Draft: Document Flux usage

Hunter Stewartrequested to merge
docs-flux into master

Why

See Document the recommended Flux setup for GitLab (#389382 - closed)

GitLab has announced it will be recommending using Flux to its users as a GitOps solution. We want to document any recommendations we have that might not already be covered in the excellent Flux documentation.

Flux has quite a lot of documentation and we'd like to avoid duplicating that.

The goal here is to provide the smallest possible examples, setup, and anything else that might be helpful to someone using GitLab who would like to use Flux for their GitOps solution.

What

Encourage a principle of least privilege when setting up Flux on GitLab.

The documentation here attempts to do this by avoiding the use of a Personal Access Token. Instead, it recommends using a Project Access Token as this would have a much more isolated surface area to be concerned about in the event that a token was compromised.

Provide an example setup

The documentation references examples through. They can be found here: https://gitlab.com/gitlab-org/configure/examples/flux

What this is not

It's been mentioned that we want to recommend a repository structure. It's my opinion that each user's setup will need to be suited to their unique needs and situation. The Flux documentation goes into detail about various setups, and I don't have anything to add to that right now.

I think any kind of recommendation would need to come from gathering feedback about what's working well for GitLab users integrating with Flux, and what's difficult to work with. After we get some data around this, it could be possible that we have more to say.

Feedback

I'm really hoping to get some feedback on this. Any recommendations, call-outs on what doesn't make sense, what needs clarity.

If anyone is interested in trying to use the guide to set up their own example project, I'd love to know how that goes.

Also, I was a little unsure of exactly how to incorporate the example project into the docs itself. The intention is that really just there to be able to illustrate how the two repositories work together.

Edited by Hunter Stewart

Merge request reports