha256sum | awk '{ print $1 }')
export SHA256SUM=$(curl -sL https://github.com/fluxcd/flux2/archive/v$PKGVER.tar.gz | sha256sum | awk '{ print $1 }')
envsubst '$VERSION $PKGVER $PKGREL $SHA256SUM' < .SRCINFO.template > $GITDIR/.SRCINFO
envsubst '$VERSION $PKGVER $PKGREL $SHA256SUM' < PKGBUILD.template > $GITDIR/PKGBUILD
envsubst '$PKGVER $PKGREL $SHA256SUM' < .SRCINFO.template > $GITDIR/.SRCINFO
envsubst '$PKGVER $PKGREL $SHA256SUM' < PKGBUILD.template > $GITDIR/PKGBUILD
cd $GITDIR
git config user.name "fluxcdbot"

4
.github/aur/flux-scm/PKGBUILD.template vendored
View File

@@ -4,7 +4,6 @@
pkgname=flux-scm
pkgver=${PKGVER}
pkgrel=${PKGREL}
_srcname=flux
pkgdesc="Open and extensible continuous delivery solution for Kubernetes"
url="https://fluxcd.io/"
arch=("x86_64" "armv6h" "armv7h" "aarch64")
@@ -12,13 +11,14 @@ license=("APACHE")
provides=("flux-bin")
conflicts=("flux-bin")
depends=("glibc")
makedepends=('go>=1.20', 'kustomize>=5.0', 'git')
makedepends=('go>=1.17', 'kustomize>=3.0', 'git')
optdepends=('bash-completion: auto-completion for flux in Bash',
'zsh-completions: auto-completion for flux in ZSH')
source=(
"git+https://github.com/fluxcd/flux2.git"
)
md5sums=('SKIP')
_srcname=flux
pkgver() {
cd "flux2"

1
.github/aur/flux-scm/publish.sh vendored
View File

@@ -28,7 +28,6 @@ git clone aur@aur.archlinux.org:$PKGNAME $GITDIR 2>&1
CURRENT_PKGVER=$(cat $GITDIR/.SRCINFO | grep pkgver | awk '{ print $3 }')
CURRENT_PKGREL=$(cat $GITDIR/.SRCINFO | grep pkgrel | awk '{ print $3 }')
# Transform pre-release to AUR compatible version format
export PKGVER=${VERSION/-/}
if [[ "${CURRENT_PKGVER}" == "${PKGVER}" ]]; then

16
.github/dependabot.yml vendored
View File

@@ -1,16 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
labels: ["area/ci", "dependencies"]
groups:
# Group all updates together, so that they are all applied in a single PR.
# Grouped updates are currently in beta and is subject to change.
# xref: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
ci:
patterns:
- "*"
schedule:
# By default, this will be on a monday.
interval: "weekly"

49
.github/labels.yaml vendored
View File

@@ -1,49 +0,0 @@
# Configuration file to declaratively configure labels
# Ref: https://github.com/EndBug/label-sync#Config-files
- name: area/bootstrap
description: Bootstrap related issues and pull requests
color: '#86efc9'
- name: area/install
description: Install and uninstall related issues and pull requests
color: '#86efc9'
- name: area/diff
description: Diff related issues and pull requests
color: '#BA4192'
- name: area/bucket
description: Bucket related issues and pull requests
color: '#00b140'
- name: area/git
description: Git related issues and pull requests
color: '#863faf'
- name: area/oci
description: OCI related issues and pull requests
color: '#c739ff'
- name: area/kustomization
description: Kustomization related issues and pull requests
color: '#00e54d'
- name: area/helm
description: Helm related issues and pull requests
color: '#1673b6'
- name: area/image-automation
description: Automated image updates related issues and pull requests
color: '#c5def5'
- name: area/monitoring
description: Monitoring related issues and pull requests
color: '#dd75ae'
- name: area/multi-tenancy
description: Multi-tenancy related issues and pull requests
color: '#72CDBD'
- name: area/notification
description: Notification API related issues and pull requests
color: '#434ec1'
- name: area/source
description: Source API related issues and pull requests
color: '#863faf'
- name: area/rfc
description: Feature request proposals in the RFC format
color: '#D621C3'
aliases: ['area/RFC']
- name: backport:release/v2.0.x
description: To be backported to release/v2.0.x
color: '#ffd700'

34
.github/runners/README.md vendored
View File

@@ -1,32 +1,24 @@
# Flux ARM64 GitHub runners
The Flux ARM64 end-to-end tests run on Equinix Metal instances provisioned with Docker and GitHub self-hosted runners.
The Flux ARM64 end-to-end tests run on Equinix instances provisioned with Docker and GitHub self-hosted runners.
## Current instances
| Repository | Runner | Instance | Location |
|-----------------------------|------------------|------------------------|---------------|
| flux2 | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
| flux2 | equinix-arm-dc-2 | flux-equinix-arm-dc-01 | Washington DC |
| flux2 | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas |
| flux2 | equinix-arm-da-2 | flux-equinix-arm-da-01 | Dallas |
| source-controller | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
| source-controller | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas |
| image-automation-controller | equinix-arm-dc-1 | flux-equinix-arm-dc-01 | Washington DC |
| image-automation-controller | equinix-arm-da-1 | flux-equinix-arm-da-01 | Dallas |
Instance spec:
- Ampere Altra Q80-30 80-core processor @ 2.8GHz
- 2 x 960GB NVME
- 256GB RAM
- 2 x 25Gbps
| Runner | Instance | Region |
|---------------|---------------------|--------|
| equinix-arm-1 | flux-equinix-arm-01 | AMS1 |
| equinix-arm-2 | flux-equinix-arm-01 | AMS1 |
| equinix-arm-3 | flux-equinix-arm-01 | AMS1 |
| equinix-arm-4 | flux-equinix-arm-02 | DFW2 |
| equinix-arm-5 | flux-equinix-arm-02 | DFW2 |
| equinix-arm-6 | flux-equinix-arm-02 | DFW2 |
## Instance setup
In order to add a new runner to the GitHub Actions pool,
first create a server on Equinix with the following configuration:
- Type: `c3.large.arm64`
- OS: `Ubuntu 22.04 LTS`
- Type: c2.large.arm
- OS: Ubuntu 20.04
### Install prerequisites
@@ -62,14 +54,14 @@ sudo ./prereq.sh
- Retrieve the GitHub runner token from the repository [settings page](https://github.com/fluxcd/flux2/settings/actions/runners/new?arch=arm64&os=linux)
- Create two directories `flux2-01`, `flux2-02`
- Create 3 directories `runner1`, `runner2`, `runner3`
- In each dir run:
```shell
curl -sL https://raw.githubusercontent.com/fluxcd/flux2/main/.github/runners/runner-setup.sh > runner-setup.sh \
&& chmod +x ./runner-setup.sh
./runner-setup.sh equinix-arm-<NUMBER> <TOKEN> <REPO>
./runner-setup.sh equinix-arm-<NUMBER> <TOKEN>
```
- Reboot the instance

12
.github/runners/prereq.sh vendored
View File

@@ -18,11 +18,11 @@
set -eu
KIND_VERSION=0.17.0
KIND_VERSION=0.14.0
KUBECTL_VERSION=1.24.0
KUSTOMIZE_VERSION=4.5.7
HELM_VERSION=3.10.1
GITHUB_RUNNER_VERSION=2.298.2
KUSTOMIZE_VERSION=4.5.4
HELM_VERSION=3.8.2
GITHUB_RUNNER_VERSION=2.291.1
PACKAGES="apt-transport-https ca-certificates software-properties-common build-essential libssl-dev gnupg lsb-release jq pkg-config"
# install prerequisites
@@ -31,10 +31,6 @@ apt-get update \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# fix Kubernetes DNS resolution
rm /etc/resolv.conf
cat "/run/systemd/resolve/stub-resolv.conf" | sed '/search/d' > /etc/resolv.conf
# install docker
curl -fsSL https://get.docker.com -o get-docker.sh \
&& chmod +x get-docker.sh

2
.github/runners/runner-setup.sh vendored
View File

@@ -22,7 +22,7 @@ RUNNER_NAME=$1
REPOSITORY_TOKEN=$2
REPOSITORY_URL=${3:-https://github.com/fluxcd/flux2}
GITHUB_RUNNER_VERSION=2.298.2
GITHUB_RUNNER_VERSION=2.285.1
# download runner
curl -o actions-runner-linux-arm64.tar.gz -L https://github.com/actions/runner/releases/download/v${GITHUB_RUNNER_VERSION}/actions-runner-linux-arm64-${GITHUB_RUNNER_VERSION}.tar.gz \

50
.github/workflows/README.md vendored
View File

@@ -1,50 +0,0 @@
# Flux GitHub Workflows
## End-to-end Testing
The e2e workflows run a series of tests to ensure that the Flux CLI and
the GitOps Toolkit controllers work well all together.
The tests are written in Go, Bash, Make and Terraform.
| Workflow | Jobs | Runner | Role |
|--------------------|----------------------|----------------|-----------------------------------------------|
| e2e.yaml | e2e-amd64-kubernetes | GitHub Ubuntu | integration testing with Kubernetes Kind<br/> |
| e2e-arm64.yaml | e2e-arm64-kubernetes | Equinix Ubuntu | integration testing with Kubernetes Kind<br/> |
| e2e-bootstrap.yaml | e2e-boostrap-github | GitHub Ubuntu | integration testing with GitHub API<br/> |
| e2e-azure.yaml | e2e-amd64-aks | GitHub Ubuntu | integration testing with Azure API<br/> |
| scan.yaml | scan-fossa | GitHub Ubuntu | license scanning<br/> |
| scan.yaml | scan-snyk | GitHub Ubuntu | vulnerability scanning<br/> |
| scan.yaml | scan-codeql | GitHub Ubuntu | vulnerability scanning<br/> |
## Components Update
The components update workflow scans the GitOps Toolkit controller repositories for new releases,
amd when it finds a new controller version, the workflow performs the following steps:
- Updates the controller API package version in `go.mod`.
- Patches the controller CRDs version in the `manifests/crds` overlay.
- Patches the controller Deployment version in `manifests/bases` overlay.
- Opens a Pull Request against the `main` branch.
- Triggers the e2e test suite to run for the opened PR.
| Workflow | Jobs | Runner | Role |
|-------------|-------------------|---------------|-----------------------------------------------------|
| update.yaml | update-components | GitHub Ubuntu | update the GitOps Toolkit APIs and controllers<br/> |
## Release
The release workflow is triggered by a semver Git tag and performs the following steps:
- Generates the Flux install manifests (YAML).
- Generates the OpenAPI validation schemas for the GitOps Toolkit CRDs (JSON).
- Generates a Software Bill of Materials (SPDX JSON).
- Builds the Flux CLI binaries and the multi-arch container images.
- Pushes the container images to GitHub Container Registry and DockerHub.
- Signs the sbom, the binaries checksum and the container images with Cosign and GitHub OIDC.
- Uploads the sbom, binaries, checksums and install manifests to GitHub Releases.
- Pushes the install manifests as OCI artifacts to GitHub Container Registry and DockerHub.
- Signs the OCI artifacts with Cosign and GitHub OIDC.
| Workflow | Jobs | Runner | Role |
|--------------|------------------------|---------------|------------------------------------------------------|
| release.yaml | release-flux-cli | GitHub Ubuntu | build, push and sign the CLI release artifacts<br/> |
| release.yaml | release-flux-manifests | GitHub Ubuntu | build, push and sign the Flux install manifests<br/> |

29
.github/workflows/action.yaml vendored
View File

@@ -1,29 +0,0 @@
name: test-gh-action
on:
pull_request:
paths:
- 'action/**'
push:
paths:
- 'action/**'
branches:
- 'main'
- 'release/**'
permissions: read-all
jobs:
actions:
strategy:
fail-fast: false
matrix:
version: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.version }}
name: action on ${{ matrix.version }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup flux
uses: ./action

31
.github/workflows/backport.yaml vendored
View File

@@ -1,31 +0,0 @@
name: backport
on:
pull_request_target:
types: [closed, labeled]
jobs:
pull-request:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
if: github.event.pull_request.state == 'closed' && github.event.pull_request.merged && (github.event_name != 'labeled' || startsWith('backport:', github.event.label.name))
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs
uses: korthout/backport-action@bd68141f079bd036e45ea8149bc9d174d5a04703 # v1.4.0
# xref: https://github.com/korthout/backport-action#inputs
with:
# Use token to allow workflows to be triggered for the created PR
github_token: ${{ secrets.BOT_GITHUB_TOKEN }}
# Match labels with a pattern `backport:<target-branch>`
label_pattern: '^backport:([^ ]+)$'
# A bit shorter pull-request title than the default
pull_title: '[${target_branch}] ${pull_title}'
# Simpler PR description than default
pull_description: |-
Automated backport to `${target_branch}`, triggered by a label in #${pull_number}.

53
.github/workflows/e2e-bootstrap.yaml → .github/workflows/bootstrap.yaml vendored
View File

@@ -1,41 +1,36 @@
name: e2e-bootstrap
name: bootstrap
on:
workflow_dispatch:
push:
branches: [ 'main', 'release/**' ]
branches: [ main ]
pull_request:
branches: [ 'main', 'release/**' ]
paths-ignore: [ 'docs/**', 'rfcs/**' ]
permissions:
contents: read
branches: [ main ]
jobs:
e2e-boostrap-github:
github:
runs-on: ubuntu-latest
if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@v3
- name: Restore Go cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go1.18-
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/setup-go@v3
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
go-version: 1.19.x
- name: Setup Kubernetes
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
uses: engineerd/setup-kind@v0.5.0
with:
version: v0.20.0
cluster_name: kind
# The versions below should target the newest Kubernetes version
# Keep this up-to-date with https://endoflife.date/kubernetes
node_image: kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c
kubectl_version: v1.28.0
version: v0.16.0
image: kindest/node:v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
uses: fluxcd/pkg//actions/kustomize@main
- name: Build
run: |
make cmd/flux/.manifests.done
@@ -48,7 +43,7 @@ jobs:
COMMIT_SHA=$(git rev-parse HEAD)
PSEUDO_RAND_SUFFIX=$(echo "${BRANCH_NAME}-${COMMIT_SHA}" | shasum | awk '{print $1}')
TEST_REPO_NAME="${REPOSITORY_NAME}-${PSEUDO_RAND_SUFFIX}"
echo "test_repo_name=$TEST_REPO_NAME" >> $GITHUB_OUTPUT
echo "::set-output name=test_repo_name::$TEST_REPO_NAME"
- name: bootstrap init
run: |
/tmp/flux bootstrap github --manifests ./manifests/install/ \
@@ -85,6 +80,13 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
GITHUB_REPO_NAME: ${{ steps.vars.outputs.test_repo_name }}
GITHUB_ORG_NAME: fluxcd-testing
- name: libgit2
run: |
/tmp/flux create source git test-libgit2 \
--url=ssh://git@github.com/fluxcd-testing/${{ steps.vars.outputs.test_repo_name }} \
--git-implementation=libgit2 \
--secret-ref=flux-system \
--branch=main
- name: uninstall
run: |
/tmp/flux uninstall -s --keep-namespace
@@ -99,6 +101,7 @@ jobs:
--path=test-cluster \
--read-write-key
/tmp/flux reconcile image repository podinfo
/tmp/flux reconcile image update flux-system
/tmp/flux get images all
retries=10

85
.github/workflows/e2e-arm64.yaml vendored
View File

@@ -3,102 +3,33 @@ name: e2e-arm64
on:
workflow_dispatch:
push:
branches: [ 'main', 'update-components', 'e2e-*', 'release/**' ]
permissions:
contents: read
branches: [ main, update-components ]
jobs:
e2e-arm64-kubernetes:
test:
# Hosted on Equinix
# Docs: https://github.com/fluxcd/flux2/tree/main/.github/runners
runs-on: [self-hosted, Linux, ARM64, equinix]
strategy:
matrix:
# Keep this list up-to-date with https://endoflife.date/kubernetes
# Check which versions are available on DockerHub with 'crane ls kindest/node'
KUBERNETES_VERSION: [ 1.25.11, 1.26.6, 1.27.3, 1.28.0 ]
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/setup-go@v3
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
go-version: 1.19.x
- name: Prepare
id: prep
run: |
ID=${GITHUB_SHA:0:7}-${{ matrix.KUBERNETES_VERSION }}-$(date +%s)
echo "CLUSTER=arm64-${ID}" >> $GITHUB_OUTPUT
echo ::set-output name=CLUSTER::arm64-${GITHUB_SHA:0:7}-$(date +%s)
echo ::set-output name=CONTEXT::kind-arm64-${GITHUB_SHA:0:7}-$(date +%s)
- name: Build
run: |
make build
- name: Setup Kubernetes Kind
run: |
kind create cluster \
--wait 5m \
--name ${{ steps.prep.outputs.CLUSTER }} \
--kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }} \
--image=kindest/node:v${{ matrix.KUBERNETES_VERSION }}
kind create cluster --name ${{ steps.prep.outputs.CLUSTER }} --kubeconfig=/tmp/${{ steps.prep.outputs.CLUSTER }}
- name: Run e2e tests
run: TEST_KUBECONFIG=/tmp/${{ steps.prep.outputs.CLUSTER }} make e2e
- name: Run multi-tenancy tests
env:
KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
run: |
./bin/flux install
./bin/flux create source git flux-system \
--interval=15m \
--url=https://github.com/fluxcd/flux2-multi-tenancy \
--branch=main \
--ignore-paths="./clusters/**/flux-system/"
./bin/flux create kustomization flux-system \
--interval=15m \
--source=flux-system \
--path=./clusters/staging
kubectl -n flux-system wait kustomization/tenants --for=condition=ready --timeout=5m
kubectl -n apps wait kustomization/dev-team --for=condition=ready --timeout=1m
kubectl -n apps wait helmrelease/podinfo --for=condition=ready --timeout=1m
- name: Run monitoring tests
# Keep this test in sync with https://fluxcd.io/flux/guides/monitoring/
env:
KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
run: |
./bin/flux create source git flux-monitoring \
--interval=30m \
--url=https://github.com/fluxcd/flux2 \
--branch=${GITHUB_REF#refs/heads/}
./bin/flux create kustomization kube-prometheus-stack \
--interval=1h \
--prune \
--source=flux-monitoring \
--path="./manifests/monitoring/kube-prometheus-stack" \
--health-check-timeout=5m \
--wait
./bin/flux create kustomization monitoring-config \
--depends-on=kube-prometheus-stack \
--interval=1h \
--prune=true \
--source=flux-monitoring \
--path="./manifests/monitoring/monitoring-config" \
--health-check-timeout=1m \
--wait
kubectl -n flux-system wait kustomization/kube-prometheus-stack --for=condition=ready --timeout=5m
kubectl -n flux-system wait kustomization/monitoring-config --for=condition=ready --timeout=5m
kubectl -n monitoring wait helmrelease/kube-prometheus-stack --for=condition=ready --timeout=1m
- name: Debug failure
if: failure()
env:
KUBECONFIG: /tmp/${{ steps.prep.outputs.CLUSTER }}
run: |
kubectl -n flux-system get all
kubectl -n flux-system describe po
kubectl -n flux-system logs deploy/source-controller
kubectl -n flux-system logs deploy/kustomize-controller
- name: Cleanup
if: always()
run: |

49
.github/workflows/e2e-azure.yaml vendored
View File

@@ -5,36 +5,33 @@ on:
schedule:
- cron: '0 6 * * *'
push:
branches:
- main
paths:
- 'tests/**'
- '.github/workflows/e2e-azure.yaml'
pull_request:
branches:
- main
paths:
- 'tests/**'
- '.github/workflows/e2e-azure.yaml'
permissions:
contents: read
branches: [ azure* ]
jobs:
e2e-amd64-aks:
runs-on: ubuntu-22.04
# This job is currently disabled since if always evaluates to false. Remove the false check when Azure subscription is enabled
if: false && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
e2e:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/checkout@v3
- name: Restore Go cache
uses: actions/cache@v3
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go1.18-
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: 1.19.x
- name: Install libgit2
run: |
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
echo "deb http://deb.debian.org/debian unstable main" | sudo tee -a /etc/apt/sources.list
echo "deb-src http://deb.debian.org/debian unstable main" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -y --allow-downgrades libgit2-dev/unstable zlib1g-dev/unstable libssh2-1-dev/unstable libpcre3-dev/unstable
- name: Setup Flux CLI
run: |
make build
@@ -47,7 +44,7 @@ jobs:
mkdir -p $HOME/.local/bin
mv sops-v3.7.1.linux $HOME/.local/bin/sops
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2
uses: hashicorp/setup-terraform@v1
with:
terraform_version: 1.2.8
terraform_wrapper: false

67
.github/workflows/e2e.yaml vendored
View File

@@ -1,18 +1,13 @@
name: e2e
on:
workflow_dispatch:
push:
branches: [ 'main', 'release/**' ]
branches: [ main ]
pull_request:
branches: [ 'main', 'release/**' ]
paths-ignore: [ 'docs/**', 'rfcs/**' ]
permissions:
contents: read
branches: [ main, oci ]
jobs:
e2e-amd64-kubernetes:
kind:
runs-on: ubuntu-latest
services:
registry:
@@ -21,30 +16,30 @@ jobs:
- 5000:5000
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@v3
- name: Restore Go cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go1.18-
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/setup-go@v3
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
go-version: 1.19.x
- name: Setup Kubernetes
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
uses: engineerd/setup-kind@v0.5.0
with:
version: v0.20.0
cluster_name: kind
version: v0.11.1
image: kindest/node:v1.20.7
config: .github/kind/config.yaml # disable KIND-net
# The versions below should target the newest Kubernetes version
# Keep this up-to-date with https://endoflife.date/kubernetes
node_image: kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c
kubectl_version: v1.28.0
- name: Setup Calico for network policy
run: |
kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml
kubectl apply -f https://docs.projectcalico.org/v3.20/manifests/calico.yaml
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
uses: fluxcd/pkg//actions/kustomize@main
- name: Run tests
run: make test
- name: Run e2e tests
@@ -78,14 +73,21 @@ jobs:
run: |
/tmp/flux create source git podinfo \
--url https://github.com/stefanprodan/podinfo \
--tag-semver=">=6.3.5"
--tag-semver=">=3.2.3"
- name: flux create source git export apply
run: |
/tmp/flux create source git podinfo-export \
--url https://github.com/stefanprodan/podinfo \
--tag-semver=">=6.3.5" \
--tag-semver=">=3.2.3" \
--export | kubectl apply -f -
/tmp/flux delete source git podinfo-export --silent
- name: flux create source git libgit2 semver
run: |
/tmp/flux create source git podinfo-libgit2 \
--url https://github.com/stefanprodan/podinfo \
--tag-semver=">=3.2.3" \
--git-implementation=libgit2
/tmp/flux delete source git podinfo-libgit2 --silent
- name: flux get sources git
run: |
/tmp/flux get sources git
@@ -140,7 +142,7 @@ jobs:
--target-namespace=default \
--source=HelmRepository/podinfo.flux-system \
--chart=podinfo \
--chart-version=">6.0.0 <7.0.0"
--chart-version=">4.0.0 <5.0.0"
- name: flux create helmrelease --source=GitRepository/podinfo
run: |
/tmp/flux create hr podinfo-git \
@@ -176,7 +178,7 @@ jobs:
/tmp/flux push artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
--path="./manifests" \
--source="${{ github.repositoryUrl }}" \
--revision="${{ github.ref }}@sha1:${{ github.sha }}"
--revision="${{ github.ref }}/${{ github.sha }}"
/tmp/flux tag artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
--tag latest
/tmp/flux list artifacts oci://localhost:5000/fluxcd/flux
@@ -184,11 +186,11 @@ jobs:
run: |
/tmp/flux create source oci podinfo-oci \
--url oci://ghcr.io/stefanprodan/manifests/podinfo \
--tag-semver 6.3.x \
--tag-semver 6.1.x \
--interval 10m
/tmp/flux create kustomization podinfo-oci \
--source=OCIRepository/podinfo-oci \
--path="./" \
--path="./kustomize" \
--prune=true \
--interval=5m \
--target-namespace=default \
@@ -209,20 +211,21 @@ jobs:
/tmp/flux -n apps create hr podinfo-helm \
--source=HelmRepository/podinfo \
--chart=podinfo \
--chart-version="6.3.x" \
--chart-version="5.0.x" \
--service-account=dev-team
- name: flux2-kustomize-helm-example
run: |
/tmp/flux create source git flux-system \
--url=https://github.com/fluxcd/flux2-kustomize-helm-example \
--branch=main \
--ignore-paths="./clusters/**/flux-system/" \
--recurse-submodules
/tmp/flux create kustomization flux-system \
--source=flux-system \
--path=./clusters/staging
kubectl -n flux-system wait kustomization/infra-controllers --for=condition=ready --timeout=5m
kubectl -n flux-system wait kustomization/infrastructure --for=condition=ready --timeout=5m
kubectl -n flux-system wait kustomization/apps --for=condition=ready --timeout=5m
kubectl -n nginx wait helmrelease/nginx --for=condition=ready --timeout=5m
kubectl -n redis wait helmrelease/redis --for=condition=ready --timeout=5m
kubectl -n podinfo wait helmrelease/podinfo --for=condition=ready --timeout=5m
- name: flux tree
run: |

