Refactored FluxCD resources and configuration for Git repository and Kustomization

Author: n3rdc4ptn

Taskfile.yml

@@ -83,8 +83,8 @@ tasks:
       - |
         flux install --export \
         --components-extra="image-reflector-controller,image-automation-controller" \
-        > gotk-components.yaml
-    dir: ./templates/fluxcd/resources
+        > components.yaml
+    dir: ./templates/fluxcd/templates/resources
 
   pull:
     desc: Pulls the resources from the gitops-template ocm.

docs/Templating.md

@@ -26,17 +26,44 @@ platformClusterKubeconfigSecretName: "platform-kubeconfig"
 resources files:
 
 ```yaml
+# The information for the git repo
 git:
-    repoUrl: "" # The url to the github gitops repository
-    mainBranch: "" # The main branch of the gitops repository (most of the time, set it to 'main')
+    repoUrl: ""
+    mainBranch: ""
+
+# Image pull secrets to be added to all deployments
+imagePullSecrets: []
+    # - name: my-registry-secret
+
+# Image replacement variables
+# You can either specify a prefix which is put in front of xxx-controller or directly specify the images
+images:
+    prefix: "ghcr.io/openmcp-project/fluxcd"
+    sourceController:
+        image: "ghcr.io/fluxcd/source-controller"
+        tag: "latest" # optional
+        digest: "" # optional
+    notificationController:
+        image: "ghcr.io/fluxcd/notification-controller"
+    kustomizeController:
+        image: "ghcr.io/fluxcd/kustomize-controller"
+    helmController:
+        image: "ghcr.io/fluxcd/helm-controller"
+    imageReflectorController:
+        image: "ghcr.io/fluxcd/image-reflector-controller"
+    imageAutomationController:
+        image: "ghcr.io/fluxcd/image-automation-controller"
 ```
 
 When rendering the `overlays` files, the following values are used:
 
 ```yaml
-fluxCDResourcesPath: "" # The path were the fluxcd resources are lying relative to the overlays
-gitRepoEnvBranch: "" # The branch for this environment to look at
-envPathFluxSystem: "" # The path were the env overlays are located at from the root of the git repo
+# Path from the overlays folder to the resources folder of fluxcd (e.g. ../../../resources/fluxcd)
+fluxCDResourcesPath: ""
+# Path to the env fluxCD folder (e.g. envs/%ENV%/fluxcd)
+fluxCDEnvPath: ""
+# branch of the env (e.g. dev)
+gitRepoEnvBranch: ""
 ```
 
 ### OpenMCP

…es/overlays/gotk-sync-kustomization.yaml …mplates/overlays/flux-kustomization.yamltemplates/fluxcd/templates/overlays/gotk-sync-kustomization.yaml renamed to templates/fluxcd/templates/overlays/flux-kustomization.yaml templates/fluxcd/templates/overlays/gotk-sync-kustomization.yaml renamed to templates/fluxcd/templates/overlays/flux-kustomization.yaml

@@ -5,4 +5,4 @@ metadata:
   name: flux-system
   namespace: flux-system
 spec:
-  path: {{ .Values.envPathFluxSystem }}
+  path: {{ .Values.fluxCDEnvPath }}

…emplates/overlays/gotk-sync-gitrepo.yaml …s/fluxcd/templates/overlays/gitrepo.yamltemplates/fluxcd/templates/overlays/gotk-sync-gitrepo.yaml renamed to templates/fluxcd/templates/overlays/gitrepo.yaml templates/fluxcd/templates/overlays/gotk-sync-gitrepo.yaml renamed to templates/fluxcd/templates/overlays/gitrepo.yaml

@@ -3,5 +3,5 @@ kind: Kustomization
 resources:
   - {{ .Values.fluxCDResourcesPath }}
 patches:
-- path: gotk-sync-gitrepo.yaml
-- path: gotk-sync-kustomization.yaml
+- path: gitrepo.yaml
+- path: flux-kustomization.yaml

templates/fluxcd/templates/overlays/kustomization.yaml

@@ -5344,8 +5344,6 @@ spec:
           name: data
         - mountPath: /tmp
           name: tmp
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical
@@ -7242,8 +7240,6 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: temp
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical
@@ -11046,8 +11042,6 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: temp
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical
@@ -13027,8 +13021,6 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: temp
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -14139,8 +14131,6 @@ spec:
           name: temp
         - mountPath: /data
           name: data
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -14974,8 +14964,6 @@ spec:
         volumeMounts:
         - mountPath: /tmp
           name: temp
-      imagePullSecrets:
-      - name: \{\{ .Values.imagePullSecret }}
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:

