flux.tf

# GITHUB_TOKEN should be set for Github provider to work
# GITHUB_ORGANIZATION should be set if deploying in another ORG and not your
# https://github.com/particuleio/terraform-kubernetes-addons/blob/main/flux2.tf
module "addons_flux" {
  source  = "particuleio/addons/kubernetes"
  version = "2.36.2"
  flux2 = {
    enabled                  = var.flux_enabled
    create_ns                = true
    namespace                = "flux-system"
    target_path              = var.flux_target_path
    default_network_policy   = true
    version                  = var.flux_version
    github_url               = var.flux_github_url
    create_github_repository = false
    repository               = var.flux_repo
    repository_visibility    = ""
    github_token             = ""
    branch                   = var.flux_branch
    flux_sync_branch         = ""
    default_components       = var.flux_default_components
    components               = []
    provider                 = "github"
    auto_image_update        = var.flux_auto_image_update
    custom_kustomize         = local.custom_kustomize
    known_hosts              = [local.known_hosts]
    ignore_fields_apply      = ["spec.template.spec.containers.0.resources"] # ignore patch changes
  }
}


locals {
  known_hosts = "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="
  repos_str   = [for src in var.extra_flux_sources : src.source_name]
  ecr_sync_job_ks     = var.ecr_sync_job ? "- ecr-sync.yaml" : ""
  custom_kustomize    = <<YAML
# 
# READ ONLY
# This file is generated by terraform, any direct edits will be overwritten on the next apply
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-sync.yaml
- gotk-components.yaml
${local.ecr_sync_job_ks}
${join("\n", formatlist("- %s.yaml", local.repos_str))}
${local.add_patch_to_ks}
YAML
}