39
.github/workflows/ossf.yaml vendored
View File

@@ -1,39 +0,0 @@
name: ossf
on:
workflow_dispatch:
push:
branches:
- main
schedule:
# Weekly on Saturdays.
- cron: '30 1 * * 6'
permissions: read-all
jobs:
scorecard:
runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
actions: read
contents: read
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Run analysis
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
with:
results_file: results.sarif
results_format: sarif
repo_token: ${{ secrets.GITHUB_TOKEN }}
publish_results: true
- name: Upload artifact
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: SARIF file
path: results.sarif
retention-days: 5
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
with:
sarif_file: results.sarif

73
.github/workflows/release-manifests.yml vendored Normal file
View File

@@ -0,0 +1,73 @@
name: release-manifests
on:
release:
types: [published]
workflow_dispatch:
permissions:
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs:
build-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
- name: Setup Flux CLI
uses: ./action/
- name: Prepare
id: prep
run: |
VERSION=$(flux version --client | awk '{ print $NF }')
echo ::set-output name=VERSION::${VERSION}
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
- name: Push manifests to GHCR
run: |
mkdir -p ./ghcr.io/flux-system
flux install --registry=ghcr.io/fluxcd \
--components-extra=image-reflector-controller,image-automation-controller \
--export > ./ghcr.io/flux-system/gotk-components.yaml
cd ./ghcr.io && flux push artifact \
oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
--path="./flux-system" \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}/${{ github.sha }}"
- name: Push manifests to DockerHub
run: |
mkdir -p ./docker.io/flux-system
flux install --registry=docker.io/fluxcd \
--components-extra=image-reflector-controller,image-automation-controller \
--export > ./docker.io/flux-system/gotk-components.yaml
cd ./docker.io && flux push artifact \
oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
--path="./flux-system" \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}/${{ github.sha }}"
- uses: sigstore/cosign-installer@main
- name: Sign manifests
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }}
cosign sign docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }}
- name: Tag manifests
run: |
flux tag artifact oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
--tag latest
flux tag artifact oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
--tag latest

164
.github/workflows/release.yaml vendored
View File

@@ -5,48 +5,41 @@ on:
tags: [ 'v*' ]
permissions:
contents: read
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs:
release-flux-cli:
outputs:
hashes: ${{ steps.slsa.outputs.hashes }}
image_url: ${{ steps.slsa.outputs.image_url }}
image_digest: ${{ steps.slsa.outputs.image_digest }}
goreleaser:
runs-on: ubuntu-latest
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/setup-go@v3
with:
go-version: 1.20.x
cache: false
go-version: 1.19.x
- name: Setup QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
uses: docker/setup-buildx-action@v2
- name: Setup Syft
uses: anchore/sbom-action/download-syft@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
uses: anchore/sbom-action/download-syft@v0
- name: Setup Cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
uses: sigstore/cosign-installer@main
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
uses: fluxcd/pkg//actions/kustomize@main
- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
uses: docker/login-action@v2
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
uses: docker/login-action@v2
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -58,8 +51,10 @@ jobs:
- name: Build CRDs
run: |
kustomize build manifests/crds > all-crds.yaml
# Pinned to commit before https://github.com/fluxcd/pkg/pull/189 due to
# introduction faulty behavior.
- name: Generate OpenAPI JSON schemas from CRDs
uses: fluxcd/pkg/actions/crdjsonschema@main
uses: fluxcd/pkg//actions/crdjsonschema@49e26aa2ee9e734c3233c560253fd9542afe18ae
with:
crd: all-crds.yaml
output: schemas
@@ -78,8 +73,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --release-notes=output/notes.md --skip-validate
@@ -87,125 +81,3 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
AUR_BOT_SSH_PRIVATE_KEY: ${{ secrets.AUR_BOT_SSH_PRIVATE_KEY }}
- name: Generate SLSA metadata
id: slsa
env:
ARTIFACTS: "${{ steps.run-goreleaser.outputs.artifacts }}"
run: |
set -euo pipefail
hashes=$(echo -E $ARTIFACTS | jq --raw-output '.[] | {name, "digest": (.extra.Digest // .extra.Checksum)} | select(.digest) | {digest} + {name} | join(" ") | sub("^sha256:";"")' | base64 -w0)
echo "hashes=$hashes" >> $GITHUB_OUTPUT
image_url=fluxcd/flux-cli:$GITHUB_REF_NAME
echo "image_url=$image_url" >> $GITHUB_OUTPUT
image_digest=$(docker buildx imagetools inspect ${image_url} --format '{{json .}}' | jq -r .manifest.digest)
echo "image_digest=$image_digest" >> $GITHUB_OUTPUT
release-flux-manifests:
runs-on: ubuntu-latest
needs: release-flux-cli
permissions:
id-token: write
packages: write
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
- name: Setup Flux CLI
uses: ./action/
- name: Prepare
id: prep
run: |
VERSION=$(flux version --client | awk '{ print $NF }')
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Login to GHCR
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to DockerHub
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
- name: Push manifests to GHCR
run: |
mkdir -p ./ghcr.io/flux-system
flux install --registry=ghcr.io/fluxcd \
--components-extra=image-reflector-controller,image-automation-controller \
--export > ./ghcr.io/flux-system/gotk-components.yaml
cd ./ghcr.io && flux push artifact \
oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--path="./flux-system" \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
- name: Push manifests to DockerHub
run: |
mkdir -p ./docker.io/flux-system
flux install --registry=docker.io/fluxcd \
--components-extra=image-reflector-controller,image-automation-controller \
--export > ./docker.io/flux-system/gotk-components.yaml
cd ./docker.io && flux push artifact \
oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--path="./flux-system" \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
- uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
- name: Sign manifests
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign --yes ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }}
cosign sign --yes docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }}
- name: Tag manifests
run: |
flux tag artifact oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--tag latest
flux tag artifact oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.version }} \
--tag latest
release-provenance:
needs: [release-flux-cli]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
contents: write # for uploading attestations to GitHub releases.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.8.0
with:
provenance-name: "provenance.intoto.jsonl"
base64-subjects: "${{ needs.release-flux-cli.outputs.hashes }}"
upload-assets: true
dockerhub-provenance:
needs: [release-flux-cli]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
with:
image: ${{ needs.release-flux-cli.outputs.image_url }}
digest: ${{ needs.release-flux-cli.outputs.image_digest }}
registry-username: fluxcdbot
secrets:
registry-password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
ghcr-provenance:
needs: [release-flux-cli]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
with:
image: ghcr.io/${{ needs.release-flux-cli.outputs.image_url }}
digest: ${{ needs.release-flux-cli.outputs.image_digest }}
registry-username: fluxcdbot
secrets:
registry-password: ${{ secrets.GHCR_TOKEN }}

73
.github/workflows/scan.yaml vendored
View File

@@ -1,85 +1,68 @@
name: scan
on:
workflow_dispatch:
push:
branches: [ 'main', 'release/**' ]
branches: [ main ]
pull_request:
branches: [ 'main', 'release/**' ]
branches: [ main ]
schedule:
- cron: '18 10 * * 3'
permissions:
contents: read
contents: read # for actions/checkout to fetch code
security-events: write # for codeQL to write security events
jobs:
scan-fossa:
fossa:
name: FOSSA
runs-on: ubuntu-latest
if: github.actor != 'dependabot[bot]'
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/checkout@v3
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@6728dc6fe9a068c648d080c33829ffbe56565023 # v2.0.0
uses: fossa-contrib/fossa-action@v1
with:
# FOSSA Push-Only API Token
fossa-api-key: 5ee8bf422db1471e0bcf2bcb289185de
github-token: ${{ github.token }}
scan-snyk:
snyk:
name: Snyk
runs-on: ubuntu-latest
permissions:
security-events: write
if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/checkout@v3
- name: Setup Kustomize
uses: fluxcd/pkg/actions/kustomize@main
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
- name: Download modules and build manifests
uses: fluxcd/pkg//actions/kustomize@main
- name: Build manifests
run: |
make tidy
make cmd/flux/.manifests.done
- uses: snyk/actions/setup@b98d498629f1c368650224d6d212bf7dfa89e4bf
- name: Run Snyk to check for vulnerabilities
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
continue-on-error: true
run: |
snyk test --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: snyk.sarif
scan-codeql:
codeql:
name: CodeQL
runs-on: ubuntu-latest
permissions:
security-events: write
if: github.actor != 'dependabot[bot]'
steps:
- name: Checkout repository
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
go-version: 1.19.x
- name: Initialize CodeQL
uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
uses: github/codeql-action/init@v2
with:
languages: go
# xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# xref: https://codeql.github.com/codeql-query-help/go/
queries: security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
uses: github/codeql-action/analyze@v2

28
.github/workflows/sync-labels.yaml vendored
View File

@@ -1,28 +0,0 @@
name: sync-labels
on:
workflow_dispatch:
push:
branches:
- main
paths:
- .github/labels.yaml
permissions:
contents: read
jobs:
labels:
name: Run sync
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: EndBug/label-sync@da00f2c11fdb78e4fae44adac2fdd713778ea3e8 # v2.3.2
with:
# Configuration file
config-file: |
https://raw.githubusercontent.com/fluxcd/community/main/.github/standard-labels.yaml
.github/labels.yaml
# Strictly declarative
delete-other-labels: true

33
.github/workflows/update.yaml vendored
View File

@@ -1,4 +1,4 @@
name: update
name: Update Components
on:
workflow_dispatch:
@@ -7,29 +7,20 @@ on:
push:
branches: [main]
permissions:
contents: read
jobs:
update-components:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Check out code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@v3
- name: Setup Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
uses: actions/setup-go@v3
with:
go-version: 1.20.x
cache-dependency-path: |
**/go.sum
**/go.mod
go-version: 1.19.x
- name: Update component versions
id: update
run: |
PR_BODY=$(mktemp)
PR_BODY=""
bump_version() {
local LATEST_VERSION=$(curl -s https://api.github.com/repos/fluxcd/$1/releases | jq -r 'sort_by(.published_at) | .[-1] | .tag_name')
@@ -56,8 +47,7 @@ jobs:
fi
if [[ "$changed" == true ]]; then
echo "- $1 to ${LATEST_VERSION}" >> $PR_BODY
echo " https://github.com/fluxcd/$1/blob/${LATEST_VERSION}/CHANGELOG.md" >> $PR_BODY
PR_BODY="$PR_BODY- $1 to ${LATEST_VERSION}%0A https://github.com/fluxcd/$1/blob/${LATEST_VERSION}/CHANGELOG.md%0A"
fi
}
@@ -74,17 +64,12 @@ jobs:
git diff
# export PR_BODY for PR and commit
# NB: this may look strange but it is the way it should be done to
# maintain our precious newlines
# Ref: https://github.com/github/docs/issues/21529
echo 'pr_body<<EOF' >> $GITHUB_OUTPUT
cat $PR_BODY >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
echo "::set-output name=pr_body::$PR_BODY"
}
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.BOT_GITHUB_TOKEN }}
commit-message: |
@@ -99,7 +84,7 @@ jobs:
body: |
${{ steps.update.outputs.pr_body }}
labels: |
dependencies
area/build
reviewers: ${{ secrets.ASSIGNEES }}
- name: Check output

11
.goreleaser.yml
View File

@@ -65,7 +65,6 @@ signs:
certificate: '${artifact}.pem'
args:
- sign-blob
- "--yes"
- '--output-certificate=${certificate}'
- '--output-signature=${signature}'
- '${artifact}'
@@ -83,7 +82,14 @@ brews:
install: |
bin.install "flux"
generate_completions_from_executable(bin/"flux", "completion")
bash_output = Utils.safe_popen_read(bin/"flux", "completion", "bash")
(bash_completion/"flux").write bash_output
zsh_output = Utils.safe_popen_read(bin/"flux", "completion", "zsh")
(zsh_completion/"_flux").write zsh_output
fish_output = Utils.safe_popen_read(bin/"flux", "completion", "fish")
(fish_completion/"flux.fish").write fish_output
test: |
system "#{bin}/flux --version"
publishers:
@@ -169,7 +175,6 @@ docker_signs:
- COSIGN_EXPERIMENTAL=1
args:
- sign
- "--yes"
- '${artifact}'
artifacts: all
output: true

6
CONTRIBUTING.md
View File

@@ -67,9 +67,9 @@ for source changes.
Prerequisites:
* go >= 1.20
* kubectl >= 1.24
* kustomize >= 5.0
* go >= 1.19
* kubectl >= 1.20
* kustomize >= 4.4
* coreutils (on Mac OS)
Install the [controller-runtime/envtest](https://github.com/kubernetes-sigs/controller-runtime/tree/master/tools/setup-envtest) binaries with:

10
Dockerfile
View File

@@ -1,15 +1,19 @@
FROM alpine:3.18 as builder
FROM alpine:3.16 as builder
RUN apk add --no-cache ca-certificates curl
ARG ARCH=linux/amd64
ARG KUBECTL_VER=1.27.3
ARG KUBECTL_VER=1.25.0
RUN curl -sL https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VER}/bin/${ARCH}/kubectl \
-o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && \
kubectl version --client=true
FROM alpine:3.18 as flux-cli
FROM alpine:3.16 as flux-cli
# Create minimal nsswitch.conf file to prioritize the usage of /etc/hosts over DNS queries.
# https://github.com/gliderlabs/docker-alpine/issues/367#issuecomment-354316460
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
RUN apk add --no-cache ca-certificates

4
Makefile
View File

@@ -17,8 +17,8 @@ rwildcard=$(foreach d,$(wildcard $(addsuffix *,$(1))),$(call rwildcard,$(d)/,$(2
all: test build
tidy:
go mod tidy -compat=1.20
cd tests/azure && go mod tidy -compat=1.20
go mod tidy -compat=1.19
cd tests/azure && go mod tidy -compat=1.19
fmt:
go fmt ./...

28
README.md
View File

@@ -1,14 +1,14 @@
# Flux version 2
[![release](https://img.shields.io/github/release/fluxcd/flux2/all.svg)](https://github.com/fluxcd/flux2/releases)
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4782/badge)](https://bestpractices.coreinfrastructure.org/projects/4782)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/fluxcd/flux2/badge)](https://api.securityscorecards.dev/projects/github.com/fluxcd/flux2)
[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflux2.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ffluxcd%2Fflux2?ref=badge_shield)
[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/flux2)](https://artifacthub.io/packages/helm/fluxcd-community/flux2)
[![e2e](https://github.com/fluxcd/flux2/workflows/e2e/badge.svg)](https://github.com/fluxcd/flux2/actions)
[![report](https://goreportcard.com/badge/github.com/fluxcd/flux2)](https://goreportcard.com/report/github.com/fluxcd/flux2)
[![license](https://img.shields.io/github/license/fluxcd/flux2.svg)](https://github.com/fluxcd/flux2/blob/main/LICENSE)
[![release](https://img.shields.io/github/release/fluxcd/flux2/all.svg)](https://github.com/fluxcd/flux2/releases)
Flux is a tool for keeping Kubernetes clusters in sync with sources of
configuration (like Git repositories and OCI artifacts),
and automating updates to configuration when there is new code to deploy.
configuration (like Git repositories), and automating updates to
configuration when there is new code to deploy.
Flux version 2 ("v2") is built from the ground up to use Kubernetes'
API extension system, and to integrate with Prometheus and other core
@@ -20,8 +20,7 @@ Flux v2 is constructed with the [GitOps Toolkit](#gitops-toolkit), a
set of composable APIs and specialized tools for building Continuous
Delivery on top of Kubernetes.
Flux is a Cloud Native Computing Foundation ([CNCF](https://www.cncf.io/)) project, used in
production by various [organisations](https://fluxcd.io/adopters) and [cloud providers](https://fluxcd.io/ecosystem).
Flux is a Cloud Native Computing Foundation ([CNCF](https://www.cncf.io/)) project.
## Quickstart and documentation
@@ -43,7 +42,7 @@ runtime for Flux v2. The APIs comprise Kubernetes custom resources,
which can be created and updated by a cluster user, or by other
automation tooling.
![overview](https://fluxcd.io/img/diagrams/gitops-toolkit.png)
![overview](docs/_files/gitops-toolkit.png)
You can use the toolkit to extend Flux, or to build your own systems
for continuous delivery -- see [the developer
@@ -78,17 +77,16 @@ new contributors and there are a multitude of ways to get involved.
- Getting Started?
- Look at our [Get Started guide](https://fluxcd.io/flux/get-started/) and give us feedback
- Need help?
- First: Ask questions on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions).
- Second: Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/).
- First: Ask questions on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
- Second: Talk to us in the #flux channel on [CNCF Slack](https://slack.cncf.io/)
- Please follow our [Support Guidelines](https://fluxcd.io/support/)
(in short: be nice, be respectful of volunteers' time, understand that maintainers and
contributors cannot respond to all DMs, and keep discussions in the public #flux channel as much as possible).
- Have feature proposals or want to contribute?
- Propose features on our [GitHub Discussions page](https://github.com/fluxcd/flux2/discussions).
- Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view)).
- Propose features on our [GH Discussions page](https://github.com/fluxcd/flux2/discussions)
- Join our upcoming dev meetings ([meeting access and agenda](https://docs.google.com/document/d/1l_M0om0qUEN_NNiGgpqJ2tvsF2iioHkaARDeh6b70B0/view))
- [Join the flux-dev mailing list](https://lists.cncf.io/g/cncf-flux-dev).
- Check out [how to contribute](CONTRIBUTING.md) to the project.
- Check out the [project roadmap](https://fluxcd.io/roadmap/).
- Check out [how to contribute](CONTRIBUTING.md) to the project
### Events

194
action/README.md
View File

@@ -1,22 +1,190 @@
# Flux GitHub Action
To install the latest Flux CLI on Linux, macOS or Windows GitHub runners:
Usage:
```yaml
steps:
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
with:
version: 'latest'
- name: Run Flux CLI
run: flux version --client
steps:
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
- name: Run Flux commands
run: flux -v
```
The Flux GitHub Action can be used to automate various tasks in CI, such as:
The latest stable version of the `flux` binary is downloaded from
GitHub [releases](https://github.com/fluxcd/flux2/releases)
and placed at `/usr/local/bin/flux`.
- [Automate Flux upgrades on clusters via Pull Requests](https://fluxcd.io/flux/flux-gh-action/#automate-flux-updates)
- [Push Kubernetes manifests to container registries](https://fluxcd.io/flux/flux-gh-action/#push-kubernetes-manifests-to-container-registries)
- [Run end-to-end testing with Flux and Kubernetes Kind](https://fluxcd.io/flux/flux-gh-action/#end-to-end-testing)
Note that this action can only be used on GitHub **Linux** runners.
You can change the arch (defaults to `amd64`) with:
For more information, please see the [Flux GitHub Action documentation](/flux/flux-gh-action.md).
```yaml
steps:
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
with:
arch: arm64 # can be amd64, arm64 or arm
```
You can download a specific version with:
```yaml
steps:
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
with:
version: 0.32.0
```
### Automate Flux updates
Example workflow for updating Flux's components generated with `flux bootstrap --path=clusters/production`:
```yaml
name: update-flux
on:
workflow_dispatch:
schedule:
- cron: "0 * * * *"
jobs:
components:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
- name: Check for updates
id: update
run: |
flux install \
--export > ./clusters/production/flux-system/gotk-components.yaml
VERSION="$(flux -v)"
echo "::set-output name=flux_version::$VERSION"
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
branch: update-flux
commit-message: Update to ${{ steps.update.outputs.flux_version }}
title: Update to ${{ steps.update.outputs.flux_version }}
body: |
${{ steps.update.outputs.flux_version }}
```
### Push Kubernetes manifests to container registries
Example workflow for publishing Kubernetes manifests bundled as OCI artifacts to GitHub Container Registry:
```yaml
name: push-artifact-staging
on:
push:
branches:
- 'main'
permissions:
packages: write # needed for ghcr.io access
env:
OCI_REPO: "oci://ghcr.io/my-org/manifests/${{ github.event.repository.name }}"
jobs:
kubernetes:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate manifests
run: |
kustomize build ./manifests/staging > ./deploy/app.yaml
- name: Push manifests
run: |
flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \
--path="./deploy" \
--source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
- name: Deploy manifests to staging
run: |
flux tag artifact $OCI_REPO:$(git rev-parse --short HEAD) --tag staging
```
Example workflow for publishing Kubernetes manifests bundled as OCI artifacts to Docker Hub:
```yaml
name: push-artifact-production
on:
push:
tags:
- '*'
env:
OCI_REPO: "oci://docker.io/my-org/app-config"
jobs:
kubernetes:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Generate manifests
run: |
kustomize build ./manifests/production > ./deploy/app.yaml
- name: Push manifests
run: |
flux push artifact $OCI_REPO:$(git tag --points-at HEAD) \
--path="./deploy" \
--source="$(git config --get remote.origin.url)" \
--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
- name: Deploy manifests to production
run: |
flux tag artifact $OCI_REPO:$(git tag --points-at HEAD) --tag production
```
### End-to-end testing
Example workflow for running Flux in Kubernetes Kind:
```yaml
name: e2e
on:
push:
branches:
- '*'
jobs:
kubernetes:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Flux CLI
uses: fluxcd/flux2/action@main
- name: Setup Kubernetes Kind
uses: engineerd/setup-kind@v0.5.0
- name: Install Flux in Kubernetes Kind
run: flux install
```
A complete e2e testing workflow is available here
[flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example/blob/main/.github/workflows/e2e.yaml)

