Add the ability to inject labels on the kustomization controller pods

Also remove an unused variable.

Author: mickael-carl

kustomization.yaml.tpl

@@ -15,6 +15,18 @@ patches:
     kind: ServiceAccount
     name: kustomize-controller
     labelSelector: app.kubernetes.io/part-of=flux
+- patch: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: kustomize-controller
+    spec:
+      template:
+        metadata:
+          labels: ${pod_labels}
+  target:
+    kind: Deployment
+    name: kustomize-controller
 - patch: |
     apiVersion: kustomize.toolkit.fluxcd.io/v1
     kind: Kustomization

main.tf

@@ -3,8 +3,7 @@
 ################################################################################
 resource "kubernetes_namespace" "flux_system_ns" {
   metadata {
-    name        = var.namespace
-    annotations = var.annotations
+    name = var.namespace
   }
 
   lifecycle {
@@ -14,9 +13,8 @@ resource "kubernetes_namespace" "flux_system_ns" {
 
 resource "kubernetes_secret" "flux_system_secret" {
   metadata {
-    name        = "flux-system"
-    namespace   = var.namespace
-    annotations = var.annotations
+    name      = "flux-system"
+    namespace = var.namespace
   }
 
   data = {
@@ -32,9 +30,8 @@ resource "kubernetes_config_map" "flux_cluster_variables" {
   count = length(var.cluster_variables) > 0 ? 1 : 0
 
   metadata {
-    name        = "terraform-flux-cluster-variables"
-    namespace   = var.namespace
-    annotations = var.annotations
+    name      = "terraform-flux-cluster-variables"
+    namespace = var.namespace
   }
   data = var.cluster_variables
 
@@ -53,6 +50,7 @@ resource "flux_bootstrap_git" "this" {
   kustomization_override = templatefile("${path.module}/kustomization.yaml.tpl", {
     service_account_annotations = yamlencode(var.service_account_annotations)
     service_account_labels      = yamlencode(var.service_account_labels)
+    pod_labels                  = yamlencode(var.pod_labels)
   })
   version    = var.fluxcd_version
   depends_on = [kubernetes_secret.flux_system_secret]

main.tftest.hcl

@@ -19,6 +19,9 @@ variables {
   service_account_labels = {
     "foo" = "bar"
   }
+  pod_labels = {
+    "some.cloud.provider/identity" = "true"
+  }
 }
 
 run "validate" {

variables.tf

@@ -31,6 +31,12 @@ variable "service_account_labels" {
   default     = {}
 }
 
+variable "pod_labels" {
+  description = "Labels to add to the kustomize-controller pods"
+  type        = map(string)
+  default     = {}
+}
+
 variable "controller_ssh_known_hosts" {
   description = "SSH known hosts for flux controller. Defaults to github.com ECDSA key."
   type        = string
@@ -43,12 +49,6 @@ variable "namespace" {
   default     = "flux-system"
 }
 
-variable "annotations" {
-  description = "Annotations to add to created kubernetes resources"
-  type        = map(string)
-  default     = {}
-}
-
 variable "cluster_variables" {
   description = "Key-value pairs to create 'terraform-flux-cluster-variables' ConfigMap for flux/Kustomization postBuild use"
   type        = map(string)