flux create source oci

flux create source oci

Create or update an OCIRepository

Synopsis

The create source oci command generates an OCIRepository resource and waits for it to be ready.

⚠️ Please note that this command is in preview and under development. While we try our best to not introduce breaking changes, they may occur when we adapt to new features and/or find better ways to facilitate what it does.

flux create source oci [name] [flags]

Examples

  # Create an OCIRepository for a public container image
  flux create source oci podinfo \
    --url=oci://ghcr.io/stefanprodan/manifests/podinfo \
    --tag=6.6.2 \
    --interval=10m

  # Create an OCIRepository with OIDC signature verification
  flux create source oci podinfo \
    --url=oci://ghcr.io/stefanprodan/manifests/podinfo \
    --tag=6.6.2 \
    --interval=10m \
    --verify-provider=cosign \
    --verify-subject="^https://github.com/stefanprodan/podinfo/.github/workflows/release.yml@refs/tags/6.6.2$" \
    --verify-issuer="^https://token.actions.githubusercontent.com$"

Options

      --cert-ref string                           the name of a secret to use for TLS certificates
      --digest string                             the OCI artifact digest
  -h, --help                                      help for oci
      --ignore-paths strings                      set paths to ignore resources (can specify multiple paths with commas: path1,path2)
      --insecure                                  for when connecting to a non-TLS registries over plain HTTP
      --provider sourceOCIProvider                the OCI provider name, available options are: (generic, aws, azure, gcp) (default generic)
      --proxy-secret-ref string                   the name of an existing secret containing the proxy address and credentials
      --secret-ref string                         the name of the Kubernetes image pull secret (type 'kubernetes.io/dockerconfigjson')
      --service-account string                    the name of the Kubernetes service account that refers to an image pull secret
      --tag string                                the OCI artifact tag
      --tag-semver string                         the OCI artifact tag semver range
      --url string                                the OCI repository URL
      --verify-issuer string                      regular expression to use for the OIDC issuer during signature verification
      --verify-provider sourceOCIVerifyProvider   the OCI verify provider name to use for signature verification, available options are: (cosign)
      --verify-secret-ref string                  the name of a secret to use for signature verification
      --verify-subject string                     regular expression to use for the OIDC subject during signature verification

Options inherited from parent commands

      --as string                      Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --as-uid string                  UID to impersonate for the operation.
      --cache-dir string               Default cache directory (default "/opt/buildhome/.kube/cache")
      --certificate-authority string   Path to a cert file for the certificate authority to authenticate the Kubernetes API server
      --client-certificate string      Path to a client certificate file for TLS authentication to the Kubernetes API server
      --client-key string              Path to a client key file for TLS authentication to the Kubernetes API server
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
      --disable-compression            If true, opt-out of response compression for all requests to the server
      --export                         export in YAML format to stdout
      --fetch-timeout duration         set a timeout for fetch operations performed by source-controller (e.g. 'git clone' or 'helm repo update')
      --insecure-skip-tls-verify       If true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --interval duration              source sync interval (default 1m0s)
      --kube-api-burst int             The maximum burst queries-per-second of requests sent to the Kubernetes API. (default 300)
      --kube-api-qps float32           The maximum queries-per-second of requests sent to the Kubernetes API. (default 50)
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
      --label strings                  set labels on the resource (can specify multiple labels with commas: label1=value1,label2=value2)
  -n, --namespace string               If present, the namespace scope for this CLI request (default "flux-system")
      --server string                  The address and port of the Kubernetes API server
      --timeout duration               timeout for this operation (default 5m0s)
      --tls-server-name string         Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
      --verbose                        print generated objects

SEE ALSO

• flux create source - Create or update sources