oun / pulumi-flux Goto Github PK

Hi there! Thanks so much for contributing the provider!

It would help the display in the registry if you could add a docs directory with some information about the provider, see this example:

https://github.com/lbrlabs/pulumi-harness/tree/main/docs

File: themes/default/content/registry/packages/flux/_index.md

I am trying to configure a flux provider in C# to bootstrap my existing Flux files, but I am encountering a weird behaviour that might be a bug.

string githubOwner = "xxx";
string repoName = "xxx";
string branch = config.Require("flux_branch");
string path = $"k8s/clusters/{Deployment.Instance.StackName}";

// Read the private key from the local filesystems home directory.
string sshPrivateKey = File.ReadAllText(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), ".ssh", "id_rsa"));

var fluxProvider = new Provider("flux", new ProviderArgs
{
    Kubernetes = new ProviderKubernetesArgs
    {
        ConfigPath = "~/.kube/config",
        ConfigContextCluster = "k3d-cluster-local"
    },
    Git = new ProviderGitArgs
    {
        Url = $"ssh://github.com/{githubOwner}/{repoName}",
        Branch = branch,
        // This throws an error for either the PrivateKey or the Password. It differs
        Ssh = new ProviderGitSshArgs()
        {
            Username = "git",
            PrivateKey = new StringAsset(sshPrivateKey).ToString(),
            Password = "xxxx"
        }
    }
});

_ = new FluxBootstrapGit("flux",
    new FluxBootstrapGitArgs
    {
        Path = path
    },
    new CustomResourceOptions
    {
        Provider = fluxProvider,
    }
);

The code throws the following error:

error: cannot encode provider configuration to call ConfigureProvider: objectEncoder failed on property "git": objectEncoder failed on property "ssh": objectEncoder failed on property "password": Expected a string, got: {map[4dabf18193072939515e22adb298388d:{1b47061264138c4ac30d75fd1eb44270} value:{xxxx}]}

Would it be possible to add an example of configuring Flux with SSH and check if some misconfiguration has happened? I am wondering why the setter parsed my string values into maps.

The ability to provision a cluster and install Flux using a single Infrastructure as Code (IaC) tool is incredibly beneficial. Therefore, expanding the options available with this plugin would be a welcome enhancement.

In our professional setting, we've opted to utilize the YAML provider for all our Pulumi programs, as we've found it to be the most compatible tool for our needs. However, we were somewhat disappointed to discover that the Pulumi engine exclusively recognizes resource declarations in the standard providers, preventing us from executing imperative commands amidst these declarations. This limitation restricts us from performing custom tasks, such as dispatching notifications. The YAML provider underscores the fact that Pulumi is a declarative language, and nothing more.

Given these circumstances, it would be highly advantageous if this plugin could eventually extend its support to the YAML provider.

Hi,

From yesterday, the pipeline couldn't get and load pulumi flux

error: could not load plugin for flux provider 'urn:pulumi:odb_dev::aks::pulumi:providers:flux::default_0_20_0': Could not automatically download and install resource plugin 'pulumi-resource-flux' at version v0.20.0, install the plugin using pulumi plugin install resource flux v0.20.0: error downloading provider flux to file: failed to download plugin: flux-0.20.0: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-flux-v0.20.0-linux-amd64.tar.gz

version: pulumi 3.60.0 x64

Hey,

I have an issue regarding pulumi-flux and pulumi destroy.
When I want to destroy my cluster, I receive a timeout from two FluxCD resources:

kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition (kustomizations.kustomize.toolkit.fluxcd.io):
  error: 'kustomizations.kustomize.toolkit.fluxcd.io' timed out waiting to be Ready

kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition (gitrepositories.source.toolkit.fluxcd.io):
  error: 'gitrepositories.source.toolkit.fluxcd.io' timed out waiting to be Ready

This is my code to deploy FluxCD:

import pulumi
import pulumi_flux as flux
import pulumi_github as github
import pulumi_kubernetes as k8s
import pulumi_tls as tls


ssh_key = tls.PrivateKey("key", algorithm="ECDSA", ecdsa_curve="P256")

github.BranchDefault("default", repository=repository_name, branch=branch)
github.RepositoryDeployKey(
	"flux-key",
	title="flux",
	repository=repository_name,
	key=ssh_key.public_key_openssh,
	read_only=True,
)

flux_install = flux.get_flux_install(target_path=target_path, version=version)
flux_sync = flux.get_flux_sync(
	target_path=target_path,
	url=f"ssh://[email protected]/{github_owner}/{repository_name}.git",
	branch=branch)

# Create kubernetes resource from generated manifests
install = k8s.yaml.ConfigGroup("flux-install", yaml=[flux_install.content], opts=pulumi.ResourceOptions(depends_on=[gke_nodepool], provider=provider))
k8s.yaml.ConfigGroup("flux-sync", yaml=[flux_sync.content], opts=pulumi.ResourceOptions(depends_on=[gke_nodepool], provider=provider))

k8s.core.v1.Secret(
	"flux",
	metadata=k8s.meta.v1.ObjectMetaArgs(
		name=flux_sync.secret, namespace=flux_sync.namespace
	),
	string_data={
		"identity": ssh_key.private_key_pem,
		"identity.pub": ssh_key.public_key_pem,
		"known_hosts": "github.com ecdsa-sha2-nistp256 AAAA<...>pockg=",
	},
	opts=pulumi.ResourceOptions(depends_on=[install],
								provider=provider)
)

# Commit files to Github
github.RepositoryFile(
	"install",
	repository=repository_name,
	file=flux_install.path,
	content=flux_install.content,
	branch=branch,
	overwrite_on_create=True,
	opts=pulumi.ResourceOptions(depends_on=[install],
								provider=provider)
)
github.RepositoryFile(
	"sync",
	repository=repository_name,
	file=flux_sync.path,
	content=flux_sync.content,
	branch=branch,
	overwrite_on_create=True,
	opts=pulumi.ResourceOptions(depends_on=[install],
								provider=provider)
)
github.RepositoryFile(
	"kustomize",
	repository=repository_name,
	file=flux_sync.kustomize_path,
	content=flux_sync.kustomize_content,
	branch=branch,
	overwrite_on_create=True,
	opts=pulumi.ResourceOptions(depends_on=[install],
								provider=provider)
)

There are no pods available in the flux-system namespace when I receive the timeout. I assume that the Finalizers are missing these pods.
Is there any fix for the behaviour?

Thanks in advance and kind regards
Alex

There's a new release of the terraform provider https://registry.terraform.io/providers/fluxcd/flux/latest. With version 0.23+ it appears that the API has switched from install/sync resources to a single bootstrap resource.

Would that change in API be reflected in this provider?

@oun would you mind doing a new release so the pulumi registry gets the logo update?

The ability to provision a cluster and install Flux using a single Infrastructure as Code (IaC) tool is incredibly beneficial. Therefore, expanding the options available with this plugin would be a welcome enhancement.

In my professional environment, we've made a conscious choice to leverage manifests with OCI. We've found that OCI works well as a Flux source due to its lightweight nature, ease of distribution, and version management. The simplicity of an OCI setup has been particularly noteworthy, in its potential to ease the transition of deployments across various environments. This process is more complex with Git, where development practices like trunk-based development competes with some of the best practices for managing GitOps in Git. For example repo per environment vs. main + feature branches flux docs.

Considering our specific needs, I would like to propose that the pulumi-flux plugin incorporate support for OCI. This enhancement would enable us a maintable way to install Flux on our clusters, while still supporting our use case.