-
Notifications
You must be signed in to change notification settings - Fork 87
/
Copy pathindex.md.tmpl
123 lines (96 loc) · 4.28 KB
/
index.md.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
---
layout: ""
page_title: "Provider: Flux"
description: |-
The Flux provider can be used to install and configure Flux in a Kubernetes cluster.
---
# Flux Provider
The Flux provider can be used to install and configure [Flux](https://github.com/fluxcd/flux2/) in a Kubernetes cluster.
The provider needs to be configured with Kubernetes credentials to be used.
## Example Usage
The following examples are available to help you use the provider:
- [Bootstrapping a cluster using a GitHub repository and a personal access token (PAT)](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-via-pat)
- [Bootstrapping a cluster using a GitHub repository via SSH](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-via-ssh)
- [Bootstrapping a cluster using a GitHub repository via SSH and GPG](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-via-ssh-with-gpg)
- [Bootstrapping a cluster using a GitHub repository self-managing the SSH keypair secret)](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-self-managed-ssh-keypair)
- [Bootstrapping a cluster using a GitHub repository via SSH with flux customizations](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-with-customizations)
- [Bootstrapping a cluster using a GitHub repository via SSH and GPG with inline flux customizations](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/github-with-inline-customizations)
- [Bootstrapping a cluster using a Gitlab repository via SSH](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/gitlab-via-ssh)
- [Bootstrapping a cluster using a Gitlab repository via SSH and GPG](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/gitlab-via-ssh-with-gpg)
- [Bootstrapping a cluster using a Helm Release](https://github.com/fluxcd/terraform-provider-flux/tree/main/examples/helm-install)
## Provider Configuration
Get Kubernetes credentials from a kubeconfig file. The current context set in the kubeconfig file will be used by default.
```hcl
provider "flux" {
kubernetes = {
config_path = "~/.kube/config"
}
git = {
url = "https://example.com"
}
}
```
## Kubernetes Authentication
The Flux provider can be configured to authenticate against Kubernetes using
either of these methods:
* [Using a kubeconfig file](#file-config)
* [Supplying credentials](#credentials-config)
* [Exec plugins](#exec-plugins)
For a full list of supported provider authentication arguments, see the [argument reference](#nestedatt--kubernetes) below.
### File config
You can provide a path to a kubeconfig file using the `config_path` attribute or
using the `KUBE_CONFIG_PATH` environment variable.
A kubeconfig file can have multiple contexts, specify the desired one using the
`config_context` attribute, otherwise, the `default` context will be used.
```hcl
provider "flux" {
kubernetes = {
config_path = "~/.kube/config"
}
}
```
Similar to kubectl, the provider can also support multiple config paths using
the `config_paths` attribute or setting the `KUBE_CONFIG_PATHS` environment
variable.
```hcl
provider "flux" {
kubernetes = {
config_paths = [
"/path/a/kubeconfig",
"/path/b/kubeconfig"
]
}
}
```
### Credentials config
The basic configuration attributes can also be explicitly specified using the
respective attributes:
```hcl
provider "flux" {
kubernetes = {
host = "https://cluster-api-hostname:port"
client_certificate = file("~/.kube/client-cert.pem")
client_key = file("~/.kube/client-key.pem")
cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
}
}
```
### Exec plugins
For Kubernetes cluster providers using short-lived authentication tokens the
exec client authentication plugin can be used to fetch a new token using a CLI
tool before initializing the provider.
One good example of such a scenario is on EKS:
```hcl
provider "flux" {
kubernetes = {
host = var.cluster_endpoint
cluster_ca_certificate = base64decode(var.cluster_ca_cert)
exec = {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", var.cluster_name]
command = "aws"
}
}
}
```
{{ .SchemaMarkdown | trimspace }}