helm-charts
helm-charts copied to clipboard
fluxcd-community
Include value variables for customization arguments supported by `flux -install`
Is your feature request related to a problem ? Yes
I'd like to migrate from using flux install --export to using the flux2 helm chart. However our usage of flux currently takes advantage of some of the extra flags that flux install supports. Specifically we do not download containers from the internet, so the container images need to come from an internal repository and need to use an image-pull-secret (which is already available in the k8s cluster).
it would stand to reason that there is a need for the optional flux arguments, i.e. being able to set these values will be needed by other users who would like to migrate.
The flux 0.24.1 version currently supports
| option | description | helm chart 0.8.0 equivalent (if present) |
|---|---|---|
| --cluster-domain | internal cluster domain (default "cluster.local") | |
| --components | list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller]) | create boolean values |
| --components-extra | list of components in addition to those supplied or defaulted, accepts comma-separated values | create boolean values |
| --image-pull-secret | Kubernetes secret name used for pulling the toolkit images from a private registry | |
| --network-policy | deny ingress access to the toolkit controllers from other namespaces using network policies (default true) | |
| --registry | container registry where the toolkit images are published (default "ghcr.io/fluxcd") | image setting for each controller |
| --toleration-keys | list of toleration keys used to schedule the components pods onto nodes with matching taints | tolerations array values |
| --version | toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases | chart version |
| --watch-all-namespaces | watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true) | watchallnamespaces boolean value |
Describe the solution you'd like.
At a minimum I'd like a new value variable defined for the image-pull-secret setting which would apply to all controllers.
Although for my use case it would be sufficient to add a stanza to the sa-* (service account) templates, the flux install manifests add the stanza to the deployment specs, so probably that would be the way to do it so it doesn't assume use of serviceaccount: create: true.
A more general solution would cover the other empty cases in the table above: cluster-domain and network-policy
Describe alternatives you've considered.
- Do not migrate from our current solution using
flux install --export. - Download the chart source from this repo, then manually modify the helm charts to add the image pull secret variable and add the stanza to use it. This would require redoing on every upgrade.
Additional context.
Relevant abridged snippet of a manifest generated by flux install --export --image-pull-secret mysecret --registry myartifactory.mycompany.net/fluxcd:
apiVersion: apps/v1
kind: Deployment
metadata:
name: helm-controller
namespace: flux-system
spec:
template:
spec:
containers:
- args:
- --watch-all-namespaces=true
image: myartifactory.mycompany.net/fluxcd/helm-controller:v0.14.1
imagePullSecrets:
- name: mysecret
imagePullSecrets is now taken care of. The enhancement request remains for the cluster-domain and network-policy fields (at a lower priority for me).
The cluster domain will be resolved by #140 as it was causing issues for me reported in #139
