This repository implements a simple controller for watching Secrets created by gitlab and calling the API to update the deploy keys the specified repo
Note: go-get or vendor this package as github.com/topfreegames/flux-gitlab-controller.
The sample controller uses client-go library extensively.
Prerequisite: Since the controller uses apps/v1 deployments, the Kubernetes cluster version should be greater than 1.9.
# assumes you have a working kubeconfig, not required if operating in-cluster
go build
./flux-gitlab-controller -gitlab-token $TOKEN -kubeconfig=$HOME/.kube/config
# create a flux secret with the corresponding `fluxcd.io/git-url` and `fluxcd.io/sync-gc-mark` marks
kubectl create -f artifacts/examples/flux_secret.yaml
# Check that the fluxcd.io/deployKeyId has been created in the secret and that the repo contains
# the associated deployment key
kubectl get secret -o yaml flux-git-deployYou can also set the gitlab-token through the GITLAB_TOKEN env variable if you need an extra
layer of security on provisioning secrets to the controller
In that case, this controller won't re-create the key as we're not constantly checking for deleted keys to avoid putting too much pressure to the gitlab api.
In order for flux to re-create the key, the fluxcd.io/deployKeyId annotation needs to be removed from the secret so flux realizes that the secret is not synched and will recreate the appropriate key