Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create flux_bootstrap_oci resource #501

Open
willejs opened this issue Jun 19, 2023 · 10 comments
Open

Create flux_bootstrap_oci resource #501

willejs opened this issue Jun 19, 2023 · 10 comments
Labels
enhancement New feature or request hold Issues and pull requests put on hold

Comments

@willejs
Copy link

willejs commented Jun 19, 2023

Ideally there would be a resource which bootstraps the cluster using OCI as a source too.

@swade1987 swade1987 added the enhancement New feature or request label Apr 1, 2024
@errordeveloper
Copy link
Contributor

@swade1987 I would imagine this to be a trivial kind of change, I might have a crack at it what do you think?

@stefanprodan
Copy link
Member

@errordeveloper the OCI bootstrap needs a total revamp of Flux core packages, CLI UX, etc. I'm not ready to tackle this now, maybe in Q3.

@stefanprodan stefanprodan added the hold Issues and pull requests put on hold label Apr 26, 2024
@errordeveloper
Copy link
Contributor

Is this because right now the terraform resource does actually write to git etc? Should there be a less opinionated mode that just deploys flux and one source config with a URL?

@stefanprodan
Copy link
Member

Terraform is just a wrapper of the fluxcd/flux2/pkg/bootstrap, OCI bootstrap must be first implemented in the CLI. Deploying Flux from an OCI artifact breaks all the patterns we have now in place, we need an RFC that solves the cluster reconciler blocker, with OCI there is no flux-system root object anymore, so no way to spin off the infra+apps in a declarative way.

@errordeveloper
Copy link
Contributor

I guess I would just have to apply a static manifest with terraform and configure OCI repo, will just need to vendor the manifest.

@stefanprodan
Copy link
Member

stefanprodan commented Apr 26, 2024

Bootstrap means Flux should be able to manage itself and whole cluster in one go. So flux bootstrap oci and its TF counterpart, should be able to create an OCI repository in a private registry, customise, build, push and sign the Flux manifest to the registry, then setup Flux on the cluster to sync its state from the private OCIRepository (ideally using Workload Identity & Cosign), but this only solves half of the bootstrap procedure, you also need to kick off the infra+apps, which can't be done the same way you would do with Git. I have wrote several PoC but all of them felt short on the UX side.

@errordeveloper
Copy link
Contributor

What I mean is that I just want to install flux controllers into flux-system and one pair of OCIRepository+Kustomization, I already have an OCI artefact that is ready to be deployed. It sounds like bootstrap does a lot more, which is something I didn't realise and no doubt it's really great UX.

With 0.x version of this provider I could use flux_install data source and read the manifest from it. It's not amazing UX, but functionality-wise, it's closer to what I'd want.

Hope what I said earlier makes more sense now.

@errordeveloper
Copy link
Contributor

So I guess what I'd want from this provider is actually a flux_install resource, which would wrap the flux install command (of course). I'd be happy to start a PR unless anyone objects. I have to say that I forgot that there are two commands install and bootstrap, last time I just reached out for flux install --export checking in the output etc. I could probably just do the same again, as it's not too cumbersome.

@stefanprodan
Copy link
Member

We had that and we removed it, this TF provider for bootstrap only. If you need to just install Flux then you can do this: https://github.com/fluxcd/terraform-provider-flux/blob/main/examples/helm-install/main.tf

@stefanprodan
Copy link
Member

Draft RFC here: fluxcd/flux2#4749

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request hold Issues and pull requests put on hold
Projects
None yet
Development

No branches or pull requests

4 participants