46522f9815
this commit ensures that if ca.crt or caFile is available in the github app secret, a tls config with user provided certs is appended to system cert pool and passed to the underlying http transport Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): update target URL for TLSConfigFromSecret this commit ensures that the target URL for runtime/secrets.TLSConfigFromSecret has the scheme and host Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): adds test scenarios this commit adds test scenarios for mTLS GitHub app in reconcile source auth strategy Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): use runtime/secrets authMethods this commit ensures that GitHubApp secret resolution happens via pkg/runtime/secrets Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): update docs Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): adds github app data check this commit ensures that when provider is github and no github app data is present in the secret, it will error out with invalid configuration Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): removes getProxyOpts helper func this commit removes the helper method getProxyOpts and uses the standardized pkg/runtime/secrets APIs to get proxy options. Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): removes getProxyOpts test Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): improves test coverage Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): do not stall on missing github app data Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> (chore): adds a note on mTLS configuration in docs This commit mentions in the docs that if tls.crt and tls.key is part of the secret then mutual TLS configuration will be automatically enabled and should be used optionally. Signed-off-by: abhijith-darshan <abhijith.darshan@hotmail.com> |
||
|---|---|---|
| .github | ||
| api | ||
| config | ||
| docs | ||
| hack | ||
| internal | ||
| tests | ||
| .dockerignore | ||
| .gitignore | ||
| .goreleaser.yaml | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| DCO | ||
| DEVELOPMENT.md | ||
| Dockerfile | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| PROJECT | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
| main.go | ||
README.md
Source controller
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit.
APIs
| Kind | API Version |
|---|---|
| GitRepository | source.toolkit.fluxcd.io/v1 |
| OCIRepository | source.toolkit.fluxcd.io/v1 |
| HelmRepository | source.toolkit.fluxcd.io/v1 |
| HelmChart | source.toolkit.fluxcd.io/v1 |
| Bucket | source.toolkit.fluxcd.io/v1 |
Features
- authenticates to sources (SSH, user/password, API token, Workload Identity)
- validates source authenticity (PGP, Cosign, Notation)
- detects source changes based on update policies (semver)
- fetches resources on-demand and on-a-schedule
- packages the fetched resources into a well-known format (tar.gz, yaml)
- makes the artifacts addressable by their source identifier (sha, version, ts)
- makes the artifacts available in-cluster to interested 3rd parties
- notifies interested 3rd parties of source changes and availability (status conditions, events, hooks)
- reacts to Git, Helm and OCI artifacts push events (via notification-controller)
Guides
- Get started with Flux
- Setup Webhook Receivers
- Setup Notifications
- How to build, publish and consume OCI Artifacts with Flux
Roadmap
The roadmap for the Flux family of projects can be found at https://fluxcd.io/roadmap/.
Contributing
This project is Apache 2.0 licensed and accepts contributions via GitHub pull requests. To start contributing please see the development guide.