stefanprodan
commented
1 month ago Yes this is by design. When you pass the raw manifests they are applied as they are. You need to patch the images inside the overlay.
Closed kcighon closed 4 weeks ago
stefanprodan
commented
1 month ago Yes this is by design. When you pass the raw manifests they are applied as they are. You need to patch the images inside the overlay.
kcighon
commented
1 month ago Thanks @stefanprodan - is there an alternative solution to manifests_path for airgapped scenarios?
stefanprodan
commented
1 month ago You can set the image patches in Git and bootstrap will use them along with manifests_path
kcighon
commented
1 month ago Any chance you have an example git repo?
stefanprodan
commented
1 month ago You can use a kustomization.yaml like so:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
images:
- name: ghcr.io/fluxcd/source-controller
newName: my.reg/fluxcd/source-controller
- name: ghcr.io/fluxcd/kustomize-controller
newName: my.reg/fluxcd/kustomize-controller
- name: ghcr.io/fluxcd/helm-controller
newName: my.reg/fluxcd/helm-controller
- name: ghcr.io/fluxcd/notification-controller
newName: my.reg/fluxcd/notification-controller
- name: ghcr.io/fluxcd/image-reflector-controller
newName: my.reg/fluxcd/image-reflector-controller
- name: ghcr.io/fluxcd/image-automation-controller
newName: my.reg/fluxcd/image-automation-controllerAnd pass this to kustomization_override
kcighon
commented
1 month ago Many thanks. That works well.
As an alternative, do you see any issues with the below to avoid downloading the manifests.tar.gz?:
resource "local_file" "flux_install" {
content = <<-EOT
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- flux.yaml
EOT
filename = "${path.module}/files/kustomization.yaml"
provisioner "local-exec" {
command = <<-EOT
flux install --export --registry ${var.registry} > ${path.module}/files/flux.yaml
EOT
}
}
resource "flux_bootstrap_git" "this" {
depends_on = [local_file.flux_install]
path = "<your_cluster_path>"
manifests_path = "${path.cwd}/manifests"
registry = "<your registry url>"
version = "v2.2.3"
}If you use the CLI binary, then you really need to make sure the CLI is at same version as the one specified in flux_bootstrap_git.
kcighon
commented
1 month ago Understood - the same would apply to automating the download of the manifests.tar.gz as a step within our docker container build. We end up version locked either way for airgapped usage.
Many thanks for your help.
swade1987
commented
1 month ago @kcighon you happy for this issue to be closed inlight of https://github.com/fluxcd/terraform-provider-flux/issues/635 being added to the next release.
kcighon
commented
1 month ago @kcighon you happy for this issue to be closed inlight of https://github.com/fluxcd/terraform-provider-flux/issues/635 being added to the next release.
That's great - many thanks.
Describe the bug
We would like to use
flux_bootstrap_gitin an airgapped environment. Apart from #590 being an issue (our terraform runs in a unpriveleged docker container), settingmanifests_pathto a location on the container disregards theregistryparameter and bootstrap fails as images are set to default (ghcr.io/fluxcd)Steps to reproduce
example.tf
Expected behavior
Manifests honor the
registryparameter when being applied.Screenshots and recordings
No response
Terraform and provider versions
Terraform v1.7.3 fluxcd/flux Provider v1.2.3
Terraform provider configurations
flux_bootstrap_git resource
Flux version
v2.2.3
Additional context
No response
Code of Conduct