-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #58 from controlplaneio-fluxcd/terraform-example
Add Terraform install example
- Loading branch information
Showing
7 changed files
with
234 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,3 +21,10 @@ | |
go.work | ||
bin/ | ||
disto/ | ||
|
||
# Terraform | ||
**/.terraform | ||
*.tfstate | ||
*.tfstate.* | ||
.terraform.lock.hcl | ||
.terraformrc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
# Install Flux with Terraform | ||
|
||
This example demonstrates how to deploy Flux on a Kubernetes cluster using Terraform | ||
and the `flux-operator` and `flux-instance` Helm charts. | ||
|
||
## Usage | ||
|
||
Create a Kubernetes cluster using KinD: | ||
|
||
```shell | ||
kind create cluster --name flux | ||
``` | ||
|
||
Install the Flux Operator and deploy the Flux instance on the cluster | ||
set as the default context in the `~/.kube/config` file: | ||
|
||
```shell | ||
terraform apply \ | ||
-var flux_version="2.x" \ | ||
-var flux_registry="ghcr.io/fluxcd" \ | ||
-var git_token="${GITHUB_TOKEN}" \ | ||
-var git_url="https://github.com/fluxcd/flux2-kustomize-helm-example.git" \ | ||
-var git_ref="refs/heads/main" \ | ||
-var git_path="clusters/production" | ||
``` | ||
|
||
Note that the `GITHUB_TOKEN` env var must be set to a GitHub personal access token. | ||
The `git_token` variable is used to create a Kubernetes secret in the `flux-system` namespace for | ||
Flux to authenticate with the Git repository over HTTPS. | ||
If the repository is public, the token variable can be omitted. | ||
|
||
Verify the Flux components are running: | ||
|
||
```shell | ||
kubectl -n flux-system get pods | ||
``` | ||
|
||
Verify the Flux instance is syncing the cluster state from the Git repository: | ||
|
||
```shell | ||
kubectl -n flux-system get fluxreport/flux -o yaml | ||
``` | ||
|
||
The output should show the sync status: | ||
|
||
```yaml | ||
apiVersion: fluxcd.controlplane.io/v1 | ||
kind: FluxReport | ||
metadata: | ||
name: flux | ||
namespace: flux-system | ||
spec: | ||
# Distribution status omitted for brevity | ||
sync: | ||
id: kustomization/flux-system | ||
path: clusters/production | ||
ready: true | ||
source: https://github.com/fluxcd/flux2-kustomize-helm-example.git | ||
status: 'Applied revision: refs/heads/main@sha1:21486401be9bcdc37e6ebda48a3b68f8350777c9' | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
terraform { | ||
required_version = ">= 1.7" | ||
|
||
required_providers { | ||
kubernetes = { | ||
source = "hashicorp/kubernetes" | ||
version = ">= 2.27" | ||
} | ||
helm = { | ||
source = "hashicorp/helm" | ||
version = ">= 2.12" | ||
} | ||
} | ||
} | ||
|
||
// Create the flux-system namespace. | ||
resource "kubernetes_namespace" "flux_system" { | ||
metadata { | ||
name = "flux-system" | ||
} | ||
|
||
lifecycle { | ||
ignore_changes = [metadata] | ||
} | ||
} | ||
|
||
// Create a Kubernetes secret with the Git credentials | ||
// if a Git token is provided. | ||
resource "kubernetes_secret" "git_auth" { | ||
count = var.git_token != "" ? 1 : 0 | ||
depends_on = [kubernetes_namespace.flux_system] | ||
|
||
metadata { | ||
name = "flux-system" | ||
namespace = "flux-system" | ||
} | ||
|
||
data = { | ||
username = "git" | ||
password = var.git_token | ||
} | ||
|
||
type = "Opaque" | ||
} | ||
|
||
// Install the Flux Operator. | ||
resource "helm_release" "flux_operator" { | ||
depends_on = [kubernetes_namespace.flux_system] | ||
|
||
name = "flux-operator" | ||
namespace = "flux-system" | ||
repository = "oci://ghcr.io/controlplaneio-fluxcd/charts" | ||
chart = "flux-operator" | ||
wait = true | ||
} | ||
|
||
// Configure the Flux instance. | ||
resource "helm_release" "flux_instance" { | ||
depends_on = [helm_release.flux_operator] | ||
|
||
name = "flux" | ||
namespace = "flux-system" | ||
repository = "oci://ghcr.io/controlplaneio-fluxcd/charts" | ||
chart = "flux-instance" | ||
|
||
// Configure the Flux components and kustomize patches. | ||
values = [ | ||
file("values/components.yaml") | ||
] | ||
|
||
// Configure the Flux distribution. | ||
set { | ||
name = "instance.distribution.version" | ||
value = var.flux_version | ||
} | ||
set { | ||
name = "instance.distribution.registry" | ||
value = var.flux_registry | ||
} | ||
|
||
// Configure Flux Git sync. | ||
set { | ||
name = "instance.sync.kind" | ||
value = "GitRepository" | ||
} | ||
set { | ||
name = "instance.sync.url" | ||
value = var.git_url | ||
} | ||
set { | ||
name = "instance.sync.path" | ||
value = var.git_path | ||
} | ||
set { | ||
name = "instance.sync.ref" | ||
value = var.git_ref | ||
} | ||
set { | ||
name = "instance.sync.pullSecret" | ||
value = var.git_token != "" ? "flux-system" : "" | ||
} | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
provider "kubernetes" { | ||
config_path = "~/.kube/config" | ||
} | ||
|
||
provider "helm" { | ||
kubernetes { | ||
config_path = "~/.kube/config" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
instance: | ||
components: | ||
- source-controller | ||
- kustomize-controller | ||
- helm-controller | ||
- notification-controller | ||
- image-reflector-controller | ||
- image-automation-controller | ||
kustomize: | ||
patches: | ||
- target: | ||
kind: Deployment | ||
name: "(kustomize-controller|helm-controller)" | ||
patch: | | ||
- op: add | ||
path: /spec/template/spec/containers/0/args/- | ||
value: --concurrent=10 | ||
- op: add | ||
path: /spec/template/spec/containers/0/args/- | ||
value: --requeue-dependency=10s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
variable "git_token" { | ||
description = "Git PAT" | ||
sensitive = true | ||
type = string | ||
default = "" | ||
} | ||
|
||
variable "git_url" { | ||
description = "Git repository URL" | ||
type = string | ||
nullable = false | ||
} | ||
|
||
variable "git_path" { | ||
description = "Path to the cluster manifests in the Git repository" | ||
type = string | ||
nullable = false | ||
} | ||
|
||
variable "git_ref" { | ||
description = "Git branch or tag in the format refs/heads/main or refs/tags/v1.0.0" | ||
type = string | ||
default = "refs/heads/main" | ||
} | ||
|
||
variable "flux_version" { | ||
description = "Flux version semver range" | ||
type = string | ||
default = "2.x" | ||
} | ||
|
||
variable "flux_registry" { | ||
description = "Flux distribution registry" | ||
type = string | ||
default = "ghcr.io/fluxcd" | ||
} |