Use embedded Flux manifests for air-gapped bootstrap

stefanprodan commented 4 weeks ago

This PR allows running bootstrap in air-gapped environments by embedding the Flux manifests in the provider binary.

Description

With embedded_manifests enabled and registry set to an private container registry where the Flux images are copied, users can run bootstrap on air-gapped environments where access to GitHub is denied.

[!TIP] All users should enable embedded_manifests instead of setting version, this not only reduces the network traffic but also ensures that the Flux deployment matches the provider version.

Motivation and Context

The implementation in #503 has many flaws, the major problem is that customisations no longer work and users have to download the manifest files by hand before running bootstrap.

Fix: #590 Fix: #634

How has this been tested?

[x] Have you added an acceptance test for the functionality being added?
[x] Have you run the acceptance tests on this branch?

Manually tested with github.com dropped in firewall.

resource "flux_bootstrap_git" "this" {
  path = "clusters/air-gapped"
  embedded_manifests = true
  registry = "docker.io/fluxcd"
}

Types of changes

[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)

Documentation

[x] I have updated the documentation (if required) with make docs

Checklist:

[x] My code follows the code style of this project.
[x] My change requires a change to the documentation.
[x] I have updated the documentation accordingly.
[x] I've read the CONTRIBUTION guide
[x] I have signed-off my commits with git commit -s

swade1987 commented 4 weeks ago

This whole section should be in the documentation that gets rendered on the Terraform registry.

With embedded_manifests enabled and registry set to an private container registry where the Flux images are copied, users can run bootstrap on air-gapped environments where access to GitHub is denied.

Tip All users should enable embedded_manifests instead of setting version, this not only reduces the network traffic but also ensures that the Flux deployment matches the provider version.

stefanprodan commented 4 weeks ago

This whole section should be in the documentation that gets rendered on the Terraform registry.

Which one is that, haven't you deleted all guides? Better to have this here https://fluxcd.io/flux/installation/configuration/air-gapped/

fluxcd / terraform-provider-flux