ca-cert option in flux-instance

controlplaneio-fluxcd / flux-operator

Flux Operator is a Kubernetes controller for managing the lifecycle of Flux CD

https://fluxcd.control-plane.io/operator/

GNU Affero General Public License v3.0

182 stars 5 forks source link

ca-cert option in flux-instance #112

Open krishau99 opened 2 weeks ago

krishau99 commented 2 weeks ago

Hi!

I have custom signed certificates and will need to add a custom ca to reach my git instance at spec.distribution.registry.

With flux bootstrap there is an option to provide a --ca-file. I could not find this option implemented in the flux-instance. Am I missing something, or do you have any tips on how to provide this in the flux-instance manifest? If its not implemented, is this a planned feature for the near future?

stefanprodan commented 2 weeks ago

The spec.distribution.registry points to the container registry where the Flux images are. Are you maybe referring to the spec.sync section, that’s the one holding the Git configuration?

krishau99 commented 2 weeks ago

Yes, that is correct. It would be the spec.sync section. So that would mean an option to add the --ca-file option in the flux-instance under that section.

stefanprodan commented 2 weeks ago

You would just add the CA to the Git auth secret, there is no need to configure anything in the sync besides setting pullSecret. See https://fluxcd.io/flux/components/source/gitrepositories/#https-certificate-authority

stefanprodan commented 2 weeks ago

There is a dedicated command that you can use to generate the secret flux create secret git flux-system -u -p --ca-crt-file