The GitOps Toolkit source management component

Go to file

Hidde Beydals 0ec49784b5 oci: sort remaining quirks in cosign verify logic This commit properly sets `IgnoreTlog` to `true` when a public key is provided to check the signature against, which matches the (silent) default behavior from cosign v1. However, during this exercise it has become apparant that this assumption isn't necessarily true. As you can theoretically have a custom key and a tlog entry. Given this, we should inventarise the possible configuration options and the potential value they have to users (e.g. defining a custom Rekor URL seems to be valuable as well), and extend our API to facilitate these needs. In addition to the above, the CTLog public keys are now properly retrieved to avoid a `none of the CTFE keys have been found` error. Signed-off-by: Hidde Beydals <hidde@hhh.computer>		2023-05-22 11:08:16 +02:00
.github	build(deps): bump actions/setup-go from 4.0.0 to 4.0.1	2023-05-22 07:17:22 +00:00
api	api: update dependencies	2023-03-29 16:47:48 +02:00
config	Release v1.0.0-rc.3	2023-05-12 11:53:59 +02:00
docs	Add note about bearer token auth with Git servers	2023-05-12 11:26:12 +02:00
hack	Move controllers to internal/controller	2023-05-03 15:35:45 +05:30
internal	oci: sort remaining quirks in cosign verify logic	2023-05-22 11:08:16 +02:00
pkg	Update cosign to v2	2023-05-22 11:08:12 +02:00
tests/fuzz	Move controllers to internal/controller	2023-05-03 15:35:45 +05:30
.dockerignore	libgit2: Remove references to libgit2 from code	2022-12-12 15:34:28 +00:00
.gitignore	Update libgit2 to 1.1.1-6	2022-02-07 13:00:57 +00:00
.goreleaser.yaml	release: pass `--yes` to cosign in signs	2023-03-08 13:05:29 +01:00
CHANGELOG.md	Release v1.0.0-rc.3	2023-05-12 11:53:59 +02:00
CODE_OF_CONDUCT.md	Add governance files like DCO, MAINTAINERS, CoC	2020-04-12 23:54:35 +02:00
DCO	Add governance files like DCO, MAINTAINERS, CoC	2020-04-12 23:54:35 +02:00
DEVELOPMENT.md	libgit2: Update documentation	2022-12-12 15:34:30 +00:00
Dockerfile	Update Alpine to 3.18	2023-05-10 09:25:35 -04:00
LICENSE	Initial commit	2020-04-05 11:55:46 +03:00
MAINTAINERS	Paulo is Core Maintainer	2023-01-31 17:13:16 +01:00
Makefile	Move controllers to internal/controller	2023-05-03 15:35:45 +05:30
PROJECT	Add GitRepository v1 to project file	2023-03-28 12:30:11 +03:00
README.md	Add API docs links to readme	2023-03-30 13:10:46 +03:00
go.mod	Update cosign to v2	2023-05-22 11:08:12 +02:00
go.sum	Update cosign to v2	2023-05-22 11:08:12 +02:00
main.go	Move controllers to internal/controller	2023-05-03 15:35:45 +05:30

README.md

Source controller

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit.

APIs

Kind	API Version
GitRepository	`source.toolkit.fluxcd.io/v1`
OCIRepository	`source.toolkit.fluxcd.io/v1beta2`
HelmRepository	`source.toolkit.fluxcd.io/v1beta2`
HelmChart	`source.toolkit.fluxcd.io/v1beta2`
Bucket	`source.toolkit.fluxcd.io/v1beta2`

Features

authenticates to sources (SSH, user/password, API token, Workload Identity)
validates source authenticity (PGP, Cosign)
detects source changes based on update policies (semver)
fetches resources on-demand and on-a-schedule
packages the fetched resources into a well-known format (tar.gz, yaml)
makes the artifacts addressable by their source identifier (sha, version, ts)
makes the artifacts available in-cluster to interested 3rd parties
notifies interested 3rd parties of source changes and availability (status conditions, events, hooks)
reacts to Git, Helm and OCI artifacts push events (via notification-controller)

Guides

Roadmap

The roadmap for the Flux family of projects can be found at https://fluxcd.io/roadmap/.

Contributing

This project is Apache 2.0 licensed and accepts contributions via GitHub pull requests. To start contributing please see the development guide.