In order to streamline the docs across all controllers, the CRD spec
file name is pluralized. This lets us better automate docs generation
from CRD specs.
refs fluxcd/website#1577
Signed-off-by: Max Jonas Werner <mail@makk.es>
- allow `OCIRepository` to be specified in `sourceRef.kind`
- react to `OCIRepository` artifacts events
- add end-to-end test for OCI repositories
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
- remove the Go spec section
- add basic usage example
- fix SOPS CLI examples
- explain how to generate image pull secrets from encrypted dockerconfigjson files
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This adds a SOPS GCP KMS key source which makes use of the latest GCP
client, and supports both injection of master key credentials and a
default client making use of environmental runtime values.
The implementation fully replaces SOPS', and is covered with
compatability tests.
Signed-off-by: Somtochi Onyekwere <somtochionyekwere@gmail.com>
Add an optional flag for disabling remote bases. While the `--no-remote-bases` is set to `false` by default, Flux users are encouraged to enable it on production system for security and performance reasons. Using Kustomize remote bases means that kustomize-controller must clone the remote repositories on every reconciliation instead of using the source-controller artifacts cache. Allowing remote bases on multi-tenant clusters, means platform admins have no control over which repositories make up the desired state.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This includes a refactor of the other entries, to start moving guides
to the website while containing minimal technical (instructions)
in-spec.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Introduce an annotation that configures kustomize-controller to co-manage objects applied with kubectl.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
In a Kustomization's post-build substitution sources, introduce a new
"Optional" field to allow referencing a Kubernetes ConfigMap or Secret
that may not exist at time of reconciliation. Treat substitution when
the referenced object is missing as if the object had been present but
empty, lacking any variable bindings.
Retain the longstanding behavior of interpreting references to
Kubernetes objects being mandatory by default, such that
reconciliation fails if such a referenced object does not exist. Only
when the "Optional" field is set to true will reconciliation tolerate
finding the referenced object to be missing.
Signed-off-by: Steven E. Harris <seh@panix.com>
+ in the `spec.path` of the Flux `Kustomization`
In #2357 it was noted that we mention `spec.path` but the code example
provided for context is a `GitRepository`. This is a leap too far, let's
provide this to better clarify the context.
Signed-off-by: Kingdon Barrett <kingdon@weave.works>
Introduce the flag `--default-service-account` for allowing cluster admins to enforce impersonation for resources reconciliation.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace references to sources.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
If implemented, the kustomize controller will be able to retrieve a
secret containing a VAULT TOKEN and use it to decrypt the sops encrypted
master key. It will then use it to decrypt the data key and finally use the data
key to decrypt the final data.
Signed-off-by: Soule BA <bah.soule@gmail.com>
Introduce `kustomize.toolkit.fluxcd.io/reconcile` annotation. When set to `disabled`, the controller will no longer apply changes from source, nor it will prune the annotated resource.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Changes from v1beta1:
- `spec.validation` removed (server-side validation is implicit)
- `spec.status.snapshot` replaced by `spec.status.inventory`
- `spec.patchesStrategicMerge` deprecated in favour of `spec.patches`
- `spec.patchesJson6902` deprecated in favour of `spec.patches`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
mutron3k
Max Jonas Werner
Stefan Prodan
Hidde Beydals
Somtochi Onyekwere
Kristian Klausen
Daniel Holbach
Surya
Andrés Botero
Sanskar Jaiswal
Sunny
Kingdon Barrett
Steven E. Harris
Soule BA
Gonzalo Villafañe Tapia
George Gaál