Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/andreswebs/terraform-github-fluxcd-bootstrap

Deploys the FluxCD toolkit on Kubernetes and stores the manifests in an existing GitHub repository
https://github.com/andreswebs/terraform-github-fluxcd-bootstrap
fluxcd github terraform-module
Last synced: 19 days ago
JSON representation
Deploys the FluxCD toolkit on Kubernetes and stores the manifests in an existing GitHub repository
Host: GitHub
URL: https://github.com/andreswebs/terraform-github-fluxcd-bootstrap
Owner: andreswebs
License: unlicense
Created: 2021-08-08T19:26:32.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-04-17T11:14:27.000Z (9 months ago)
Last Synced: 2024-11-08T02:47:23.439Z (2 months ago)
Topics: fluxcd, github, terraform-module
Language: HCL
Homepage: https://registry.terraform.io/modules/andreswebs/fluxcd-bootstrap/github/latest
Size: 101 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Security: SECURITY.md
Awesome Lists containing this project

README

        # terraform-github-fluxcd-bootstrap

Deploys the [FluxCD](https://fluxcd.io/docs/) toolkit on Kubernetes and stores the manifests in an existing GitHub repository.

**Note**: If using the default settings, this module will generate an SSH key pair and the public key will be added to the existing GitHub repository.

This key pair will be stored unencrypted in the Terraform state.

Make sure that only authorized users have direct access to the Terraform state.

It is highly recommended to use a remote state backend supporting encryption at rest. See [References](#references) for more information.

See the [examples](#usage) to use an externally generated key instead.

[//]: # (BEGIN_TF_DOCS)

## Usage

Example:

```hcl

provider "github" {

  token = var.github_token

  owner = var.github_owner

}

provider "kubernetes" {

  config_path    = "~/.kube/config"

  config_context = "my-context"

}

module "fluxcd" {

  source                  = "github.com/andreswebs/terraform-github-fluxcd-bootstrap"

  git_repository_name     = "k8s-fleet"

  git_branch              = "main"

  git_target_path         = "clusters/your-cluster"

  github_owner            = "your-github-name"

  github_deploy_key_title = "flux-your-cluster"

}

```

If using an externally generated deploy key, first add the deploy public key to the GitHub repository (see [instructions](https://docs.github.com/en/developers/overview/managing-deploy-keys#setup-2)). Then create

a Kubernetes secret with the contents below:

```sh

kubectl create secret generic \

    flux-system \

    --namespace flux-system \

    --from-file=identity \

    --from-file=identity.pub \

    --from-literal=known_hosts="$(ssh-keyscan github.com)"

```

The key files must be named `identity` (private key) and `identity.pub` (public key).

After creating the secret, pass its name to the module:

```hcl

module "fluxcd" {

  source                  = "github.com/andreswebs/terraform-github-fluxcd-bootstrap"

  git_repository_name     = "k8s-fleet"

  git_branch              = "main"

  git_target_path         = "clusters/your-cluster"

  github_owner            = "your-github-name"

  github_deploy_key_title = "flux-your-cluster"

  create_deploy_key       = false

  flux_sync_secret_name   = "flux-system" ## --> name of the Kubernetes secret containing your deploy key

}

```

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [create\_deploy\_key](#input\_create\_deploy\_key) | Create the GitHub deploy key? | `bool` | `true` | no |

|  [create\_namespace](#input\_create\_namespace) | Create the Kubernetes namespace? | `bool` | `true` | no |

|  [flux\_image\_pull\_secrets](#input\_flux\_image\_pull\_secrets) | Kubernetes secret name used for pulling the toolkit images from a private registry | `string` | `""` | no |

|  [flux\_install\_components](#input\_flux\_install\_components) | Toolkit components to include in the install manifests | `list(string)` | 
[
  "source-controller",
  "kustomize-controller",
  "helm-controller",
  "notification-controller"
] | no |

|  [flux\_install\_components\_extra](#input\_flux\_install\_components\_extra) | List of extra components to include in the install manifests | `list(string)` | `[]` | no |

|  [flux\_install\_network\_policy](#input\_flux\_install\_network\_policy) | Deny ingress access to the toolkit controllers from other namespaces using network policies? | `bool` | `true` | no |

|  [flux\_install\_toleration\_keys](#input\_flux\_install\_toleration\_keys) | List of toleration keys used to schedule the components pods onto nodes with matching tailist | `list(string)` | `[]` | no |

|  [flux\_log\_level](#input\_flux\_log\_level) | Log level for Flux toolkit components | `string` | `"info"` | no |

|  [flux\_registry](#input\_flux\_registry) | Container registry from where the Flux toolkit images are pulled | `string` | `"ghcr.io/fluxcd"` | no |

|  [flux\_resources\_name](#input\_flux\_resources\_name) | The name of generated Kubernetes resources | `string` | `"flux-system"` | no |