124
action/action.yml
View File

@@ -1,120 +1,52 @@
name: Setup Flux CLI
description: A GitHub Action for installing the Flux CLI
author: Flux project
description: A GitHub Action for running Flux commands
author: Stefan Prodan
branding:
color: blue
icon: command
inputs:
version:
description: "Flux version e.g. 2.0.0 (defaults to latest stable release)"
description: "Flux version e.g. 0.8.0 (defaults to latest stable release)"
required: false
arch:
description: "arch can be amd64, arm64 or arm"
required: false
deprecationMessage: "No longer required, action will now detect runner arch."
required: true
default: "amd64"
bindir:
description: "Alternative location for the Flux binary, defaults to path relative to $RUNNER_TOOL_CACHE."
required: false
token:
description: "Token used to authentication against the GitHub.com API. Defaults to the token from the GitHub context of the workflow."
description: "Optional location of the Flux binary. Will not use sudo if set. Updates System Path."
required: false
runs:
using: composite
steps:
- name: "Download the binary to the runner's cache dir"
- name: "Download flux binary to tmp"
shell: bash
run: |
ARCH=${{ inputs.arch }}
VERSION=${{ inputs.version }}
TOKEN=${{ inputs.token }}
if [[ -z "$TOKEN" ]]; then
TOKEN=${{ github.token }}
if [ -z $VERSION ]; then
VERSION=$(curl https://api.github.com/repos/fluxcd/flux2/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
fi
if [[ -z "$VERSION" ]] || [[ "$VERSION" = "latest" ]]; then
VERSION=$(curl -fsSL -H "Authorization: token ${TOKEN}" https://api.github.com/repos/fluxcd/flux2/releases/latest | grep tag_name | cut -d '"' -f 4)
BIN_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/flux_${VERSION}_linux_${ARCH}.tar.gz"
curl -sL ${BIN_URL} -o /tmp/flux.tar.gz
mkdir -p /tmp/flux
tar -C /tmp/flux/ -zxvf /tmp/flux.tar.gz
- name: "Copy Flux binary to execute location"
shell: bash
run: |
BINDIR=${{ inputs.bindir }}
if [ -z $BINDIR ]; then
sudo cp /tmp/flux/flux /usr/local/bin
else
cp /tmp/flux/flux "${BINDIR}"
echo "${BINDIR}" >> $GITHUB_PATH
fi
if [[ -z "$VERSION" ]]; then
echo "Unable to determine Flux CLI version"
exit 1
fi
if [[ $VERSION = v* ]]; then
VERSION="${VERSION:1}"
fi
OS=$(echo "${RUNNER_OS}" | tr '[:upper:]' '[:lower:]')
if [[ "$OS" == "macos" ]]; then
OS="darwin"
fi
ARCH=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')
if [[ "$ARCH" == "x64" ]]; then
ARCH="amd64"
elif [[ "$ARCH" == "x86" ]]; then
ARCH="386"
fi
FLUX_EXEC_FILE="flux"
if [[ "$OS" == "windows" ]]; then
FLUX_EXEC_FILE="${FLUX_EXEC_FILE}.exe"
fi
FLUX_TOOL_DIR=${{ inputs.bindir }}
if [[ -z "$FLUX_TOOL_DIR" ]]; then
FLUX_TOOL_DIR="${RUNNER_TOOL_CACHE}/flux2/${VERSION}/${OS}/${ARCH}"
fi
if [[ ! -x "$FLUX_TOOL_DIR/FLUX_EXEC_FILE" ]]; then
DL_DIR="$(mktemp -dt flux2-XXXXXX)"
trap 'rm -rf $DL_DIR' EXIT
echo "Downloading flux ${VERSION} for ${OS}/${ARCH}"
FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.tar.gz"
if [[ "$OS" == "windows" ]]; then
FLUX_TARGET_FILE="flux_${VERSION}_${OS}_${ARCH}.zip"
fi
FLUX_CHECKSUMS_FILE="flux_${VERSION}_checksums.txt"
FLUX_DOWNLOAD_URL="https://github.com/fluxcd/flux2/releases/download/v${VERSION}/"
curl -fsSL -o "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_TARGET_FILE"
curl -fsSL -o "$DL_DIR/$FLUX_CHECKSUMS_FILE" "$FLUX_DOWNLOAD_URL/$FLUX_CHECKSUMS_FILE"
echo "Verifying checksum"
sum=""
if command -v openssl > /dev/null; then
sum=$(openssl sha256 "$DL_DIR/$FLUX_TARGET_FILE" | awk '{print $2}')
elif command -v sha256sum > /dev/null; then
sum=$(sha256sum "$DL_DIR/$FLUX_TARGET_FILE" | awk '{print $1}')
fi
if [[ -z "$sum" ]]; then
echo "Neither openssl nor sha256sum found. Cannot calculate checksum."
exit 1
fi
expected_sum=$(grep " $FLUX_TARGET_FILE\$" "$DL_DIR/$FLUX_CHECKSUMS_FILE" | awk '{print $1}')
if [ "$sum" != "$expected_sum" ]; then
echo "SHA sum of ${FLUX_TARGET_FILE} does not match. Aborting."
exit 1
fi
echo "Installing flux to ${FLUX_TOOL_DIR}"
mkdir -p "$FLUX_TOOL_DIR"
if [[ "$OS" == "windows" ]]; then
unzip "$DL_DIR/$FLUX_TARGET_FILE" "$FLUX_EXEC_FILE" -d "$FLUX_TOOL_DIR"
else
tar xzf "$DL_DIR/$FLUX_TARGET_FILE" -C "$FLUX_TOOL_DIR" $FLUX_EXEC_FILE
fi
chmod +x "$FLUX_TOOL_DIR/$FLUX_EXEC_FILE"
fi
echo "Adding flux to path"
echo "$FLUX_TOOL_DIR" >> "$GITHUB_PATH"
- name: "Print installed flux version"
- name: "Cleanup tmp"
shell: bash
run: |
rm -rf /tmp/flux/ /tmp/flux.tar.gz
- name: "Verify correct installation of binary"
shell: bash
run: |
flux -v

2
cmd/flux/alert.go
View File

@@ -19,7 +19,7 @@ package main
import (
"sigs.k8s.io/controller-runtime/pkg/client"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
)
// notificationv1.Alert

2
cmd/flux/alert_provider.go
View File

@@ -19,7 +19,7 @@ package main
import (
"sigs.k8s.io/controller-runtime/pkg/client"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
)
// notificationv1.Provider

28
cmd/flux/bootstrap.go
View File

@@ -23,21 +23,21 @@ import (
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
var bootstrapCmd = &cobra.Command{
Use: "bootstrap",
Short: "Deploy Flux on a cluster the GitOps way.",
Long: `The bootstrap sub-commands push the Flux manifests to a Git repository
and deploy Flux on the cluster.`,
Short: "Bootstrap toolkit components",
Long: "The bootstrap sub-commands bootstrap the toolkit components on the targeted Git provider.",
}
type bootstrapFlags struct {
version string
arch flags.Arch
logLevel flags.LogLevel
branch string
@@ -91,9 +91,9 @@ func init() {
"list of components in addition to those supplied or defaulted, accepts values such as 'image-reflector-controller,image-automation-controller'")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.registry, "registry", "ghcr.io/fluxcd",
"container registry where the Flux controller images are published")
"container registry where the toolkit images are published")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.imagePullSecret, "image-pull-secret", "",
"Kubernetes secret name used for pulling the controller images from a private registry")
"Kubernetes secret name used for pulling the toolkit images from a private registry")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.branch, "branch", bootstrapDefaultBranch, "Git branch")
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.recurseSubmodules, "recurse-submodules", false,
@@ -102,15 +102,15 @@ func init() {
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.manifestsPath, "manifests", "", "path to the manifest directory")
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.watchAllNamespaces, "watch-all-namespaces", true,
"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the Flux controllers are installed")
"watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed")
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.networkPolicy, "network-policy", true,
"setup Kubernetes network policies to deny ingress access to the Flux controllers from other namespaces")
"deny ingress access to the toolkit controllers from other namespaces using network policies")
bootstrapCmd.PersistentFlags().BoolVar(&bootstrapArgs.tokenAuth, "token-auth", false,
"when enabled, the personal access token will be used instead of the SSH deploy key")
"when enabled, the personal access token will be used instead of SSH deploy key")
bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.logLevel, "log-level", bootstrapArgs.logLevel.Description())
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.clusterDomain, "cluster-domain", rootArgs.defaults.ClusterDomain, "internal cluster domain")
bootstrapCmd.PersistentFlags().StringSliceVar(&bootstrapArgs.tolerationKeys, "toleration-keys", nil,
"list of toleration keys used to schedule the controller pods onto nodes with matching taints")
"list of toleration keys used to schedule the components pods onto nodes with matching taints")
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.secretName, "secret-name", rootArgs.defaults.Namespace, "name of the secret the sync credentials can be found in or stored to")
bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.keyAlgorithm, "ssh-key-algorithm", bootstrapArgs.keyAlgorithm.Description())
@@ -129,6 +129,8 @@ func init() {
bootstrapCmd.PersistentFlags().StringVar(&bootstrapArgs.commitMessageAppendix, "commit-message-appendix", "", "string to add to the commit messages, e.g. '[ci skip]'")
bootstrapCmd.PersistentFlags().Var(&bootstrapArgs.arch, "arch", bootstrapArgs.arch.Description())
bootstrapCmd.PersistentFlags().MarkDeprecated("arch", "multi-arch container image is now available for AMD64, ARMv7 and ARM64")
bootstrapCmd.PersistentFlags().MarkHidden("manifests")
rootCmd.AddCommand(bootstrapCmd)

83
cmd/flux/bootstrap_bitbucket_server.go
View File

@@ -22,42 +22,45 @@ import (
"os"
"time"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/git/gogit"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/bootstrap"
"github.com/fluxcd/flux2/v2/pkg/bootstrap/provider"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sync"
"github.com/fluxcd/flux2/internal/bootstrap"
"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
"github.com/fluxcd/flux2/internal/bootstrap/provider"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/pkg/manifestgen/sync"
)
var bootstrapBServerCmd = &cobra.Command{
Use: "bitbucket-server",
Short: "Deploy Flux on a cluster connected to a Bitbucket Server repository",
Short: "Bootstrap toolkit components in a Bitbucket Server repository",
Long: `The bootstrap bitbucket-server command creates the Bitbucket Server repository if it doesn't exists and
commits the Flux manifests to the master branch.
commits the toolkit components manifests to the master branch.
Then it configures the target cluster to synchronize with the repository.
If the Flux components are present on the cluster,
If the toolkit components are present on the cluster,
the bootstrap command will perform an upgrade if needed.`,
Example: ` # Create a Bitbucket Server API token and export it as an env var
export BITBUCKET_TOKEN=<my-token>
# Run bootstrap for a private repository using HTTPS token authentication
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth --path=clusters/my-cluster
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
# Run bootstrap for a private repository using SSH authentication
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --path=clusters/my-cluster
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain>
# Run bootstrap for a repository path
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --path=dev-cluster --hostname=<domain>
# Run bootstrap for a public repository on a personal account
flux bootstrap bitbucket-server --owner=<user> --repository=<repository name> --private=false --personal --hostname=<domain> --token-auth --path=clusters/my-cluster
flux bootstrap bitbucket-server --owner=<user> --repository=<repository name> --private=false --personal --hostname=<domain> --token-auth
# Run bootstrap for a an existing repository with a branch named main
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --branch=main --hostname=<domain> --token-auth --path=clusters/my-cluster`,
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --branch=main --hostname=<domain> --token-auth`,
RunE: bootstrapBServerCmdRun,
}
@@ -125,9 +128,7 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
}
// Manifest base
if ver, err := getVersion(bootstrapArgs.version); err != nil {
return err
} else {
if ver, err := getVersion(bootstrapArgs.version); err == nil {
bootstrapArgs.version = ver
}
manifestsBase, err := buildEmbeddedManifestBase()
@@ -170,17 +171,10 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("failed to create temporary working dir: %w", err)
}
defer os.RemoveAll(tmpDir)
clientOpts := []gogit.ClientOption{gogit.WithDiskStorage(), gogit.WithFallbackToDefaultKnownHosts()}
gitClient, err := gogit.NewClient(tmpDir, &git.AuthOptions{
Transport: git.HTTPS,
Username: user,
Password: bitbucketToken,
CAFile: caBundle,
}, clientOpts...)
if err != nil {
return fmt.Errorf("failed to create a Git client: %w", err)
}
gitClient := gogit.New(tmpDir, &http.BasicAuth{
Username: user,
Password: bitbucketToken,
})
// Install manifest config
installOptions := install.Options{
@@ -218,18 +212,19 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
secretOpts.Username = bServerArgs.username
}
secretOpts.Password = bitbucketToken
secretOpts.CAFile = caBundle
} else {
keypair, err := sourcesecret.LoadKeyPairFromPath(bootstrapArgs.privateKeyFile, gitArgs.password)
if err != nil {
return err
if bootstrapArgs.caFile != "" {
secretOpts.CAFilePath = bootstrapArgs.caFile
}
secretOpts.Keypair = keypair
} else {
secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits)
secretOpts.ECDSACurve = bootstrapArgs.keyECDSACurve.Curve
secretOpts.SSHHostname = bServerArgs.hostname
if bootstrapArgs.privateKeyFile != "" {
secretOpts.PrivateKeyPath = bootstrapArgs.privateKeyFile
}
if bootstrapArgs.sshHostname != "" {
secretOpts.SSHHostname = bootstrapArgs.sshHostname
}
@@ -244,27 +239,23 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
Secret: bootstrapArgs.secretName,
TargetPath: bServerArgs.path.ToSlash(),
ManifestFile: sync.MakeDefaultOptions().ManifestFile,
GitImplementation: sourceGitArgs.gitImplementation.String(),
RecurseSubmodules: bootstrapArgs.recurseSubmodules,
}
entityList, err := bootstrap.LoadEntityListFromPath(bootstrapArgs.gpgKeyRingPath)
if err != nil {
return err
}
// Bootstrap config
bootstrapOpts := []bootstrap.GitProviderOption{
bootstrap.WithProviderRepository(bServerArgs.owner, bServerArgs.repository, bServerArgs.personal),
bootstrap.WithBranch(bootstrapArgs.branch),
bootstrap.WithBootstrapTransportType("https"),
bootstrap.WithSignature(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithAuthor(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithCommitMessageAppendix(bootstrapArgs.commitMessageAppendix),
bootstrap.WithProviderTeamPermissions(mapTeamSlice(bServerArgs.teams, bServerDefaultPermission)),
bootstrap.WithReadWriteKeyPermissions(bServerArgs.readWriteKey),
bootstrap.WithKubeconfig(kubeconfigArgs, kubeclientOptions),
bootstrap.WithLogger(logger),
bootstrap.WithGitCommitSigning(entityList, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
bootstrap.WithCABundle(caBundle),
bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
}
if bootstrapArgs.sshHostname != "" {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))

157
cmd/flux/bootstrap_git.go
View File

@@ -24,48 +24,44 @@ import (
"strings"
"time"
"github.com/go-git/go-git/v5/plumbing/transport"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/go-git/go-git/v5/plumbing/transport/ssh"
"github.com/manifoldco/promptui"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/bootstrap"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sync"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/git/gogit"
"github.com/fluxcd/flux2/internal/bootstrap"
"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/pkg/manifestgen/sync"
)
var bootstrapGitCmd = &cobra.Command{
Use: "git",
Short: "Deploy Flux on a cluster connected to a Git repository",
Long: `The bootstrap git command commits the Flux manifests to the
branch of a Git repository. And then it configures the target cluster to synchronize with
that repository. If the Flux components are present on the cluster, the bootstrap
Short: "Bootstrap toolkit components in a Git repository",
Long: `The bootstrap git command commits the toolkit components manifests to the
branch of a Git repository. It then configures the target cluster to synchronize with
the repository. If the toolkit components are present on the cluster, the bootstrap
command will perform an upgrade if needed.`,
Example: ` # Run bootstrap for a Git repository and authenticate with your SSH agent
flux bootstrap git --url=ssh://git@example.com/repository.git --path=clusters/my-cluster
flux bootstrap git --url=ssh://git@example.com/repository.git
# Run bootstrap for a Git repository and authenticate using a password
flux bootstrap git --url=https://example.com/repository.git --password=<password> --path=clusters/my-cluster
flux bootstrap git --url=https://example.com/repository.git --password=<password>
# Run bootstrap for a Git repository and authenticate using a password from environment variable
GIT_PASSWORD=<password> && flux bootstrap git --url=https://example.com/repository.git --path=clusters/my-cluster
GIT_PASSWORD=<password> && flux bootstrap git --url=https://example.com/repository.git
# Run bootstrap for a Git repository with a passwordless private key
flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --path=clusters/my-cluster
flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key>
# Run bootstrap for a Git repository with a private key and password
flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --password=<password> --path=clusters/my-cluster
# Run bootstrap for a Git repository on AWS CodeCommit
flux bootstrap git --url=ssh://<SSH-Key-ID>@git-codecommit.<region>.amazonaws.com/v1/repos/<repository> --private-key-file=<path/to/private.key> --password=<SSH-passphrase> --path=clusters/my-cluster
# Run bootstrap for a Git repository on Azure Devops
flux bootstrap git --url=ssh://git@ssh.dev.azure.com/v3/<org>/<project>/<repository> --ssh-key-algorithm=rsa --ssh-rsa-bits=4096 --path=clusters/my-cluster
flux bootstrap git --url=ssh://git@example.com/repository.git --private-key-file=<path/to/private.key> --password=<password>
`,
RunE: bootstrapGitCmdRun,
}
@@ -93,7 +89,7 @@ func init() {
bootstrapGitCmd.Flags().StringVarP(&gitArgs.username, "username", "u", "git", "basic authentication username")
bootstrapGitCmd.Flags().StringVarP(&gitArgs.password, "password", "p", "", "basic authentication password")
bootstrapGitCmd.Flags().BoolVarP(&gitArgs.silent, "silent", "s", false, "assumes the deploy key is already setup, skips confirmation")
bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows insecure HTTP connections")
bootstrapGitCmd.Flags().BoolVar(&gitArgs.insecureHttpAllowed, "allow-insecure-http", false, "allows http git url connections")
bootstrapCmd.AddCommand(bootstrapGitCmd)
}
@@ -120,22 +116,9 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
if err != nil {
return err
}
if strings.Contains(repositoryURL.Hostname(), "git-codecommit") && strings.Contains(repositoryURL.Hostname(), "amazonaws.com") {
if repositoryURL.Scheme == string(git.SSH) {
if repositoryURL.User == nil {
return fmt.Errorf("invalid AWS CodeCommit url: ssh username should be specified in the url")
}
if repositoryURL.User.Username() == git.DefaultPublicKeyAuthUser {
return fmt.Errorf("invalid AWS CodeCommit url: ssh username should be the SSH key ID for the provided private key")
}
if bootstrapArgs.privateKeyFile == "" {
return fmt.Errorf("private key file is required for bootstrapping against AWS CodeCommit using ssh")
}
}
if repositoryURL.Scheme == string(git.HTTPS) && !bootstrapArgs.tokenAuth {
return fmt.Errorf("--token-auth=true must be specified for using an HTTPS AWS CodeCommit url")
}
gitAuth, err := transportForURL(repositoryURL)
if err != nil {
return err
}
ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
@@ -147,9 +130,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
}
// Manifest base
if ver, err := getVersion(bootstrapArgs.version); err != nil {
return err
} else {
if ver, err := getVersion(bootstrapArgs.version); err == nil {
bootstrapArgs.version = ver
}
manifestsBase, err := buildEmbeddedManifestBase()
@@ -164,28 +145,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("failed to create temporary working dir: %w", err)
}
defer os.RemoveAll(tmpDir)
var caBundle []byte
if bootstrapArgs.caFile != "" {
var err error
caBundle, err = os.ReadFile(bootstrapArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
authOpts, err := getAuthOpts(repositoryURL, caBundle)
if err != nil {
return fmt.Errorf("failed to create authentication options for %s: %w", repositoryURL.String(), err)
}
clientOpts := []gogit.ClientOption{gogit.WithDiskStorage(), gogit.WithFallbackToDefaultKnownHosts()}
if gitArgs.insecureHttpAllowed {
clientOpts = append(clientOpts, gogit.WithInsecureCredentialsOverHTTP())
}
gitClient, err := gogit.NewClient(tmpDir, authOpts, clientOpts...)
if err != nil {
return fmt.Errorf("failed to create a Git client: %w", err)
}
gitClient := gogit.New(tmpDir, gitAuth)
// Install manifest config
installOptions := install.Options{
@@ -219,7 +179,10 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
if bootstrapArgs.tokenAuth {
secretOpts.Username = gitArgs.username
secretOpts.Password = gitArgs.password
secretOpts.CAFile = caBundle
if bootstrapArgs.caFile != "" {
secretOpts.CAFilePath = bootstrapArgs.caFile
}
// Remove port of the given host when not syncing over HTTP/S to not assume port for protocol
// This _might_ be overwritten later on by e.g. --ssh-hostname
@@ -250,12 +213,9 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
if bootstrapArgs.sshHostname != "" {
repositoryURL.Host = bootstrapArgs.sshHostname
}
keypair, err := sourcesecret.LoadKeyPairFromPath(bootstrapArgs.privateKeyFile, gitArgs.password)
if err != nil {
return err
if bootstrapArgs.privateKeyFile != "" {
secretOpts.PrivateKeyPath = bootstrapArgs.privateKeyFile
}
secretOpts.Keypair = keypair
// Configure last as it depends on the config above.
secretOpts.SSHHostname = repositoryURL.Host
@@ -271,24 +231,30 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
Secret: bootstrapArgs.secretName,
TargetPath: gitArgs.path.ToSlash(),
ManifestFile: sync.MakeDefaultOptions().ManifestFile,
GitImplementation: sourceGitArgs.gitImplementation.String(),
RecurseSubmodules: bootstrapArgs.recurseSubmodules,
}
entityList, err := bootstrap.LoadEntityListFromPath(bootstrapArgs.gpgKeyRingPath)
if err != nil {
return err
var caBundle []byte
if bootstrapArgs.caFile != "" {
var err error
caBundle, err = os.ReadFile(bootstrapArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
// Bootstrap config
bootstrapOpts := []bootstrap.GitOption{
bootstrap.WithRepositoryURL(gitArgs.url),
bootstrap.WithBranch(bootstrapArgs.branch),
bootstrap.WithSignature(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithAuthor(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithCommitMessageAppendix(bootstrapArgs.commitMessageAppendix),
bootstrap.WithKubeconfig(kubeconfigArgs, kubeclientOptions),
bootstrap.WithPostGenerateSecretFunc(promptPublicKey),
bootstrap.WithLogger(logger),
bootstrap.WithGitCommitSigning(entityList, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
bootstrap.WithCABundle(caBundle),
bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
}
// Setup bootstrapper with constructed configs
@@ -301,47 +267,30 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
return bootstrap.Run(ctx, b, manifestsBase, installOptions, secretOpts, syncOpts, rootArgs.pollInterval, rootArgs.timeout)
}
// getAuthOpts retruns a AuthOptions based on the scheme
// transportForURL constructs a transport.AuthMethod based on the scheme
// of the given URL and the configured flags. If the protocol equals
// "ssh" but no private key is configured, authentication using the local
// SSH-agent is attempted.
func getAuthOpts(u *url.URL, caBundle []byte) (*git.AuthOptions, error) {
func transportForURL(u *url.URL) (transport.AuthMethod, error) {
switch u.Scheme {
case "http":
if !gitArgs.insecureHttpAllowed {
return nil, fmt.Errorf("scheme http is insecure, pass --allow-insecure-http=true to allow it")
}
return &git.AuthOptions{
Transport: git.HTTP,
Username: gitArgs.username,
Password: gitArgs.password,
return &http.BasicAuth{
Username: gitArgs.username,
Password: gitArgs.password,
}, nil
case "https":
return &git.AuthOptions{
Transport: git.HTTPS,
Username: gitArgs.username,
Password: gitArgs.password,
CAFile: caBundle,
return &http.BasicAuth{
Username: gitArgs.username,
Password: gitArgs.password,
}, nil
case "ssh":
authOpts := &git.AuthOptions{
Transport: git.SSH,
Username: u.User.Username(),
Password: gitArgs.password,
}
if bootstrapArgs.privateKeyFile != "" {
pk, err := os.ReadFile(bootstrapArgs.privateKeyFile)
if err != nil {
return nil, err
}
kh, err := sourcesecret.ScanHostKey(u.Host)
if err != nil {
return nil, err
}
authOpts.Identity = pk
authOpts.KnownHosts = kh
return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, gitArgs.password)
}
return authOpts, nil
return nil, nil
default:
return nil, fmt.Errorf("scheme %q is not supported", u.Scheme)
}

