terraform-provider-flux
terraform-provider-flux copied to clipboard
Terraform and OpenTofu provider for bootstrapping Flux
Terraform provider flux
This is the Terraform provider for Flux v2. The provider allows you to install Flux on Kubernetes and configure it to reconcile the cluster state from a Git repository.
Get started
The provider consists of two data sources flux_install
and flux_sync
, which output the manifests
required to install Flux.
The flux_install
data source generates a multi-doc YAML with Kubernetes manifests that can be used to install or upgrade Flux.
# Generate manifests
data "flux_install" "main" {
target_path = "clusters/my-cluster"
network_policy = false
}
resource "kubernetes_namespace" "flux_system" {
metadata {
name = "flux-system"
}
lifecycle {
ignore_changes = [
metadata[0].labels,
]
}
}
# Split multi-doc YAML with
# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
data "kubectl_file_documents" "apply" {
content = data.flux_install.main.content
}
# Convert documents list to include parsed yaml data
locals {
apply = [ for v in data.kubectl_file_documents.apply.documents : {
data: yamldecode(v)
content: v
}
]
}
# Apply manifests on the cluster
resource "kubectl_manifest" "apply" {
for_each = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
depends_on = [kubernetes_namespace.flux_system]
yaml_body = each.value
}
The flux_sync
data source generates a multi-doc YAML containing the GitRepository
and Kustomization
manifests that configures Flux to sync the cluster with the specified repository.
# Generate manifests
data "flux_sync" "main" {
target_path = "clusters/my-cluster"
url = "https://github.com/${var.github_owner}/${var.repository_name}"
}
# Split multi-doc YAML with
# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
data "kubectl_file_documents" "sync" {
content = data.flux_sync.main.content
}
# Convert documents list to include parsed yaml data
locals {
sync = [ for v in data.kubectl_file_documents.sync.documents : {
data: yamldecode(v)
content: v
}
]
}
# Apply manifests on the cluster
resource "kubectl_manifest" "sync" {
for_each = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
depends_on = [kubernetes_namespace.flux_system]
yaml_body = each.value
}
# Generate a Kubernetes secret with the Git credentials
resource "kubernetes_secret" "main" {
depends_on = [kubectl_manifest.apply]
metadata {
name = data.flux_sync.main.secret
namespace = data.flux_sync.main.namespace
}
data = {
username = "git"
password = var.flux_token
}
}