Vsts git support

docker/Dockerfile.flux

@@ -6,7 +6,7 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0' gnupg
 
 # Add git hosts to known hosts file so we can use
 # StrickHostKeyChecking with git+ssh
-RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com >> /etc/ssh/ssh_known_hosts
+RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts
 
 # Verify newly added known_hosts (man-in-middle mitigation)
 ADD ./verify_known_hosts.sh /home/flux/verify_known_hosts.sh

docker/Dockerfile.helm-operator

@@ -6,7 +6,7 @@ RUN apk add --no-cache openssh ca-certificates tini 'git>=2.3.0'
 
 # Add git hosts to known hosts file so we can use
 # StrickHostKeyChecking with git+ssh
-RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com >> /etc/ssh/ssh_known_hosts
+RUN ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com >> /etc/ssh/ssh_known_hosts
 # Add default SSH config, which points at the private key we'll mount
 COPY ./ssh_config /etc/ssh/ssh_config
 

docker/verify_known_hosts.sh

@@ -7,7 +7,7 @@ known_hosts_file=${known_hosts_file:-/etc/ssh/ssh_known_hosts}
 
 # The heredoc below was generated by constructing a known_hosts using
 #
-#     ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com > ./known_hosts
+#     ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com > ./known_hosts
 #
 # then generating the sorted fingerprints with
 #
@@ -17,7 +17,7 @@ known_hosts_file=${known_hosts_file:-/etc/ssh/ssh_known_hosts}
 #  - github.com: https://help.github.com/articles/github-s-ssh-key-fingerprints/
 #  - gitlab.com: https://docs.gitlab.com/ee/user/gitlab_com/#ssh-host-keys-fingerprints
 #  - bitbucket.org: https://confluence.atlassian.com/bitbucket/ssh-keys-935365775.html
-#  - ssh.dev.azure.com: sign in, then go to User settings -> SSH Public Keys
+#  - ssh.dev.azure.com & vs-ssh.visualstudio.com: sign in, then go to User settings -> SSH Public Keys
 #    (this is where the public key fingerprint is shown; it's not a setting)
 
 fingerprints=$(mktemp -t)
@@ -34,6 +34,7 @@ diff - "$fingerprints" <<EOF
 2048 SHA256:ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ gitlab.com (RSA)
 2048 SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 github.com (RSA)
 2048 SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og ssh.dev.azure.com (RSA)
+2048 SHA256:ohD8VZEXGWo6Ez8GSEJQ9WpafgLFsOfLOtGGQCQo6Og vs-ssh.visualstudio.com (RSA)
 2048 SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A bitbucket.org (RSA)
 256 SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw gitlab.com (ECDSA)
 256 SHA256:eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8 gitlab.com (ED25519)

site/faq.md

@@ -21,7 +21,7 @@ menu_order: 60
   * [How often does Flux check for new images?](#how-often-does-flux-check-for-new-images)
   * [How often does Flux check for new git commits (and can I make it sync faster)?](#how-often-does-flux-check-for-new-git-commits-and-can-i-make-it-sync-faster)
   * [How do I use my own deploy key?](#how-do-i-use-my-own-deploy-key)
-  * [How do I use a private git host (or one that's not github.com, gitlab.com, bitbucket.org, or dev.azure.com)?](#how-do-i-use-a-private-git-host-or-one-thats-not-githubcom-gitlabcom-bitbucketorg-or-devazurecom)
+  * [How do I use a private git host (or one that's not github.com, gitlab.com, bitbucket.org, dev.azure.com, or vs-ssh.visualstudio.com)?](#how-do-i-use-a-private-git-host-or-one-thats-not-githubcom-gitlabcom-bitbucketorg-devazurecom-or-vs-sshvisualstudiocom)
   * [Will Flux delete resources that are no longer in the git repository?](#will-flux-delete-resources-that-are-no-longer-in-the-git-repository)
   * [Why does my CI pipeline keep getting triggered?](#why-does-my-ci-pipeline-keep-getting-triggered)
   * [Can I restrict the namespaces that Flux can see or operate on?](#can-i-restrict-the-namespaces-that-flux-can-see-or-operate-on)
@@ -251,14 +251,14 @@ Now restart fluxd to re-read the k8s secret (if it is running):
 
 `kubectl delete $(kubectl get pod -o name -l name=flux)`
 
-### How do I use a private git host (or one that's not github.com, gitlab.com, bitbucket.org, or dev.azure.com)?
+### How do I use a private git host (or one that's not github.com, gitlab.com, bitbucket.org, dev.azure.com, or vs-ssh.visualstudio.com)?
 
 As part of using git+ssh securely from the Flux daemon, we make sure
 `StrictHostKeyChecking` is on in the
 [SSH config](http://man7.org/linux/man-pages/man5/ssh_config.5.html). This
 mitigates against man-in-the-middle attacks.
 
-We bake host keys for `github.com`, `gitlab.com`, `bitbucket.org`, and `dev.azure.com`
+We bake host keys for `github.com`, `gitlab.com`, `bitbucket.org`, `dev.azure.com`, and `vs-ssh.visualstudio.com`
 into the image to cover some common cases. If you're using another
 service, or running your own git host, you need to supply your own
 host key(s).

site/helm-get-started.md

@@ -79,7 +79,7 @@ In this next step you install Weave Flux using `helm`. Simply
       *Just make sure you replace `YOURUSER` with your GitHub username
       in the command below:*
 
-    - Using a public git server from `bitbucket.com`, `github.com`, `gitlab.com` or `dev.azure.com`:
+    - Using a public git server from `bitbucket.com`, `github.com`, `gitlab.com`, `dev.azure.com`, or `vs-ssh.visualstudio.com`:
 
       ```sh
       helm upgrade -i flux \

site/troubleshooting.md

@@ -48,7 +48,7 @@ This means Flux can't read from and write to the git repo. Check that
 
  - ... that the host where your git repo lives is in
    `~/.ssh/known_hosts` in the fluxd container. We prime the container
-   _image_ with host keys for `github.com`, `gitlab.com`, `bitbucket.org`, and `dev.azure.com`, but if you're using your own git server, you'll
+   _image_ with host keys for `github.com`, `gitlab.com`, `bitbucket.org`, `dev.azure.com`, and `vs-ssh.visualstudio.com`, but if you're using your own git server, you'll
    need to add its host key. See
    [./standalone-setup.md](./standalone-setup.md#using-a-private-git-host).