Skip to main content
Version: 0.17.0

GitRepository generator enterprise

The gitRepository generator allows you to generate resources from the contents of files in a Git repository.

Example

apiVersion: templates.weave.works/v1alpha1
kind: GitOpsSet
metadata:
  labels:
    app.kubernetes.io/name: gitopsset
    app.kubernetes.io/instance: gitopsset-sample
    app.kubernetes.io/part-of: gitopssets-controller
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/created-by: gitopssets-controller
  name: repository-sample
spec:
  generators:
    - gitRepository:
        repositoryRef: go-demo-repo
        files:
          - path: examples/generation/dev.yaml
          - path: examples/generation/production.yaml
          - path: examples/generation/staging.yaml
  templates:
    - content:
        kind: Kustomization
        apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
        metadata:
          name: "{{ .element.env }}-demo"
          labels:
            app.kubernetes.io/name: go-demo
            app.kubernetes.io/instance: "{{ .element.env }}"
            com.example/team: "{{ .element.team }}"
        spec:
          interval: 5m
          path: "./examples/kustomize/environments/{{ .element.env }}"
          prune: true
          sourceRef:
            kind: GitRepository
            name: go-demo-repo

In this example, a Flux GitRepository called go-demo-repo in the same namespace as the GitOpsSet will be tracked, and Kustomization resources are generated from the three files listed.

These files can be JSON or YAML.

In this example we expect to find the following structure in the files:

examples/generation/dev.yaml
env: dev
team: developers

Changes pushed to the GitRepository will result in rereconciliation of the templates into the cluster.

For security reasons, you need to explicitly list out the files that the generator should parse.

caution

To run this example you will need extra RBAC

This particular example creates kustomizations, so you will need to add the below RBAC to the gitopssets-controller-manager service account to allow it to create kustomizations.

Check out the Security section for more information.

However this will change in the next release with impersonation. Instead you can choose a service account for each GitOpsSet that has the required permissions for creating the rendered resources in the templates section.

Additional RBAC for the gitopssets-controller-manager service account:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: demo-role
rules:
- apiGroups:
  - kustomize.toolkit.fluxcd.io
  resources:
  - kustomizations
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: demo-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: demo-role
subjects:
- kind: ServiceAccount
  name: gitopssets-controller-manager
  namespace: flux-system