Merge pull request #1007 from jkataja/feature/fluxcd-bucket-source

Add FluxCD support for S3 Bucket sources
aws-quickstart · Jun 19, 2024 · 7f38bbc · 7f38bbc
2 parents 38ad8b1 + 031c2e5
commit 7f38bbc
Show file tree

Hide file tree

Showing 4 changed files with 301 additions and 112 deletions.
diff --git a/docs/addons/fluxcd.md b/docs/addons/fluxcd.md
@@ -6,6 +6,8 @@ Flux is a declarative, GitOps-based continuous delivery tool that can be integra
 
 ## Usage
 
+Only specify unique values for the repository and bucket `name` field.
+
 ### Single bootstrap repo path
 
 ```typescript
@@ -67,6 +69,38 @@ const blueprint = blueprints.EksBlueprint.builder()
     .build(app, 'my-stack-name');
 ```
 
+### Single bootstrap S3 bucket repository
+
+```typescript
+import * as cdk from 'aws-cdk-lib';
+import * as blueprints from '@aws-quickstart/eks-blueprints';
+import * as s3 from 'aws-cdk-lib/aws-s3';
+
+const app = new cdk.App();
+
+const fluxBootstrap = new s3.Bucket(this, "FluxBootstrap", {
+    removalPolicy: cdk.RemovalPolicy.RETAIN,
+});
+
+const addOn = new blueprints.addons.FluxCDAddOn({
+    buckets: [{
+        name: "bootstrap-bucket",
+        bucketName: fluxBootstrap.bucketName,
+        bucketRegion: cdk.Aws.REGION,
+    }],
+})
+...
+
+const blueprint = blueprints.EksBlueprint.builder()
+  .addOns(addOn)
+  .build(app, 'my-stack-name');
+```
+
+By default the FluxCD source-controller attempts to access the S3 bucket by using the IAM instance profile.
+To grant access assign node group instances IAM role granting read access to the S3 bucket.
+Alternatively reference to a Secret containing the `accesskey` and `secretkey` values with the `secretRef` parameter to authenticate using IAM user authentication.
+See [FluxCD Bucket Source Controller documentation](https://fluxcd.io/flux/components/source/buckets/).
+
 ## Workload Repositories
 
 1. To add workload repositories as well as the bootstrap repository, please follow this example below 

diff --git a/lib/addons/fluxcd/bucket.ts b/lib/addons/fluxcd/bucket.ts
@@ -0,0 +1,39 @@
+import { setPath } from "../../utils";
+
+/**
+ * Flux Bucket API defines a Source to produce an Artifact for objects from storage solutions like Amazon S3.
+ * @see https://fluxcd.io/flux/components/source/buckets/
+ */
+export class FluxBucket {
+
+    constructor(private readonly bucketName: string, private readonly region: string, private readonly prefixPath?: string) {}
+
+    public generate(name: string, namespace: string, fluxSyncInterval: string, provider: string, endpoint: string, fluxSecretRefName?: string) {
+
+        const bucketManifest =  {
+            apiVersion: "source.toolkit.fluxcd.io/v1beta2",
+            kind: "Bucket",
+            metadata: {
+                name: name,
+                namespace: namespace
+            },
+            spec: {
+                interval: fluxSyncInterval,
+                bucketName: this.bucketName,
+                provider: provider,
+                endpoint: endpoint,
+                region: this.region,
+            }
+        };
+
+        if (fluxSecretRefName) {
+            setPath(bucketManifest, "spec.secretRef.name", fluxSecretRefName);
+        }
+
+        if (this.prefixPath) {
+            setPath(bucketManifest, "spec.prefix", this.prefixPath);
+        }
+
+        return bucketManifest;
+    }
+}