1. Docs
  2. Reference
  3. kubectl-gs CLI
  4. gitops
  5. init

Last modified November 27, 2024

'kubectl gs gitops init' command reference

This command creates the initial files and directories in your GitOps repository the other commands rely on.

Description

The structure created by the command is presented below.

.
├── .git
│   └── hooks
│       └── pre-commit
├── .sops.yaml
└── management-clusters

The security architecture of the GitOps repository relies on Mozilla SOPS, however the encryption is not performed automatically by kubectl-gs. Please download and run the sops binary to be able to decrypt and encrypt secrets.

In order to aid security, the init command also creates a pre-commit git hook. It is a simple shell script that checks for unencrypted manifests before pushing any local commits.

Note: the .git/hooks directory is not propagated to the repository upon pushing, hence the pre-commit hook configured for a cloned copy is not shared with other users of the repository. We encourage you to run the init command each time you clone the repository.

Usage

Basic command syntax: kubectl gs gitops init [FLAGS].

Flags

The following flags are supported by all gitops subcommands:

  • --dry-run – Print files and directories instead of creating them.
  • --local-path – Path to the repository root folder (default “.”).

Example

kubectl gs gitops init \
  --local-path /tmp/gitops-demo \
  --dry-run

will generate this output:

## CREATE ##
/tmp/gitops-demo/management-clusters
/tmp/gitops-demo/.sops.yaml
creation_rules: []

/tmp/gitops-demo/.git/hooks/pre-commit
#!/bin/sh
#
# The script looks for the *.enc.yaml files that suppose to be encrypted,
# and verifies the encryption has happened.

files=""

while read line
do
    if [ ! -n "$line" ]
    then
        continue
    fi

    grep -q "^sops:$" $line
    if [ $? -ne 0 ]
    then
        files="${files}\n${line}"
    fi
done <<< "$(find . -type f -name '*.enc.yaml')"

if [ -n "$files" ]
then
    cat <<\EOF
!! WARNING !!

Detected files missing the `sops` metadata key on them.

Please run the `sops --encrypt --in-place <path>` command against them to secure the repository.

Find the list of affected files below.
EOF
    echo $files
    exit 1
fi

The same executed without --dry-run will write these changes to the target directory.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.

We empower platform teams to provide internal developer platforms that fuel innovation and fast-paced growth.   

GET IN TOUCH
General: hello@giantswarm.io

CERTIFIED SERVICE PROVIDER

RESOURCES

Webinars
Documentation
Blog
Partners
Events
Legal

COMPANY

About Us
Product
Customers
Careers
Contact Us

PLATFORMS

AWS
Azure
OpenStack
Copyright © 2024 Giant Swarm GmbH. All Rights Reserved.