83
cmd/flux/bootstrap_github.go
View File

@@ -22,51 +22,54 @@ import (
"os"
"time"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/git/gogit"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/bootstrap"
"github.com/fluxcd/flux2/v2/pkg/bootstrap/provider"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sync"
"github.com/fluxcd/flux2/internal/bootstrap"
"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
"github.com/fluxcd/flux2/internal/bootstrap/provider"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/pkg/manifestgen/sync"
)
var bootstrapGitHubCmd = &cobra.Command{
Use: "github",
Short: "Deploy Flux on a cluster connected to a GitHub repository",
Short: "Bootstrap toolkit components in a GitHub repository",
Long: `The bootstrap github command creates the GitHub repository if it doesn't exists and
commits the Flux manifests to the specified branch.
Then it configures the target cluster to synchronize with that repository.
If the Flux components are present on the cluster,
commits the toolkit components manifests to the main branch.
Then it configures the target cluster to synchronize with the repository.
If the toolkit components are present on the cluster,
the bootstrap command will perform an upgrade if needed.`,
Example: ` # Create a GitHub personal access token and export it as an env var
export GITHUB_TOKEN=<my-token>
# Run bootstrap for a private repository owned by a GitHub organization
flux bootstrap github --owner=<organization> --repository=<repository name> --path=clusters/my-cluster
flux bootstrap github --owner=<organization> --repository=<repository name>
# Run bootstrap for a private repository and assign organization teams to it
flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug> --path=clusters/my-cluster
flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug> --team=<team2 slug>
# Run bootstrap for a private repository and assign organization teams with their access level(e.g maintain, admin) to it
flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug>:<access-level> --path=clusters/my-cluster
flux bootstrap github --owner=<organization> --repository=<repository name> --team=<team1 slug>:<access-level>
# Run bootstrap for a repository path
flux bootstrap github --owner=<organization> --repository=<repository name> --path=dev-cluster
# Run bootstrap for a public repository on a personal account
flux bootstrap github --owner=<user> --repository=<repository name> --private=false --personal=true --path=clusters/my-cluster
flux bootstrap github --owner=<user> --repository=<repository name> --private=false --personal=true
# Run bootstrap for a private repository hosted on GitHub Enterprise using SSH auth
flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --ssh-hostname=<domain> --path=clusters/my-cluster
flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --ssh-hostname=<domain>
# Run bootstrap for a private repository hosted on GitHub Enterprise using HTTPS auth
flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --token-auth --path=clusters/my-cluster
flux bootstrap github --owner=<organization> --repository=<repository name> --hostname=<domain> --token-auth
# Run bootstrap for an existing repository with a branch named main
flux bootstrap github --owner=<organization> --repository=<repository name> --branch=main --path=clusters/my-cluster`,
flux bootstrap github --owner=<organization> --repository=<repository name> --branch=main`,
RunE: bootstrapGitHubCmdRun,
}
@@ -129,9 +132,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
}
// Manifest base
if ver, err := getVersion(bootstrapArgs.version); err != nil {
return err
} else {
if ver, err := getVersion(bootstrapArgs.version); err == nil {
bootstrapArgs.version = ver
}
manifestsBase, err := buildEmbeddedManifestBase()
@@ -160,22 +161,16 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
return err
}
// Lazy go-git repository
tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
if err != nil {
return fmt.Errorf("failed to create temporary working dir: %w", err)
}
defer os.RemoveAll(tmpDir)
clientOpts := []gogit.ClientOption{gogit.WithDiskStorage(), gogit.WithFallbackToDefaultKnownHosts()}
gitClient, err := gogit.NewClient(tmpDir, &git.AuthOptions{
Transport: git.HTTPS,
Username: githubArgs.owner,
Password: ghToken,
CAFile: caBundle,
}, clientOpts...)
if err != nil {
return fmt.Errorf("failed to create a Git client: %w", err)
}
gitClient := gogit.New(tmpDir, &http.BasicAuth{
Username: githubArgs.owner,
Password: ghToken,
})
// Install manifest config
installOptions := install.Options{
@@ -209,13 +204,16 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
if bootstrapArgs.tokenAuth {
secretOpts.Username = "git"
secretOpts.Password = ghToken
secretOpts.CAFile = caBundle
if bootstrapArgs.caFile != "" {
secretOpts.CAFilePath = bootstrapArgs.caFile
}
} else {
secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits)
secretOpts.ECDSACurve = bootstrapArgs.keyECDSACurve.Curve
secretOpts.SSHHostname = githubArgs.hostname
if bootstrapArgs.sshHostname != "" {
secretOpts.SSHHostname = bootstrapArgs.sshHostname
}
@@ -230,26 +228,23 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
Secret: bootstrapArgs.secretName,
TargetPath: githubArgs.path.ToSlash(),
ManifestFile: sync.MakeDefaultOptions().ManifestFile,
GitImplementation: sourceGitArgs.gitImplementation.String(),
RecurseSubmodules: bootstrapArgs.recurseSubmodules,
}
entityList, err := bootstrap.LoadEntityListFromPath(bootstrapArgs.gpgKeyRingPath)
if err != nil {
return err
}
// Bootstrap config
bootstrapOpts := []bootstrap.GitProviderOption{
bootstrap.WithProviderRepository(githubArgs.owner, githubArgs.repository, githubArgs.personal),
bootstrap.WithBranch(bootstrapArgs.branch),
bootstrap.WithBootstrapTransportType("https"),
bootstrap.WithSignature(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithAuthor(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithCommitMessageAppendix(bootstrapArgs.commitMessageAppendix),
bootstrap.WithProviderTeamPermissions(mapTeamSlice(githubArgs.teams, ghDefaultPermission)),
bootstrap.WithReadWriteKeyPermissions(githubArgs.readWriteKey),
bootstrap.WithKubeconfig(kubeconfigArgs, kubeclientOptions),
bootstrap.WithLogger(logger),
bootstrap.WithGitCommitSigning(entityList, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
bootstrap.WithCABundle(caBundle),
bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
}
if bootstrapArgs.sshHostname != "" {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))

113
cmd/flux/bootstrap_gitlab.go
View File

@@ -24,27 +24,27 @@ import (
"strings"
"time"
"github.com/fluxcd/pkg/git"
"github.com/fluxcd/pkg/git/gogit"
"github.com/go-git/go-git/v5/plumbing/transport/http"
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/bootstrap"
"github.com/fluxcd/flux2/v2/pkg/bootstrap/provider"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sync"
"github.com/fluxcd/flux2/internal/bootstrap"
"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
"github.com/fluxcd/flux2/internal/bootstrap/provider"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/pkg/manifestgen/sync"
)
var bootstrapGitLabCmd = &cobra.Command{
Use: "gitlab",
Short: "Deploy Flux on a cluster connected to a GitLab repository",
Short: "Bootstrap toolkit components in a GitLab repository",
Long: `The bootstrap gitlab command creates the GitLab repository if it doesn't exists and
commits the Flux manifests to the specified branch.
Then it configures the target cluster to synchronize with that repository.
If the Flux components are present on the cluster,
commits the toolkit components manifests to the master branch.
Then it configures the target cluster to synchronize with the repository.
If the toolkit components are present on the cluster,
the bootstrap command will perform an upgrade if needed.`,
Example: ` # Create a GitLab API token and export it as an env var
export GITLAB_TOKEN=<my-token>
@@ -65,11 +65,7 @@ the bootstrap command will perform an upgrade if needed.`,
flux bootstrap gitlab --owner=<group> --repository=<repository name> --hostname=<domain> --token-auth
# Run bootstrap for a an existing repository with a branch named main
flux bootstrap gitlab --owner=<organization> --repository=<repository name> --branch=main --token-auth
# Run bootstrap for a private repository using Deploy Token authentication
flux bootstrap gitlab --owner=<group> --repository=<repository name> --deploy-token-auth
`,
flux bootstrap gitlab --owner=<organization> --repository=<repository name> --branch=main --token-auth`,
RunE: bootstrapGitLabCmdRun,
}
@@ -81,17 +77,16 @@ const (
)
type gitlabFlags struct {
owner string
repository string
interval time.Duration
personal bool
private bool
hostname string
path flags.SafeRelativePath
teams []string
readWriteKey bool
reconcile bool
deployTokenAuth bool
owner string
repository string
interval time.Duration
personal bool
private bool
hostname string
path flags.SafeRelativePath
teams []string
readWriteKey bool
reconcile bool
}
var gitlabArgs gitlabFlags
@@ -107,7 +102,6 @@ func init() {
bootstrapGitLabCmd.Flags().Var(&gitlabArgs.path, "path", "path relative to the repository root, when specified the cluster sync will be scoped to this path")
bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.readWriteKey, "read-write-key", false, "if true, the deploy key is configured with read/write permissions")
bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.reconcile, "reconcile", false, "if true, the configured options are also reconciled if the repository already exists")
bootstrapGitLabCmd.Flags().BoolVar(&gitlabArgs.deployTokenAuth, "deploy-token-auth", false, "when enabled, a Project Deploy Token is generated and will be used instead of the SSH deploy token")
bootstrapCmd.AddCommand(bootstrapGitLabCmd)
}
@@ -129,10 +123,6 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
return err
}
if bootstrapArgs.tokenAuth && gitlabArgs.deployTokenAuth {
return fmt.Errorf("--token-auth and --deploy-token-auth cannot be set both.")
}
if err := bootstrapValidate(); err != nil {
return err
}
@@ -146,9 +136,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
}
// Manifest base
if ver, err := getVersion(bootstrapArgs.version); err != nil {
return err
} else {
if ver, err := getVersion(bootstrapArgs.version); err == nil {
bootstrapArgs.version = ver
}
manifestsBase, err := buildEmbeddedManifestBase()
@@ -190,17 +178,10 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("failed to create temporary working dir: %w", err)
}
defer os.RemoveAll(tmpDir)
clientOpts := []gogit.ClientOption{gogit.WithDiskStorage(), gogit.WithFallbackToDefaultKnownHosts()}
gitClient, err := gogit.NewClient(tmpDir, &git.AuthOptions{
Transport: git.HTTPS,
Username: gitlabArgs.owner,
Password: glToken,
CAFile: caBundle,
}, clientOpts...)
if err != nil {
return fmt.Errorf("failed to create a Git client: %w", err)
}
gitClient := gogit.New(tmpDir, &http.BasicAuth{
Username: gitlabArgs.owner,
Password: glToken,
})
// Install manifest config
installOptions := install.Options{
@@ -234,21 +215,19 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
if bootstrapArgs.tokenAuth {
secretOpts.Username = "git"
secretOpts.Password = glToken
secretOpts.CAFile = caBundle
} else if gitlabArgs.deployTokenAuth {
// the actual deploy token will be reconciled later
secretOpts.CAFile = caBundle
} else {
keypair, err := sourcesecret.LoadKeyPairFromPath(bootstrapArgs.privateKeyFile, gitArgs.password)
if err != nil {
return err
if bootstrapArgs.caFile != "" {
secretOpts.CAFilePath = bootstrapArgs.caFile
}
secretOpts.Keypair = keypair
} else {
secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(bootstrapArgs.keyAlgorithm)
secretOpts.RSAKeyBits = int(bootstrapArgs.keyRSABits)
secretOpts.ECDSACurve = bootstrapArgs.keyECDSACurve.Curve
secretOpts.SSHHostname = gitlabArgs.hostname
if bootstrapArgs.privateKeyFile != "" {
secretOpts.PrivateKeyPath = bootstrapArgs.privateKeyFile
}
if bootstrapArgs.sshHostname != "" {
secretOpts.SSHHostname = bootstrapArgs.sshHostname
}
@@ -263,36 +242,30 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
Secret: bootstrapArgs.secretName,
TargetPath: gitlabArgs.path.ToSlash(),
ManifestFile: sync.MakeDefaultOptions().ManifestFile,
GitImplementation: sourceGitArgs.gitImplementation.String(),
RecurseSubmodules: bootstrapArgs.recurseSubmodules,
}
entityList, err := bootstrap.LoadEntityListFromPath(bootstrapArgs.gpgKeyRingPath)
if err != nil {
return err
}
// Bootstrap config
bootstrapOpts := []bootstrap.GitProviderOption{
bootstrap.WithProviderRepository(gitlabArgs.owner, gitlabArgs.repository, gitlabArgs.personal),
bootstrap.WithBranch(bootstrapArgs.branch),
bootstrap.WithBootstrapTransportType("https"),
bootstrap.WithSignature(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithAuthor(bootstrapArgs.authorName, bootstrapArgs.authorEmail),
bootstrap.WithCommitMessageAppendix(bootstrapArgs.commitMessageAppendix),
bootstrap.WithProviderTeamPermissions(mapTeamSlice(gitlabArgs.teams, glDefaultPermission)),
bootstrap.WithReadWriteKeyPermissions(gitlabArgs.readWriteKey),
bootstrap.WithKubeconfig(kubeconfigArgs, kubeclientOptions),
bootstrap.WithLogger(logger),
bootstrap.WithGitCommitSigning(entityList, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
bootstrap.WithCABundle(caBundle),
bootstrap.WithGitCommitSigning(bootstrapArgs.gpgKeyRingPath, bootstrapArgs.gpgPassphrase, bootstrapArgs.gpgKeyID),
}
if bootstrapArgs.sshHostname != "" {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithSSHHostname(bootstrapArgs.sshHostname))
}
if bootstrapArgs.tokenAuth || gitlabArgs.deployTokenAuth {
if bootstrapArgs.tokenAuth {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithSyncTransportType("https"))
}
if gitlabArgs.deployTokenAuth {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithDeployTokenAuth())
}
if !gitlabArgs.private {
bootstrapOpts = append(bootstrapOpts, bootstrap.WithProviderRepositoryConfig("", "", "public"))
}

2
cmd/flux/build.go
View File

@@ -23,7 +23,7 @@ import (
var buildCmd = &cobra.Command{
Use: "build",
Short: "Build a flux resource",
Long: `The build command is used to build flux resources.`,
Long: "The build command is used to build flux resources.",
}
func init() {

53
cmd/flux/build_artifact.go
View File

@@ -17,10 +17,7 @@ limitations under the License.
package main
import (
"bufio"
"bytes"
"fmt"
"io"
"os"
"strings"
@@ -33,14 +30,10 @@ import (
var buildArtifactCmd = &cobra.Command{
Use: "artifact",
Short: "Build artifact",
Long: withPreviewNote(`The build artifact command creates a tgz file with the manifests
from the given directory or a single manifest file.`),
Long: `The build artifact command creates a tgz file with the manifests from the given directory.`,
Example: ` # Build the given manifests directory into an artifact
flux build artifact --path ./path/to/local/manifests --output ./path/to/artifact.tgz
# Build the given single manifest file into an artifact
flux build artifact --path ./path/to/local/manifest.yaml --output ./path/to/artifact.tgz
# List the files bundled in the artifact
tar -ztvf ./path/to/artifact.tgz
`,
@@ -58,7 +51,7 @@ var excludeOCI = append(strings.Split(sourceignore.ExcludeVCS, ","), strings.Spl
var buildArtifactArgs buildArtifactFlags
func init() {
buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.path, "path", "p", "", "Path to the directory where the Kubernetes manifests are located.")
buildArtifactCmd.Flags().StringVar(&buildArtifactArgs.path, "path", "", "Path to the directory where the Kubernetes manifests are located.")
buildArtifactCmd.Flags().StringVarP(&buildArtifactArgs.output, "output", "o", "artifact.tgz", "Path to where the artifact tgz file should be written.")
buildArtifactCmd.Flags().StringSliceVar(&buildArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format")
@@ -70,48 +63,18 @@ func buildArtifactCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("invalid path %q", buildArtifactArgs.path)
}
path := buildArtifactArgs.path
var err error
if buildArtifactArgs.path == "-" {
path, err = saveReaderToFile(os.Stdin)
if err != nil {
return err
}
defer os.Remove(path)
if fs, err := os.Stat(buildArtifactArgs.path); err != nil || !fs.IsDir() {
return fmt.Errorf("invalid path '%s', must point to an existing directory", buildArtifactArgs.path)
}
if _, err := os.Stat(path); err != nil {
return fmt.Errorf("invalid path '%s', must point to an existing directory or file", path)
}
logger.Actionf("building artifact from %s", buildArtifactArgs.path)
logger.Actionf("building artifact from %s", path)
ociClient := oci.NewClient(oci.DefaultOptions())
if err := ociClient.Build(buildArtifactArgs.output, path, buildArtifactArgs.ignorePaths); err != nil {
ociClient := oci.NewLocalClient()
if err := ociClient.Build(buildArtifactArgs.output, buildArtifactArgs.path, buildArtifactArgs.ignorePaths); err != nil {
return fmt.Errorf("bulding artifact failed, error: %w", err)
}
logger.Successf("artifact created at %s", buildArtifactArgs.output)
return nil
}
func saveReaderToFile(reader io.Reader) (string, error) {
b, err := io.ReadAll(bufio.NewReader(reader))
if err != nil {
return "", err
}
b = bytes.TrimRight(b, "\r\n")
f, err := os.CreateTemp("", "*.yaml")
if err != nil {
return "", fmt.Errorf("unable to create temp dir for stdin")
}
defer f.Close()
if _, err := f.Write(b); err != nil {
return "", fmt.Errorf("error writing stdin to file: %w", err)
}
return f.Name(), nil
}

70
cmd/flux/build_artifact_test.go
View File

@@ -1,70 +0,0 @@
/*
Copyright 2022 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"os"
"strings"
"testing"
. "github.com/onsi/gomega"
)
func Test_saveReaderToFile(t *testing.T) {
g := NewWithT(t)
testString := `apiVersion: v1
kind: ConfigMap
metadata:
name: myapp
data:
foo: bar`
tests := []struct {
name string
string string
expectErr bool
}{
{
name: "yaml",
string: testString,
},
{
name: "yaml with carriage return",
string: testString + "\r\n",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
tmpFile, err := saveReaderToFile(strings.NewReader(tt.string))
g.Expect(err).To(BeNil())
t.Cleanup(func() { _ = os.Remove(tmpFile) })
b, err := os.ReadFile(tmpFile)
if tt.expectErr {
g.Expect(err).To(Not(BeNil()))
return
}
g.Expect(err).To(BeNil())
g.Expect(string(b)).To(BeEquivalentTo(testString))
})
}
}

57
cmd/flux/build_kustomization.go
View File

@@ -21,12 +21,10 @@ import (
"os"
"os/signal"
"github.com/fluxcd/pkg/ssa"
"github.com/spf13/cobra"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
"github.com/fluxcd/flux2/v2/internal/build"
"github.com/fluxcd/flux2/internal/build"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
)
var buildKsCmd = &cobra.Command{
@@ -42,18 +40,7 @@ It is possible to specify a Flux kustomization file using --kustomization-file.`
flux build kustomization my-app --path ./path/to/local/manifests
# Build using a local flux kustomization file
flux build kustomization my-app --path ./path/to/local/manifests --kustomization-file ./path/to/local/my-app.yaml
# Build in dry-run mode without connecting to the cluster.
# Note that variable substitutions from Secrets and ConfigMaps are skipped in dry-run mode.
flux build kustomization my-app --path ./path/to/local/manifests \
--kustomization-file ./path/to/local/my-app.yaml \
--dry-run
# Exclude files by providing a comma separated list of entries that follow the .gitignore pattern fromat.
flux build kustomization my-app --path ./path/to/local/manifests \
--kustomization-file ./path/to/local/my-app.yaml \
--ignore-paths "/to_ignore/**/*.yaml,ignore.yaml"`,
flux build kustomization my-app --path ./path/to/local/manifests --kustomization-file ./path/to/local/my-app.yaml`,
ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
RunE: buildKsCmdRun,
}
@@ -61,8 +48,6 @@ flux build kustomization my-app --path ./path/to/local/manifests \
type buildKsFlags struct {
kustomizationFile string
path string
ignorePaths []string
dryRun bool
}
var buildKsArgs buildKsFlags
@@ -70,12 +55,10 @@ var buildKsArgs buildKsFlags
func init() {
buildKsCmd.Flags().StringVar(&buildKsArgs.path, "path", "", "Path to the manifests location.")
buildKsCmd.Flags().StringVar(&buildKsArgs.kustomizationFile, "kustomization-file", "", "Path to the Flux Kustomization YAML file.")
buildKsCmd.Flags().StringSliceVar(&buildKsArgs.ignorePaths, "ignore-paths", nil, "set paths to ignore in .gitignore format")
buildKsCmd.Flags().BoolVar(&buildKsArgs.dryRun, "dry-run", false, "Dry run mode.")
buildCmd.AddCommand(buildKsCmd)
}
func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
func buildKsCmdRun(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("%s name is required", kustomizationType.humanKind)
}
@@ -89,34 +72,13 @@ func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
return fmt.Errorf("invalid resource path %q", buildKsArgs.path)
}
if buildKsArgs.dryRun && buildKsArgs.kustomizationFile == "" {
return fmt.Errorf("dry-run mode requires a kustomization file")
}
if buildKsArgs.kustomizationFile != "" {
if fs, err := os.Stat(buildKsArgs.kustomizationFile); os.IsNotExist(err) || fs.IsDir() {
return fmt.Errorf("invalid kustomization file %q", buildKsArgs.kustomizationFile)
}
}
var builder *build.Builder
if buildKsArgs.dryRun {
builder, err = build.NewBuilder(name, buildKsArgs.path,
build.WithTimeout(rootArgs.timeout),
build.WithKustomizationFile(buildKsArgs.kustomizationFile),
build.WithDryRun(buildKsArgs.dryRun),
build.WithNamespace(*kubeconfigArgs.Namespace),
build.WithIgnore(buildKsArgs.ignorePaths),
)
} else {
builder, err = build.NewBuilder(name, buildKsArgs.path,
build.WithClientConfig(kubeconfigArgs, kubeclientOptions),
build.WithTimeout(rootArgs.timeout),
build.WithKustomizationFile(buildKsArgs.kustomizationFile),
build.WithIgnore(buildKsArgs.ignorePaths),
)
}
builder, err := build.NewBuilder(kubeconfigArgs, kubeclientOptions, name, buildKsArgs.path, build.WithTimeout(rootArgs.timeout), build.WithKustomizationFile(buildKsArgs.kustomizationFile))
if err != nil {
return err
}
@@ -127,17 +89,12 @@ func buildKsCmdRun(cmd *cobra.Command, args []string) (err error) {
errChan := make(chan error)
go func() {
objects, err := builder.Build()
manifests, err := builder.Build()
if err != nil {
errChan <- err
}
manifests, err := ssa.ObjectsToYAML(objects)
if err != nil {
errChan <- err
}
cmd.Print(manifests)
cmd.Print(string(manifests))
errChan <- nil
}()

