Add FluxCD support for S3 Bucket sources

[jkataja]

Issue #, if available:

Description of changes:

• implement support for FluxCD Bucket source: https://fluxcd.io/flux/components/source/buckets/
• bump FluxCD default version to 2.13.0
• use the more reliable OCI registry for the FluxCD Helm chart
• make indentation consistent within the modified files
• changed typo in defaultKustomiationProps
• basic use case tested
• kustomizations not tested

Example use:

        .addOns(new blueprints.addons.FluxCDAddOn({
            buckets: [
                {
                    name: "bootstrap-bucket",
                    bucketName:base.bucket.bucketName,
                    bucketRegion: cdk.Aws.REGION,
                }
            ],
        }),

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[elamaran11]

Approach LGTM. @shapirov103 Pls check.

[jkataja]

@shapirov103 Hi, do you require any inputs from me to test and review the pull request? For example how I setup the Flux CD source bucket.

[shapirov103]

@jkataja thank you for this contribution, looks good overall, I added a couple of design/maintenance level comments.

As far as testing, please share an example that you used for validation. We need to run it manually in this case as flux is not continuously tested with the end-to-end tests.

[shapirov103]

As far as design - therepository construct is effectively misused as a vehicle to carry bucket info. Consider a case when we add a URL validator (lack of it is a miss) to the repoUrl and start failing valid cases for the bucket name.
why not omit this structure from the type and introduce a clear bucket type?

[jkataja]

see commit 1c95b13

• test bucket construct changes

[shapirov103]

with the switch to OCR, are you aware of a mechanism for us to discover when new versions of flux become available (other than manual look up)?

[jkataja]

seems that gh release will show it but the output is not strictly for this chart:

$ gh release  list --repo fluxcd-community/helm-charts
flux2-sync-1.9.0           Latest  (flux2-sync-1.9.0)           about 1 month ago
flux2-notification-1.15.0          (flux2-notification-1.15.0)  about 1 month ago
flux2-2.13.0                       (flux2-2.13.0)               about 1 month ago
flux2-2.12.4                       (flux2-2.12.4)               about 3 months ago
flux2-sync-1.8.2                   (flux2-sync-1.8.2)           about 3 months ago
flux2-notification-1.14.1          (flux2-notification-1.14.1)  about 3 months ago
flux2-2.12.3                       (flux2-2.12.3)               about 3 months ago
flux2-notification-1.14.0          (flux2-notification-1.14.0)  about 4 months ago
flux2-sync-1.8.1                   (flux2-sync-1.8.1)           about 5 months ago
flux2-notification-1.13.1          (flux2-notification-1.13.1)  about 5 months ago
flux2-2.12.2                       (flux2-2.12.2)               about 5 months ago
flux2-2.12.1                       (flux2-2.12.1)               about 6 months ago
flux2-sync-1.8.0                   (flux2-sync-1.8.0)           about 6 months ago
flux2-notification-1.13.0          (flux2-notification-1.13.0)  about 6 months ago
flux2-2.12.0                       (flux2-2.12.0)               about 6 months ago
flux2-2.11.1                       (flux2-2.11.1)               about 7 months ago
flux2-sync-1.7.3                   (flux2-sync-1.7.3)           about 7 months ago
flux2-notification-1.12.4          (flux2-notification-1.12.4)  about 7 months ago
flux2-multi-tenancy-0.0.6          (flux2-multi-tenancy-0.0.6)  about 7 months ago
flux2-2.11.0                       (flux2-2.11.0)               about 7 months ago
flux2-2.10.6                       (flux2-2.10.6)               about 7 months ago
flux2-sync-1.7.2                   (flux2-sync-1.7.2)           about 7 months ago
flux2-notification-1.12.3          (flux2-notification-1.12.3)  about 7 months ago
flux2-2.10.5                       (flux2-2.10.5)               about 7 months ago
flux2-notification-1.12.2          (flux2-notification-1.12.2)  about 7 months ago
flux2-multi-tenancy-0.0.5          (flux2-multi-tenancy-0.0.5)  about 7 months ago
flux2-2.10.4                       (flux2-2.10.4)               about 7 months ago
flux2-2.10.3                       (flux2-2.10.3)               about 7 months ago
flux2-2.10.2                       (flux2-2.10.2)               about 8 months ago
flux2-sync-1.7.1                   (flux2-sync-1.7.1)           about 8 months ago

commented in 455a6a3

[jkataja]

@jkataja thank you for this contribution, looks good overall, I added a couple of design/maintenance level comments.

You're welcome!

As far as testing, please share an example that you used for validation. We need to run it manually in this case as flux is not continuously tested with the end-to-end tests.

Sure, so I create the bucket in a separate stack using:

new s3.Bucket(this, "SourceBucket", {
      removalPolicy: cdk.RemovalPolicy.RETAIN,
      objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_ENFORCED,
    });

Allow the node role to access the bucket by using:

        base.bucket.grantRead(role);

And then initialize the FluxCD addon as follows:

    .addOns(new blueprints.addons.FluxCDAddOn({
        buckets: [
            {
                name: "bootstrap-bucket",
                bucketName:base.bucket.bucketName,
                bucketRegion: cdk.Aws.REGION,
            }
        ],
    }),
...

Contains untested changes. Edit: tested basic deployment without Kustomizations

@shapirov103 please take another look of the pull request, I have addressed the comments and tested manually.

[jkataja]

The pipeline started failing with the eksworkshop.com returning HTTP 403 with AccessDenied response from S3

[shapirov103]

LGTM

[shapirov103]

/do-e2e-tests

[aws-ia-ci]

end to end tests passed

[elamaran11]

@jkataja Please merge from main, that should fix the GH Action errors.

[jkataja]

@elamaran11 I rebased on main, please try again

[elamaran11]

/do-e2e-tests

[aws-ia-ci]

end to end tests passed

[elamaran11]

@shapirov103 LG to merge.