Manages an Arc Kubernetes Flux Configuration.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_arc_kubernetes_cluster" "example" {
name = "example-akcc"
resource_group_name = azurerm_resource_group.example.name
location = "West Europe"
agent_public_key_certificate = filebase64("testdata/public.cer")
identity {
type = "SystemAssigned"
}
tags = {
ENV = "Test"
}
}
resource "azurerm_arc_kubernetes_cluster_extension" "example" {
name = "example-ext"
cluster_id = azurerm_arc_kubernetes_cluster.test.id
extension_type = "microsoft.flux"
}
resource "azurerm_arc_kubernetes_flux_configuration" "example" {
name = "example-fc"
cluster_id = azurerm_arc_kubernetes_cluster.test.id
namespace = "flux"
git_repository {
url = "https://github.com/Azure/arc-k8s-demo"
reference_type = "branch"
reference_value = "main"
}
kustomizations {
name = "kustomization-1"
}
depends_on = [
azurerm_arc_kubernetes_cluster_extension.example
]
}
The following arguments are supported:
name
- (Required) Specifies the name which should be used for this Arc Kubernetes Flux Configuration. Changing this forces a new Arc Kubernetes Flux Configuration to be created.
cluster_id
- (Required) Specifies the Cluster ID. Changing this forces a new Arc Kubernetes Cluster Extension to be created.
kustomizations
- (Required) A kustomizations
block as defined below.
namespace
- (Required) Specifies the namespace to which this configuration is installed to. Changing this forces a new Arc Kubernetes Flux Configuration to be created.
blob_storage
- (Optional) An blob_storage
block as defined below.
bucket
- (Optional) A bucket
block as defined below.
git_repository
- (Optional) A git_repository
block as defined below.
scope
- (Optional) Specifies the scope at which the operator will be installed. Possible values are cluster
and namespace
. Defaults to namespace
. Changing this forces a new Arc Kubernetes Flux Configuration to be created.
continuous_reconciliation_enabled
- (Optional) Whether the configuration will keep its reconciliation of its kustomizations and sources with the repository. Defaults to true
.
A kustomizations
block supports the following:
name
- (Required) Specifies the name of the kustomization.
path
- (Optional) Specifies the path in the source reference to reconcile on the cluster.
timeout_in_seconds
- (Optional) The maximum time to attempt to reconcile the kustomization on the cluster. Defaults to 600
.
sync_interval_in_seconds
- (Optional) The interval at which to re-reconcile the kustomization on the cluster. Defaults to 600
.
retry_interval_in_seconds
- (Optional) The interval at which to re-reconcile the kustomization on the cluster in the event of failure on reconciliation. Defaults to 600
.
recreating_enabled
- (Optional) Whether re-creating Kubernetes resources on the cluster is enabled when patching fails due to an immutable field change. Defaults to false
.
garbage_collection_enabled
- (Optional) Whether garbage collections of Kubernetes objects created by this kustomization is enabled. Defaults to false
.
depends_on
- (Optional) Specifies other kustomizations that this kustomization depends on. This kustomization will not reconcile until all dependencies have completed their reconciliation.
An blob_storage
block supports the following:
container_id
- (Required) Specifies the Azure Blob container ID.
account_key
- (Optional) Specifies the account key (shared key) to access the storage account.
local_auth_reference
- (Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets.
sas_token
- (Optional) Specifies the shared access token to access the storage container.
service_principal
- (Optional) A service_principal
block as defined below.
sync_interval_in_seconds
- (Optional) Specifies the interval at which to re-reconcile the cluster Azure Blob source with the remote.
timeout_in_seconds
- (Optional) Specifies the maximum time to attempt to reconcile the cluster Azure Blob source with the remote.
A service_principal
block supports the following:
client_id
- (Required) Specifies the client ID for authenticating a Service Principal.
tenant_id
- (Required) Specifies the tenant ID for authenticating a Service Principal.
client_certificate_base64
- (Optional) Base64-encoded certificate used to authenticate a Service Principal .
client_certificate_password
- (Optional) Specifies the password for the certificate used to authenticate a Service Principal .
client_certificate_send_chain
- (Optional) Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the client certificate.
client_secret
- (Optional) Specifies the client secret for authenticating a Service Principal.
A bucket
block supports the following:
bucket_name
- (Required) Specifies the bucket name to sync from the url endpoint for the flux configuration.
url
- (Required) Specifies the URL to sync for the flux configuration S3 bucket. It must start with http://
or https://
.
access_key
- (Optional) Specifies the plaintext access key used to securely access the S3 bucket.
secret_key_base64
- (Optional) Specifies the Base64-encoded secret key used to authenticate with the bucket source.
tls_enabled
- (Optional) Specify whether to communicate with a bucket using TLS is enabled. Defaults to true
.
local_auth_reference
- (Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets.
sync_interval_in_seconds
- (Optional) Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to 600
.
timeout_in_seconds
- (Optional) Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to 600
.
A git_repository
block supports the following:
url
- (Required) Specifies the URL to sync for the flux configuration git repository. It must start with http://
, https://
, git@
or ssh://
.
reference_type
- (Required) Specifies the source reference type for the GitRepository object. Possible values are branch
, commit
, semver
and tag
.
reference_value
- (Required) Specifies the source reference value for the GitRepository object.
https_ca_cert_base64
- (Optional) Specifies the Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS.
https_user
- (Optional) Specifies the plaintext HTTPS username used to access private git repositories over HTTPS.
https_key_base64
- (Optional) Specifies the Base64-encoded HTTPS personal access token or password that will be used to access the repository.
local_auth_reference
- (Optional) Specifies the name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. It must be between 1 and 63 characters. It can contain only lowercase letters, numbers, and hyphens (-). It must start and end with a lowercase letter or number.
ssh_private_key_base64
- (Optional) Specifies the Base64-encoded SSH private key in PEM format.
ssh_known_hosts_base64
- (Optional) Specifies the Base64-encoded known_hosts value containing public SSH keys required to access private git repositories over SSH.
sync_interval_in_seconds
- (Optional) Specifies the interval at which to re-reconcile the cluster git repository source with the remote. Defaults to 600
.
timeout_in_seconds
- (Optional) Specifies the maximum time to attempt to reconcile the cluster git repository source with the remote. Defaults to 600
.
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Arc Kubernetes Flux Configuration.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Arc Kubernetes Flux Configuration.read
- (Defaults to 5 minutes) Used when retrieving the Arc Kubernetes Flux Configuration.update
- (Defaults to 30 minutes) Used when updating the Arc Kubernetes Flux Configuration.delete
- (Defaults to 30 minutes) Used when deleting the Arc Kubernetes Flux Configuration.Arc Kubernetes Flux Configuration can be imported using the resource id
for different cluster_resource_name
, e.g.
terraform import azurerm_arc_kubernetes_flux_configuration.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Kubernetes/connectedClusters/cluster1/providers/Microsoft.KubernetesConfiguration/fluxConfigurations/fluxConfiguration1