Upgrade Advisory

This documentation is for Flux (v1) and Helm Operator (v1). Both projects are in maintenance mode and will soon reach end-of-life. We strongly recommend you familiarise yourself with the newest Flux and start looking at your migration path.

For documentation regarding the latest Flux, please refer to this section.

Using Git over HTTPS

Instead of making use of Flux’ capabilities to generate an SSH private key, or supplying your own, it is possible to set environment variables and use these in your --git-url argument to provide your HTTPS basic auth credentials without having to expose them as a plain value in your workload.

Setting an HTTP(S) URL as --git-url will disable the generation of a private key and prevent the setup of the SSH keyring.

The variables must be escaped with $() for Kubernetes to pass the values to the Flux container, e.g. $(GIT_AUTHKEY).

Each of the username and password must be percent-encoded, otherwise the git URL may end up being invalid once they have been interpolated in. You can encode a string with Perl (assuming your token is in the environment variable TOKEN):

echo "$TOKEN" | perl -MURI::Escape -ne 'chomp;print uri_escape($_),"\n"'

Create a personal access token to be used as the GIT_AUTHKEY:

Create a Kubernetes secret with two environment variables and their respective values (replace <username> and <token/password>):

kubectl create secret generic flux-git-auth --from-literal=GIT_AUTHUSER=<username> --from-literal=GIT_AUTHKEY=<token/password>

this will result in a secret that has the structure:

apiVersion: v1
data:
  GIT_AUTHKEY: <base64 encoded token/password>
  GIT_AUTHUSER: <base64 encoded username>
kind: Secret
type: Opaque
metadata:
  ...

Mount the Kubernetes secret as environment variables using envFrom and use them in your --git-url argument:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: flux
...
spec:
  containers:
  - name: flux
    envFrom:
    - secretRef:
        name: flux-git-auth
    args:
    # Replace `github.com/...` with your git repository 
    - --git-url=https://$(GIT_AUTHUSER):$(GIT_AUTHKEY)@github.com/fluxcd/flux-get-started.git
    ...

Last modified 2021-06-02: Adapt flux docs to show up properly - add relevant frontmatter for docs to show up - configure version info - bring navbar partial closer to what's upstream effectively re-add version selector and all - Legacy docs use 'docs' template, but we show a warning at the top. Plus some small display fixes. - change old notes to new alerts - adapt nav to be like on docs.fluxcd.io, re-add requirements.md (c1afa31)