18
cmd/flux/build_kustomization_test.go
View File

@@ -63,12 +63,6 @@ func TestBuildKustomization(t *testing.T) {
resultFile: "./testdata/build-kustomization/podinfo-with-var-substitution-result.yaml",
assertFunc: "assertGoldenTemplateFile",
},
{
name: "build ignore",
args: "build kustomization podinfo --path ./testdata/build-kustomization/ignore --ignore-paths \"!configmap.yaml,!secret.yaml\"",
resultFile: "./testdata/build-kustomization/podinfo-with-ignore-result.yaml",
assertFunc: "assertGoldenTemplateFile",
},
}
tmpl := map[string]string{
@@ -98,7 +92,7 @@ func TestBuildKustomization(t *testing.T) {
}
func TestBuildLocalKustomization(t *testing.T) {
podinfo := `apiVersion: kustomize.toolkit.fluxcd.io/v1
podinfo := `apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: podinfo
@@ -148,18 +142,11 @@ spec:
resultFile: "./testdata/build-kustomization/podinfo-with-var-substitution-result.yaml",
assertFunc: "assertGoldenTemplateFile",
},
{
name: "build deployment and configmap with var substitution in dry-run mode",
args: "build kustomization podinfo --kustomization-file ./testdata/build-kustomization/podinfo.yaml --path ./testdata/build-kustomization/var-substitution --dry-run",
resultFile: "./testdata/build-kustomization/podinfo-with-var-substitution-result.yaml",
assertFunc: "assertGoldenTemplateFile",
},
}
tmpl := map[string]string{
"fluxns": allocateNamespace("flux-system"),
}
setup(t, tmpl)
testEnv.CreateObjectFile("./testdata/build-kustomization/podinfo-source.yaml", tmpl, t)
@@ -178,7 +165,8 @@ spec:
if err != nil {
t.Fatal(err)
}
t.Cleanup(func() { _ = os.Remove("./testdata/build-kustomization/podinfo.yaml") })
defer os.Remove("./testdata/build-kustomization/podinfo.yaml")
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

19
cmd/flux/check.go
View File

@@ -30,17 +30,17 @@ import (
"github.com/fluxcd/pkg/version"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/v2/pkg/status"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen"
"github.com/fluxcd/flux2/pkg/manifestgen/install"
"github.com/fluxcd/flux2/pkg/status"
)
var checkCmd = &cobra.Command{
Use: "check",
Short: "Check requirements and installation",
Long: withPreviewNote(`The check command will perform a series of checks to validate that
the local environment is configured correctly and if the installed components are healthy.`),
Long: `The check command will perform a series of checks to validate that
the local environment is configured correctly and if the installed components are healthy.`,
Example: ` # Run pre-installation checks
flux check --pre
@@ -57,7 +57,7 @@ type checkFlags struct {
}
var kubernetesConstraints = []string{
">=1.25.0-0",
">=1.20.6-0",
}
var checkArgs checkFlags
@@ -242,9 +242,8 @@ func crdsCheck() bool {
}
for _, crd := range list.Items {
versions := crd.Status.StoredVersions
if len(versions) > 0 {
logger.Successf(crd.Name + "/" + versions[len(versions)-1])
if len(crd.Status.StoredVersions) > 0 {
logger.Successf(crd.Name + "/" + crd.Status.StoredVersions[0])
} else {
ok = false
logger.Failuref("no stored versions for %s", crd.Name)

2
cmd/flux/check_test.go
View File

@@ -25,7 +25,7 @@ import (
"strings"
"testing"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
func TestCheckPre(t *testing.T) {

4
cmd/flux/completion.go
View File

@@ -20,7 +20,7 @@ import (
"context"
"strings"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
"github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -31,7 +31,7 @@ import (
var completionCmd = &cobra.Command{
Use: "completion",
Short: "Generates completion scripts for various shells",
Long: `The completion sub-command generates completion scripts for various shells.`,
Long: "The completion sub-command generates completion scripts for various shells",
}
func init() {

1
cmd/flux/completion_bash.go
View File

@@ -25,7 +25,6 @@ import (
var completionBashCmd = &cobra.Command{
Use: "bash",
Short: "Generates bash completion scripts",
Long: `The completion sub-command generates completion scripts for bash.`,
Example: `To load completion run
. <(flux completion bash)

1
cmd/flux/completion_fish.go
View File

@@ -25,7 +25,6 @@ import (
var completionFishCmd = &cobra.Command{
Use: "fish",
Short: "Generates fish completion scripts",
Long: `The completion sub-command generates completion scripts for fish.`,
Example: `To configure your fish shell to load completions for each session write this script to your completions dir:
flux completion fish > ~/.config/fish/completions/flux.fish

5
cmd/flux/completion_powershell.go
View File

@@ -25,7 +25,6 @@ import (
var completionPowerShellCmd = &cobra.Command{
Use: "powershell",
Short: "Generates powershell completion scripts",
Long: `The completion sub-command generates completion scripts for powershell.`,
Example: `To load completion run
. <(flux completion powershell)
@@ -35,12 +34,12 @@ To configure your powershell shell to load completions for each session add to y
Windows:
cd "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
flux completion powershell >> flux-completion.ps1
flux completion >> flux-completion.ps1
Linux:
cd "${XDG_CONFIG_HOME:-"$HOME/.config/"}/powershell/modules"
flux completion powershell >> flux-completions.ps1`,
flux completion >> flux-completions.ps1`,
Run: func(cmd *cobra.Command, args []string) {
rootCmd.GenPowerShellCompletion(os.Stdout)
},

1
cmd/flux/completion_zsh.go
View File

@@ -26,7 +26,6 @@ import (
var completionZshCmd = &cobra.Command{
Use: "zsh",
Short: "Generates zsh completion scripts",
Long: `The completion sub-command generates completion scripts for zsh.`,
Example: `To load completion run
. <(flux completion zsh)

4
cmd/flux/create.go
View File

@@ -30,13 +30,13 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var createCmd = &cobra.Command{
Use: "create",
Short: "Create or update sources and resources",
Long: `The create sub-commands generate sources and resources.`,
Long: "The create sub-commands generate sources and resources.",
}
type createFlags struct {

17
cmd/flux/create_alert.go
View File

@@ -28,17 +28,16 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"sigs.k8s.io/controller-runtime/pkg/client"
notificationv1 "github.com/fluxcd/notification-controller/api/v1"
notificationv1b2 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var createAlertCmd = &cobra.Command{
Use: "alert [name]",
Short: "Create or update a Alert resource",
Long: withPreviewNote(`The create alert command generates a Alert resource.`),
Long: "The create alert command generates a Alert resource.",
Example: ` # Create an Alert for kustomization events
flux create alert \
--event-severity info \
@@ -97,13 +96,13 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
logger.Generatef("generating Alert")
}
alert := notificationv1b2.Alert{
alert := notificationv1.Alert{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: *kubeconfigArgs.Namespace,
Labels: sourceLabels,
},
Spec: notificationv1b2.AlertSpec{
Spec: notificationv1.AlertSpec{
ProviderRef: meta.LocalObjectReference{
Name: alertArgs.providerRef,
},
@@ -141,13 +140,13 @@ func createAlertCmdRun(cmd *cobra.Command, args []string) error {
}
func upsertAlert(ctx context.Context, kubeClient client.Client,
alert *notificationv1b2.Alert) (types.NamespacedName, error) {
alert *notificationv1.Alert) (types.NamespacedName, error) {
namespacedName := types.NamespacedName{
Namespace: alert.GetNamespace(),
Name: alert.GetName(),
}
var existing notificationv1b2.Alert
var existing notificationv1.Alert
err := kubeClient.Get(ctx, namespacedName, &existing)
if err != nil {
if errors.IsNotFound(err) {
@@ -172,7 +171,7 @@ func upsertAlert(ctx context.Context, kubeClient client.Client,
}
func isAlertReady(ctx context.Context, kubeClient client.Client,
namespacedName types.NamespacedName, alert *notificationv1b2.Alert) wait.ConditionFunc {
namespacedName types.NamespacedName, alert *notificationv1.Alert) wait.ConditionFunc {
return func() (bool, error) {
err := kubeClient.Get(ctx, namespacedName, alert)
if err != nil {

6
cmd/flux/create_alertprovider.go
View File

@@ -28,16 +28,16 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"sigs.k8s.io/controller-runtime/pkg/client"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var createAlertProviderCmd = &cobra.Command{
Use: "alert-provider [name]",
Short: "Create or update a Provider resource",
Long: withPreviewNote(`The create alert-provider command generates a Provider resource.`),
Long: "The create alert-provider command generates a Provider resource.",
Example: ` # Create a Provider for a Slack channel
flux create alert-provider slack \
--type slack \

12
cmd/flux/create_helmrelease.go
View File

@@ -24,8 +24,8 @@ import (
"strings"
"time"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/pkg/runtime/transform"
@@ -46,7 +46,7 @@ var createHelmReleaseCmd = &cobra.Command{
Use: "helmrelease [name]",
Aliases: []string{"hr"},
Short: "Create or update a HelmRelease resource",
Long: withPreviewNote(`The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.`),
Long: "The helmrelease create command generates a HelmRelease resource for a given HelmRepository source.",
Example: ` # Create a HelmRelease with a chart from a HelmRepository source
flux create hr podinfo \
--interval=10m \
@@ -83,9 +83,9 @@ var createHelmReleaseCmd = &cobra.Command{
# Create a HelmRelease with a custom release name
flux create hr podinfo \
--release-name=podinfo-dev \
--release-name=podinfo-dev
--source=HelmRepository/podinfo \
--chart=podinfo
--chart=podinfo \
# Create a HelmRelease targeting another namespace than the resource
flux create hr podinfo \
@@ -200,7 +200,7 @@ func createHelmReleaseCmdRun(cmd *cobra.Command, args []string) error {
}
if helmReleaseArgs.kubeConfigSecretRef != "" {
helmRelease.Spec.KubeConfig = &meta.KubeConfigReference{
helmRelease.Spec.KubeConfig = &helmv2.KubeConfig{
SecretRef: meta.SecretKeyReference{
Name: helmReleaseArgs.kubeConfigSecretRef,
},

8
cmd/flux/create_image.go
View File

@@ -20,12 +20,14 @@ import (
"github.com/spf13/cobra"
)
const createImageLong = `The create image sub-commands work with image automation objects; that is,
object controlling updates to git based on e.g., new container images
being available.`
var createImageCmd = &cobra.Command{
Use: "image",
Short: "Create or update resources dealing with image automation",
Long: `The create image sub-commands work with image automation objects;
that is, object controlling updates to git based on e.g., new container images
being available.`,
Long: createImageLong,
}
func init() {

6
cmd/flux/create_image_policy.go
View File

@@ -28,18 +28,18 @@ import (
"github.com/fluxcd/pkg/apis/meta"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
)
var createImagePolicyCmd = &cobra.Command{
Use: "policy [name]",
Short: "Create or update an ImagePolicy object",
Long: withPreviewNote(`The create image policy command generates an ImagePolicy resource.
Long: `The create image policy command generates an ImagePolicy resource.
An ImagePolicy object calculates a "latest image" given an image
repository and a policy, e.g., semver.
The image that sorts highest according to the policy is recorded in
the status of the object.`),
the status of the object.`,
Example: ` # Create an ImagePolicy to select the latest stable release
flux create image policy podinfo \
--image-ref=podinfo \

6
cmd/flux/create_image_repository.go
View File

@@ -26,14 +26,14 @@ import (
"github.com/fluxcd/pkg/apis/meta"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
)
var createImageRepositoryCmd = &cobra.Command{
Use: "repository [name]",
Short: "Create or update an ImageRepository object",
Long: withPreviewNote(`The create image repository command generates an ImageRepository resource.
An ImageRepository object specifies an image repository to scan.`),
Long: `The create image repository command generates an ImageRepository resource.
An ImageRepository object specifies an image repository to scan.`,
Example: ` # Create an ImageRepository object to scan the alpine image repository:
flux create image repository alpine-repo --image alpine --interval 20m

6
cmd/flux/create_image_update.go
View File

@@ -23,15 +23,15 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
)
var createImageUpdateCmd = &cobra.Command{
Use: "update [name]",
Short: "Create or update an ImageUpdateAutomation object",
Long: withPreviewNote(`The create image update command generates an ImageUpdateAutomation resource.
Long: `The create image update command generates an ImageUpdateAutomation resource.
An ImageUpdateAutomation object specifies an automated update to images
mentioned in YAMLs in a git repository.`),
mentioned in YAMLs in a git repository.`,
Example: ` # Configure image updates for the main repository created by flux bootstrap
flux create image update flux-system \
--git-repo-ref=flux-system \

16
cmd/flux/create_kustomization.go
View File

@@ -31,18 +31,18 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
)
var createKsCmd = &cobra.Command{
Use: "kustomization [name]",
Aliases: []string{"ks"},
Short: "Create or update a Kustomization resource",
Long: `The create command generates a Kustomization resource for a given source.`,
Long: "The create command generates a Kustomization resource for a given source.",
Example: ` # Create a Kustomization resource from a source at a given path
flux create kustomization kyverno \
--source=GitRepository/kyverno \
@@ -97,7 +97,6 @@ type kustomizationFlags struct {
targetNamespace string
wait bool
kubeConfigSecretRef string
retryInterval time.Duration
}
var kustomizationArgs = NewKustomizationFlags()
@@ -117,7 +116,6 @@ func init() {
createKsCmd.Flags().StringVar(&kustomizationArgs.targetNamespace, "target-namespace", "", "overrides the namespace of all Kustomization objects reconciled by this Kustomization")
createKsCmd.Flags().StringVar(&kustomizationArgs.kubeConfigSecretRef, "kubeconfig-secret-ref", "", "the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster")
createKsCmd.Flags().MarkDeprecated("validation", "this arg is no longer used, all resources are validated using server-side apply dry-run")
createKsCmd.Flags().DurationVar(&kustomizationArgs.retryInterval, "retry-interval", 0, "the interval at which to retry a previously failed reconciliation")
createCmd.AddCommand(createKsCmd)
}
@@ -171,7 +169,7 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
}
if kustomizationArgs.kubeConfigSecretRef != "" {
kustomization.Spec.KubeConfig = &meta.KubeConfigReference{
kustomization.Spec.KubeConfig = &kustomizev1.KubeConfig{
SecretRef: meta.SecretKeyReference{
Name: kustomizationArgs.kubeConfigSecretRef,
},
@@ -240,10 +238,6 @@ func createKsCmdRun(cmd *cobra.Command, args []string) error {
}
}
if kustomizationArgs.retryInterval > 0 {
kustomization.Spec.RetryInterval = &metav1.Duration{Duration: kustomizationArgs.retryInterval}
}
if createArgs.export {
return printExport(exportKs(&kustomization))
}

8
cmd/flux/create_receiver.go
View File

@@ -28,16 +28,16 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
"sigs.k8s.io/controller-runtime/pkg/client"
notificationv1 "github.com/fluxcd/notification-controller/api/v1"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var createReceiverCmd = &cobra.Command{
Use: "receiver [name]",
Short: "Create or update a Receiver resource",
Long: `The create receiver command generates a Receiver resource.`,
Long: "The create receiver command generates a Receiver resource.",
Example: ` # Create a Receiver
flux create receiver github-receiver \
--type github \
@@ -145,7 +145,7 @@ func createReceiverCmdRun(cmd *cobra.Command, args []string) error {
}
logger.Successf("Receiver %s is ready", name)
logger.Successf("generated webhook URL %s", receiver.Status.WebhookPath)
logger.Successf("generated webhook URL %s", receiver.Status.URL)
return nil
}

2
cmd/flux/create_secret.go
View File

@@ -29,7 +29,7 @@ import (
var createSecretCmd = &cobra.Command{
Use: "secret",
Short: "Create or update Kubernetes secrets",
Long: `The create source sub-commands generate Kubernetes secrets specific to Flux.`,
Long: "The create source sub-commands generate Kubernetes secrets specific to Flux.",
}
func init() {

45
cmd/flux/create_secret_git.go
View File

@@ -21,25 +21,22 @@ import (
"crypto/elliptic"
"fmt"
"net/url"
"os"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/yaml"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
var createSecretGitCmd = &cobra.Command{
Use: "git [name]",
Short: "Create or update a Kubernetes secret for Git authentication",
Long: `The create secret git command generates a Kubernetes secret with Git credentials.
For Git over SSH, the host and SSH keys are automatically generated and stored
in the secret.
For Git over HTTP/S, the provided basic authentication credentials or bearer
authentication token are stored in the secret.`,
For Git over SSH, the host and SSH keys are automatically generated and stored in the secret.
For Git over HTTP/S, the provided basic authentication credentials are stored in the secret.`,
Example: ` # Create a Git SSH authentication secret using an ECDSA P-521 curve public key
flux create secret git podinfo-auth \
@@ -88,9 +85,7 @@ type secretGitFlags struct {
rsaBits flags.RSAKeyBits
ecdsaCurve flags.ECDSACurve
caFile string
caCrtFile string
privateKeyFile string
bearerToken string
}
var secretGitArgs = NewSecretGitFlags()
@@ -103,9 +98,7 @@ func init() {
createSecretGitCmd.Flags().Var(&secretGitArgs.rsaBits, "ssh-rsa-bits", secretGitArgs.rsaBits.Description())
createSecretGitCmd.Flags().Var(&secretGitArgs.ecdsaCurve, "ssh-ecdsa-curve", secretGitArgs.ecdsaCurve.Description())
createSecretGitCmd.Flags().StringVar(&secretGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
createSecretGitCmd.Flags().StringVar(&secretGitArgs.caCrtFile, "ca-crt-file", "", "path to TLS CA certificate file used for validating self-signed certificates; takes precedence over --ca-file")
createSecretGitCmd.Flags().StringVar(&secretGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
createSecretGitCmd.Flags().StringVar(&secretGitArgs.bearerToken, "bearer-token", "", "bearer authentication token")
createSecretCmd.AddCommand(createSecretGitCmd)
}
@@ -142,39 +135,19 @@ func createSecretGitCmdRun(cmd *cobra.Command, args []string) error {
}
switch u.Scheme {
case "ssh":
keypair, err := sourcesecret.LoadKeyPairFromPath(secretGitArgs.privateKeyFile, secretGitArgs.password)
if err != nil {
return err
}
opts.Keypair = keypair
opts.SSHHostname = u.Host
opts.PrivateKeyPath = secretGitArgs.privateKeyFile
opts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(secretGitArgs.keyAlgorithm)
opts.RSAKeyBits = int(secretGitArgs.rsaBits)
opts.ECDSACurve = secretGitArgs.ecdsaCurve.Curve
opts.Password = secretGitArgs.password
case "http", "https":
if (secretGitArgs.username == "" || secretGitArgs.password == "") && secretGitArgs.bearerToken == "" {
return fmt.Errorf("for Git over HTTP/S the username and password, or a bearer token is required")
if secretGitArgs.username == "" || secretGitArgs.password == "" {
return fmt.Errorf("for Git over HTTP/S the username and password are required")
}
opts.Username = secretGitArgs.username
opts.Password = secretGitArgs.password
opts.BearerToken = secretGitArgs.bearerToken
if secretGitArgs.username != "" && secretGitArgs.password != "" && secretGitArgs.bearerToken != "" {
return fmt.Errorf("user credentials and bearer token cannot be used together")
}
// --ca-crt-file takes precedence over --ca-file.
if secretGitArgs.caCrtFile != "" {
opts.CACrt, err = os.ReadFile(secretGitArgs.caCrtFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
} else if secretGitArgs.caFile != "" {
opts.CAFile, err = os.ReadFile(secretGitArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
opts.CAFilePath = secretGitArgs.caFile
default:
return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
}

26
cmd/flux/create_secret_git_test.go
View File

@@ -1,21 +1,10 @@
package main
import (
"fmt"
"os"
"testing"
)
func TestCreateGitSecret(t *testing.T) {
file, err := os.CreateTemp(t.TempDir(), "ca-crt")
if err != nil {
t.Fatal("could not create CA certificate file")
}
_, err = file.Write([]byte("ca-data"))
if err != nil {
t.Fatal("could not write to CA certificate file")
}
tests := []struct {
name string
args string
@@ -41,21 +30,6 @@ func TestCreateGitSecret(t *testing.T) {
args: "create secret git podinfo-auth --url=ssh://git@github.com/stefanprodan/podinfo --private-key-file=./testdata/create_secret/git/ecdsa-password.private --password=password --namespace=my-namespace --export",
assert: assertGoldenFile("testdata/create_secret/git/git-ssh-secret-password.yaml"),
},
{
name: "git authentication with bearer token",
args: "create secret git bearer-token-auth --url=https://github.com/stefanprodan/podinfo --bearer-token=ghp_baR2qnFF0O41WlucePL3udt2N9vVZS4R0hAS --namespace=my-namespace --export",
assert: assertGoldenFile("testdata/create_secret/git/git-bearer-token.yaml"),
},
{
name: "git authentication with CA certificate",
args: fmt.Sprintf("create secret git ca-crt --url=https://github.com/stefanprodan/podinfo --password=my-password --username=my-username --ca-crt-file=%s --namespace=my-namespace --export", file.Name()),
assert: assertGoldenFile("testdata/create_secret/git/secret-ca-crt.yaml"),
},
{
name: "git authentication with basic auth and bearer token",
args: "create secret git podinfo-auth --url=https://github.com/stefanprodan/podinfo --username=aaa --password=zzzz --bearer-token=aaaa --namespace=my-namespace --export",
assert: assertError("user credentials and bearer token cannot be used together"),
},
}
for _, tt := range tests {

