Runtime values injection

[zs-dima]

Might be nice to implement runtime values injection. For example we have published an oci artifact, and want to use it to deploy by specifying an app.domain.com address:

Currently there is no way to specify values.yaml for Flux configuration: values.yaml

values:
  ingress:
    className: traefik
    annotations:
      external-dns.kubernetes.io/target: app.domain.com
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    host: app.domain.com
    tls:
      - secretName: tls-production
        hosts:
          - app.domain.com

At the same time, we cannot build an artifact that specifies an app.domain.com address, because the address depends on a particular deployment:

https://timoni.sh/gitops-flux/ It is no place to specify values.yaml:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: podinfo
  namespace: flux-system
spec:
  targetNamespace: apps
  interval: 1h
  retryInterval: 30s
  timeout: 5m
  path: ./
  prune: true
  wait: true
  sourceRef:
    kind: OCIRepository
    name: podinfo

Example: https://github.com/zs-dima/auth-app/tree/main/deploy/modules/auth-app

[zs-dima]

It is workaround to build module with variable ${DOMAIN}

values:
  ingress:
    className: traefik
    annotations:
      external-dns.kubernetes.io/target: app.${DOMAIN}
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
    host: app.${DOMAIN}
    tls:
      - secretName: tls-production
        hosts:
          - app.${DOMAIN}

and substitude variable with Flux Kustomization:

postBuild:
  substituteFrom:
    - kind: ConfigMap
      name: variables-config
patches:
    - target:
        kind: Kustomization
        group: kustomize.toolkit.fluxcd.io
      patch: |-
        - op: add
          path: /spec/postBuild
          value:
            substituteFrom:
              - kind: ConfigMap
                name: variables-config

although it does not look like acceptable solution.

[stefanprodan]

Might be nice to implement runtime values injection.

Build it where? If you use Timoni as a templating engine, then there is no runtime available to it, Flux var sub is the only way to do it.

[stefanprodan]

If you do have access to the cluster from the CI job that run Timoni, then you can use timoni bundle build --runtime and get the hostname from the cluster.

[zs-dima]

@stefanprodan thanks a lot for the answer. I am using GitHub Actions to build bundle.

I mean it would be nice to pass values to the TimoniRelease:

apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: TimoniRelease
metadata:
  name: podinfo
spec:
  chart:
    spec:
      version: "1.2.3.*"
      chart: podinfo
      sourceRef:
        kind: OCIRepository
        name: podinfo
  values:
    ingress:
      className: traefik
      annotations:
        external-dns.kubernetes.io/target: app.domain.com
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      host: app.domain.com
      tls:
        - secretName: tls-production
          hosts:
            - app.domain.com

[stefanprodan]

I'm confused, there is no TimoniRelease. Are you asking about a Timoni Controller for Flux?

[zs-dima]

Timoni Controller for Flux?

Sure, maybe I have to create the same issue in the Flux 2 repository.

[stefanprodan]

In the GitOps with Flux doc there is a note about a Timoni Controller:

Note that currently Timoni can be used with Flux as a templating engine for Kubernetes manifests. Features like app lifecycle management, bundling, runtime values injection and multi-cluster deployments are not available when using Timoni as a templating engine. For Timoni to fully embrace GitOps, a Kubernetes controller will be implemented when Timoni's CUE APIs reach a more stable form.

And there is also an issue for this topic: https://github.com/stefanprodan/timoni/issues/10

Going to close this as a duplicate of #10