Add flux

2022-05-08 17:02:47 +02:00
parent faf34f658f
commit 062d39324e
6 changed files with 1411 additions and 3 deletions
--- a/modules/flux/main.tf
+++ b/modules/flux/main.tf
@@ -0,0 +1,84 @@
+# Install
+
+data "flux_install" "main" {
+  target_path    = var.path
+  network_policy = false
+  version        = "latest"
+}
+
+resource "kubernetes_namespace" "flux_system" {
+  metadata {
+    name = var.namespace
+  }
+
+  lifecycle {
+    ignore_changes = [
+      metadata[0].labels,
+    ]
+  }
+}
+
+data "kubectl_file_documents" "apply" {
+  content = data.flux_install.main.content
+}
+
+# Convert documents list to include parsed yaml data
+locals {
+  apply = [for v in data.kubectl_file_documents.apply.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ]
+}
+
+# Apply manifests on the cluster
+resource "kubectl_manifest" "apply" {
+  for_each   = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+  depends_on = [kubernetes_namespace.flux_system]
+  yaml_body  = each.value
+}
+
+# Sync
+
+data "flux_sync" "main" {
+  target_path = var.path
+  url         = var.url
+  branch      = var.branch
+}
+
+# Split multi-doc YAML with
+# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
+data "kubectl_file_documents" "sync" {
+  content = data.flux_sync.main.content
+}
+
+# Convert documents list to include parsed yaml data
+locals {
+  sync = [for v in data.kubectl_file_documents.sync.documents : {
+    data : yamldecode(v)
+    content : v
+    }
+  ]
+}
+
+# Apply manifests on the cluster
+resource "kubectl_manifest" "sync" {
+  for_each   = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
+  depends_on = [kubernetes_namespace.flux_system]
+  yaml_body  = each.value
+}
+
+# Generate a Kubernetes secret with the Git credentials
+resource "kubernetes_secret" "main" {
+  depends_on = [kubectl_manifest.apply]
+
+  metadata {
+    name      = data.flux_sync.main.secret
+    namespace = data.flux_sync.main.namespace
+  }
+
+  data = {
+    username = "git"
+    password = var.flux_token
+  }
+}