Support flux installation via helm chart

[tsahiduek]

Hi,
Is there any reason why flux2 doesn't have an helm chart to bootstrap itself to a cluster?
Using CLI tool is somewhat hard to use when managing the cluster/infra creation via IaC (like CDK in my case), whereas helm installation will be much easier to manage

Thanks

[kingdonb]

Sorry for the inconvenience.

This has been explained in #1136, see also the discussion in #431

The short version is that Helm is not an ideal solution for deployment of CRDs, as it has limited support for upgrading them. Flux now leans heavily on the Custom Resource Definition feature for Kubernetes API extensibility, and this is a major pain point for us as the APIs are frequently being upgraded with a new release.

[kingdonb]

Though it is not a Helm chart, HTH - the Infrastructure as Code solution we recommend is our Terraform provider:

https://github.com/fluxcd/terraform-provider-flux

[tsahiduek]

Have you considered support for CDK?

[squaricdot]

@kingdonb i thought i cought some discussion on slack that you made some way to use OLM to maintain the operator ?

[kingdonb]

There is an OLM method for installing Flux, yes:

https://operatorhub.io/operator/flux

I think it works best with OpenShift from what I have heard, although I use vanilla k8s. There are some issues I ran into using OLM standalone, (they should be filed separately, I haven't got around to it yet) but from what I understand I think these can mostly be overcome easily, when using OLM standalone + OpenShift Console. (I haven't quite got there yet myself, either...)

To be more specific,

• Feature req: Honor operatorframework.io/suggested-namespace operator-framework/kubectl-operator#50

Edit: To be a bit more specific, the kubectl operator krew plugin works fine with Flux, you just need to be sure you specify -n flux-system so the Flux operator is installed in the flux-system namespace. This works great and all outstanding issues are fixed for Flux 0.16.2.

It would be nice to update the docs to include this information, but it would be nicer still if we could get all regular modes of installing the operator to simply honor the suggestedNamespace directive though, so users don't have to find this note buried somewhere in a doc...

[stgrace]

I understand the difficulty of managing CRD's with Helm and not wanting to do that.
However, using the provided installation methods available now there is no way to customize RBAC for Flux components. By default cluster-admin privileges are bound to kustomize and helm controller, which is not allowed in a lot of production environments.
Ideally there would be a way to specify the privileges for each Flux component in an automated way, maintained by Flux itself.

[pierluigilenoci]

@stgrace I totally agree!

[stefanprodan]

Ideally there would be a way to specify the privileges for each Flux component in an automated way, maintained by Flux itself.

Please take a look at: https://github.com/fluxcd/flux2-multi-tenancy

[stefanprodan]

An unofficial Helm chart for flux is being developed here https://github.com/fluxcd-community/helm-charts