65
cmd/flux/create_secret_helm.go
View File

@@ -18,21 +18,19 @@ package main
import (
"context"
"fmt"
"os"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/yaml"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
var createSecretHelmCmd = &cobra.Command{
Use: "helm [name]",
Short: "Create or update a Kubernetes secret for Helm repository authentication",
Long: withPreviewNote(`The create secret helm command generates a Kubernetes secret with basic authentication credentials.`),
Long: `The create secret helm command generates a Kubernetes secret with basic authentication credentials.`,
Example: ` # Create a Helm authentication secret on disk and encrypt it with Mozilla SOPS
flux create secret helm repo-auth \
--namespace=my-namespace \
@@ -41,8 +39,15 @@ var createSecretHelmCmd = &cobra.Command{
--export > repo-auth.yaml
sops --encrypt --encrypted-regex '^(data|stringData)$' \
--in-place repo-auth.yaml`,
--in-place repo-auth.yaml
# Create a Helm authentication secret using a custom TLS cert
flux create secret helm repo-auth \
--username=username \
--password=password \
--cert-file=./cert.crt \
--key-file=./key.crt \
--ca-file=./ca.crt`,
RunE: createSecretHelmCmdRun,
}
@@ -55,16 +60,9 @@ type secretHelmFlags struct {
var secretHelmArgs secretHelmFlags
func init() {
flags := createSecretHelmCmd.Flags()
flags.StringVarP(&secretHelmArgs.username, "username", "u", "", "basic authentication username")
flags.StringVarP(&secretHelmArgs.password, "password", "p", "", "basic authentication password")
initSecretDeprecatedTLSFlags(flags, &secretHelmArgs.secretTLSFlags)
deprecationMsg := "please use the command `flux create secret tls` to generate TLS secrets"
flags.MarkDeprecated("cert-file", deprecationMsg)
flags.MarkDeprecated("key-file", deprecationMsg)
flags.MarkDeprecated("ca-file", deprecationMsg)
createSecretHelmCmd.Flags().StringVarP(&secretHelmArgs.username, "username", "u", "", "basic authentication username")
createSecretHelmCmd.Flags().StringVarP(&secretHelmArgs.password, "password", "p", "", "basic authentication password")
initSecretTLSFlags(createSecretHelmCmd.Flags(), &secretHelmArgs.secretTLSFlags)
createSecretCmd.AddCommand(createSecretHelmCmd)
}
@@ -76,34 +74,15 @@ func createSecretHelmCmdRun(cmd *cobra.Command, args []string) error {
return err
}
caBundle := []byte{}
if secretHelmArgs.caFile != "" {
var err error
caBundle, err = os.ReadFile(secretHelmArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
var certFile, keyFile []byte
if secretHelmArgs.certFile != "" && secretHelmArgs.keyFile != "" {
if certFile, err = os.ReadFile(secretHelmArgs.certFile); err != nil {
return fmt.Errorf("failed to read cert file: %w", err)
}
if keyFile, err = os.ReadFile(secretHelmArgs.keyFile); err != nil {
return fmt.Errorf("failed to read key file: %w", err)
}
}
opts := sourcesecret.Options{
Name: name,
Namespace: *kubeconfigArgs.Namespace,
Labels: labels,
Username: secretHelmArgs.username,
Password: secretHelmArgs.password,
CAFile: caBundle,
CertFile: certFile,
KeyFile: keyFile,
Name: name,
Namespace: *kubeconfigArgs.Namespace,
Labels: labels,
Username: secretHelmArgs.username,
Password: secretHelmArgs.password,
CAFilePath: secretHelmArgs.caFile,
CertFilePath: secretHelmArgs.certFile,
KeyFilePath: secretHelmArgs.keyFile,
}
secret, err := sourcesecret.Generate(opts)
if err != nil {

6
cmd/flux/create_secret_oci.go
View File

@@ -20,8 +20,8 @@ import (
"context"
"fmt"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
"github.com/google/go-containerregistry/pkg/name"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
@@ -31,7 +31,7 @@ import (
var createSecretOCICmd = &cobra.Command{
Use: "oci [name]",
Short: "Create or update a Kubernetes image pull secret",
Long: withPreviewNote(`The create secret oci command generates a Kubernetes secret that can be used for OCIRepository authentication`),
Long: `The create secret oci command generates a Kubernetes secret that can be used for OCIRepository authentication`,
Example: ` # Create an OCI authentication secret on disk and encrypt it with Mozilla SOPS
flux create secret oci podinfo-auth \
--url=ghcr.io \

74
cmd/flux/create_secret_tls.go
View File

@@ -18,29 +18,26 @@ package main
import (
"context"
"fmt"
"os"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/yaml"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
var createSecretTLSCmd = &cobra.Command{
Use: "tls [name]",
Short: "Create or update a Kubernetes secret with TLS certificates",
Long: withPreviewNote(`The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`),
Long: `The create secret tls command generates a Kubernetes secret with certificates for use with TLS.`,
Example: ` # Create a TLS secret on disk and encrypt it with Mozilla SOPS.
# Files are expected to be PEM-encoded.
flux create secret tls certs \
--namespace=my-namespace \
--tls-crt-file=./client.crt \
--tls-key-file=./client.key \
--ca-crt-file=./ca.crt \
--cert-file=./client.crt \
--key-file=./client.key \
--export > certs.yaml
sops --encrypt --encrypted-regex '^(data|stringData)$' \
@@ -49,37 +46,22 @@ var createSecretTLSCmd = &cobra.Command{
}
type secretTLSFlags struct {
certFile string
keyFile string
caFile string
caCrtFile string
tlsKeyFile string
tlsCrtFile string
certFile string
keyFile string
caFile string
}
var secretTLSArgs secretTLSFlags
func initSecretDeprecatedTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) {
func initSecretTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) {
flags.StringVar(&args.certFile, "cert-file", "", "TLS authentication cert file path")
flags.StringVar(&args.keyFile, "key-file", "", "TLS authentication key file path")
flags.StringVar(&args.caFile, "ca-file", "", "TLS authentication CA file path")
}
func initSecretTLSFlags(flags *pflag.FlagSet, args *secretTLSFlags) {
flags.StringVar(&args.tlsCrtFile, "tls-crt-file", "", "TLS authentication cert file path")
flags.StringVar(&args.tlsKeyFile, "tls-key-file", "", "TLS authentication key file path")
flags.StringVar(&args.caCrtFile, "ca-crt-file", "", "TLS authentication CA file path")
}
func init() {
flags := createSecretTLSCmd.Flags()
initSecretDeprecatedTLSFlags(flags, &secretTLSArgs)
initSecretTLSFlags(flags, &secretTLSArgs)
flags.MarkDeprecated("cert-file", "please use --tls-crt-file instead")
flags.MarkDeprecated("key-file", "please use --tls-key-file instead")
flags.MarkDeprecated("ca-file", "please use --ca-crt-file instead")
createSecretCmd.AddCommand(createSecretTLSCmd)
}
@@ -92,39 +74,13 @@ func createSecretTLSCmdRun(cmd *cobra.Command, args []string) error {
}
opts := sourcesecret.Options{
Name: name,
Namespace: *kubeconfigArgs.Namespace,
Labels: labels,
Name: name,
Namespace: *kubeconfigArgs.Namespace,
Labels: labels,
CAFilePath: secretTLSArgs.caFile,
CertFilePath: secretTLSArgs.certFile,
KeyFilePath: secretTLSArgs.keyFile,
}
if secretTLSArgs.caCrtFile != "" {
opts.CACrt, err = os.ReadFile(secretTLSArgs.caCrtFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
} else if secretTLSArgs.caFile != "" {
opts.CAFile, err = os.ReadFile(secretTLSArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
if secretTLSArgs.tlsCrtFile != "" && secretTLSArgs.tlsKeyFile != "" {
if opts.TLSCrt, err = os.ReadFile(secretTLSArgs.tlsCrtFile); err != nil {
return fmt.Errorf("failed to read cert file: %w", err)
}
if opts.TLSKey, err = os.ReadFile(secretTLSArgs.tlsKeyFile); err != nil {
return fmt.Errorf("failed to read key file: %w", err)
}
} else if secretTLSArgs.certFile != "" && secretTLSArgs.keyFile != "" {
if opts.CertFile, err = os.ReadFile(secretTLSArgs.certFile); err != nil {
return fmt.Errorf("failed to read cert file: %w", err)
}
if opts.KeyFile, err = os.ReadFile(secretTLSArgs.keyFile); err != nil {
return fmt.Errorf("failed to read key file: %w", err)
}
}
secret, err := sourcesecret.Generate(opts)
if err != nil {
return err

8
cmd/flux/create_secret_tls_test.go
View File

@@ -4,7 +4,7 @@ import (
"testing"
)
func TestCreateTlsSecret(t *testing.T) {
func TestCreateTlsSecretNoArgs(t *testing.T) {
tests := []struct {
name string
args string
@@ -15,13 +15,9 @@ func TestCreateTlsSecret(t *testing.T) {
assert: assertError("name is required"),
},
{
args: "create secret tls certs --namespace=my-namespace --tls-crt-file=./testdata/create_secret/tls/test-cert.pem --tls-key-file=./testdata/create_secret/tls/test-key.pem --ca-crt-file=./testdata/create_secret/tls/test-ca.pem --export",
args: "create secret tls certs --namespace=my-namespace --cert-file=./testdata/create_secret/tls/test-cert.pem --key-file=./testdata/create_secret/tls/test-key.pem --export",
assert: assertGoldenFile("testdata/create_secret/tls/secret-tls.yaml"),
},
{
args: "create secret tls certs --namespace=my-namespace --cert-file=./testdata/create_secret/tls/test-cert.pem --key-file=./testdata/create_secret/tls/test-key.pem --ca-file=./testdata/create_secret/tls/test-ca.pem --export",
assert: assertGoldenFile("testdata/create_secret/tls/deprecated-secret-tls.yaml"),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

2
cmd/flux/create_source.go
View File

@@ -25,7 +25,7 @@ import (
var createSourceCmd = &cobra.Command{
Use: "source",
Short: "Create or update sources",
Long: `The create source sub-commands generate sources.`,
Long: "The create source sub-commands generate sources.",
}
type createSourceFlags struct {

8
cmd/flux/create_source_bucket.go
View File

@@ -35,15 +35,15 @@ import (
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
)
var createSourceBucketCmd = &cobra.Command{
Use: "bucket [name]",
Short: "Create or update a Bucket source",
Long: withPreviewNote(`The create source bucket command generates a Bucket resource and waits for it to be downloaded.
For Buckets with static authentication, the credentials are stored in a Kubernetes secret.`),
Long: `The create source bucket command generates a Bucket resource and waits for it to be downloaded.
For Buckets with static authentication, the credentials are stored in a Kubernetes secret.`,
Example: ` # Create a source for a Bucket using static authentication
flux create source bucket podinfo \
--bucket-name=podinfo \

47
cmd/flux/create_source_git.go
View File

@@ -37,11 +37,11 @@ import (
"github.com/fluxcd/pkg/apis/meta"
"github.com/fluxcd/pkg/runtime/conditions"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
type sourceGitFlags struct {
@@ -49,14 +49,13 @@ type sourceGitFlags struct {
branch string
tag string
semver string
refName string
commit string
username string
password string
keyAlgorithm flags.PublicKeyAlgorithm
keyRSABits flags.RSAKeyBits
keyECDSACurve flags.ECDSACurve
secretRef string
gitImplementation flags.GitImplementation
caFile string
privateKeyFile string
recurseSubmodules bool
@@ -131,14 +130,13 @@ func init() {
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.branch, "branch", "", "git branch")
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.tag, "tag", "", "git tag")
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.semver, "tag-semver", "", "git tag semver range")
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.refName, "ref-name", "", " git reference name")
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.commit, "commit", "", "git commit")
createSourceGitCmd.Flags().StringVarP(&sourceGitArgs.username, "username", "u", "", "basic authentication username")
createSourceGitCmd.Flags().StringVarP(&sourceGitArgs.password, "password", "p", "", "basic authentication password")
createSourceGitCmd.Flags().Var(&sourceGitArgs.keyAlgorithm, "ssh-key-algorithm", sourceGitArgs.keyAlgorithm.Description())
createSourceGitCmd.Flags().Var(&sourceGitArgs.keyRSABits, "ssh-rsa-bits", sourceGitArgs.keyRSABits.Description())
createSourceGitCmd.Flags().Var(&sourceGitArgs.keyECDSACurve, "ssh-ecdsa-curve", sourceGitArgs.keyECDSACurve.Description())
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.secretRef, "secret-ref", "", "the name of an existing secret containing SSH or basic credentials")
createSourceGitCmd.Flags().Var(&sourceGitArgs.gitImplementation, "git-implementation", sourceGitArgs.gitImplementation.Description())
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.caFile, "ca-file", "", "path to TLS CA file used for validating self-signed certificates")
createSourceGitCmd.Flags().StringVar(&sourceGitArgs.privateKeyFile, "private-key-file", "", "path to a passwordless private key file used for authenticating to the Git SSH server")
createSourceGitCmd.Flags().BoolVar(&sourceGitArgs.recurseSubmodules, "recurse-submodules", false,
@@ -172,14 +170,18 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
return fmt.Errorf("git URL scheme '%s' not supported, can be: ssh, http and https", u.Scheme)
}
if sourceGitArgs.branch == "" && sourceGitArgs.tag == "" && sourceGitArgs.semver == "" && sourceGitArgs.commit == "" && sourceGitArgs.refName == "" {
return fmt.Errorf("a Git ref is required, use one of the following: --branch, --tag, --commit, --ref-name or --tag-semver")
if sourceGitArgs.branch == "" && sourceGitArgs.tag == "" && sourceGitArgs.semver == "" {
return fmt.Errorf("a Git ref is required, use one of the following: --branch, --tag or --tag-semver")
}
if sourceGitArgs.caFile != "" && u.Scheme == "ssh" {
return fmt.Errorf("specifying a CA file is not supported for Git over SSH")
}
if sourceGitArgs.recurseSubmodules && sourceGitArgs.gitImplementation == sourcev1.LibGit2Implementation {
return fmt.Errorf("recurse submodules requires --git-implementation=%s", sourcev1.GoGitImplementation)
}
tmpDir, err := os.MkdirTemp("", name)
if err != nil {
return err
@@ -218,12 +220,11 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
gitRepository.Spec.Timeout = &metav1.Duration{Duration: createSourceArgs.fetchTimeout}
}
if sourceGitArgs.commit != "" {
gitRepository.Spec.Reference.Commit = sourceGitArgs.commit
gitRepository.Spec.Reference.Branch = sourceGitArgs.branch
} else if sourceGitArgs.refName != "" {
gitRepository.Spec.Reference.Name = sourceGitArgs.refName
} else if sourceGitArgs.semver != "" {
if sourceGitArgs.gitImplementation != "" {
gitRepository.Spec.GitImplementation = sourceGitArgs.gitImplementation.String()
}
if sourceGitArgs.semver != "" {
gitRepository.Spec.Reference.SemVer = sourceGitArgs.semver
} else if sourceGitArgs.tag != "" {
gitRepository.Spec.Reference.Tag = sourceGitArgs.tag
@@ -258,26 +259,16 @@ func createSourceGitCmdRun(cmd *cobra.Command, args []string) error {
}
switch u.Scheme {
case "ssh":
keypair, err := sourcesecret.LoadKeyPairFromPath(sourceGitArgs.privateKeyFile, sourceGitArgs.password)
if err != nil {
return err
}
secretOpts.Keypair = keypair
secretOpts.SSHHostname = u.Host
secretOpts.PrivateKeyPath = sourceGitArgs.privateKeyFile
secretOpts.PrivateKeyAlgorithm = sourcesecret.PrivateKeyAlgorithm(sourceGitArgs.keyAlgorithm)
secretOpts.RSAKeyBits = int(sourceGitArgs.keyRSABits)
secretOpts.ECDSACurve = sourceGitArgs.keyECDSACurve.Curve
secretOpts.Password = sourceGitArgs.password
case "https":
if sourceGitArgs.caFile != "" {
caBundle, err := os.ReadFile(sourceGitArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
secretOpts.CAFile = caBundle
}
secretOpts.Username = sourceGitArgs.username
secretOpts.Password = sourceGitArgs.password
secretOpts.CAFilePath = sourceGitArgs.caFile
case "http":
logger.Warningf("insecure configuration: credentials configured for an HTTP URL")
secretOpts.Username = sourceGitArgs.username

43
cmd/flux/create_source_git_test.go
View File

@@ -24,15 +24,14 @@ import (
"testing"
"time"
"github.com/fluxcd/pkg/apis/meta"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"k8s.io/apimachinery/pkg/api/errors"
apimeta "k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/fluxcd/pkg/apis/meta"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
)
var pollInterval = 50 * time.Millisecond
@@ -99,41 +98,6 @@ func TestCreateSourceGitExport(t *testing.T) {
command,
assertGoldenFile("testdata/create_source_git/export.golden"),
},
{
name: "no args",
args: "create secret git",
assert: assertError("name is required"),
},
{
name: "source with commit",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --commit=c88a2f41 --interval=1m0s --export",
assert: assertGoldenFile("./testdata/create_source_git/source-git-commit.yaml"),
},
{
name: "source with ref name",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --ref-name=refs/heads/main --interval=1m0s --export",
assert: assertGoldenFile("testdata/create_source_git/source-git-refname.yaml"),
},
{
name: "source with branch name and commit",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --branch=main --commit=c88a2f41 --interval=1m0s --export",
assert: assertGoldenFile("testdata/create_source_git/source-git-branch-commit.yaml"),
},
{
name: "source with semver",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --tag-semver=v1.01 --interval=1m0s --export",
assert: assertGoldenFile("testdata/create_source_git/source-git-semver.yaml"),
},
{
name: "source with git tag",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --tag=test --interval=1m0s --export",
assert: assertGoldenFile("testdata/create_source_git/source-git-tag.yaml"),
},
{
name: "source with git branch",
args: "create source git podinfo --namespace=flux-system --url=https://github.com/stefanprodan/podinfo --branch=test --interval=1m0s --export",
assert: assertGoldenFile("testdata/create_source_git/source-git-branch.yaml"),
},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
@@ -177,9 +141,6 @@ func TestCreateSourceGit(t *testing.T) {
repo.Status.Artifact = &sourcev1.Artifact{
Path: "some-path",
Revision: "v1",
LastUpdateTime: metav1.Time{
Time: time.Now(),
},
}
},
}, {

40
cmd/flux/create_source_helm.go
View File

@@ -35,15 +35,15 @@ import (
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/manifestgen/sourcesecret"
"github.com/fluxcd/flux2/internal/utils"
"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
)
var createSourceHelmCmd = &cobra.Command{
Use: "helm [name]",
Short: "Create or update a HelmRepository source",
Long: withPreviewNote(`The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`),
Long: `The create source helm command generates a HelmRepository resource and waits for it to fetch the index.
For private Helm repositories, the basic authentication credentials are stored in a Kubernetes secret.`,
Example: ` # Create a source for an HTTPS public Helm repository
flux create source helm podinfo \
--url=https://stefanprodan.github.io/podinfo \
@@ -64,13 +64,13 @@ For private Helm repositories, the basic authentication credentials are stored i
# Create a source for an OCI Helm repository
flux create source helm podinfo \
--url=oci://ghcr.io/stefanprodan/charts/podinfo \
--url=oci://ghcr.io/stefanprodan/charts/podinfo
--username=username \
--password=password
# Create a source for an OCI Helm repository using an existing secret with basic auth or dockerconfig credentials
flux create source helm podinfo \
--url=oci://ghcr.io/stefanprodan/charts/podinfo \
--url=oci://ghcr.io/stefanprodan/charts/podinfo
--secret-ref=docker-config`,
RunE: createSourceHelmCmdRun,
}
@@ -83,7 +83,6 @@ type sourceHelmFlags struct {
keyFile string
caFile string
secretRef string
ociProvider string
passCredentials bool
}
@@ -97,7 +96,6 @@ func init() {
createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.keyFile, "key-file", "", "TLS authentication key file path")
createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.caFile, "ca-file", "", "TLS authentication CA file path")
createSourceHelmCmd.Flags().StringVarP(&sourceHelmArgs.secretRef, "secret-ref", "", "", "the name of an existing secret containing TLS, basic auth or docker-config credentials")
createSourceHelmCmd.Flags().StringVar(&sourceHelmArgs.ociProvider, "oci-provider", "", "OCI provider for authentication")
createSourceHelmCmd.Flags().BoolVarP(&sourceHelmArgs.passCredentials, "pass-credentials", "", false, "pass credentials to all domains")
createSourceCmd.AddCommand(createSourceHelmCmd)
@@ -145,7 +143,6 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
}
if url.Scheme == sourcev1.HelmRepositoryTypeOCI {
helmRepository.Spec.Type = sourcev1.HelmRepositoryTypeOCI
helmRepository.Spec.Provider = sourceHelmArgs.ociProvider
}
if createSourceArgs.fetchTimeout > 0 {
@@ -171,25 +168,6 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
return err
}
caBundle := []byte{}
if sourceHelmArgs.caFile != "" {
var err error
caBundle, err = os.ReadFile(sourceHelmArgs.caFile)
if err != nil {
return fmt.Errorf("unable to read TLS CA file: %w", err)
}
}
var certFile, keyFile []byte
if sourceHelmArgs.certFile != "" && sourceHelmArgs.keyFile != "" {
if certFile, err = os.ReadFile(sourceHelmArgs.certFile); err != nil {
return fmt.Errorf("failed to read cert file: %w", err)
}
if keyFile, err = os.ReadFile(sourceHelmArgs.keyFile); err != nil {
return fmt.Errorf("failed to read key file: %w", err)
}
}
logger.Generatef("generating HelmRepository source")
if sourceHelmArgs.secretRef == "" {
secretName := fmt.Sprintf("helm-%s", name)
@@ -198,9 +176,9 @@ func createSourceHelmCmdRun(cmd *cobra.Command, args []string) error {
Namespace: *kubeconfigArgs.Namespace,
Username: sourceHelmArgs.username,
Password: sourceHelmArgs.password,
CAFile: caBundle,
CertFile: certFile,
KeyFile: keyFile,
CertFilePath: sourceHelmArgs.certFile,
KeyFilePath: sourceHelmArgs.keyFile,
CAFilePath: sourceHelmArgs.caFile,
ManifestFile: sourcesecret.MakeDefaultOptions().ManifestFile,
}
secret, err := sourcesecret.Generate(secretOpts)

