Fix state

modules/flux/main.tf

@@ -68,6 +68,13 @@ resource "kubectl_manifest" "sync" {
   yaml_body  = each.value
 }
 
+locals {
+  known_hosts = <<EOT
+git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8
+git.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=
+EOT
+}
+
 # Generate a Kubernetes secret with the Git credentials
 resource "kubernetes_secret" "main" {
   depends_on = [kubectl_manifest.apply]
@@ -78,7 +85,20 @@ resource "kubernetes_secret" "main" {
   }
 
   data = {
-    username = "git"
-    password = var.flux_token
+    identity = var.ssh_private_key_pem
+    "identity.pub" = var.ssh_public_key_pem
+    #    identity       = <<EOT
+    #-----BEGIN OPENSSH PRIVATE KEY-----
+    #b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    #QyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3
+    #UQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA
+    #AAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB
+    #MOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==
+    #-----END OPENSSH PRIVATE KEY-----
+    #EOT
+    #    "identity.pub" = <<EOT
+    #ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io
+    #EOT
+    known_hosts    = local.known_hosts
   }
 }

modules/flux/providers.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     flux = {
-      source = "fluxcd/flux"
+      source  = "fluxcd/flux"
       version = "0.14.1"
     }
     kubectl = {

modules/flux/variables.tf

@@ -17,3 +17,14 @@ variable "branch" {
   type     = string
   nullable = false
 }
+
+variable "ssh_private_key_pem" {
+  type     = string
+  nullable = false
+  sensitive = true
+}
+
+variable "ssh_public_key_pem" {
+  type     = string
+  nullable = false
+}