1

I want to bootstrap FluxCD on Kubernetes through a Pulumi inline program written in Go but am unable to give it access to GitHub.

As seen in the code below, I first create a new Pulumi provider then pass it to flux.NewFluxBootStrapGit just like the docs (flux.NewProvider, providers) suggest to do.

package fluxCdTest

import (
    "github.com/oun/pulumi-flux/sdk/go/flux"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)


func CreateNewProvider(ctx *pulumi.Context, kubeconfigPath string) (*flux.Provider, error) {
    provider, err := flux.NewProvider(ctx, "flux", &flux.ProviderArgs{
        Git: &flux.ProviderGitArgs{
            
            // I tried HTTP first
            // Url:    pulumi.String("https://github.com/org_name/fluxcd-test"),
            // Http: &flux.ProviderGitHttpArgs{
            //  AllowInsecureHttp: pulumi.Bool(false),
            //  Password:          pulumi.String("..."),
            //  Username:          pulumi.String("my_github_username"),
            // },

            // Do we need to create a branch first?
            // Branch: pulumi.String("main"),

            Url: pulumi.String("ssh://git@github.com/org_name/fluxcd-test"),
            Ssh: &flux.ProviderGitSshArgs{
                PrivateKey: pulumi.String(`
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----`),
                Username: pulumi.String("my_github_username"),
            },
        },
        Kubernetes: &flux.ProviderKubernetesArgs{
            ConfigPath: pulumi.String(kubeconfigPath),
        },
    })
    if err != nil {
        return nil, err
    }
    return provider, nil
}

func BootStrapFlux(ctx *pulumi.Context, provider *flux.Provider, repoDirPath string) error {

    _, err := flux.NewFluxBootstrapGit(ctx, "this", &flux.FluxBootstrapGitArgs{
        Path: pulumi.String(repoDirPath),
    }, pulumi.Provider(provider))

    if err != nil {
        return err
    }
    return nil

}

I tried using Http first. It couldn't authenticate, so I tried Ssh but it says:

flux:index:FluxBootstrapGit (this):

error: Git Client: could not clone git repository: unable to clone 'ssh://my_github_username@github.com/org_name/fluxcd-test': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

For SSH, I followed GitHub's instructions to create deploy keys. I added the public key to the repo and the private key to the code above.

The code above is run like this:

    ctx := context.Background()
    stackName := "test-stack"
    projectName := ...
    var opts = ...

    kubeconfigPath := "/Users/my_username/.kube/config"

    deployFunc := func(ctx *pulumi.Context) error {
        provider, _ := CreateNewProvider(ctx, kubeconfigPath)

        _ = BootStrapFlux(ctx, provider, "clusters/my-cluster")

        return nil
    }

    stack, _ := auto.UpsertStackInlineSource(ctx, stackName, projectName, deployFunc, opts...)

    res, _ := stack.Up(ctx)

The GitHub repo doesn't contain anything, no branches, no code. Do we have to create at least a branch in it first? I'm under the assumption FluxCD would handle that. I think that's what it did when I bootstrapped it manually instead of programmatically with Pulumi.

I read through the FluxCD docs as well but the Pulumi Flux package has a little fewer options. E.g., I don't see a field for a Personal Access Token.

I'm quite new to this. What am I missing?

nusantara
  • 1,109
  • 1
  • 15
  • 38
  • When authenticating to github using ssh, the username is always `git`. You don't use your actual username. – jordanm Aug 30 '23 at 16:18

0 Answers0