You are viewing documentation for Flux version: 2.5
Version 2.5 of the documentation is no longer actively maintained. The site that you are currently viewing is an archived snapshot. For up-to-date documentation, see the latest version.
flux create secret git
flux create secret git
Create or update a Kubernetes secret for Git authentication
Synopsis
The create secret git command generates a Kubernetes secret with Git credentials. For Git over SSH, the host and SSH keys are automatically generated and stored in the secret. For Git over HTTP/S, the provided basic authentication credentials or bearer authentication token are stored in the secret.
flux create secret git [name] [flags] Examples
# Create a Git SSH authentication secret using an ECDSA P-521 curve public key flux create secret git podinfo-auth \ --url=ssh://git@github.com/stefanprodan/podinfo \ --ssh-key-algorithm=ecdsa \ --ssh-ecdsa-curve=p521 # Create a Git SSH authentication secret with a passwordless private key from file # The public SSH host key will still be gathered from the host flux create secret git podinfo-auth \ --url=ssh://git@github.com/stefanprodan/podinfo \ --private-key-file=./private.key # Create a Git SSH authentication secret with a passworded private key from file # The public SSH host key will still be gathered from the host flux create secret git podinfo-auth \ --url=ssh://git@github.com/stefanprodan/podinfo \ --private-key-file=./private.key \ --password=<password> # Create a secret for a Git repository using basic authentication flux create secret git podinfo-auth \ --url=https://github.com/stefanprodan/podinfo \ --username=username \ --password=password # Create a Git SSH secret on disk flux create secret git podinfo-auth \ --url=ssh://git@github.com/stefanprodan/podinfo \ --export > podinfo-auth.yaml # Print the deploy key yq eval '.stringData."identity.pub"' podinfo-auth.yaml # Encrypt the secret on disk with Mozilla SOPS sops --encrypt --encrypted-regex '^(data|stringData)$' \ --in-place podinfo-auth.yaml Options
--bearer-token string bearer authentication token --ca-crt-file string path to TLS CA certificate file used for validating self-signed certificates -h, --help help for git -p, --password string basic authentication password --private-key-file string path to a passwordless private key file used for authenticating to the Git SSH server --ssh-ecdsa-curve ecdsaCurve SSH ECDSA public key curve (p256, p384, p521) (default p384) --ssh-key-algorithm publicKeyAlgorithm SSH public key algorithm (rsa, ecdsa, ed25519) (default ecdsa) --ssh-rsa-bits rsaKeyBits SSH RSA public key bit size (multiplies of 8, min 1024) (default 2048) --url string git address, e.g. ssh://git@host/org/repository -u, --username string basic authentication username Options inherited from parent commands
--as string Username to impersonate for the operation. User could be a regular user or a service account in a namespace. --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. --as-uid string UID to impersonate for the operation. --cache-dir string Default cache directory (default "/opt/buildhome/.kube/cache") --certificate-authority string Path to a cert file for the certificate authority to authenticate the Kubernetes API server --client-certificate string Path to a client certificate file for TLS authentication to the Kubernetes API server --client-key string Path to a client key file for TLS authentication to the Kubernetes API server --cluster string The name of the kubeconfig cluster to use --context string The name of the kubeconfig context to use --disable-compression If true, opt-out of response compression for all requests to the server --export export in YAML format to stdout --insecure-skip-tls-verify If true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure --interval duration source sync interval (default 1m0s) --kube-api-burst int The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300) --kube-api-qps float32 The maximum queries-per-second of requests sent to the Kubernetes API. (default 50) --kubeconfig string Path to the kubeconfig file to use for CLI requests. --label strings set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2) -n, --namespace string If present, the namespace scope for this CLI request (default "flux-system") --server string The address and port of the Kubernetes API server --timeout duration timeout for this operation (default 5m0s) --tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --verbose print generated objects SEE ALSO
- flux create secret - Create or update Kubernetes secrets