…templates/resources/gotk-components.yaml …uxcd/templates/resources/components.yamltemplates/fluxcd/templates/resources/gotk-components.yaml renamed to templates/fluxcd/templates/resources/components.yaml templates/fluxcd/templates/resources/gotk-components.yaml renamed to templates/fluxcd/templates/resources/components.yaml

@@ -1,17 +1,3 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: environments
-  namespace: flux-system
-spec:
-  interval: 5m
-  url: {{ .Values.git.repoUrl }}
-  ref:
-    branch: {{ .Values.git.mainBranch }}
-  secretRef:
-    name: git
----
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

…luxcd/templates/resources/gotk-sync.yaml …plates/resources/flux-kustomization.yamltemplates/fluxcd/templates/resources/gotk-sync.yaml renamed to templates/fluxcd/templates/resources/flux-kustomization.yaml templates/fluxcd/templates/resources/gotk-sync.yaml renamed to templates/fluxcd/templates/resources/flux-kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: environments
+  namespace: flux-system
+spec:
+  interval: 5m
+  url: {{ .Values.git.repoUrl }}
+  ref:
+    branch: {{ .Values.git.mainBranch }}
+  secretRef:
+    name: git

templates/fluxcd/templates/resources/gitrepo.yaml

@@ -1,8 +1,41 @@
 ---
+{{- $prefix := .Values.images.prefix }}
+{{- $images := dict
+    "source-controller" .Values.images.sourceController
+    "notification-controller" .Values.images.notificationController
+    "kustomize-controller" .Values.images.kustomizeController
+    "helm-controller" .Values.images.helmController
+    "image-reflector-controller" .Values.images.imageReflectorController
+    "image-automation-controller" .Values.images.imageAutomationController
+}}
 resources:
-  - gotk-components.yaml
-  - gotk-sync.yaml
+  - components.yaml
+  - gitrepo.yaml
+  - flux-kustomization.yaml
 images:
-  - name: ghcr.io/fluxcd/source-controller
-    newName: {{ .Values.sourceControllerImage }}
-  - name: ghcr.io/fluxcd/notification-controller
+{{- range $name, $cfg := $images }}
+  - name: ghcr.io/fluxcd/{{ $name }}
+    newName: {{ if $cfg }}{{ $cfg.image }}{{- else if $prefix }}{{ $prefix }}/{{ $name }}{{- else }}ghcr.io/fluxcd/{{ $name }}{{- end }}
+    {{- if and $cfg $cfg.tag }}
+    newTag: {{ $cfg.tag }}
+    {{- end }}
+    {{- if and $cfg $cfg.digest }}
+    digest: {{ $cfg.digest }}
+    {{- end }}
+{{- end }}
+
+{{- if .Values.imagePullSecrets }}
+patches:
+  - target:
+      kind: Deployment
+    patch: |
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: this_value_is_ignored
+      spec:
+        template:
+          spec:
+            imagePullSecrets:
+      {{ toYaml .Values.imagePullSecrets | indent 8 }}
+{{- end }}

templates/fluxcd/templates/resources/kustomization.yaml

@@ -1,8 +1,35 @@
+# Path from the overlays folder to the resources folder of fluxcd (e.g. ../../../resources/fluxcd)
+fluxCDResourcesPath: "../resources"
+# Path to the env fluxCD folder (e.g. envs/%ENV%/fluxcd)
+fluxCDEnvPath: ""
+# branch of the env (e.g. dev)
+gitRepoEnvBranch: ""
+
+# The information for the git repo
 git:
     repoUrl: ""
     mainBranch: ""
 
-# maybe like this
-envs:
-    - git:
-         branch: ""
+# Image pull secrets to be added to all deployments
+imagePullSecrets: []
+    # - name: my-registry-secret
+
+# Image replacement variables
+# You can either specify a prefix which is put in front of xxx-controller or directly specify the images
+images:
+    prefix: "ghcr.io/fluxcd"
+    # prefix: "ghcr.io/openmcp-project/fluxcd"
+#     sourceController:
+#         image: "ghcr.io/fluxcd/source-controller"
+#         tag: "latest" # optional
+#         digest: "" # optional
+#     notificationController:
+#         image: "ghcr.io/fluxcd/notification-controller"
+#     kustomizeController:
+#         image: "ghcr.io/fluxcd/kustomize-controller"
+#     helmController:
+#         image: "ghcr.io/fluxcd/helm-controller"
+#     imageReflectorController:
+#         image: "ghcr.io/fluxcd/image-reflector-controller"
+#     imageAutomationController:
+#         image: "ghcr.io/fluxcd/image-automation-controller"