canasta gitops init
From Canasta Wiki
canasta gitops init
Initialize git-based configuration management
Synopsis
Bootstrap git-based configuration management. Converts extensions and skins to submodules and pushes to a remote repository.
On Compose, per-host vars.yaml is encrypted with git-crypt so secrets stay out of the repo at rest. On Kubernetes, secrets live in K8s Secrets (created by canasta create) rather than in the gitops repo, so the K8s repo is cleartext and Argo CD can read rendered-values.yaml directly.
canasta gitops init [flags]
Examples
canasta gitops init -n prod --repo git@github.com:org/config.git --key /tmp/gc.key
Flags
| Flag | Shorthand | Description | Default | Required | Orchestrator |
|---|---|---|---|---|---|
--force |
Force push to non-empty remote | Both | |||
--git-user-email |
Git user.email for commits on the target host (set if not already configured) | Both | |||
--git-user-name |
Git user.name for commits on the target host (set if not already configured) | Both | |||
--host-name |
-n |
Name for this host in hosts.yaml | ✓ | Both | |
--id |
-i |
Canasta instance ID | * | Both | |
--key |
Path basename for the gitops keys. The SSH deploy key is derived as <key>.ssh (private) and <key>.ssh.pub (public — register this as a deploy key on the forge). On Compose, <key> itself also receives the git-crypt symmetric key for unlocking encrypted vars on other hosts. K8s does not use git-crypt; the parameter only affects the SSH key path there. |
✓ | Both | ||
--non-interactive |
Don't pause to prompt for registering the deploy key. The pause is skipped automatically when the deploy key already works; this flag additionally makes init fail fast (instead of hanging) when the key is not yet authorized — for unattended/CI runs where the key was pre-installed on the remote. | Both | |||
--pull-requests |
Require pull requests instead of pushing to main | Both | |||
--reinit |
Wipe local gitops state (.git, .gitops-host, env.template, wikis.yaml.template, hosts/, plus K8s chart files) before starting. Use after a previous init died mid-run, e.g. before the git push succeeded. Submodule structure is not fully restorable — extensions whose conversion finished before the failure may end up tracked as flat directories. | Both | |||
--repo |
Git repository URL | ✓ | Both | ||
--role |
Host role | both |
Both | ||
--ssh-key |
Path to an SSH private key for git network operations. When set, git runs with GIT_SSH_COMMAND="ssh -i <ssh-key> ...". Omit to keep the default: ssh-agent forwarding on Compose, or the generated <key>.ssh deploy key on Kubernetes. |
Both |
* Defaults to the Canasta instance matching the current directory, if any.
Global flags
| Flag | Shorthand | Description | Default | Required | Orchestrator |
|---|---|---|---|---|---|
--help |
-h |
Show help message and exit | Both | ||
--verbose |
-v |
Enable verbose output | Both |
