I am trying to bootstrap Flux with GitLab through Terraform in DigitalOcan, when I test it, I get this error message and I don't understand what I am doing wrong.
│ Error: Bootstrap run error
│
│ with flux_bootstrap_git.this,
│ on flux.tf line 34, in resource "flux_bootstrap_git" "this":
│ 34: resource "flux_bootstrap_git" "this" {
│
│ CustomResourceDefinition/alerts.notification.toolkit.fluxcd.io dry-run failed, reason: Forbidden: unknown
This is the code I have tried to run witch is the code provide by terraform and flux, which leads to this error message.
provider "flux" {
kubernetes = {
host = module.kubernetes.endpoint
client_certificate = module.kubernetes.client_certificate
client_key = module.kubernetes.client_key
cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
}
git = {
url = "ssh://git@git.test.no/tekkom/infrastructure/kubernetes/external-prod-cluster"
ssh = {
username = "git"
private_key = tls_private_key.flux.private_key_pem
}
}
}
resource "tls_private_key" "flux" {
algorithm = "ECDSA"
ecdsa_curve = "P256"
}
data "gitlab_project" "this" {
path_with_namespace = "tekkom/infrastructure/kubernetes/external-prod-cluster"
}
resource "gitlab_deploy_key" "this" {
project = data.gitlab_project.this.id
title = "Flux"
key = tls_private_key.flux.public_key_openssh
can_push = true
}
resource "flux_bootstrap_git" "this" {
depends_on = [gitlab_deploy_key.this]
path = "cluster/"
}
I found a solution to my problem. I had to remove the client_certificate and client_key and add the token so that the code ended up looking like this:
provider "flux" {
kubernetes = {
host = module.kubernetes.endpoint
cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
token = module.kubernetes.cluster_token
}
git = {
url = "ssh://git@git.test.no/tekkom/infrastructure/kubernetes/external-prod-cluster"
ssh = {
username = "git"
private_key = tls_private_key.flux.private_key_pem
}
}
}