|  [flux\_secret\_name](#input\_flux\_secret\_name) | The name of the secret that is referenced by `GitRepository`, used by flux to deploy to the git repository | `string` | `"flux-system"` | no |

|  [flux\_sync\_interval\_minutes](#input\_flux\_sync\_interval\_minutes) | Sync interval in minutes | `number` | `1` | no |

|  [flux\_version](#input\_flux\_version) | FluxCD version; defaults to the latest available | `string` | `null` | no |

|  [flux\_watch\_all\_namespaces](#input\_flux\_watch\_all\_namespaces) | Watch for custom resources in all namespaces? | `bool` | `true` | no |

|  [git\_branch](#input\_git\_branch) | Git branch | `string` | `"main"` | no |

|  [git\_repository\_name](#input\_git\_repository\_name) | Name of the Git repository to store the FluxCD manifests | `string` | n/a | yes |

|  [git\_target\_path](#input\_git\_target\_path) | Target path for storing FluxCD manifests in the Git repository | `string` | `"."` | no |

|  [github\_deploy\_key\_readonly](#input\_github\_deploy\_key\_readonly) | Set the GitHub deploy key as read-only? | `bool` | `true` | no |

|  [github\_deploy\_key\_title](#input\_github\_deploy\_key\_title) | GitHub deploy key title | `string` | `"flux"` | no |

|  [github\_owner](#input\_github\_owner) | GitHub owner | `string` | n/a | yes |

|  [github\_ssh\_domain](#input\_github\_ssh\_domain) | Domain to use for SSH to GitHub | `string` | `"github.com"` | no |

|  [github\_ssh\_known\_hosts\_file](#input\_github\_ssh\_known\_hosts\_file) | Path to a temporary file used to store GitHub's known hosts during the deployment | `string` | `"/tmp/github_known_hosts"` | no |

|  [k8s\_cluster\_domain](#input\_k8s\_cluster\_domain) | The internal cluster domain | `string` | `"cluster.local"` | no |

|  [k8s\_namespace](#input\_k8s\_namespace) | Name of the Kubernetes namespace where the resources will be deployed | `string` | `"flux-system"` | no |

|  [k8s\_namespace\_annotations](#input\_k8s\_namespace\_annotations) | Annotations to apply to the Kubernetes namespace when it is created | `map(string)` | `{}` | no |

|  [k8s\_namespace\_labels](#input\_k8s\_namespace\_labels) | Labels to apply to the Kubernetes namespace when it is created | `map(string)` | `{}` | no |

## Modules

No modules.

## Outputs

| Name | Description |

|------|-------------|

|  [deploy\_key](#output\_deploy\_key) | SSH key added to the GitHub repository |

|  [github\_repository](#output\_github\_repository) | GitHub repository used by flux |

|  [known\_hosts](#output\_known\_hosts) | Known hosts for GitHub's SSH domain |

|  [namespace](#output\_namespace) | The name (metadata.name) of the namespace |

## Providers

| Name | Version |

|------|---------|

|  [flux](#provider\_flux) | 1.0.0-rc.1 |

|  [github](#provider\_github) | ~> 5.0 |

|  [kubectl](#provider\_kubectl) | ~> 1.14 |

|  [kubernetes](#provider\_kubernetes) | ~> 2.16 |

|  [local](#provider\_local) | ~> 2.2 |

|  [null](#provider\_null) | ~> 3.2 |

|  [tls](#provider\_tls) | ~> 4.0 |

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | ~> 1.3 |

|  [flux](#requirement\_flux) | 1.0.0-rc.1 |

|  [github](#requirement\_github) | ~> 5.0 |

|  [kubectl](#requirement\_kubectl) | ~> 1.14 |

|  [kubernetes](#requirement\_kubernetes) | ~> 2.16 |

|  [local](#requirement\_local) | ~> 2.2 |

|  [null](#requirement\_null) | ~> 3.2 |

|  [tls](#requirement\_tls) | ~> 4.0 |

## Resources

| Name | Type |

|------|------|

| [github_repository_deploy_key.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |

| [github_repository_file.install](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |

| [github_repository_file.kustomize](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |

| [github_repository_file.sync](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |

| [kubectl_manifest.install](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubectl_manifest.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |

| [kubernetes_namespace.flux](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |

| [kubernetes_secret.flux_ssh](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |

| [null_resource.k8s_namespace](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [null_resource.ssh_scan](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |

| [flux_install.this](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.1/docs/data-sources/install) | data source |

| [flux_sync.this](https://registry.terraform.io/providers/fluxcd/flux/1.0.0-rc.1/docs/data-sources/sync) | data source |

| [github_repository.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |

| [kubectl_file_documents.install](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |

| [kubectl_file_documents.sync](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source |

| [local_file.known_hosts](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source |

[//]: # (END_TF_DOCS)

## Authors

**Andre Silva** - [@andreswebs](https://github.com/andreswebs)

## License

This project is licensed under the [Unlicense](UNLICENSE.md).

## References

## Acknowledgments