You are viewing documentation for Flux version: 2.1

Version 2.1 of the documentation is no longer actively maintained. The site that you are currently viewing is an archived snapshot. For up-to-date documentation, see the latest version.

flux bootstrap gitlab

flux bootstrap gitlab

Deploy Flux on a cluster connected to a GitLab repository

Synopsis

The bootstrap gitlab command creates the GitLab repository if it doesn’t exists and commits the Flux manifests to the specified branch. Then it configures the target cluster to synchronize with that repository. If the Flux components are present on the cluster, the bootstrap command will perform an upgrade if needed.

flux bootstrap gitlab [flags]

Examples

  # Create a GitLab API token and export it as an env var
  export GITLAB_TOKEN=<my-token>

  # Run bootstrap for a private repository using HTTPS token authentication
  flux bootstrap gitlab --owner=<group> --repository=<repository name> --token-auth

  # Run bootstrap for a private repository using SSH authentication
  flux bootstrap gitlab --owner=<group> --repository=<repository name>

  # Run bootstrap for a repository path
  flux bootstrap gitlab --owner=<group> --repository=<repository name> --path=dev-cluster

  # Run bootstrap for a public repository on a personal account
  flux bootstrap gitlab --owner=<user> --repository=<repository name> --private=false --personal --token-auth

  # Run bootstrap for a private repository hosted on a GitLab server
  flux bootstrap gitlab --owner=<group> --repository=<repository name> --hostname=<domain> --token-auth

  # Run bootstrap for a an existing repository with a branch named main
  flux bootstrap gitlab --owner=<organization> --repository=<repository name> --branch=main --token-auth

  # Run bootstrap for a private repository using Deploy Token authentication
  flux bootstrap gitlab --owner=<group> --repository=<repository name> --deploy-token-auth
  

Options

      --deploy-token-auth       when enabled, a Project Deploy Token is generated and will be used instead of the SSH deploy token
  -h, --help                    help for gitlab
      --hostname string         GitLab hostname (default "gitlab.com")
      --interval duration       sync interval (default 1m0s)
      --owner string            GitLab user or group name
      --path safeRelativePath   path relative to the repository root, when specified the cluster sync will be scoped to this path
      --personal                if true, the owner is assumed to be a GitLab user; otherwise a group
      --private                 if true, the repository is setup or configured as private (default true)
      --read-write-key          if true, the deploy key is configured with read/write permissions
      --reconcile               if true, the configured options are also reconciled if the repository already exists
      --repository string       GitLab repository name
      --team strings            GitLab teams to be given maintainer access (also accepts comma-separated values)

Options inherited from parent commands

      --as string                              Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray                   Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                          UID to impersonate for the operation.
      --author-email string                    author email for Git commits
      --author-name string                     author name for Git commits (default "Flux")
      --branch string                          Git branch (default "main")
      --ca-file string                         path to TLS CA file used for validating self-signed certificates
      --cache-dir string                       Default cache directory (default "/opt/buildhome/.kube/cache")
      --certificate-authority string           Path to a cert file for the certificate authority to authenticate the Kubernetes API server
      --client-certificate string              Path to a client certificate file for TLS authentication to the Kubernetes API server
      --client-key string                      Path to a client key file for TLS authentication to the Kubernetes API server
      --cluster string                         The name of the kubeconfig cluster to use
      --cluster-domain string                  internal cluster domain (default "cluster.local")
      --commit-message-appendix string         string to add to the commit messages, e.g. '[ci skip]'
      --components strings                     list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller])
      --components-extra strings               list of components in addition to those supplied or defaulted, accepts values such as 'image-reflector-controller,image-automation-controller'
      --context string                         The name of the kubeconfig context to use
      --disable-compression                    If true, opt-out of response compression for all requests to the server
      --gpg-key-id string                      key id for selecting a particular key
      --gpg-key-ring string                    path to GPG key ring for signing commits
      --gpg-passphrase string                  passphrase for decrypting GPG private key
      --image-pull-secret string               Kubernetes secret name used for pulling the controller images from a private registry
      --insecure-skip-tls-verify               If true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kube-api-burst int                     The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300)
      --kube-api-qps float32                   The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
      --kubeconfig string                      Path to the kubeconfig file to use for CLI requests.
      --log-level logLevel                     log level, available options are: (debug, info, error) (default info)
  -n, --namespace string                       If present, the namespace scope for this CLI request (default "flux-system")
      --network-policy                         setup Kubernetes network policies to deny ingress access to the Flux controllers from other namespaces (default true)
      --private-key-file string                path to a private key file used for authenticating to the Git SSH server
      --recurse-submodules                     when enabled, configures the GitRepository source to initialize and include Git submodules in the artifact it produces
      --registry string                        container registry where the Flux controller images are published (default "ghcr.io/fluxcd")
      --secret-name string                     name of the secret the sync credentials can be found in or stored to (default "flux-system")
      --server string                          The address and port of the Kubernetes API server
      --ssh-ecdsa-curve ecdsaCurve             SSH ECDSA public key curve (p256, p384, p521) (default p384)
      --ssh-hostname string                    SSH hostname, to be used when the SSH host differs from the HTTPS one
      --ssh-key-algorithm publicKeyAlgorithm   SSH public key algorithm (rsa, ecdsa, ed25519) (default ecdsa)
      --ssh-rsa-bits rsaKeyBits                SSH RSA public key bit size (multiplies of 8, min 1024) (default 2048)
      --timeout duration                       timeout for this operation (default 5m0s)
      --tls-server-name string                 Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                           Bearer token for authentication to the API server
      --token-auth                             when enabled, the personal access token will be used instead of the SSH deploy key
      --toleration-keys strings                list of toleration keys used to schedule the controller pods onto nodes with matching taints
      --user string                            The name of the kubeconfig user to use
      --verbose                                print generated objects
  -v, --version string                         toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases
      --watch-all-namespaces                   watch for custom resources in all namespaces, if set to false it will only watch the namespace where the Flux controllers are installed (default true)

SEE ALSO