errordeveloper
commented
4 months ago @swade1987 I would imagine this to be a trivial kind of change, I might have a crack at it what do you think?
Open willejs opened 1 year ago
errordeveloper
commented
4 months ago @swade1987 I would imagine this to be a trivial kind of change, I might have a crack at it what do you think?
stefanprodan
commented
4 months ago @errordeveloper the OCI bootstrap needs a total revamp of Flux core packages, CLI UX, etc. I'm not ready to tackle this now, maybe in Q3.
errordeveloper
commented
4 months ago Is this because right now the terraform resource does actually write to git etc? Should there be a less opinionated mode that just deploys flux and one source config with a URL?
stefanprodan
commented
4 months ago Terraform is just a wrapper of the fluxcd/flux2/pkg/bootstrap, OCI bootstrap must be first implemented in the CLI. Deploying Flux from an OCI artifact breaks all the patterns we have now in place, we need an RFC that solves the cluster reconciler blocker, with OCI there is no flux-system root object anymore, so no way to spin off the infra+apps in a declarative way.
errordeveloper
commented
4 months ago I guess I would just have to apply a static manifest with terraform and configure OCI repo, will just need to vendor the manifest.
stefanprodan
commented
4 months ago Bootstrap means Flux should be able to manage itself and whole cluster in one go. So flux bootstrap oci and its TF counterpart, should be able to create an OCI repository in a private registry, customise, build, push and sign the Flux manifest to the registry, then setup Flux on the cluster to sync its state from the private OCIRepository (ideally using Workload Identity & Cosign), but this only solves half of the bootstrap procedure, you also need to kick off the infra+apps, which can't be done the same way you would do with Git. I have wrote several PoC but all of them felt short on the UX side.
errordeveloper
commented
4 months ago What I mean is that I just want to install flux controllers into flux-system and one pair of OCIRepository+Kustomization, I already have an OCI artefact that is ready to be deployed. It sounds like bootstrap does a lot more, which is something I didn't realise and no doubt it's really great UX.
With 0.x version of this provider I could use flux_install data source and read the manifest from it. It's not amazing UX, but functionality-wise, it's closer to what I'd want.
Hope what I said earlier makes more sense now.
errordeveloper
commented
4 months ago So I guess what I'd want from this provider is actually a flux_install resource, which would wrap the flux install command (of course). I'd be happy to start a PR unless anyone objects. I have to say that I forgot that there are two commands install and bootstrap, last time I just reached out for flux install --export checking in the output etc. I could probably just do the same again, as it's not too cumbersome.
stefanprodan
commented
4 months ago We had that and we removed it, this TF provider for bootstrap only. If you need to just install Flux then you can do this: https://github.com/fluxcd/terraform-provider-flux/blob/main/examples/helm-install/main.tf
stefanprodan
commented
4 months ago Draft RFC here: https://github.com/fluxcd/flux2/pull/4749
Ideally there would be a resource which bootstraps the cluster using OCI as a source too.