oun / pulumi-flux

Pulumi provider for FluxCD
Apache License 2.0
9 stars 2 forks source link

FluxCD timeout during destruction #10

Closed alexalex89 closed 1 year ago

alexalex89 commented 1 year ago

Hey,

I have an issue regarding pulumi-flux and pulumi destroy. When I want to destroy my cluster, I receive a timeout from two FluxCD resources:

kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition (kustomizations.kustomize.toolkit.fluxcd.io):
  error: 'kustomizations.kustomize.toolkit.fluxcd.io' timed out waiting to be Ready

kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition (gitrepositories.source.toolkit.fluxcd.io):
  error: 'gitrepositories.source.toolkit.fluxcd.io' timed out waiting to be Ready

This is my code to deploy FluxCD:

import pulumi
import pulumi_flux as flux
import pulumi_github as github
import pulumi_kubernetes as k8s
import pulumi_tls as tls

ssh_key = tls.PrivateKey("key", algorithm="ECDSA", ecdsa_curve="P256")

github.BranchDefault("default", repository=repository_name, branch=branch)
github.RepositoryDeployKey(
    "flux-key",
    title="flux",
    repository=repository_name,
    key=ssh_key.public_key_openssh,
    read_only=True,
)

flux_install = flux.get_flux_install(target_path=target_path, version=version)
flux_sync = flux.get_flux_sync(
    target_path=target_path,
    url=f"ssh://git@github.com/{github_owner}/{repository_name}.git",
    branch=branch)

# Create kubernetes resource from generated manifests
install = k8s.yaml.ConfigGroup("flux-install", yaml=[flux_install.content], opts=pulumi.ResourceOptions(depends_on=[gke_nodepool], provider=provider))
k8s.yaml.ConfigGroup("flux-sync", yaml=[flux_sync.content], opts=pulumi.ResourceOptions(depends_on=[gke_nodepool], provider=provider))

k8s.core.v1.Secret(
    "flux",
    metadata=k8s.meta.v1.ObjectMetaArgs(
        name=flux_sync.secret, namespace=flux_sync.namespace
    ),
    string_data={
        "identity": ssh_key.private_key_pem,
        "identity.pub": ssh_key.public_key_pem,
        "known_hosts": "github.com ecdsa-sha2-nistp256 AAAA<...>pockg=",
    },
    opts=pulumi.ResourceOptions(depends_on=[install],
                                provider=provider)
)

# Commit files to Github
github.RepositoryFile(
    "install",
    repository=repository_name,
    file=flux_install.path,
    content=flux_install.content,
    branch=branch,
    overwrite_on_create=True,
    opts=pulumi.ResourceOptions(depends_on=[install],
                                provider=provider)
)
github.RepositoryFile(
    "sync",
    repository=repository_name,
    file=flux_sync.path,
    content=flux_sync.content,
    branch=branch,
    overwrite_on_create=True,
    opts=pulumi.ResourceOptions(depends_on=[install],
                                provider=provider)
)
github.RepositoryFile(
    "kustomize",
    repository=repository_name,
    file=flux_sync.kustomize_path,
    content=flux_sync.kustomize_content,
    branch=branch,
    overwrite_on_create=True,
    opts=pulumi.ResourceOptions(depends_on=[install],
                                provider=provider)
)

There are no pods available in the flux-system namespace when I receive the timeout. I assume that the Finalizers are missing these pods. Is there any fix for the behaviour?

Thanks in advance and kind regards Alex

oun commented 1 year ago

Hi Alex,

This is known issue in the terraform-provider-flux. They are now deprecated flux-install and flux-sync and migrate to flux-bootstrap-git as described in https://registry.terraform.io/providers/fluxcd/flux/latest/docs/guides/migrating-to-resource.

You can use flux-bootstrap-git resource in release v0.25.3. An example is here.

Kind regards,

alexalex89 commented 1 year ago

Great, thanks for your answer! This helps indeed - it's working now. Probably you'd think about marking the old version as deprecated in the docs and refer to the bootstrap.

Kind regards Alex