fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1811 from fluxcd/rfc-0010-docs 

[RFC-0010] Link workload identity docs to complete guide
This commit is contained in:
Matheus Pimenta 2025-05-27 09:46:26 +01:00 committed by GitHub
parent fdc84c7efa d5552220a5
commit 359d50d77e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/spec/v1/buckets.md
View File

@ -134,6 +134,9 @@ Supported options are:
If you do not specify `.spec.provider`, it defaults to `generic`. If you do not specify `.spec.provider`, it defaults to `generic`.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
#### Generic #### Generic
When a Bucket's `spec.provider` is set to `generic`, the controller will When a Bucket's `spec.provider` is set to `generic`, the controller will

3
docs/spec/v1/gitrepositories.md
View File

@ -251,6 +251,9 @@ Supported options are:
When provider is not specified, it defaults to `generic` indicating that When provider is not specified, it defaults to `generic` indicating that
mechanisms using `spec.secretRef` are used for authentication. mechanisms using `spec.secretRef` are used for authentication.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
#### Azure #### Azure
The `azure` provider can be used to authenticate to Azure DevOps repositories The `azure` provider can be used to authenticate to Azure DevOps repositories

23
docs/spec/v1/ocirepositories.md
View File

@ -121,6 +121,9 @@ static credentials are used for authentication, either with
`spec.secretRef` or `spec.serviceAccountName`. `spec.secretRef` or `spec.serviceAccountName`.
If you do not specify `.spec.provider`, it defaults to `generic`. If you do not specify `.spec.provider`, it defaults to `generic`.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
#### AWS #### AWS
The `aws` provider can be used to authenticate automatically using the EKS The `aws` provider can be used to authenticate automatically using the EKS
@ -267,12 +270,22 @@ kubectl create secret docker-registry ...
### Service Account reference ### Service Account reference
`.spec.serviceAccountName` is an optional field to specify a name reference to a `.spec.serviceAccountName` is an optional field to specify a Service Account
Service Account in the same namespace as the OCIRepository. The controller will in the same namespace as OCIRepository with purpose depending on the value of
fetch the image pull secrets attached to the service account and use them for authentication. the `.spec.provider` field:
**Note:** that for a publicly accessible image repository, you don't need to provide a `secretRef` - When `.spec.provider` is set to `generic`, the controller will fetch the image
nor `serviceAccountName`. pull secrets attached to the Service Account and use them for authentication.
- When `.spec.provider` is set to `aws`, `azure`, or `gcp`, the Service Account
will be used for Workload Identity authentication. In this case, the controller
feature gate `ObjectLevelWorkloadIdentity` must be enabled, otherwise the
controller will error out.
**Note:** that for a publicly accessible image repository, you don't need to
provide a `secretRef` nor `serviceAccountName`.
For a complete guide on how to set up authentication for cloud providers,
see the integration [docs](/flux/integrations/).
### Cert secret reference ### Cert secret reference