Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include value variables for customization arguments supported by flux -install #53

Open
smurfralf opened this issue Dec 17, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@smurfralf
Copy link

smurfralf commented Dec 17, 2021

Is your feature request related to a problem ? Yes

I'd like to migrate from using flux install --export to using the flux2 helm chart. However our usage of flux currently takes advantage of some of the extra flags that flux install supports. Specifically we do not download containers from the internet, so the container images need to come from an internal repository and need to use an image-pull-secret (which is already available in the k8s cluster).

it would stand to reason that there is a need for the optional flux arguments, i.e. being able to set these values will be needed by other users who would like to migrate.

The flux 0.24.1 version currently supports

option description helm chart 0.8.0 equivalent (if present)
--cluster-domain internal cluster domain (default "cluster.local")
--components list of components, accepts comma-separated values (default [source-controller,kustomize-controller,helm-controller,notification-controller]) create boolean values
--components-extra list of components in addition to those supplied or defaulted, accepts comma-separated values create boolean values
--image-pull-secret Kubernetes secret name used for pulling the toolkit images from a private registry
--network-policy deny ingress access to the toolkit controllers from other namespaces using network policies (default true)
--registry container registry where the toolkit images are published (default "ghcr.io/fluxcd") image setting for each controller
--toleration-keys list of toleration keys used to schedule the components pods onto nodes with matching taints tolerations array values
--version toolkit version, when specified the manifests are downloaded from https://github.com/fluxcd/flux2/releases chart version
--watch-all-namespaces watch for custom resources in all namespaces, if set to false it will only watch the namespace where the toolkit is installed (default true) watchallnamespaces boolean value

Describe the solution you'd like.

At a minimum I'd like a new value variable defined for the image-pull-secret setting which would apply to all controllers.

Although for my use case it would be sufficient to add a stanza to the sa-* (service account) templates, the flux install manifests add the stanza to the deployment specs, so probably that would be the way to do it so it doesn't assume use of serviceaccount: create: true.

A more general solution would cover the other empty cases in the table above: cluster-domain and network-policy

Describe alternatives you've considered.

  • Do not migrate from our current solution using flux install --export.
  • Download the chart source from this repo, then manually modify the helm charts to add the image pull secret variable and add the stanza to use it. This would require redoing on every upgrade.

Additional context.

Relevant abridged snippet of a manifest generated by flux install --export --image-pull-secret mysecret --registry myartifactory.mycompany.net/fluxcd:

apiVersion: apps/v1
kind: Deployment
metadata:
    name: helm-controller
    namespace: flux-system
spec:
    template:
        spec:
            containers:
                - args:
                    - --watch-all-namespaces=true
                  image: myartifactory.mycompany.net/fluxcd/helm-controller:v0.14.1
            imagePullSecrets:
                - name: mysecret
@smurfralf smurfralf added the enhancement New feature or request label Dec 17, 2021
smurfralf pushed a commit to smurfralf/helm-charts that referenced this issue Dec 20, 2021
…ity#53

Example helm cli usage to provide an imagePullSecret

```
helm ... --set "imagePullSecrets[0].name=secret1"
```

Signed-off-by: Robert R Allen <[email protected]>
smurfralf pushed a commit to smurfralf/helm-charts that referenced this issue Dec 20, 2021
…ity#53

Example helm cli usage to provide an imagePullSecret

```
helm ... --set "imagePullSecrets[0].name=secret1"
```

Signed-off-by: Robert R Allen <[email protected]>
smurfralf pushed a commit to smurfralf/helm-charts that referenced this issue Dec 20, 2021
…ity#53

Example helm cli usage to provide an imagePullSecret

```
helm ... --set "imagePullSecrets[0].name=secret1"
```

Signed-off-by: Robert R Allen <[email protected]>
dwerder pushed a commit that referenced this issue Dec 21, 2021
Example helm cli usage to provide an imagePullSecret

```
helm ... --set "imagePullSecrets[0].name=secret1"
```

Signed-off-by: Robert R Allen <[email protected]>
@smurfralf
Copy link
Author

imagePullSecrets is now taken care of. The enhancement request remains for the cluster-domain and network-policy fields (at a lower priority for me).

@dmccaffery
Copy link
Collaborator

The cluster domain will be resolved by #140 as it was causing issues for me reported in #139

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants