feat: install flux to new k3s cluster

2026-01-13 21:11:02 +00:00 · 2021-12-05 00:03:54 +01:00 · 2021-12-05 00:03:54 +01:00 · 70a986913c
commit 70a986913c
parent 41d120b277
7 changed files with 264 additions and 4 deletions
--- a/k3s_cluster_v2/flux.tf
+++ b/k3s_cluster_v2/flux.tf
@ -0,0 +1,133 @@
+provider "kubectl" {
+  host                   = module.k3s.kubernetes.api_endpoint
+  cluster_ca_certificate = module.k3s.kubernetes.cluster_ca_certificate
+  client_certificate     = module.k3s.kubernetes.client_certificate
+  client_key             = module.k3s.kubernetes.client_key
+}
+
+provider "github" {
+  owner = var.github_owner
+  token = var.github_token
+}
+
+# SSH
+locals {
+  known_hosts = "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="
+}
+
+resource "tls_private_key" "main" {
+  algorithm   = "ECDSA"
+  ecdsa_curve = "P256"
+}
+
+# Flux
+data "flux_install" "main" {
+  target_path = var.target_path
+}
+
+data "flux_sync" "main" {
+  target_path = var.target_path
+  url         = "ssh://git@github.com/${var.github_owner}/${var.repository_name}.git"
+  branch      = var.branch
+}
+
+# Kubernetes
+resource "kubernetes_namespace" "flux_system" {
+  metadata {
+    name = "flux-system"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      metadata[0].labels,
+    ]
+  }
+}
+
+data "kubectl_file_documents" "install" {
+  content = data.flux_install.main.content
+}
+
+data "kubectl_file_documents" "sync" {
+  content = data.flux_sync.main.content
+}
+
+locals {
+  install = [for v in data.kubectl_file_documents.install.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ]
+  sync = [for v in data.kubectl_file_documents.sync.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ]
+}
+
+resource "kubectl_manifest" "install" {
+  for_each   = { for v in local.install : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+  depends_on = [kubernetes_namespace.flux_system]
+  yaml_body  = each.value
+}
+
+resource "kubectl_manifest" "sync" {
+  for_each   = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+  depends_on = [kubernetes_namespace.flux_system]
+  yaml_body  = each.value
+}
+
+resource "kubernetes_secret" "main" {
+  depends_on = [kubectl_manifest.install]
+
+  metadata {
+    name      = data.flux_sync.main.secret
+    namespace = data.flux_sync.main.namespace
+  }
+
+  data = {
+    identity       = tls_private_key.main.private_key_pem
+    "identity.pub" = tls_private_key.main.public_key_pem
+    known_hosts    = local.known_hosts
+  }
+}
+
+# GitHub
+resource "github_repository" "main" {
+  name       = var.repository_name
+  visibility = var.repository_visibility
+  auto_init  = true
+}
+
+resource "github_branch_default" "main" {
+  repository = github_repository.main.name
+  branch     = var.branch
+}
+
+resource "github_repository_deploy_key" "main" {
+  title      = "staging-cluster"
+  repository = github_repository.main.name
+  key        = tls_private_key.main.public_key_openssh
+  read_only  = true
+}
+
+resource "github_repository_file" "install" {
+  repository = github_repository.main.name
+  file       = data.flux_install.main.path
+  content    = data.flux_install.main.content
+  branch     = var.branch
+}
+
+resource "github_repository_file" "sync" {
+  repository = github_repository.main.name
+  file       = data.flux_sync.main.path
+  content    = data.flux_sync.main.content
+  branch     = var.branch
+}
+
+resource "github_repository_file" "kustomize" {
+  repository = github_repository.main.name
+  file       = data.flux_sync.main.kustomize_path
+  content    = data.flux_sync.main.kustomize_content
+  branch     = var.branch
+}
--- a/k3s_cluster_v2/variables.tf
+++ b/k3s_cluster_v2/variables.tf
@ -54,4 +54,36 @@ variable "ssh_key" {
 variable "hcloud_ccm_token" {
  description = "HCloud API Token used by the hcloud-cloud-controller-manager"
  type        = string
+  sensitive   = true
+}
+
+## Flux
+variable "github_owner" {
+  type = string
+}
+
+variable "github_token" {
+  type      = string
+  sensitive = true
+}
+
+variable "repository_name" {
+  type = string
+}
+
+variable "branch" {
+  type = string
+}
+
+variable "repository_visibility" {
+  type = string
+}
+
+variable "flux_version" {
+  type = string
+}
+
+variable "target_path" {
+  type        = string
+  description = "Relative path to the Git repository root where Flux manifests are committed."
 }
--- a/k3s_cluster_v2/versions.tf
+++ b/k3s_cluster_v2/versions.tf
@ -18,5 +18,20 @@ terraform {
    null = {
      source = "hashicorp/null"
    }
+
+    github = {
+      source = "integrations/github"
+    }
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.10.0"
+    }
+    flux = {
+      source  = "fluxcd/flux"
+      version = ">= 0.0.13"
+    }
  }
 }