From cfcf410dc9bd215e74133cfb000763fc2deb16e6 Mon Sep 17 00:00:00 2001 From: Godson Fortil Date: Wed, 20 Apr 2022 20:35:53 -0400 Subject: [PATCH] HPCC-27129 Add support for private Docker repo Signed-off-by: Godson Fortil --- README.md | 60 +++++++++++++++++++++---------------------- examples/admin.tfvars | 25 ++++++++++-------- locals.tf | 6 ++--- main.tf | 39 +++++++++++++++++++++++----- variables.tf | 6 +++++ 5 files changed, 85 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index b33c716..74cb26b 100644 --- a/README.md +++ b/README.md @@ -243,22 +243,6 @@ Usage Example: }
-### The `image_root` argument: -This block contains information about the HPCC image to use. This block is optional. - - | Name | Description | Type | Default | Required | - | ---------- | ------------------ | ------ | ----------- | :------: | - | image_root | Image root to use. | string | hpccsystems | no | -
- -### The `image_name` argument: -This block contains information about the HPCC image to use. This block is optional. - - | Name | Description | Type | Default | Required | - | ---------- | ------------------ | ------ | ------------- | :------: | - | image_name | Image name to use. | string | platform-core | mo | -
- ### The `disable_helm` argument: This block disable helm deployments by Terraform. This block is optional and will stop HPCC from being installed. @@ -270,13 +254,16 @@ This block disable helm deployments by Terraform. This block is optional and wil ### The `hpcc` block: This block deploys the HPCC helm chart. This block is optional. - | Name | Description | Type | Default | Required | - | --------- | ----------------------------------------------------------------------- | ------------ | -------------------------------- | :------: | - | chart | Path to local chart directory name. Examples: ~/HPCC-Platform/helm/hpcc | string | null | no | - | namespace | Namespace to use. | string | default | no | - | name | Release name of the chart. | string | `myhpcck8s` | no | - | values | List of desired state files to use similar to -f in CLI. | list(string) | `values-retained-azurefile.yaml` | no | - | version | Version of the HPCC chart. | string | latest | yes | + | Name | Description | Type | Default | Required | + | ------------- | ----------------------------------------------------------------------- | ------------ | -------------------------------- | :------: | + | chart | Path to local chart directory name. Examples: ~/HPCC-Platform/helm/hpcc | string | null | no | + | namespace | Namespace to use. | string | default | no | + | name | Release name of the chart. | string | `myhpcck8s` | no | + | values | List of desired state files to use similar to -f in CLI. | list(string) | `values-retained-azurefile.yaml` | no | + | chart_version | Version of the HPCC chart. | string | latest | yes | + | image_root | HPCC image root to use. | string | hpccsystems | no | + | image_name | HPCC image name to use. | string | platform-core | no | + | image_version | HPCC image version to use. | string | 8.6.20-rc1 | no |
Usage Example: @@ -371,6 +358,25 @@ The `hpcc`, `storage` and `elk` blocks also support the following arguments: | lint | Optional | Run the helm chart linter during the plan. Defaults to false. |
+### The `registry` block: +This block authenticates a private Docker repository. This block is optional. + + | Name | Description | Type | Default | Required | + | -------- | -------------------------------------------------------------------------- | ------ | ------- | :------: | + | server | The server address of the private Docker repository. | string | - | yes | + | username | The username for the private Docker repository account. | string | - | yes | + | password | The password, token, or API key for the private Docker repository account. | string | - | yes | +
+ +Usage Example: +
+ + registry = { + password = "" + server = "" + username = "" + } +
