terraform-provider-flux
terraform-provider-flux copied to clipboard
flux provider not inheriting correctly ssh section when flux provider is passed via module
Hi, I just experienced the following problem:
We created a Terraform module that is launched by another Terraform project, we're passing the "flux" provider to the module that is responsible of creating the flux_bootstrap_git
resource. Before using a module and having in all one single place (not in a separate module) it was all ok, now we're receiving the following error message:
│ Error: Git Client
│
│ with module.fluxcd.flux_bootstrap_git.fluxcd,
│ on .terraform/modules/fluxcd/infrastructure/terraform/google/fluxcd/main.tf line 15, in resource "flux_bootstrap_git" "fluxcd":
│ 15: resource "flux_bootstrap_git" "fluxcd" {
│
│ ssh scheme cannot be used without private key
Here's the code snippet to help you understand our configuration
module "fluxcd" {
source = "..."
depends_on = [module.gke, module.iam, tls_private_key.fluxcd, gitlab_deploy_key.fluxcd]
cluster_name = module.gke.gke_0.name
gcp_location = module.gke.gke_0.location
gcp_project = module.gke.gke_0.project
environment = local.environment
fluxcd_git_repo_installation_path = "dev/infrastructure/fluxcd/flux-files"
flux_git_repo_branch = local.fluxcd_git_repo_branch
gitlab_deploy_key_private_key_pem = tls_private_key.fluxcd.private_key_pem
gitlab_fluxcd_project_id = data.gitlab_project.fluxcd.id
providers = {
kubernetes = kubernetes.fluxcd
flux = flux.fluxcd
}
}
provider "kubernetes" {
alias = "fluxcd"
host = "https://${module.gke.gke_0.endpoint}"
cluster_ca_certificate = base64decode(
module.gke.gke_0.master_auth[0].cluster_ca_certificate,
)
token = data.google_client_config.provider.access_token
}
provider "flux" {
alias = "fluxcd"
kubernetes = {
host = "https://${module.gke.gke_0.endpoint}"
cluster_ca_certificate = base64decode(
module.gke.gke_0.master_auth[0].cluster_ca_certificate,
)
token = data.google_client_config.provider.access_token
}
git = {
url = "ssh://git@${local.gitlab_host}/${data.gitlab_project.fluxcd.path_with_namespace}.git"
branch = local.fluxcd_git_repo_branch
ssh = {
username = "git"
private_key = tls_private_key.fluxcd.private_key_pem
}
}
}
provider "gitlab" {
# Token downloaded from Vault belonging to [email protected] user
token = data.vault_generic_secret.gitlab.data["[email protected]"]
base_url = "https://${local.gitlab_host}/api/v4/"
}
# fluxcd
resource "tls_private_key" "fluxcd" {
algorithm = "ED25519"
}
resource "gitlab_deploy_key" "fluxcd" {
project = data.gitlab_project.fluxcd.id
title = "fluxcd-${local.environment}"
key = tls_private_key.fluxcd.public_key_openssh
can_push = true
}
## END - fluxcd
Switching to http by populating the http
block in flux
provider works.
Provider version: "1.0.1"