6
cmd/flux/create_source_oci.go
View File

@@ -33,14 +33,14 @@ import (
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/flags"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/flags"
"github.com/fluxcd/flux2/internal/utils"
)
var createSourceOCIRepositoryCmd = &cobra.Command{
Use: "oci [name]",
Short: "Create or update an OCIRepository",
Long: withPreviewNote(`The create source oci command generates an OCIRepository resource and waits for it to be ready.`),
Long: `The create source oci command generates an OCIRepository resource and waits for it to be ready.`,
Example: ` # Create an OCIRepository for a public container image
flux create source oci podinfo \
--url=oci://ghcr.io/stefanprodan/manifests/podinfo \

4
cmd/flux/create_source_oci_test.go
View File

@@ -38,12 +38,12 @@ func TestCreateSourceOCI(t *testing.T) {
},
{
name: "export manifest",
args: "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m --export",
args: "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.1.6 --interval 10m --export",
assertFunc: assertGoldenFile("./testdata/oci/export.golden"),
},
{
name: "export manifest with secret",
args: "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.3.5 --interval 10m --secret-ref=creds --export",
args: "create source oci podinfo --url=oci://ghcr.io/stefanprodan/manifests/podinfo --tag=6.1.6 --interval 10m --secret-ref=creds --export",
assertFunc: assertGoldenFile("./testdata/oci/export_with_secret.golden"),
},
}

6
cmd/flux/create_tenant.go
View File

@@ -21,7 +21,7 @@ import (
"context"
"fmt"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
@@ -37,8 +37,8 @@ import (
var createTenantCmd = &cobra.Command{
Use: "tenant",
Short: "Create or update a tenant",
Long: withPreviewNote(`The create tenant command generates namespaces, service accounts and role bindings to limit the
reconcilers scope to the tenant namespaces.`),
Long: `The create tenant command generates namespaces, service accounts and role bindings to limit the
reconcilers scope to the tenant namespaces.`,
Example: ` # Create a tenant with access to a namespace
flux create tenant dev-team \
--with-namespace=frontend \

4
cmd/flux/delete.go
View File

@@ -24,13 +24,13 @@ import (
"github.com/spf13/cobra"
"k8s.io/apimachinery/pkg/types"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var deleteCmd = &cobra.Command{
Use: "delete",
Short: "Delete sources and resources",
Long: `The delete sub-commands delete sources and resources.`,
Long: "The delete sub-commands delete sources and resources.",
}
type deleteFlags struct {

4
cmd/flux/delete_alert.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
)
var deleteAlertCmd = &cobra.Command{
Use: "alert [name]",
Short: "Delete a Alert resource",
Long: withPreviewNote("The delete alert command removes the given Alert from the cluster."),
Long: "The delete alert command removes the given Alert from the cluster.",
Example: ` # Delete an Alert and the Kubernetes resources created by it
flux delete alert main`,
ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.AlertKind)),

4
cmd/flux/delete_alertprovider.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta2"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
)
var deleteAlertProviderCmd = &cobra.Command{
Use: "alert-provider [name]",
Short: "Delete a Provider resource",
Long: withPreviewNote("The delete alert-provider command removes the given Provider from the cluster."),
Long: "The delete alert-provider command removes the given Provider from the cluster.",
Example: ` # Delete a Provider and the Kubernetes resources created by it
flux delete alert-provider slack`,
ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ProviderKind)),

2
cmd/flux/delete_helmrelease.go
View File

@@ -26,7 +26,7 @@ var deleteHelmReleaseCmd = &cobra.Command{
Use: "helmrelease [name]",
Aliases: []string{"hr"},
Short: "Delete a HelmRelease resource",
Long: withPreviewNote("The delete helmrelease command removes the given HelmRelease from the cluster."),
Long: "The delete helmrelease command removes the given HelmRelease from the cluster.",
Example: ` # Delete a Helm release and the Kubernetes resources created by it
flux delete hr podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(helmv2.GroupVersion.WithKind(helmv2.HelmReleaseKind)),

2
cmd/flux/delete_image.go
View File

@@ -23,7 +23,7 @@ import (
var deleteImageCmd = &cobra.Command{
Use: "image",
Short: "Delete image automation objects",
Long: `The delete image sub-commands delete image automation objects.`,
Long: "The delete image sub-commands delete image automation objects.",
}
func init() {

4
cmd/flux/delete_image_policy.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
)
var deleteImagePolicyCmd = &cobra.Command{
Use: "policy [name]",
Short: "Delete an ImagePolicy object",
Long: withPreviewNote(`The delete image policy command deletes the given ImagePolicy from the cluster.`),
Long: "The delete image policy command deletes the given ImagePolicy from the cluster.",
Example: ` # Delete an image policy
flux delete image policy alpine3.x`,
ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImagePolicyKind)),

4
cmd/flux/delete_image_repository.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta1"
)
var deleteImageRepositoryCmd = &cobra.Command{
Use: "repository [name]",
Short: "Delete an ImageRepository object",
Long: withPreviewNote("The delete image repository command deletes the given ImageRepository from the cluster."),
Long: "The delete image repository command deletes the given ImageRepository from the cluster.",
Example: ` # Delete an image repository
flux delete image repository alpine`,
ValidArgsFunction: resourceNamesCompletionFunc(imagev1.GroupVersion.WithKind(imagev1.ImageRepositoryKind)),

2
cmd/flux/delete_image_update.go
View File

@@ -25,7 +25,7 @@ import (
var deleteImageUpdateCmd = &cobra.Command{
Use: "update [name]",
Short: "Delete an ImageUpdateAutomation object",
Long: withPreviewNote(`The delete image update command deletes the given ImageUpdateAutomation from the cluster.`),
Long: "The delete image update command deletes the given ImageUpdateAutomation from the cluster.",
Example: ` # Delete an image update automation
flux delete image update latest-images`,
ValidArgsFunction: resourceNamesCompletionFunc(autov1.GroupVersion.WithKind(autov1.ImageUpdateAutomationKind)),

4
cmd/flux/delete_kustomization.go
View File

@@ -19,14 +19,14 @@ package main
import (
"github.com/spf13/cobra"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
)
var deleteKsCmd = &cobra.Command{
Use: "kustomization [name]",
Aliases: []string{"ks"},
Short: "Delete a Kustomization resource",
Long: `The delete kustomization command deletes the given Kustomization from the cluster.`,
Long: "The delete kustomization command deletes the given Kustomization from the cluster.",
Example: ` # Delete a kustomization and the Kubernetes resources created by it when prune is enabled
flux delete kustomization podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),

4
cmd/flux/delete_receiver.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
notificationv1 "github.com/fluxcd/notification-controller/api/v1"
notificationv1 "github.com/fluxcd/notification-controller/api/v1beta1"
)
var deleteReceiverCmd = &cobra.Command{
Use: "receiver [name]",
Short: "Delete a Receiver resource",
Long: `The delete receiver command removes the given Receiver from the cluster.`,
Long: "The delete receiver command removes the given Receiver from the cluster.",
Example: ` # Delete an Receiver and the Kubernetes resources created by it
flux delete receiver main`,
ValidArgsFunction: resourceNamesCompletionFunc(notificationv1.GroupVersion.WithKind(notificationv1.ReceiverKind)),

2
cmd/flux/delete_source.go
View File

@@ -23,7 +23,7 @@ import (
var deleteSourceCmd = &cobra.Command{
Use: "source",
Short: "Delete sources",
Long: `The delete source sub-commands delete sources.`,
Long: "The delete source sub-commands delete sources.",
}
func init() {

2
cmd/flux/delete_source_bucket.go
View File

@@ -25,7 +25,7 @@ import (
var deleteSourceBucketCmd = &cobra.Command{
Use: "bucket [name]",
Short: "Delete a Bucket source",
Long: withPreviewNote("The delete source bucket command deletes the given Bucket from the cluster."),
Long: "The delete source bucket command deletes the given Bucket from the cluster.",
Example: ` # Delete a Bucket source
flux delete source bucket podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.BucketKind)),

4
cmd/flux/delete_source_git.go
View File

@@ -19,13 +19,13 @@ package main
import (
"github.com/spf13/cobra"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
)
var deleteSourceGitCmd = &cobra.Command{
Use: "git [name]",
Short: "Delete a GitRepository source",
Long: `The delete source git command deletes the given GitRepository from the cluster.`,
Long: "The delete source git command deletes the given GitRepository from the cluster.",
Example: ` # Delete a Git repository
flux delete source git podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.GitRepositoryKind)),

2
cmd/flux/delete_source_helm.go
View File

@@ -25,7 +25,7 @@ import (
var deleteSourceHelmCmd = &cobra.Command{
Use: "helm [name]",
Short: "Delete a HelmRepository source",
Long: withPreviewNote("The delete source helm command deletes the given HelmRepository from the cluster."),
Long: "The delete source helm command deletes the given HelmRepository from the cluster.",
Example: ` # Delete a Helm repository
flux delete source helm podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.HelmRepositoryKind)),

2
cmd/flux/delete_source_oci.go
View File

@@ -25,7 +25,7 @@ import (
var deleteSourceOCIRepositoryCmd = &cobra.Command{
Use: "oci [name]",
Short: "Delete an OCIRepository source",
Long: withPreviewNote("The delete source oci command deletes the given OCIRepository from the cluster."),
Long: "The delete source oci command deletes the given OCIRepository from the cluster.",
Example: ` # Delete an OCIRepository
flux delete source oci podinfo`,
ValidArgsFunction: resourceNamesCompletionFunc(sourcev1.GroupVersion.WithKind(sourcev1.OCIRepositoryKind)),

2
cmd/flux/diff.go
View File

@@ -23,7 +23,7 @@ import (
var diffCmd = &cobra.Command{
Use: "diff",
Short: "Diff a flux resource",
Long: `The diff command is used to do a server-side dry-run on flux resources, then prints the diff.`,
Long: "The diff command is used to do a server-side dry-run on flux resources, then prints the diff.",
}
func init() {

112
cmd/flux/diff_artifact.go
View File

@@ -1,112 +0,0 @@
/*
Copyright 2022 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"context"
"fmt"
"os"
oci "github.com/fluxcd/pkg/oci/client"
sourcev1 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/flags"
)
var diffArtifactCmd = &cobra.Command{
Use: "artifact",
Short: "Diff Artifact",
Long: withPreviewNote(`The diff artifact command computes the diff between the remote OCI artifact and a local directory or file`),
Example: `# Check if local files differ from remote
flux diff artifact oci://ghcr.io/stefanprodan/manifests:podinfo:6.2.0 --path=./kustomize`,
RunE: diffArtifactCmdRun,
}
type diffArtifactFlags struct {
path string
creds string
provider flags.SourceOCIProvider
ignorePaths []string
}
var diffArtifactArgs = newDiffArtifactArgs()
func newDiffArtifactArgs() diffArtifactFlags {
return diffArtifactFlags{
provider: flags.SourceOCIProvider(sourcev1.GenericOCIProvider),
}
}
func init() {
diffArtifactCmd.Flags().StringVar(&diffArtifactArgs.path, "path", "", "path to the directory where the Kubernetes manifests are located")
diffArtifactCmd.Flags().StringVar(&diffArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format <username>[:<password>] if --provider is generic")
diffArtifactCmd.Flags().Var(&diffArtifactArgs.provider, "provider", sourceOCIRepositoryArgs.provider.Description())
diffArtifactCmd.Flags().StringSliceVar(&diffArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format")
diffCmd.AddCommand(diffArtifactCmd)
}
func diffArtifactCmdRun(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("artifact URL is required")
}
ociURL := args[0]
if diffArtifactArgs.path == "" {
return fmt.Errorf("invalid path %q", diffArtifactArgs.path)
}
url, err := oci.ParseArtifactURL(ociURL)
if err != nil {
return err
}
if _, err := os.Stat(diffArtifactArgs.path); err != nil {
return fmt.Errorf("invalid path '%s', must point to an existing directory or file", diffArtifactArgs.path)
}
ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
defer cancel()
ociClient := oci.NewClient(oci.DefaultOptions())
if diffArtifactArgs.provider.String() == sourcev1.GenericOCIProvider && diffArtifactArgs.creds != "" {
logger.Actionf("logging in to registry with credentials")
if err := ociClient.LoginWithCredentials(diffArtifactArgs.creds); err != nil {
return fmt.Errorf("could not login with credentials: %w", err)
}
}
if diffArtifactArgs.provider.String() != sourcev1.GenericOCIProvider {
logger.Actionf("logging in to registry with provider credentials")
ociProvider, err := diffArtifactArgs.provider.ToOCIProvider()
if err != nil {
return fmt.Errorf("provider not supported: %w", err)
}
if err := ociClient.LoginWithProvider(ctx, url, ociProvider); err != nil {
return fmt.Errorf("error during login with provider: %w", err)
}
}
if err := ociClient.Diff(ctx, url, diffArtifactArgs.path, diffArtifactArgs.ignorePaths); err != nil {
return err
}
logger.Successf("no changes detected")
return nil
}

109
cmd/flux/diff_artifact_test.go
View File

@@ -1,109 +0,0 @@
//go:build unit
// +build unit
/*
Copyright 2021 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"context"
"fmt"
"testing"
"time"
"github.com/distribution/distribution/v3/configuration"
"github.com/distribution/distribution/v3/registry"
_ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
"github.com/phayes/freeport"
ctrl "sigs.k8s.io/controller-runtime"
)
var dockerReg string
func setupRegistryServer(ctx context.Context) error {
// Registry config
config := &configuration.Configuration{}
port, err := freeport.GetFreePort()
if err != nil {
return fmt.Errorf("failed to get free port: %s", err)
}
dockerReg = fmt.Sprintf("localhost:%d", port)
config.HTTP.Addr = fmt.Sprintf("127.0.0.1:%d", port)
config.HTTP.DrainTimeout = time.Duration(10) * time.Second
config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}}
dockerRegistry, err := registry.NewRegistry(ctx, config)
if err != nil {
return fmt.Errorf("failed to create docker registry: %w", err)
}
// Start Docker registry
go dockerRegistry.ListenAndServe()
return nil
}
func TestDiffArtifact(t *testing.T) {
tests := []struct {
name string
url string
argsTpl string
pushFile string
diffFile string
assert assertFunc
}{
{
name: "should not fail if there is no diff",
url: "oci://%s/podinfo:1.0.0",
argsTpl: "diff artifact %s --path=%s",
pushFile: "./testdata/diff-artifact/deployment.yaml",
diffFile: "./testdata/diff-artifact/deployment.yaml",
assert: assertGoldenFile("testdata/diff-artifact/success.golden"),
},
{
name: "should fail if there is a diff",
url: "oci://%s/podinfo:2.0.0",
argsTpl: "diff artifact %s --path=%s",
pushFile: "./testdata/diff-artifact/deployment.yaml",
diffFile: "./testdata/diff-artifact/deployment-diff.yaml",
assert: assertError("the remote artifact contents differs from the local one"),
},
}
ctx := ctrl.SetupSignalHandler()
err := setupRegistryServer(ctx)
if err != nil {
panic(fmt.Sprintf("failed to start docker registry: %s", err))
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
tt.url = fmt.Sprintf(tt.url, dockerReg)
_, err := executeCommand("push artifact " + tt.url + " --path=" + tt.pushFile + " --source=test --revision=test")
if err != nil {
t.Fatalf(fmt.Errorf("failed to push image: %w", err).Error())
}
cmd := cmdTestCase{
args: fmt.Sprintf(tt.argsTpl, tt.url, tt.diffFile),
assert: tt.assert,
}
cmd.runTestCmd(t)
})
}
}

35
cmd/flux/diff_kustomization.go
View File

@@ -23,8 +23,8 @@ import (
"github.com/spf13/cobra"
"github.com/fluxcd/flux2/v2/internal/build"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
"github.com/fluxcd/flux2/internal/build"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1beta2"
)
var diffKsCmd = &cobra.Command{
@@ -37,13 +37,7 @@ Exit status: 0 No differences were found. 1 Differences were found. >1 diff fail
flux diff kustomization my-app --path ./path/to/local/manifests
# Preview using a local flux kustomization file
flux diff kustomization my-app --path ./path/to/local/manifests \
--kustomization-file ./path/to/local/my-app.yaml
# Exclude files by providing a comma separated list of entries that follow the .gitignore pattern fromat.
flux diff kustomization my-app --path ./path/to/local/manifests \
--kustomization-file ./path/to/local/my-app.yaml \
--ignore-paths "/to_ignore/**/*.yaml,ignore.yaml"`,
flux diff kustomization my-app --path ./path/to/local/manifests --kustomization-file ./path/to/local/my-app.yaml`,
ValidArgsFunction: resourceNamesCompletionFunc(kustomizev1.GroupVersion.WithKind(kustomizev1.KustomizationKind)),
RunE: diffKsCmdRun,
}
@@ -51,7 +45,6 @@ flux diff kustomization my-app --path ./path/to/local/manifests \
type diffKsFlags struct {
kustomizationFile string
path string
ignorePaths []string
progressBar bool
}
@@ -60,7 +53,6 @@ var diffKsArgs diffKsFlags
func init() {
diffKsCmd.Flags().StringVar(&diffKsArgs.path, "path", "", "Path to a local directory that matches the specified Kustomization.spec.path.")
diffKsCmd.Flags().BoolVar(&diffKsArgs.progressBar, "progress-bar", true, "Boolean to set the progress bar. The default value is true.")
diffKsCmd.Flags().StringSliceVar(&diffKsArgs.ignorePaths, "ignore-paths", nil, "set paths to ignore in .gitignore format")
diffKsCmd.Flags().StringVar(&diffKsArgs.kustomizationFile, "kustomization-file", "", "Path to the Flux Kustomization YAML file.")
diffCmd.AddCommand(diffKsCmd)
}
@@ -85,25 +77,12 @@ func diffKsCmdRun(cmd *cobra.Command, args []string) error {
}
}
var (
builder *build.Builder
err error
)
var builder *build.Builder
var err error
if diffKsArgs.progressBar {
builder, err = build.NewBuilder(name, diffKsArgs.path,
build.WithClientConfig(kubeconfigArgs, kubeclientOptions),
build.WithTimeout(rootArgs.timeout),
build.WithKustomizationFile(diffKsArgs.kustomizationFile),
build.WithProgressBar(),
build.WithIgnore(diffKsArgs.ignorePaths),
)
builder, err = build.NewBuilder(kubeconfigArgs, kubeclientOptions, name, diffKsArgs.path, build.WithTimeout(rootArgs.timeout), build.WithKustomizationFile(diffKsArgs.kustomizationFile), build.WithProgressBar())
} else {
builder, err = build.NewBuilder(name, diffKsArgs.path,
build.WithClientConfig(kubeconfigArgs, kubeclientOptions),
build.WithTimeout(rootArgs.timeout),
build.WithKustomizationFile(diffKsArgs.kustomizationFile),
build.WithIgnore(diffKsArgs.ignorePaths),
)
builder, err = build.NewBuilder(kubeconfigArgs, kubeclientOptions, name, diffKsArgs.path, build.WithTimeout(rootArgs.timeout), build.WithKustomizationFile(diffKsArgs.kustomizationFile))
}
if err != nil {

14
cmd/flux/diff_kustomization_test.go
View File

@@ -25,7 +25,7 @@ import (
"strings"
"testing"
"github.com/fluxcd/flux2/v2/internal/build"
"github.com/fluxcd/flux2/internal/build"
"github.com/fluxcd/pkg/ssa"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
@@ -91,19 +91,13 @@ func TestDiffKustomization(t *testing.T) {
objectFile: "./testdata/diff-kustomization/stringdata-sops-secret.yaml",
assert: assertGoldenFile("./testdata/diff-kustomization/diff-with-drifted-stringdata-sops-secret.golden"),
},
{
name: "diff where kustomization file has multiple objects with the same name",
args: "diff kustomization podinfo --path ./testdata/build-kustomization/podinfo --progress-bar=false --kustomization-file ./testdata/diff-kustomization/flux-kustomization-multiobj.yaml",
objectFile: "",
assert: assertGoldenFile("./testdata/diff-kustomization/nothing-is-deployed.golden"),
},
}
tmpl := map[string]string{
"fluxns": allocateNamespace("flux-system"),
}
b, _ := build.NewBuilder("podinfo", "", build.WithClientConfig(kubeconfigArgs, kubeclientOptions))
b, _ := build.NewBuilder(kubeconfigArgs, kubeclientOptions, "podinfo", "")
resourceManager, err := b.Manager()
if err != nil {
@@ -115,9 +109,7 @@ func TestDiffKustomization(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.objectFile != "" {
if _, err := resourceManager.ApplyAll(context.Background(), createObjectFromFile(tt.objectFile, tmpl, t), ssa.DefaultApplyOptions()); err != nil {
t.Error(err)
}
resourceManager.ApplyAll(context.Background(), createObjectFromFile(tt.objectFile, tmpl, t), ssa.DefaultApplyOptions())
}
cmd := cmdTestCase{
args: tt.args + " -n " + tmpl["fluxns"],

