Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/andreswebs/terraform-github-fluxcd-deploy-key-k8s-secret
Generates a GitHub deploy key in an existing repository and saves it in a Kubernetes secret in the format expected by the FluxCD Toolkit
https://github.com/andreswebs/terraform-github-fluxcd-deploy-key-k8s-secret
fluxcd terraform
Last synced: 4 days ago
JSON representation
Generates a GitHub deploy key in an existing repository and saves it in a Kubernetes secret in the format expected by the FluxCD Toolkit
- Host: GitHub
- URL: https://github.com/andreswebs/terraform-github-fluxcd-deploy-key-k8s-secret
- Owner: andreswebs
- License: unlicense
- Created: 2023-04-17T20:30:35.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-17T11:14:27.000Z (9 months ago)
- Last Synced: 2024-11-08T02:47:24.181Z (about 2 months ago)
- Topics: fluxcd, terraform
- Language: HCL
- Homepage: https://registry.terraform.io/modules/andreswebs/fluxcd-deploy-key-k8s-secret/github/latest
- Size: 16.6 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Security: SECURITY.md
Awesome Lists containing this project
README
# terraform-github-fluxcd-deploy-key-k8s-secret
Generates a GitHub deploy key in an existing repository and saves it in a
Kubernetes secret in the format expected by the
[FluxCD](https://fluxcd.io/docs/) toolkit.**Note**: This module will generate an SSH key pair and the public key will be
added to the existing GitHub repository. This key pair will be stored
unencrypted in the Terraform state. Make sure that only authorized users have
direct access to the Terraform state.It is highly recommended to use a remote state backend supporting encryption at
rest. See [References](#references) for more information.See the [examples](#usage) to use an externally generated key instead of using
this module.[//]: # (BEGIN_TF_DOCS)
## Usage
Example:
```hcl
provider "github" {
token = var.github_token
owner = var.github_owner
}provider "kubernetes" {
config_path = "~/.kube/config"
config_context = "my-context"
}module "fluxcd_deploy_key" {
source = "andreswebs/fluxcd-deploy-key-k8s-secret/github"
version = "1.0.0"k8s_namespace = "flux-system"
git_repository_name = var.flux_repository_name
git_branch = var.flux_git_branch
github_owner = var.flux_github_owner
}
```To use an externally generated deploy key, first add the deploy public key to the GitHub repository (see [instructions](https://docs.github.com/en/developers/overview/managing-deploy-keys#setup-2)).
Then create a Kubernetes secret with the contents below:```sh
kubectl create secret generic \
flux-system \
--namespace flux-system \
--from-file=identity \
--from-file=identity.pub \
--from-literal=known_hosts="$(ssh-keyscan github.com)"
```The key files must be named `identity` (private key) and `identity.pub` (public key).
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [create\_namespace](#input\_create\_namespace) | Create the Kubernetes namespace? | `bool` | `true` | no |
| [flux\_secret\_name](#input\_flux\_secret\_name) | The name of the secret that is referenced by `GitRepository`, used by flux to deploy to the git repository | `string` | `"flux-system"` | no |
| [git\_branch](#input\_git\_branch) | Git branch | `string` | `"main"` | no |
| [git\_repository\_name](#input\_git\_repository\_name) | Name of the Git repository to store the FluxCD manifests | `string` | n/a | yes |
| [github\_deploy\_key\_readonly](#input\_github\_deploy\_key\_readonly) | Set the GitHub deploy key as read-only? | `bool` | `true` | no |
| [github\_deploy\_key\_title](#input\_github\_deploy\_key\_title) | GitHub deploy key title | `string` | `"flux"` | no |
| [github\_owner](#input\_github\_owner) | GitHub owner | `string` | n/a | yes |
| [github\_ssh\_domain](#input\_github\_ssh\_domain) | Domain to use for SSH to GitHub | `string` | `"github.com"` | no |
| [k8s\_namespace](#input\_k8s\_namespace) | Name of the Kubernetes namespace where the resources will be deployed | `string` | `"flux-system"` | no |
| [k8s\_namespace\_annotations](#input\_k8s\_namespace\_annotations) | Annotations to apply to the Kubernetes namespace when it is created | `map(string)` | `{}` | no |
| [k8s\_namespace\_labels](#input\_k8s\_namespace\_labels) | Labels to apply to the Kubernetes namespace when it is created | `map(string)` | `{}` | no |## Modules
No modules.
## Outputs
| Name | Description |
|------|-------------|
| [deploy\_key](#output\_deploy\_key) | The `tls_private_key` resource: SSH key added to the GitHub repository |
| [github\_repository](#output\_github\_repository) | `data.github_repository` GitHub repository used by flux |
| [k8s\_namespace](#output\_k8s\_namespace) | The `kubernetes_namespace` resource |
| [k8s\_namespace\_name](#output\_k8s\_namespace\_name) | The name (`metadata.name`) of the namespace |
| [known\_hosts](#output\_known\_hosts) | Known hosts for GitHub's SSH domain |## Providers
| Name | Version |
|------|---------|
| [github](#provider\_github) | ~> 5.0 |
| [http](#provider\_http) | ~> 3.2 |
| [kubernetes](#provider\_kubernetes) | ~> 2.16 |
| [null](#provider\_null) | ~> 3.2 |
| [tls](#provider\_tls) | ~> 4.0 |## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.3 |
| [github](#requirement\_github) | ~> 5.0 |
| [http](#requirement\_http) | ~> 3.2 |
| [kubernetes](#requirement\_kubernetes) | ~> 2.16 |
| [null](#requirement\_null) | ~> 3.2 |
| [tls](#requirement\_tls) | ~> 4.0 |## Resources
| Name | Type |
|------|------|
| [github_repository_deploy_key.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
| [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_secret.flux_ssh](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
| [null_resource.github_res_check](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [null_resource.k8s_namespace](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [github_repository.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository) | data source |
| [http_http.github_meta](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |[//]: # (END_TF_DOCS)
## Authors
**Andre Silva** - [@andreswebs](https://github.com/andreswebs)
## License
This project is licensed under the [Unlicense](UNLICENSE.md).
## References