terraform-provider-flux
terraform-provider-flux copied to clipboard
fluxcd
Add `tag` to `git` settings within the flux provider
Similar to how the provider supports specifying a branch, allow for a tag to be specified:
provider "flux" {
kubernetes = {
...
}
git = {
url = "some_url"
tag = "1.0.0"
ssh = {
username = "git"
private_key = tls_private_key.flux.private_key_pem
}
}
}
The issue with the current resource is that it applies the manifests and commits them to the repository. Could you explain your use case why you would need this?
Hi @phillebaba sorry I missed your response from March - In our production clusters, we have flux syncing with a tag from a git repo, not a branch. We accomplished this in the "legacy" terraform setup by specifying a tag in the flux_sync data source. There is not way to currently do this in the new terraform resource flux_bootstrap_git. It seems to me that the flux provider specification is defining where flux should watch to sync from, and therefore we would need a tag parameter defined there. If there is another way to accomplish this - please let me know.
The issue is that the new resource is not only bootstrapping the cluster but also committing the files to the Git repository. Meaning that the commit hash is is syncing from is fluid. If support for a tag were to be added the tag would have to be moved every time the resource makes a change in git. I don't see why you could just not use the resource as is and have it sync from the main branch?
Creating extra GitRepos after bootstrap is not in scope for Flux TF provider. Use the Helm TF Provider with https://artifacthub.io/packages/helm/fluxcd-community/flux2-sync
@phillebaba we can't just have it sync from main because we safeguard our code release to production with a tag - i have to imagine that this is a common use case among flux users
@stefanprodan do you have a recommended install pattern documented somewhere?
Is the recommended approach to use this resource to bootstrap the cluster & and only use the gitrepo that is created to maintain the flux resources itself?
I do not know of any documentation for the CLI bootstrap that would solve this. The goal of the provider is to support the same features that the CLI does for the bootstrap feature. Anything that false outside of that would be very difficult for us to support.
@stefanprodan do you have a recommended install pattern documented somewhere?
Is the recommended approach to use this resource to bootstrap the cluster & and only use the
gitrepothat is created to maintain the flux resources itself?
Hi @jamiezieziula , Terraform bootstrap resource is an IaC equivalent of this - https://fluxcd.io/flux/installation/bootstrap/generic-git-server/#ssh-private-key as it will update Git repository in specified branch with GitOps ToolKit (gotk) manifests (similar to this content https://github.com/fluxcd/flux2-kustomize-helm-example/tree/main/clusters/staging/flux-system ) - tags just won't work.
Once flux-system namespace manifests will be configured and FluxCD controllers running - you are free to extend the configuration with Kustomisations and GitRepository (pointing to whatever repo with your app definition and any reflink needed) resources stored in same folder you specified in the path parameter of flux_bootstrap_git Terraform resource, see docs here https://fluxcd.io/flux/guides/repository-structure/#repository-structure-2 and good examples provided here : https://github.com/fluxcd/flux2-kustomize-helm-example/tree/main/clusters/staging
