Merge pull request #9 from gfortil/HPCC-27129

HPCC-27129 Add support for private Docker repo
hpcc-systems · Apr 21, 2022 · 3557258 · 3557258
2 parents 2978ca0 + cfcf410
commit 3557258
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 51 deletions.
diff --git a/README.md b/README.md
@@ -243,22 +243,6 @@ Usage Example:
     }
 <br>
 
-### The `image_root` argument:
-This block contains information about the HPCC image to use. This block is optional.
-
- | Name       | Description        | Type   | Default     | Required |
- | ---------- | ------------------ | ------ | ----------- | :------: |
- | image_root | Image root to use. | string | hpccsystems |    no    |
-<br>
-
-### The `image_name` argument:
-This block contains information about the HPCC image to use. This block is optional.
-
- | Name       | Description        | Type   | Default       | Required |
- | ---------- | ------------------ | ------ | ------------- | :------: |
- | image_name | Image name to use. | string | platform-core |    mo    |
-<br>
-
 ### The `disable_helm` argument:
 This block disable helm deployments by Terraform. This block is optional and will stop HPCC from being installed.
 
@@ -270,13 +254,16 @@ This block disable helm deployments by Terraform. This block is optional and wil
 ### The `hpcc` block:
 This block deploys the HPCC helm chart. This block is optional.
 
- | Name      | Description                                                             | Type         | Default                          | Required |
- | --------- | ----------------------------------------------------------------------- | ------------ | -------------------------------- | :------: |
- | chart     | Path to local chart directory name. Examples: ~/HPCC-Platform/helm/hpcc | string       | null                             |    no    |
- | namespace | Namespace to use.                                                       | string       | default                          |    no    |
- | name      | Release name of the chart.                                              | string       | `myhpcck8s`                      |    no    |
- | values    | List of desired state files to use similar to -f in CLI.                | list(string) | `values-retained-azurefile.yaml` |    no    |
- | version   | Version of the HPCC chart.                                              | string       | latest                           |   yes    |
+ | Name          | Description                                                             | Type         | Default                          | Required |
+ | ------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------- | :------: |
+ | chart         | Path to local chart directory name. Examples: ~/HPCC-Platform/helm/hpcc | string       | null                             |    no    |
+ | namespace     | Namespace to use.                                                       | string       | default                          |    no    |
+ | name          | Release name of the chart.                                              | string       | `myhpcck8s`                      |    no    |
+ | values        | List of desired state files to use similar to -f in CLI.                | list(string) | `values-retained-azurefile.yaml` |    no    |
+ | chart_version | Version of the HPCC chart.                                              | string       | latest                           |   yes    |
+ | image_root    | HPCC image root to use.                                                 | string       | hpccsystems                      |    no    |
+ | image_name    | HPCC image name to use.                                                 | string       | platform-core                    |    no    |
+ | image_version | HPCC image version to use.                                              | string       | 8.6.20-rc1                       |    no    |
 <br>
 
  Usage Example:
@@ -371,6 +358,25 @@ The `hpcc`, `storage` and `elk` blocks also support the following arguments:
 | lint                       | Optional           | Run the helm chart linter during the plan. Defaults to false.                                                                                                      |
 <br>
 
+### The `registry` block:
+This block authenticates a private Docker repository. This block is optional.
+
+ | Name     | Description                                                                | Type   | Default | Required |
+ | -------- | -------------------------------------------------------------------------- | ------ | ------- | :------: |
+ | server   | The server address of the private Docker repository.                       | string | -       |   yes    |
+ | username | The username for the private Docker repository account.                    | string | -       |   yes    |
+ | password | The password, token, or API key for the private Docker repository account. | string | -       |   yes    |
+<br>
+
+Usage Example:
+<br>
+
+    registry = {
+        password = ""
+        server   = ""
+        username = ""
+    }
+<br>
 
 ### The `auto_connect` argument:
 This block automatically connect your cluster to your local machine similarly to `az aks get-credentials`.
@@ -380,14 +386,6 @@ This block automatically connect your cluster to your local machine similarly to
  | auto_connect | Automatically connect to the Kubernetes cluster from the host machine by overwriting the current context. | bool | `false` |    no    |
 <br>
 
-### The `auto_connect` argument:
-This block automatically launch the ECLWatch interface.
-
- | Name                 | Description                                  | Type | Default | Required |
- | -------------------- | -------------------------------------------- | ---- | ------- | :------: |
- | auto_launch_eclwatch | Automatically launch the ECLWatch interface. | bool | `false` |    no    |
-<br>
-
 ### The `expose_services` argument:
 Expose ECLWatch and ELK to the internet. This is unsafe and may not be supported by your organization. Setting this to `true` can cause eclwatch service to stick in a pending state.
 

diff --git a/examples/admin.tfvars b/examples/admin.tfvars
@@ -62,16 +62,19 @@ node_pools = {
 # .......................
 
 hpcc = {
-  version = "8.4.14-rc1"
+  version = "8.6.20-rc1"
   name    = "myhpcck8s"
   atomic  = true
+  # image_root    = "<server-address>/<repository name>"
+  # image_name    = "platform-core-ln"
+  # image_version = "8.6.18-rc1"
 }
 
 elk = {
   enable = false
   name   = "myhpccelk"
   # chart  = ""
-  # values = ""
+  # values = []
 }
 
 storage = {
@@ -95,15 +98,6 @@ storage = {
 # Setting this to true can cause eclwatch service to stick in a pending state. Only use this if you know what you are doing.
 expose_services = true
 
