terraform-provider-flux
terraform-provider-flux copied to clipboard
fluxcd
[Bug]: bootstrap times out when inline kustomization patches the gitrepo branch
Describe the bug
We configured Flux in our dev cluster to watch the development branch. When we updated the provider version from 1.1.2 to 1.3.0, the bootstrap apply would fail with error
[error while waiting for GitRepository to be ready: 'context deadline exceeded', error while waiting for Kustomization to be ready: 'client rate limiter Wait returned an error: context deadline exceeded']
Steps to reproduce
- Bootstrap Flux with provider version
1.1.2, with inline kustomization to patch GitRepository branch.
locals {
branch = "development"
kustomization = <<YAML
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
patches:
- patch: |
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: all
spec:
ref:
branch: ${local.branch}
target:
kind: GitRepository
name: flux-system
YAML
}
terraform {
flux = {
source = "fluxcd/flux"
version = "~> 1.1.2"
}
}
resource "flux_bootstrap_git" "this" {
depends_on = [
github_repository_deploy_key.this,
kubernetes_secret_v1.helm_creds,
kubernetes_secret_v1.oci_creds
]
path = "clusters/${var.environment}/${var.eks_cluster_name}"
kustomization_override = local.kustomization
version = "v2.2.3"
components_extra = ["image-reflector-controller", "image-automation-controller"]
}
- Update flux provider version to
1.3.0and run terraform apply again - Apply errors out as described above
Expected behavior
Update provider version should upgrade the resource without errors
Screenshots and recordings
No response
Terraform and provider versions
bash-3.2$ terraform version
Terraform v1.8.5
on darwin_arm64
+ provider registry.terraform.io/anschoewe/curl v0.1.4
+ provider registry.terraform.io/cloudposse/template v2.2.0
+ provider registry.terraform.io/cloudposse/utils v1.22.0
+ provider registry.terraform.io/fluxcd/flux v1.3.0
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/aws v5.6.2
+ provider registry.terraform.io/hashicorp/google v5.28.0
+ provider registry.terraform.io/hashicorp/helm v2.13.2
+ provider registry.terraform.io/hashicorp/http v3.4.3
+ provider registry.terraform.io/hashicorp/kubernetes v2.30.0
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.2
+ provider registry.terraform.io/hashicorp/tls v4.0.5
+ provider registry.terraform.io/hashicorp/vault v4.2.0
+ provider registry.terraform.io/integrations/github v6.2.1
+ provider registry.terraform.io/massdriver-cloud/jq v0.2.0
Terraform provider configurations
terraform { required_providers { google = { source = "hashicorp/google" version = "~> 5.28.0" }
aws = {
source = "hashicorp/aws"
version = "~> 5.6.0"
}
helm = {
source = "hashicorp/helm"
version = "~> 2.13.0"
}
flux = {
source = "fluxcd/flux"
version = "~> 1.3.0"
}
github = {
source = "integrations/github"
version = ">=5.18.0"
}
} }
provider "aws" { region = "us-west-2"
assume_role { role_arn = var.iam_role external_id = var.external_id } }
data "aws_eks_cluster" "this" { name = var.eks_cluster_name } data "aws_eks_cluster_auth" "this" { name = var.eks_cluster_name }
provider "kubernetes" { host = data.aws_eks_cluster.this.endpoint cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data) token = data.aws_eks_cluster_auth.this.token }
flux_bootstrap_git resource
locals { branch = var.environment == "dev" ? "development" : "main" kustomization = <<YAML apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources:
- gotk-components.yaml
- gotk-sync.yaml patches:
- patch: | apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: all spec: ref: branch: ${local.branch} target: kind: GitRepository name: flux-system YAML }
provider "github" { owner = var.github_org token = local.github_pat }
resource "tls_private_key" "flux" { algorithm = "ECDSA" ecdsa_curve = "P256" }
resource "github_repository_deploy_key" "this" { title = "Flux - ${var.eks_cluster_name}" repository = var.github_repository key = tls_private_key.flux.public_key_openssh read_only = "false" }
resource "flux_bootstrap_git" "this" { path = "clusters/${var.environment}/${var.eks_cluster_name}"
kustomization_override = local.kustomization version = "v2.2.3"
components_extra = ["image-reflector-controller", "image-automation-controller"] }
Flux version
v2.2.3
Additional context
Terraform plan shows following changes when provider version is changed to 1.3.0 from 1.1.2
Terraform will perform the following actions:
# flux_bootstrap_git.this will be updated in-place
~ resource "flux_bootstrap_git" "this" {
+ delete_git_manifests = true
+ embedded_manifests = false
id = "flux-system"
+ keep_namespace = false
# (14 unchanged attributes hidden)
}
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Would you like to implement a fix?
None
