-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cluster sync addendum to RFC-0001 #75
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,7 @@ | |
|
||
**Creation date:** 2024-02-25 | ||
|
||
**Last update:** 2024-05-30 | ||
**Last update:** 2024-06-10 | ||
|
||
## Summary | ||
|
||
|
@@ -29,6 +29,7 @@ contain all the complexity of the Flux components and their various configuratio | |
|
||
- Provide a declarative API for the installation and upgrade of the enterprise distribution. | ||
- Automate patching for hotfixes and CVEs affecting the Flux controllers container images. | ||
- Support for syncing the cluster state from Git repositories, OCI artifacts and S3-compatible storage. | ||
- Provide first-class support for OpenShift, Azure, AWS, GCP and other marketplaces. | ||
- Simplify the configuration of multi-tenancy lockdown on shared Kubernetes clusters. | ||
- Provide a security-first approach to the Flux deployment and FIPS compliance. | ||
|
@@ -178,6 +179,43 @@ Events example: | |
Warning UpgradePending 25s flux-operator Upgrade to latest version 2.4.0 blocked by semver range 2.3.x | ||
``` | ||
|
||
### Sync configuration | ||
|
||
The `.spec.sync` field is optional and specifies the Flux sync configuration. | ||
When set, a Flux source and a Flux Kustomization are generated to sync | ||
the cluster state with the source repository. | ||
|
||
Sync fields: | ||
|
||
- `kind`: The source kind, supported values are `GitRepository`, `OCIRepository` and `Bucket`. | ||
- `url`: The URL of the source repository, can be a Git repository HTTP/S or SSH address, an OCI repository address or a Bucket endpoint. | ||
- `ref`: The source reference, can be a Git ref name e.g. `refs/heads/main`, an OCI tag e.g. `latest` or a Bucket name. | ||
- `path`: The path to the source directory containing the kustomize overlay or plain Kubernetes manifests to sync from. | ||
- `pullSecret`: The name of the Kubernetes secret that contains the credentials to pull the source repository. This field is optional. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. whjat about the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Provider is set from the |
||
- `interval`: The sync interval. This field is optional, when not set the default is `1m`. | ||
|
||
Example: | ||
|
||
```yaml | ||
apiVersion: fluxcd.controlplane.io/v1 | ||
kind: FluxInstance | ||
metadata: | ||
name: flux | ||
namespace: flux-system | ||
spec: | ||
sync: | ||
kind: GitRepository | ||
url: "https://github.com/my-org/my-fleet.git" | ||
ref: "refs/heads/main" | ||
path: "clusters/my-cluster" | ||
pullSecret: "flux-system" | ||
``` | ||
The Flux objects are created in the same namespace where the `FluxInstance` is deployed | ||
using the namespace name as the Flux source and `Kustomization` name. The naming convention | ||
matches the one used by `flux bootstrap` to ensure compatibility with upstream, and | ||
to allow transitioning a bootstrapped cluster to a `FluxInstance` managed one. | ||
|
||
## Implementation History | ||
|
||
- 2024-05-30: Initial implementation released in flux-operator [v0.1.0](https://github.com/controlplaneio-fluxcd/flux-operator/releases/tag/v0.1.0) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have written a question about it in the implementation PR, but what about
LayerSelector
? I would rather use that than path for anoci Artifact
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LayerSelector
could be added via a kustomize patch if anyone needs it, for now there is no practical use to it. The artifacts in this case are create withflux push artifact
for the fleet Git repo content, so path is a must for any of this to work.