-# image_root - Root of the image other than hpccsystems
-#  image_root = "foo"
-
-# image_name - Name of the image other than platform-core
-# image_name = "bar"
-
-# image_version - Version of the image
-# image_version = "bar"
-
 # auto_connect - Automatically connect to the kubernetes cluster from the host machine.
 auto_connect = true
 
@@ -125,3 +119,12 @@ auto_launch_eclwatch = true
     location          = "value"
   }
 */
+
+/*
+# Private Docker repository authentification
+registry = {
+  password = "my_api_key"
+  server   = "westus.lexisnexisrisk.com"
+  username = "[email protected]"
+}
+*/
diff --git a/locals.tf b/locals.tf
@@ -15,17 +15,17 @@ locals {
   virtual_network = can(var.virtual_network.private_subnet_id) && can(var.virtual_network.public_subnet_id) && can(var.virtual_network.route_table_id) ? var.virtual_network : data.external.vnet[0].result
   cluster_name    = "${local.names.resource_group_type}-${local.names.product_name}-terraform-${local.names.location}-${var.admin.name}-${terraform.workspace}"
 
-  hpcc_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-${var.hpcc.version}.tgz"
+  hpcc_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-${var.hpcc.chart_version}.tgz"
   hpcc_chart      = can(var.hpcc.chart) ? var.hpcc.chart : local.hpcc_repository
   hpcc_name       = can(var.hpcc.name) ? var.hpcc.name : "myhpcck8s"
 
 
-  storage_version    = can(var.storage.version) ? var.storage.version : "0.1.0"
+  storage_version    = can(var.storage.chart_version) ? var.storage.chart_version : "0.1.0"
   storage_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-azurefile-${local.storage_version}.tgz"
   storage_chart      = can(var.storage.chart) ? var.storage.chart : local.storage_repository
   storage_account    = can(var.storage.storage_account.resource_group_name) && can(var.storage.storage_account.name) && can(var.storage.storage_account.location) ? var.storage.storage_account : data.external.sa[0].result
 
-  elk_version    = can(var.elk.version) ? var.elk.version : "1.2.1"
+  elk_version    = can(var.elk.chart_version) ? var.elk.chart_version : "1.2.1"
   elk_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/elastic4hpcclogs-${local.elk_version}.tgz"
   elk_chart      = can(var.elk.chart) ? var.elk.chart : local.elk_repository
   elk_name       = can(var.elk.name) ? var.elk.name : "myhpccelk"

diff --git a/main.tf b/main.tf
@@ -97,6 +97,26 @@ resource "kubernetes_secret" "sa_secret" {
   type = "Opaque"
 }
 
+resource "kubernetes_secret" "private_docker_registry" {
+  count = can(var.registry.server) && can(var.registry.username) && can(var.registry.password) ? 1 : 0
+  metadata {
+    name = "docker-cfg"
+  }
+  type = "kubernetes.io/dockerconfigjson"
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "${var.registry.server}" = {
+          "username" = var.registry.username
+          "password" = var.registry.password
+          "email"    = var.admin.email
+          "auth"     = base64encode("${var.registry.username}:${var.registry.password}")
+        }
+      }
+    })
+  }
+}
+
 resource "helm_release" "hpcc" {
   count = var.disable_helm ? 0 : 1
 
@@ -118,28 +138,35 @@ resource "helm_release" "hpcc" {
   try([for v in var.hpcc.values : file(v)], []), [file("${path.root}/values/values-retained-azurefile.yaml")])
 
   dynamic "set" {
-    for_each = var.image_root != "" && var.image_root != null ? [1] : []
+    for_each = can(var.hpcc.image_root) ? [1] : []
     content {
       name  = "global.image.root"
-      value = var.image_root
+      value = var.hpcc.image_root
     }
   }
 
   dynamic "set" {
-    for_each = var.image_name != "" && var.image_name != null ? [1] : []
+    for_each = can(var.hpcc.image_name) ? [1] : []
     content {
       name  = "global.image.name"
-      value = var.image_name
+      value = var.hpcc.image_name
     }
   }
 
   dynamic "set" {
-    for_each = var.image_version != "" && var.image_version != null ? [1] : []
+    for_each = can(var.hpcc.image_version) ? [1] : []
     content {
       name  = "global.image.version"
-      value = var.image_version
+      value = var.hpcc.image_version
     }
+  }
 
+  dynamic "set" {
+    for_each = can(var.hpcc.image_root) ? [1] : []
+    content {
+      name  = "global.image.imagePullSecrets"
+      value = kubernetes_secret.private_docker_registry[0].metadata[0].name
+    }
   }
 
   depends_on = [helm_release.storage, module.kubernetes]

diff --git a/variables.tf b/variables.tf
@@ -134,3 +134,9 @@ variable "elk" {
   type        = any
   default     = { default = { name = "myhpccelk", enable = true } }
 }
+
+variable "registry" {
+  description = "Use if image is hosted on a private docker repository."
+  type        = any
+  default     = {}
+}