-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathextra_flux_sources.tf
91 lines (76 loc) · 3 KB
/
extra_flux_sources.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
resource "tls_private_key" "main" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
algorithm = "ECDSA"
ecdsa_curve = "P521"
}
data "flux_sync" "main" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
name = var.extra_flux_sources[count.index].source_name
secret = "${var.extra_flux_sources[count.index].source_name}-secret"
target_path = var.extra_flux_sources[count.index].target_path
url = "ssh://[email protected]/${var.extra_flux_sources[count.index].github_owner}/${var.extra_flux_sources[count.index].repository_name}.git"
branch = var.extra_flux_sources[count.index].branch
}
# Kubernetes
data "kubectl_file_documents" "sync" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
content = data.flux_sync.main[count.index].content
}
resource "kubectl_manifest" "sync" {
# count = length(var.extra_flux_sources)
for_each = var.flux_enabled ? { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }: {}
depends_on = [module.addons_flux]
yaml_body = each.value
lifecycle {
ignore_changes = [
yaml_incluster
]
create_before_destroy = true
}
}
resource "kubernetes_secret" "main" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
metadata {
name = data.flux_sync.main[count.index].secret
namespace = data.flux_sync.main[count.index].namespace
}
data = {
identity = tls_private_key.main[count.index].private_key_pem
"identity.pub" = tls_private_key.main[count.index].public_key_pem
known_hosts = local.known_hosts
}
}
# GitHub
data "github_repository" "main" {
count = var.flux_enabled ? 1 : 0
name = var.flux_repo
}
resource "github_repository_deploy_key" "main" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
title = "${var.cluster_name}_${var.extra_flux_sources[count.index].source_name}_flux_deploy_key"
repository = var.extra_flux_sources[count.index].repository_name
key = tls_private_key.main[count.index].public_key_openssh
read_only = var.extra_flux_sources[count.index].read_only
}
resource "github_repository_file" "sync" {
count = var.flux_enabled ? length(var.extra_flux_sources) : 0
repository = data.github_repository.main[0].name
file = "${var.flux_target_path}/${local.flux_manifests_path}/${var.extra_flux_sources[count.index].source_name}.yaml"
content = data.flux_sync.main[count.index].content
branch = var.flux_branch
lifecycle {
ignore_changes = [content, sha]
}
}
locals {
extra_flux_sources_dis = [for dis in {for x in var.extra_flux_sources : "${x.github_owner}:${x.repository_name}" => x...} : dis[0]]
sync = flatten([
for i, src in var.extra_flux_sources : [
for v in data.kubectl_file_documents.sync[i].documents : {
data : yamldecode(v)
content : v
}
]
])
flux_manifests_path = "flux-system"
}