Skip to content

neondatabase/terraform-k8s-fluxcd-sops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.terraform-docs.yml
.terraform-docs.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
kustomization.yaml.tpl
kustomization.yaml.tpl
 
 
main.tf
main.tf
 
 
main.tftest.hcl
main.tftest.hcl
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-eks-fluxcd-sops

Module to bootstrap FluxCD on EKS cluster with SOPS as encryption provider and a separate set of credentials for flux controller, which makes it possible for giving the controller a read-only access to the repository.

Usage

module "fluxcd" {
  source                     = "github.com/neondatabase/terraform-eks-fluxcd-sops?ref=v0.16"
  path                       = "./clusters/dev"
  controller_ssh_public_key  = file("./deploy-key.pub")
  controller_ssh_private_key = file("./deploy-key.priv")
  controller_ssh_known_hosts = "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg="
  service_account_annotations = {
    "eks.amazonaws.com/role-arn" = "arn:aws:iam::123456789012:role/fluxcd-irsa-role"
  }
}

Inputs

Name Description Type Default Required
controller_ssh_private_key SSH private key for flux controller string n/a yes
controller_ssh_public_key SSH public key for flux controller string n/a yes
path Path relative to flux repository root where to look for manifests string n/a yes
cluster_variables Key-value pairs to create 'terraform-flux-cluster-variables' ConfigMap for flux/Kustomization postBuild use map(string) {} no
controller_ssh_known_hosts SSH known hosts for flux controller. Defaults to github.com ECDSA key. string "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" no
fluxcd_version Flux version to use string "v2.1.1" no
namespace Kubernetes namespace to deploy fluxcd to string "flux-system" no
pod_labels Labels to add to the kustomize-controller pods map(string) {} no
service_account_annotations Annotations to add to the kustomize-controller service account map(string) {} no
service_account_labels Annotations to add to the kustomize-controller service account map(string) {} no
watch_all_namespaces Whether flux controller should watch all namespaces for custom resources or not bool true no
Detailed information ## Resources
Name Type
flux_bootstrap_git.this resource
kubernetes_config_map.flux_cluster_variables resource
kubernetes_namespace.flux_system_ns resource
kubernetes_secret.flux_system_secret resource

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

11 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages