search

fluxcd / source-controller

The GitOps Toolkit source management component
https://fluxcd.io
Apache License 2.0
231 stars 183 forks source link

Solving a chicken-and-egg problem when using Flux pointed to a in-cluster slef-hosted Gitlab that doesn't exist yet? #1504

Closed nogweii closed 4 weeks ago

nogweii commented 4 weeks ago

I have a local git repository on my laptop that has a bunch of manifests to deploy Gitlab, among other apps, to my Kubernetes cluster. The cluster is pretty much empty, as it is a freshly made one using Talos. I'd like Flux to point to my Gitlab installation using a GitRepository but that Gitlab server doesn't exist yet as the manifests haven't been applied. I do not want to host this repo in an external service, I want to keep it private.

What options are there to resolve this? Is there an API I can upload a compressed snapshot of the repo to a controller to seed it?

makkes commented 4 weeks ago

Generally, you don't need Git to use Flux. source-controller can consume artifacts from S3 or OCI, too.

nogweii commented 4 weeks ago

Fair point, but still suggests a similar situation - if I'm deploying Minio or Harbor (as examples) via Flux, how do I solve that situation? I don't have an S3 bucket or OCI registry yet to upload to.

stefanprodan commented 4 weeks ago

The whole point of Flux and GitOps is that the cluster state is stored outside of the cluster. Please close this and open a discussion if you like https://github.com/fluxcd/flux2/discussions, this is not something suitable for an issue in source-controller.

kingdonb commented 4 weeks ago

You will always have a chicken-and-egg problem if you try to put your source of truth inside of the cluster. There is no way for Source Controller to deliver an artifact that comes from anywhere else than where you have pointed a Source.

You can upload an artifact to a GitHub OCI registry (it's free) and use it to seed the bootstrap.

Any scheme where you're taking a snapshot and exporting it to use as a surrogate or temporary source of truth is going to have the risk that it will become out of sync with the definition in your ultimate source of truth.

(That difference might not matter at all, or it might be the critical part of how the "external bootstrap seed" works - for self-hosted cluster with an internal source of truth.)

I created, to follow up this thread: