Add embedded_manifests attribute

Deprecate `manifests_path` for air-gapped clusters in favour of `embedded_manifests` Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
fluxcd · Apr 16, 2024 · d486be6 · d486be6
1 parent b062479
commit d486be6
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 6 deletions.
diff --git a/docs/resources/bootstrap_git.md b/docs/resources/bootstrap_git.md
@@ -32,12 +32,13 @@ The following examples are available to help you use the provider:
 - `components_extra` (Set of String) List of extra components to include in the install manifests.
 - `delete_git_manifests` (Boolean) Delete manifests from git repository. Defaults to `true`.
 - `disable_secret_creation` (Boolean) Use the existing secret for flux controller and don't create one from bootstrap
+- `embedded_manifests` (Boolean) When enabled, the Flux manifests will be extracted from the provider binary instead of being downloaded from GitHub.com.
 - `image_pull_secret` (String) Kubernetes secret name used for pulling the toolkit images from a private registry.
 - `interval` (String) Interval at which to reconcile from bootstrap repository. Defaults to `1m0s`.
 - `keep_namespace` (Boolean) Keep the namespace after uninstalling Flux components. Defaults to `false`.
 - `kustomization_override` (String) Kustomization to override configuration set by default.
 - `log_level` (String) Log level for toolkit components. Defaults to `info`.
-- `manifests_path` (String) The install manifests are built from a GitHub release or kustomize overlay if using a local path. Defaults to `https://github.com/fluxcd/flux2/releases`.
+- `manifests_path` (String, Deprecated) The install manifests are built from a GitHub release or kustomize overlay if using a local path. Defaults to `https://github.com/fluxcd/flux2/releases`.
 - `namespace` (String) The namespace scope for install manifests. Defaults to `flux-system`. It will be created if it does not exist.
 - `network_policy` (Boolean) Deny ingress access to the toolkit controllers from other namespaces using network policies. Defaults to `true`.
 - `path` (String) Path relative to the repository root, when specified the cluster sync will be scoped to this path (immutable).
@@ -46,7 +47,7 @@ The following examples are available to help you use the provider:
 - `secret_name` (String) Name of the secret the sync credentials can be found in or stored to. Defaults to `flux-system`.
 - `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
 - `toleration_keys` (Set of String) List of toleration keys used to schedule the components pods onto nodes with matching taints.
-- `version` (String) Flux version. Defaults to `v2.2.3`.
+- `version` (String) Flux version. Defaults to `v2.2.3`. Has no effect when `embedded_manifests` is enabled.
 - `watch_all_namespaces` (Boolean) If true watch for custom resources in all namespaces. Defaults to `true`.
 
 ### Read-Only

diff --git a/internal/provider/resource_bootstrap_git.go b/internal/provider/resource_bootstrap_git.go
@@ -98,6 +98,7 @@ type bootstrapGitResourceData struct {
 	ComponentsExtra       types.Set            `tfsdk:"components_extra"`
 	DeleteGitManifests    types.Bool           `tfsdk:"delete_git_manifests"`
 	DisableSecretCreation types.Bool           `tfsdk:"disable_secret_creation"`
+	EmbeddedManifests     types.Bool           `tfsdk:"embedded_manifests"`
 	ID                    types.String         `tfsdk:"id"`
 	ImagePullSecret       types.String         `tfsdk:"image_pull_secret"`
 	Interval              customtypes.Duration `tfsdk:"interval"`
@@ -199,6 +200,10 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe
 				Description: "Use the existing secret for flux controller and don't create one from bootstrap",
 				Optional:    true,
 			},
+			"embedded_manifests": schema.BoolAttribute{
+				Description: "When enabled, the Flux manifests will be extracted from the provider binary instead of being downloaded from GitHub.com.",
+				Optional:    true,
+			},
 			"id": schema.StringAttribute{
 				Computed: true,
 				PlanModifiers: []planmodifier.String{
@@ -241,8 +246,9 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe
 				},
 			},
 			"manifests_path": schema.StringAttribute{
-				Description: fmt.Sprintf("The install manifests are built from a GitHub release or kustomize overlay if using a local path. Defaults to `%s`.", defaultOpts.BaseURL),
-				Optional:    true,
+				Description:        fmt.Sprintf("The install manifests are built from a GitHub release or kustomize overlay if using a local path. Defaults to `%s`.", defaultOpts.BaseURL),
+				Optional:           true,
+				DeprecationMessage: "This attribute is deprecated. Use the `embedded_manifests` attribute when running bootstrap on air-gapped environments.",
 			},
 			"namespace": schema.StringAttribute{
 				Description: fmt.Sprintf("The namespace scope for install manifests. Defaults to `%s`. It will be created if it does not exist.", defaultOpts.Namespace),
@@ -309,7 +315,7 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe
 				},
 			},
 			"version": schema.StringAttribute{
-				Description: fmt.Sprintf("Flux version. Defaults to `%s`.", utils.DefaultFluxVersion),
+				Description: fmt.Sprintf("Flux version. Defaults to `%s`. Has no effect when `embedded_manifests` is enabled.", utils.DefaultFluxVersion),
 				Optional:    true,
 				Computed:    true,
 				Default:     stringdefault.StaticString(utils.DefaultFluxVersion),
@@ -446,6 +452,9 @@ func (r *bootstrapGitResource) Create(ctx context.Context, req resource.CreateRe
 	}
 
 	manifestsBase := ""
+	if data.EmbeddedManifests.ValueBool() {
+		manifestsBase = EmbeddedManifests
+	}
 	err = bootstrap.Run(ctx, bootstrapProvider, manifestsBase, installOpts, secretOpts, syncOpts, 2*time.Second, timeout)
 	if err != nil {
 		resp.Diagnostics.AddError("Bootstrap run error", err.Error())
@@ -679,6 +688,9 @@ func (r bootstrapGitResource) Update(ctx context.Context, req resource.UpdateReq
 		}
 
 		manifestsBase := ""
+		if data.EmbeddedManifests.ValueBool() {
+			manifestsBase = EmbeddedManifests
+		}
 		err = bootstrap.Run(ctx, bootstrapProvider, manifestsBase, installOpts, secretOpts, syncOpts, 2*time.Second, timeout)
 		if err != nil {
 			resp.Diagnostics.AddError("Bootstrap run error", err.Error())
@@ -1116,18 +1128,27 @@ func getSyncOptions(data bootstrapGitResourceData, url *url.URL, branch string)
 func getExpectedRepositoryFiles(data bootstrapGitResourceData, url *url.URL, branch string) (map[string]string, error) {
 	repositoryFiles := map[string]string{}
 	installOpts := getInstallOptions(data)
-	installManifests, err := install.Generate(installOpts, "")
+	manifestsBase := ""
+	if data.EmbeddedManifests.ValueBool() {
+		manifestsBase = EmbeddedManifests
+	}
+
+	installManifests, err := install.Generate(installOpts, manifestsBase)
 	if err != nil {
 		return nil, fmt.Errorf("could not generate install manifests: %w", err)
 	}
+
 	repositoryFiles[installManifests.Path] = installManifests.Content
+
 	syncOpts := getSyncOptions(data, url, branch)
 	syncManifests, err := sync.Generate(syncOpts)
 	if err != nil {
 		return nil, fmt.Errorf("could not generate sync manifests: %w", err)
 	}
+
 	repositoryFiles[syncManifests.Path] = syncManifests.Content
 	repositoryFiles[filepath.Join(data.Path.ValueString(), data.Namespace.ValueString(), konfig.DefaultKustomizationFileName())] = getKustomizationFile(data)
+
 	return repositoryFiles, nil
 }