terraform-provider-flux icon indicating copy to clipboard operation
terraform-provider-flux copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Setup `PostBuild` and `substitute` for flux kustomization

Open jkittler opened this issue 3 years ago • 4 comments

I would like to use substitution https://fluxcd.io/docs/components/kustomize/kustomization/#variable-substitution , but I need to set it up during the installation by terraform. I can't find a way how to do it. I will appreciate every advice, thank you ...

jkittler avatar Mar 08 '22 12:03 jkittler

I think this might be what you're looking for:

https://github.com/fluxcd/terraform-provider-flux/blob/f5e906abbd58c10c65baca9c3f90cda950e80ab5/examples/customize-flux/main.tf#L35

It's not kustomize/postbuild/substituteFrom, but it is a way to get for example the service account ID from a GKE service account that Terraform creates, and use it in a patch that updates Flux during installation.

kingdonb avatar Mar 09 '22 13:03 kingdonb

First of all, thank you @kingdonb . I find a solution, It's not nice but is working

data "flux_sync" "app" {
  target_path = var.flux_app_target_path
  url         = var.flux_app_target_url
  branch      = var.flux_app_branch
  name        = var.flux_app_name
  secret      = var.flux_app_secret_name
}

data "kubectl_file_documents" "app" {
  content = data.flux_sync.app.content
}  

locals {
 postBuildParameters = {
    substitute = {
      ...
    }
  }
  decoded_documents = [ for v in data.kubectl_file_documents.app.documents : yamldecode(v) ]
  documents = [ for v in local.decoded_documents :
    merge( v, v.kind == "Kustomization" ? { postBuild = local.postBuildParameters } : {})
  ]
}

jkittler avatar Mar 14 '22 13:03 jkittler

I actually like the look of that! It's expressive in an hcl sort of way and close to the metal in terms of Flux.

The part I don't like is, how do you keep this:

substitute = {
  ...
}

updated and in sync with whatever Flux is doing. I guess if you make the content at ... a block list of hard-coded variables then this is not a great solution, (but if it works it works...)

kingdonb avatar Mar 14 '22 20:03 kingdonb

Should be like this:

postBuildParameters = {
    substituteFrom = [
      {
        kind = "ConfigMap"
        name = "cluster-vars"
      }
    ]

  }

  decoded_documents = [ for v in data.kubectl_file_documents.sync.documents : yamldecode(v) ]
  documents = [ for v in local.decoded_documents :
    merge( v, v.kind == "Kustomization" ? { spec = merge(v.spec, {postBuild = local.postBuildParameters}) } : {})
  ]

mhus avatar Nov 09 '22 11:11 mhus