Module to bootstrap FluxCD on EKS cluster with SOPS as encryption provider and a separate set of credentials for flux controller, which makes it possible for giving the controller a read-only access to the repository.
module "fluxcd" {
source = "github.com/neondatabase/terraform-eks-fluxcd-sops?ref=v0.16"
path = "./clusters/dev"
controller_ssh_public_key = file("./deploy-key.pub")
controller_ssh_private_key = file("./deploy-key.priv")
controller_ssh_known_hosts = "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="
service_account_annotations = {
"eks.amazonaws.com/role-arn" = "arn:aws:iam::123456789012:role/fluxcd-irsa-role"
}
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| controller_ssh_private_key | SSH private key for flux controller | string |
n/a | yes |
| controller_ssh_public_key | SSH public key for flux controller | string |
n/a | yes |
| path | Path relative to flux repository root where to look for manifests | string |
n/a | yes |
| cluster_secrets | Key-value pairs to create 'terraform-flux-cluster-secrets' Secret for flux/Kustomization postBuild use | map(string) |
{} |
no |
| cluster_variables | Key-value pairs to create 'terraform-flux-cluster-variables' ConfigMap for flux/Kustomization postBuild use | map(string) |
{} |
no |
| controller_ssh_known_hosts | SSH known hosts for flux controller. Defaults to github.com ECDSA key. | string |
"github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" |
no |
| delete_git_manifests | Delete manifests from git repository. Defaults to true. | bool |
true |
no |
| flux_system_prune | Whether pruning should be set on flux-system Kustomization. Defaults to true | bool |
true |
no |
| fluxcd_version | Flux version to use | string |
"v2.3.0" |
no |
| keep_namespace | Keep the namespace after uninstalling Flux components. Defaults to true | bool |
true |
no |
| kustomize_controller_feature_gates | Kustomize controller feature gates to enable/disable. | map(bool) |
{} |
no |
| namespace | Kubernetes namespace to deploy fluxcd to | string |
"flux-system" |
no |
| pod_labels | Labels to add to the kustomize-controller pods | map(string) |
{} |
no |
| service_account_annotations | Annotations to add to the kustomize-controller service account | map(string) |
{} |
no |
| service_account_labels | Annotations to add to the kustomize-controller service account | map(string) |
{} |
no |
| watch_all_namespaces | Whether flux controller should watch all namespaces for custom resources or not | bool |
true |
no |
Detailed information
## Resources| Name | Type |
|---|---|
| flux_bootstrap_git.this | resource |
| kubernetes_config_map.flux_cluster_variables | resource |
| kubernetes_namespace.flux_system_ns | resource |
| kubernetes_secret.flux_cluster_secrets | resource |
| kubernetes_secret.flux_system_secret | resource |
| terraform_data.fluxcd_reprovision | resource |