sparse-intern-71089
04/12/2022, 8:52 AMrhythmic-whale-48997
04/12/2022, 9:29 AMbored-monitor-99026
04/12/2022, 8:08 PMbored-monitor-99026
04/12/2022, 8:13 PMlittle-cartoon-10569
04/12/2022, 9:35 PMbored-monitor-99026
04/12/2022, 10:40 PMlittle-cartoon-10569
04/12/2022, 10:54 PMlittle-cartoon-10569
04/12/2022, 10:58 PMrhythmic-whale-48997
04/13/2022, 6:24 AMlittle-cartoon-10569
04/13/2022, 6:38 AMrhythmic-whale-48997
04/13/2022, 7:08 AMbored-monitor-99026
04/13/2022, 9:36 PMtenwit
's comment. i would say, OAUTH sounds like the way to go and we probably should always prefer OAUTH to PAT since PAT doesn't have API support etc.
after all, we will use Command module to CRUD OAUTH token. this sgtmrhythmic-whale-48997
04/14/2022, 6:06 AM// create an EKS cluster with no default nodes
const cluster = new eks.Cluster("test-cluster", {
version: "1.22",
vpcId: vpc.id,
privateSubnetIds: vpc.privateSubnetIds,
skipDefaultNodeGroup: true,
instanceRoles: [
role
],
endpointPrivateAccess: true,
endpointPublicAccess: false,
createOidcProvider: true,
nodeAssociatePublicIpAddress: false
});
// write kubeconfig to a file so we can use it for Flux bootstrap
cluster.kubeconfig.apply(v => {
fs.writeFileSync("../kubeconfig.json", JSON.stringify(v), 'utf-8');
});
// create managed node group and add it to the cluster
const managedNodeGroup2 = eks.createManagedNodeGroup("example-managed-ng2", {
cluster: cluster,
nodeGroupName: "aws-managed-ng2",
nodeRoleArn: role.arn,
scalingConfig: {
desiredSize: 1,
minSize: 1,
maxSize: 3,
},
subnetIds: vpc.privateSubnetIds,
diskSize: 50,
instanceTypes: ["c4.4xlarge"],
labels: {"ondemand": "true"},
}, cluster);
// extract PAT from config
let config = new pulumi.Config();
const ghToken = config.get(githubToken);
// run Flux bootstrap directly
const fluxBootstrap = new cmd.local.Command("fluxcd-bootstrap", {
environment: {
GITHUB_TOKEN: pulumi.interpolate`${ghToken}`
},
create: "flux bootstrap github --kubeconfig ../kubeconfig.json --hostname=<GITHUB_URL> --ssh-hostname=<GITHUB_URL> --owner=<OWNER> --repository=<REPO> --branch=main --path=./flux --personal",
}, {
dependsOn: [
cluster, managedNodeGroup2
]
});
This is something that I have put together with duck tape to check if it will work. And it's working.
If you are worried about leaking resources, you can also define delete
in the command that will do flux uninstall
For proof of concept this is good for me.
If you want to add more logic to the single command, you can invoke a shell script, a python script, you name it. Just remeber that this is run on the machine that does pulumi up
command so if you are invoking for example a python script, you need to have python installed, same for Flux, you need to have the CLI installed in order this to work