GitRepository generator enterprise
Generation from files
The gitRepository generator allows you to generate resources from the contents of files in a Git repository.
It operates on Flux GitRepositories.
When a GitRepository is updated, this will trigger a regeneration of templates.
The generator operates in two different ways, you can parse files (YAML or JSON) into Elements, or you can scan directories for subdirectories.
Example
apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
labels:
app.kubernetes.io/name: gitopsset
app.kubernetes.io/instance: gitopsset-sample
app.kubernetes.io/part-of: gitopssets-controller
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: gitopssets-controller
name: repository-sample
spec:
generators:
- gitRepository:
repositoryRef: go-demo-repo
files:
- path: examples/generation/dev.yaml
- path: examples/generation/production.yaml
- path: examples/generation/staging.yaml
templates:
- content:
kind: Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
metadata:
name: "{{ .Element.env }}-demo"
labels:
app.kubernetes.io/name: go-demo
app.kubernetes.io/instance: "{{ .Element.env }}"
com.example/team: "{{ .Element.team }}"
spec:
interval: 5m
path: "./examples/kustomize/environments/{{ .Element.env }}"
prune: true
sourceRef:
kind: GitRepository
name: go-demo-repo
In this example, a Flux GitRepository called go-demo-repo in the same namespace as the GitOpsSet will be tracked, and Kustomization resources will be generated from the three files listed.
These files can be JSON or YAML.
In this example we expect to find the following structure in the files:
env: dev
team: developers
Changes pushed to the GitRepository will result in rereconciliation of the templates into the cluster.
Generation from directories
Example
apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
labels:
app.kubernetes.io/name: gitopsset
app.kubernetes.io/instance: gitopsset-sample
app.kubernetes.io/part-of: gitopssets-controller
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/created-by: gitopssets-controller
name: repository-sample
spec:
generators:
- gitRepository:
repositoryRef: go-demo-repo
directories:
- path: examples/kustomize/environments/*
templates:
- content:
kind: Kustomization
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
metadata:
name: "{{ .Element.Base }}-demo"
labels:
app.kubernetes.io/name: go-demo
app.kubernetes.io/instance: "{{ .Element.Base }}"
com.example/team: "{{ .Element.Base }}"
spec:
interval: 5m
path: "{{ .Element.Directory }}"
prune: true
sourceRef:
kind: GitRepository
name: go-demo-repo
In this example, a Flux GitRepository called go-demo-repo in the same namespace as the GitOpsSet will be tracked, and Kustomization resources are generated from paths within the examples/kustomize/environments/* directory within the repository.
Each generated element has two keys, .Element.Directory which will be a repo-relative path and .Element.Base which contains the last element of the path, for example, for a directory ./examples/kustomize/environments/production this will be production.
It is also possible to exclude paths from the generated list, for example, if you do not want to generate for a directory you can exclude it with:
apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
name: repository-sample
spec:
generators:
- gitRepository:
repositoryRef: go-demo-repo
directories:
- path: examples/kustomize/environments/*
- path: examples/kustomize/environments/production
exclude: true
templates:
- content:
In this case, all directories that are subdirectories of examples/kustomize/environments will be generated, but not examples/kustomize/environments/production.
Note: The directory tree detection is restricted to the same directory as the path, no recursion is done.
In fact the path is treated as a Glob.
For security reasons, you need to explicitly list out the files that the generator should parse.
To run this example you will need extra RBAC
This particular example creates kustomizations, so you will need to add the below RBAC
to the gitopssets-controller-manager service account to allow it to create kustomizations.
Check out the Security section for more information.
However this will change in the next release with impersonation. Instead you can choose a service account
for each GitOpsSet that has the required permissions for creating the rendered resources in the
templates section.
Additional RBAC for the gitopssets-controller-manager service account:
Expand to see SA resources
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: demo-role
rules:
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- kustomizations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: demo-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: demo-role
subjects:
- kind: ServiceAccount
name: gitopssets-controller-manager
namespace: flux-system