504
cmd/flux/events.go
View File

@@ -1,504 +0,0 @@
/*
Copyright 2023 The Kubernetes Authors.
Copyright 2023 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"context"
"fmt"
"os"
"sort"
"strings"
"time"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/duration"
"k8s.io/apimachinery/pkg/watch"
runtimeresource "k8s.io/cli-runtime/pkg/resource"
cmdutil "k8s.io/kubectl/pkg/cmd/util"
"sigs.k8s.io/controller-runtime/pkg/client"
helmv2 "github.com/fluxcd/helm-controller/api/v2beta1"
autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
notificationv1 "github.com/fluxcd/notification-controller/api/v1"
notificationv1b2 "github.com/fluxcd/notification-controller/api/v1beta2"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/v2/pkg/printers"
)
var eventsCmd = &cobra.Command{
Use: "events",
Short: "Display Kubernetes events for Flux resources",
Long: withPreviewNote("The events sub-command shows Kubernetes events from Flux resources"),
Example: ` # Display events for flux resources in default namespace
flux events -n default
# Display events for flux resources in all namespaces
flux events -A
# Display events for flux resources
flux events --for Kustomization/podinfo
`,
RunE: eventsCmdRun,
}
type eventFlags struct {
allNamespaces bool
watch bool
forSelector string
filterTypes []string
}
var eventArgs eventFlags
func init() {
eventsCmd.Flags().BoolVarP(&eventArgs.allNamespaces, "all-namespaces", "A", false,
"display events from Flux resources across all namespaces")
eventsCmd.Flags().BoolVarP(&eventArgs.watch, "watch", "w", false,
"indicate if the events should be streamed")
eventsCmd.Flags().StringVar(&eventArgs.forSelector, "for", "",
"get events for a particular object")
eventsCmd.Flags().StringSliceVar(&eventArgs.filterTypes, "types", []string{}, "filter events for certain types")
rootCmd.AddCommand(eventsCmd)
}
func eventsCmdRun(cmd *cobra.Command, args []string) error {
ctx, cancel := context.WithTimeout(context.Background(), rootArgs.timeout)
defer cancel()
kubeclient, err := utils.KubeClient(kubeconfigArgs, kubeclientOptions)
if err != nil {
return err
}
namespace := *kubeconfigArgs.Namespace
if eventArgs.allNamespaces {
namespace = ""
}
var diffRefNs bool
clientListOpts := getListOpt(namespace, eventArgs.forSelector)
var refListOpts [][]client.ListOption
if eventArgs.forSelector != "" {
refs, err := getObjectRef(ctx, kubeclient, eventArgs.forSelector, *kubeconfigArgs.Namespace)
if err != nil {
return err
}
for _, ref := range refs {
kind, name, refNs := utils.ParseObjectKindNameNamespace(ref)
if refNs != namespace {
diffRefNs = true
}
refSelector := fmt.Sprintf("%s/%s", kind, name)
refListOpts = append(refListOpts, getListOpt(refNs, refSelector))
}
}
showNamespace := namespace == "" || diffRefNs
if eventArgs.watch {
return eventsCmdWatchRun(ctx, kubeclient, clientListOpts, refListOpts, showNamespace)
}
rows, err := getRows(ctx, kubeclient, clientListOpts, refListOpts, showNamespace)
if err != nil {
return err
}
if len(rows) == 0 {
if eventArgs.allNamespaces {
logger.Failuref("No events found.")
} else {
logger.Failuref("No events found in %s namespace.", *kubeconfigArgs.Namespace)
}
return nil
}
headers := getHeaders(showNamespace)
err = printers.TablePrinter(headers).Print(cmd.OutOrStdout(), rows)
return err
}
func getRows(ctx context.Context, kubeclient client.Client, clientListOpts []client.ListOption, refListOpts [][]client.ListOption, showNs bool) ([][]string, error) {
el := &corev1.EventList{}
if err := addEventsToList(ctx, kubeclient, el, clientListOpts); err != nil {
return nil, err
}
for _, refOpts := range refListOpts {
if err := addEventsToList(ctx, kubeclient, el, refOpts); err != nil {
return nil, err
}
}
sort.Sort(SortableEvents(el.Items))
var rows [][]string
for _, item := range el.Items {
if ignoreEvent(item) {
continue
}
rows = append(rows, getEventRow(item, showNs))
}
return rows, nil
}
func addEventsToList(ctx context.Context, kubeclient client.Client, el *corev1.EventList, clientListOpts []client.ListOption) error {
listOpts := &metav1.ListOptions{}
err := runtimeresource.FollowContinue(listOpts,
func(options metav1.ListOptions) (runtime.Object, error) {
newEvents := &corev1.EventList{}
err := kubeclient.List(ctx, newEvents, clientListOpts...)
if err != nil {
return nil, fmt.Errorf("error getting events: %w", err)
}
el.Items = append(el.Items, newEvents.Items...)
return newEvents, nil
})
return err
}
func getListOpt(namespace, selector string) []client.ListOption {
clientListOpts := []client.ListOption{client.Limit(cmdutil.DefaultChunkSize), client.InNamespace(namespace)}
if selector != "" {
kind, name := utils.ParseObjectKindName(selector)
sel := fields.AndSelectors(
fields.OneTermEqualSelector("involvedObject.kind", kind),
fields.OneTermEqualSelector("involvedObject.name", name))
clientListOpts = append(clientListOpts, client.MatchingFieldsSelector{Selector: sel})
}
return clientListOpts
}
func eventsCmdWatchRun(ctx context.Context, kubeclient client.WithWatch, listOpts []client.ListOption, refListOpts [][]client.ListOption, showNs bool) error {
event := &corev1.EventList{}
eventWatch, err := kubeclient.Watch(ctx, event, listOpts...)
if err != nil {
return err
}
firstIteration := true
handleEvent := func(e watch.Event) error {
if e.Type == watch.Deleted {
return nil
}
event, ok := e.Object.(*corev1.Event)
if !ok {
return nil
}
if ignoreEvent(*event) {
return nil
}
rows := getEventRow(*event, showNs)
var hdr []string
if firstIteration {
hdr = getHeaders(showNs)
firstIteration = false
}
err = printers.TablePrinter(hdr).Print(os.Stdout, [][]string{rows})
if err != nil {
return err
}
return nil
}
for _, refOpts := range refListOpts {
refEventWatch, err := kubeclient.Watch(ctx, event, refOpts...)
if err != nil {
return err
}
go func() {
err := receiveEventChan(ctx, refEventWatch, handleEvent)
if err != nil {
logger.Failuref("error watching events: %s", err.Error())
}
}()
}
return receiveEventChan(ctx, eventWatch, handleEvent)
}
func receiveEventChan(ctx context.Context, eventWatch watch.Interface, f func(e watch.Event) error) error {
defer eventWatch.Stop()
for {
select {
case e, ok := <-eventWatch.ResultChan():
if !ok {
return nil
}
err := f(e)
if err != nil {
return err
}
case <-ctx.Done():
return nil
}
}
}
func getHeaders(showNs bool) []string {
headers := []string{"Last seen", "Type", "Reason", "Object", "Message"}
if showNs {
headers = append(namespaceHeader, headers...)
}
return headers
}
func getEventRow(e corev1.Event, showNs bool) []string {
var row []string
if showNs {
row = []string{e.Namespace}
}
row = append(row, getLastSeen(e), e.Type, e.Reason, fmt.Sprintf("%s/%s", e.InvolvedObject.Kind, e.InvolvedObject.Name), e.Message)
return row
}
// getObjectRef is used to get the metadata of a resource that the selector(in the format <kind/name>) references.
// It returns an empty string if the resource doesn't reference any resource
// and a string with the format `<kind>/<name>.<namespace>` if it does.
func getObjectRef(ctx context.Context, kubeclient client.Client, selector string, ns string) ([]string, error) {
kind, name := utils.ParseObjectKindName(selector)
ref, err := fluxKindMap.getRefInfo(kind)
if err != nil {
return nil, fmt.Errorf("error getting groupversion: %w", err)
}
// the resource has no source ref
if len(ref.field) == 0 {
return nil, nil
}
obj := &unstructured.Unstructured{}
obj.SetGroupVersionKind(schema.GroupVersionKind{
Kind: kind,
Version: ref.gv.Version,
Group: ref.gv.Group,
})
objName := types.NamespacedName{
Namespace: ns,
Name: name,
}
err = kubeclient.Get(ctx, objName, obj)
if err != nil {
return nil, err
}
var ok bool
refKind := ref.kind
if refKind == "" {
kindField := append(ref.field, "kind")
refKind, ok, err = unstructured.NestedString(obj.Object, kindField...)
if err != nil {
return nil, err
}
if !ok {
return nil, fmt.Errorf("field '%s' for '%s' not found", strings.Join(kindField, "."), objName)
}
}
nameField := append(ref.field, "name")
refName, ok, err := unstructured.NestedString(obj.Object, nameField...)
if err != nil {
return nil, err
}
if !ok {
return nil, fmt.Errorf("field '%s' for '%s' not found", strings.Join(nameField, "."), objName)
}
var allRefs []string
refNamespace := ns
if ref.crossNamespaced {
namespaceField := append(ref.field, "namespace")
namespace, ok, err := unstructured.NestedString(obj.Object, namespaceField...)
if err != nil {
return nil, err
}
if ok {
refNamespace = namespace
}
}
allRefs = append(allRefs, fmt.Sprintf("%s/%s.%s", refKind, refName, refNamespace))
if ref.otherRefs != nil {
for _, otherRef := range ref.otherRefs(ns, name) {
allRefs = append(allRefs, fmt.Sprintf("%s.%s", otherRef, refNamespace))
}
}
return allRefs, nil
}
type refMap map[string]refInfo
func (r refMap) getRefInfo(kind string) (refInfo, error) {
for key, ref := range r {
if strings.EqualFold(key, kind) {
return ref, nil
}
}
return refInfo{}, fmt.Errorf("'%s' is not a recognized Flux kind", kind)
}
func (r refMap) hasKind(kind string) bool {
_, err := r.getRefInfo(kind)
return err == nil
}
type refInfo struct {
gv schema.GroupVersion
kind string
crossNamespaced bool
otherRefs func(namespace, name string) []string
field []string
}
var fluxKindMap = refMap{
kustomizev1.KustomizationKind: {
gv: kustomizev1.GroupVersion,
crossNamespaced: true,
field: []string{"spec", "sourceRef"},
},
helmv2.HelmReleaseKind: {
gv: helmv2.GroupVersion,
crossNamespaced: true,
otherRefs: func(namespace, name string) []string {
return []string{fmt.Sprintf("%s/%s-%s", sourcev1b2.HelmChartKind, namespace, name)}
},
field: []string{"spec", "chart", "spec", "sourceRef"},
},
notificationv1b2.AlertKind: {
gv: notificationv1b2.GroupVersion,
kind: notificationv1b2.ProviderKind,
crossNamespaced: false,
field: []string{"spec", "providerRef"},
},
notificationv1.ReceiverKind: {gv: notificationv1.GroupVersion},
notificationv1b2.ProviderKind: {gv: notificationv1b2.GroupVersion},
imagev1.ImagePolicyKind: {
gv: imagev1.GroupVersion,
kind: imagev1.ImageRepositoryKind,
crossNamespaced: true,
field: []string{"spec", "imageRepositoryRef"},
},
sourcev1.GitRepositoryKind: {gv: sourcev1.GroupVersion},
sourcev1b2.OCIRepositoryKind: {gv: sourcev1b2.GroupVersion},
sourcev1b2.BucketKind: {gv: sourcev1b2.GroupVersion},
sourcev1b2.HelmRepositoryKind: {gv: sourcev1b2.GroupVersion},
sourcev1b2.HelmChartKind: {gv: sourcev1b2.GroupVersion},
autov1.ImageUpdateAutomationKind: {gv: autov1.GroupVersion},
imagev1.ImageRepositoryKind: {gv: imagev1.GroupVersion},
}
func ignoreEvent(e corev1.Event) bool {
if !fluxKindMap.hasKind(e.InvolvedObject.Kind) {
return true
}
if len(eventArgs.filterTypes) > 0 {
_, equal := utils.ContainsEqualFoldItemString(eventArgs.filterTypes, e.Type)
if !equal {
return true
}
}
return false
}
// The functions below are copied from: https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/events/events.go#L347
// SortableEvents implements sort.Interface for []api.Event by time
type SortableEvents []corev1.Event
func (list SortableEvents) Len() int {
return len(list)
}
func (list SortableEvents) Swap(i, j int) {
list[i], list[j] = list[j], list[i]
}
// Return the time that should be used for sorting, which can come from
// various places in corev1.Event.
func eventTime(event corev1.Event) time.Time {
if event.Series != nil {
return event.Series.LastObservedTime.Time
}
if !event.LastTimestamp.Time.IsZero() {
return event.LastTimestamp.Time
}
return event.EventTime.Time
}
func (list SortableEvents) Less(i, j int) bool {
return eventTime(list[i]).Before(eventTime(list[j]))
}
func getLastSeen(e corev1.Event) string {
var interval string
firstTimestampSince := translateMicroTimestampSince(e.EventTime)
if e.EventTime.IsZero() {
firstTimestampSince = translateTimestampSince(e.FirstTimestamp)
}
if e.Series != nil {
interval = fmt.Sprintf("%s (x%d over %s)", translateMicroTimestampSince(e.Series.LastObservedTime), e.Series.Count, firstTimestampSince)
} else if e.Count > 1 {
interval = fmt.Sprintf("%s (x%d over %s)", translateTimestampSince(e.LastTimestamp), e.Count, firstTimestampSince)
} else {
interval = firstTimestampSince
}
return interval
}
// translateMicroTimestampSince returns the elapsed time since timestamp in
// human-readable approximation.
func translateMicroTimestampSince(timestamp metav1.MicroTime) string {
if timestamp.IsZero() {
return "<unknown>"
}
return duration.HumanDuration(time.Since(timestamp.Time))
}
// translateTimestampSince returns the elapsed time since timestamp in
// human-readable approximation.
func translateTimestampSince(timestamp metav1.Time) string {
if timestamp.IsZero() {
return "<unknown>"
}
return duration.HumanDuration(time.Since(timestamp.Time))
}

417
cmd/flux/events_test.go
View File

@@ -1,417 +0,0 @@
/*
Copyright 2023 The Kubernetes Authors.
Copyright 2023 The Flux authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"context"
"fmt"
"strings"
"testing"
. "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/runtime"
cmdutil "k8s.io/kubectl/pkg/cmd/util"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
helmv2beta1 "github.com/fluxcd/helm-controller/api/v2beta1"
autov1 "github.com/fluxcd/image-automation-controller/api/v1beta1"
imagev1 "github.com/fluxcd/image-reflector-controller/api/v1beta2"
kustomizev1 "github.com/fluxcd/kustomize-controller/api/v1"
notificationv1 "github.com/fluxcd/notification-controller/api/v1"
notificationv1b2 "github.com/fluxcd/notification-controller/api/v1beta2"
eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1"
"github.com/fluxcd/pkg/ssa"
sourcev1 "github.com/fluxcd/source-controller/api/v1"
sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2"
"github.com/fluxcd/flux2/v2/internal/utils"
)
var objects = `
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 5m0s
path: ./infrastructure/
prune: true
sourceRef:
kind: GitRepository
name: flux-system
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: podinfo
namespace: default
spec:
interval: 5m0s
path: ./infrastructure/
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 5m0s
ref:
branch: main
secretRef:
name: flux-system
timeout: 1m0s
url: ssh://git@github.com/example/repo
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: podinfo
namespace: default
spec:
chart:
spec:
chart: podinfo
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: podinfo
namespace: flux-system
version: '*'
interval: 5m0s
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: podinfo
namespace: flux-system
spec:
interval: 1m0s
url: https://stefanprodan.github.io/podinfo
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmChart
metadata:
name: default-podinfo
namespace: flux-system
spec:
chart: podinfo
interval: 1m0s
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: podinfo-chart
version: '*'
---
apiVersion: notification.toolkit.fluxcd.io/v1beta2
kind: Alert
metadata:
name: webapp
namespace: flux-system
spec:
eventSeverity: info
eventSources:
- kind: GitRepository
name: '*'
providerRef:
name: slack
---
apiVersion: notification.toolkit.fluxcd.io/v1beta2
kind: Provider
metadata:
name: slack
namespace: flux-system
spec:
address: https://hooks.slack.com/services/mock
type: slack
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: podinfo
namespace: default
spec:
imageRepositoryRef:
name: acr-podinfo
namespace: flux-system
policy:
semver:
range: 5.0.x
---
apiVersion: v1
kind: Namespace
metadata:
name: flux-system`
func Test_getObjectRef(t *testing.T) {
g := NewWithT(t)
objs, err := ssa.ReadObjects(strings.NewReader(objects))
g.Expect(err).To(Not(HaveOccurred()))
builder := fake.NewClientBuilder().WithScheme(getScheme())
for _, obj := range objs {
builder = builder.WithObjects(obj)
}
c := builder.Build()
tests := []struct {
name string
selector string
namespace string
want []string
wantErr bool
}{
{
name: "Source Ref for Kustomization",
selector: "Kustomization/flux-system",
namespace: "flux-system",
want: []string{"GitRepository/flux-system.flux-system"},
},
{
name: "Crossnamespace Source Ref for Kustomization",
selector: "Kustomization/podinfo",
namespace: "default",
want: []string{"GitRepository/flux-system.flux-system"},
},
{
name: "Source Ref for HelmRelease",
selector: "HelmRelease/podinfo",
namespace: "default",
want: []string{"HelmRepository/podinfo.flux-system", "HelmChart/default-podinfo.flux-system"},
},
{
name: "Source Ref for Alert",
selector: "Alert/webapp",
namespace: "flux-system",
want: []string{"Provider/slack.flux-system"},
},
{
name: "Source Ref for ImagePolicy",
selector: "ImagePolicy/podinfo",
namespace: "default",
want: []string{"ImageRepository/acr-podinfo.flux-system"},
},
{
name: "Empty Ref for Provider",
selector: "Provider/slack",
namespace: "flux-system",
want: nil,
},
{
name: "Non flux resource",
selector: "Namespace/flux-system",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
g := NewWithT(t)
got, err := getObjectRef(context.Background(), c, tt.selector, tt.namespace)
if tt.wantErr {
g.Expect(err).To(HaveOccurred())
return
}
g.Expect(err).To(Not(HaveOccurred()))
g.Expect(got).To(Equal(tt.want))
})
}
}
func Test_getRows(t *testing.T) {
g := NewWithT(t)
objs, err := ssa.ReadObjects(strings.NewReader(objects))
g.Expect(err).To(Not(HaveOccurred()))
builder := fake.NewClientBuilder().WithScheme(getScheme())
for _, obj := range objs {
builder = builder.WithObjects(obj)
}
eventList := &corev1.EventList{}
for _, obj := range objs {
infoEvent := createEvent(obj, eventv1.EventSeverityInfo, "Info Message", "Info Reason")
warningEvent := createEvent(obj, eventv1.EventSeverityError, "Error Message", "Error Reason")
eventList.Items = append(eventList.Items, infoEvent, warningEvent)
}
builder = builder.WithLists(eventList)
builder.WithIndex(&corev1.Event{}, "involvedObject.kind/name", kindNameIndexer)
c := builder.Build()
tests := []struct {
name string
selector string
refSelector string
namespace string
refNs string
expected [][]string
}{
{
name: "events from all namespaces",
selector: "",
namespace: "",
expected: [][]string{
{"default", "<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
{"default", "<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
{"default", "<unknown>", "error", "Error Reason", "ImagePolicy/podinfo", "Error Message"},
{"default", "<unknown>", "info", "Info Reason", "ImagePolicy/podinfo", "Info Message"},
{"default", "<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
{"default", "<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "Alert/webapp", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "Alert/webapp", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "GitRepository/flux-system", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "GitRepository/flux-system", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "HelmChart/default-podinfo", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "HelmChart/default-podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "HelmRepository/podinfo", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "HelmRepository/podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "Kustomization/flux-system", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "Kustomization/flux-system", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "Provider/slack", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "Provider/slack", "Info Message"},
},
},
{
name: "events from default namespaces",
selector: "",
namespace: "default",
expected: [][]string{
{"<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
{"<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
{"<unknown>", "error", "Error Reason", "ImagePolicy/podinfo", "Error Message"},
{"<unknown>", "info", "Info Reason", "ImagePolicy/podinfo", "Info Message"},
{"<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
{"<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
},
},
{
name: "Kustomization with crossnamespaced GitRepository",
selector: "Kustomization/podinfo",
namespace: "default",
expected: [][]string{
{"default", "<unknown>", "error", "Error Reason", "Kustomization/podinfo", "Error Message"},
{"default", "<unknown>", "info", "Info Reason", "Kustomization/podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "GitRepository/flux-system", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "GitRepository/flux-system", "Info Message"},
},
},
{
name: "HelmRelease with crossnamespaced HelmRepository",
selector: "HelmRelease/podinfo",
namespace: "default",
expected: [][]string{
{"default", "<unknown>", "error", "Error Reason", "HelmRelease/podinfo", "Error Message"},
{"default", "<unknown>", "info", "Info Reason", "HelmRelease/podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "HelmRepository/podinfo", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "HelmRepository/podinfo", "Info Message"},
{"flux-system", "<unknown>", "error", "Error Reason", "HelmChart/default-podinfo", "Error Message"},
{"flux-system", "<unknown>", "info", "Info Reason", "HelmChart/default-podinfo", "Info Message"},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
g := NewWithT(t)
var refs []string
var refNs, refKind, refName string
if tt.selector != "" {
refs, err = getObjectRef(context.Background(), c, tt.selector, tt.namespace)
g.Expect(err).To(Not(HaveOccurred()))
}
g.Expect(err).To(Not(HaveOccurred()))
clientOpts := getTestListOpt(tt.namespace, tt.selector)
var refOpts [][]client.ListOption
for _, ref := range refs {
refKind, refName, refNs = utils.ParseObjectKindNameNamespace(ref)
refSelector := fmt.Sprintf("%s/%s", refKind, refName)
refOpts = append(refOpts, getTestListOpt(refNs, refSelector))
}
showNs := tt.namespace == "" || (refNs != "" && refNs != tt.namespace)
rows, err := getRows(context.Background(), c, clientOpts, refOpts, showNs)
g.Expect(err).To(Not(HaveOccurred()))
g.Expect(rows).To(Equal(tt.expected))
})
}
}
func getTestListOpt(namespace, selector string) []client.ListOption {
clientListOpts := []client.ListOption{client.Limit(cmdutil.DefaultChunkSize), client.InNamespace(namespace)}
if selector != "" {
sel := fields.OneTermEqualSelector("involvedObject.kind/name", selector)
clientListOpts = append(clientListOpts, client.MatchingFieldsSelector{Selector: sel})
}
return clientListOpts
}
func getScheme() *runtime.Scheme {
newscheme := runtime.NewScheme()
corev1.AddToScheme(newscheme)
kustomizev1.AddToScheme(newscheme)
helmv2beta1.AddToScheme(newscheme)
notificationv1.AddToScheme(newscheme)
notificationv1b2.AddToScheme(newscheme)
imagev1.AddToScheme(newscheme)
autov1.AddToScheme(newscheme)
sourcev1.AddToScheme(newscheme)
sourcev1b2.AddToScheme(newscheme)
return newscheme
}
func createEvent(obj client.Object, eventType, msg, reason string) corev1.Event {
return corev1.Event{
ObjectMeta: metav1.ObjectMeta{
Namespace: obj.GetNamespace(),
// name of event needs to be unique so fak
Name: obj.GetNamespace() + obj.GetNamespace() + obj.GetObjectKind().GroupVersionKind().Kind + eventType,
},
Reason: reason,
Message: msg,
Type: eventType,
InvolvedObject: corev1.ObjectReference{
Kind: obj.GetObjectKind().GroupVersionKind().Kind,
Namespace: obj.GetNamespace(),
Name: obj.GetName(),
},
}
}
func kindNameIndexer(obj client.Object) []string {
e, ok := obj.(*corev1.Event)
if !ok {
panic(fmt.Sprintf("Expected a Event, got %T", e))
}
return []string{fmt.Sprintf("%s/%s", e.InvolvedObject.Kind, e.InvolvedObject.Name)}
}

5
cmd/flux/export.go
View File

@@ -26,13 +26,13 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/yaml"
"github.com/fluxcd/flux2/v2/internal/utils"
"github.com/fluxcd/flux2/internal/utils"
)
var exportCmd = &cobra.Command{
Use: "export",
Short: "Export resources in YAML format",
Long: `The export sub-commands export resources in YAML format.`,
Long: "The export sub-commands export resources in YAML format.",
}
type exportFlags struct {
@@ -122,6 +122,5 @@ func printExport(export interface{}) error {
func resourceToString(data []byte) string {
data = bytes.Replace(data, []byte(" creationTimestamp: null\n"), []byte(""), 1)
data = bytes.Replace(data, []byte("status: {}\n"), []byte(""), 1)
data = bytes.TrimSpace(data)
return string(data)
}

Some files were not shown because too many files have changed in this diff Show More