### The `auto_connect` argument: This block automatically connect your cluster to your local machine similarly to `az aks get-credentials`. @@ -380,14 +386,6 @@ This block automatically connect your cluster to your local machine similarly to | auto_connect | Automatically connect to the Kubernetes cluster from the host machine by overwriting the current context. | bool | `false` | no |
-### The `auto_connect` argument: -This block automatically launch the ECLWatch interface. - - | Name | Description | Type | Default | Required | - | -------------------- | -------------------------------------------- | ---- | ------- | :------: | - | auto_launch_eclwatch | Automatically launch the ECLWatch interface. | bool | `false` | no | -
- ### The `expose_services` argument: Expose ECLWatch and ELK to the internet. This is unsafe and may not be supported by your organization. Setting this to `true` can cause eclwatch service to stick in a pending state. diff --git a/examples/admin.tfvars b/examples/admin.tfvars index fd0986b..d75cadb 100644 --- a/examples/admin.tfvars +++ b/examples/admin.tfvars @@ -62,16 +62,19 @@ node_pools = { # ....................... hpcc = { - version = "8.4.14-rc1" + version = "8.6.20-rc1" name = "myhpcck8s" atomic = true + # image_root = "/" + # image_name = "platform-core-ln" + # image_version = "8.6.18-rc1" } elk = { enable = false name = "myhpccelk" # chart = "" - # values = "" + # values = [] } storage = { @@ -95,15 +98,6 @@ storage = { # Setting this to true can cause eclwatch service to stick in a pending state. Only use this if you know what you are doing. expose_services = true -# image_root - Root of the image other than hpccsystems -# image_root = "foo" - -# image_name - Name of the image other than platform-core -# image_name = "bar" - -# image_version - Version of the image -# image_version = "bar" - # auto_connect - Automatically connect to the kubernetes cluster from the host machine. auto_connect = true @@ -125,3 +119,12 @@ auto_launch_eclwatch = true location = "value" } */ + +/* +# Private Docker repository authentification +registry = { + password = "my_api_key" + server = "westus.lexisnexisrisk.com" + username = "foo@lexisnexisrisk.com" +} +*/ diff --git a/locals.tf b/locals.tf index a6a4a10..52f209d 100644 --- a/locals.tf +++ b/locals.tf @@ -15,17 +15,17 @@ locals { virtual_network = can(var.virtual_network.private_subnet_id) && can(var.virtual_network.public_subnet_id) && can(var.virtual_network.route_table_id) ? var.virtual_network : data.external.vnet[0].result cluster_name = "${local.names.resource_group_type}-${local.names.product_name}-terraform-${local.names.location}-${var.admin.name}-${terraform.workspace}" - hpcc_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-${var.hpcc.version}.tgz" + hpcc_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-${var.hpcc.chart_version}.tgz" hpcc_chart = can(var.hpcc.chart) ? var.hpcc.chart : local.hpcc_repository hpcc_name = can(var.hpcc.name) ? var.hpcc.name : "myhpcck8s" - storage_version = can(var.storage.version) ? var.storage.version : "0.1.0" + storage_version = can(var.storage.chart_version) ? var.storage.chart_version : "0.1.0" storage_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/hpcc-azurefile-${local.storage_version}.tgz" storage_chart = can(var.storage.chart) ? var.storage.chart : local.storage_repository storage_account = can(var.storage.storage_account.resource_group_name) && can(var.storage.storage_account.name) && can(var.storage.storage_account.location) ? var.storage.storage_account : data.external.sa[0].result - elk_version = can(var.elk.version) ? var.elk.version : "1.2.1" + elk_version = can(var.elk.chart_version) ? var.elk.chart_version : "1.2.1" elk_repository = "https://github.com/hpcc-systems/helm-chart/raw/master/docs/elastic4hpcclogs-${local.elk_version}.tgz" elk_chart = can(var.elk.chart) ? var.elk.chart : local.elk_repository elk_name = can(var.elk.name) ? var.elk.name : "myhpccelk" diff --git a/main.tf b/main.tf index f800adf..de9f199 100644 --- a/main.tf +++ b/main.tf @@ -97,6 +97,26 @@ resource "kubernetes_secret" "sa_secret" { type = "Opaque" } +resource "kubernetes_secret" "private_docker_registry" { + count = can(var.registry.server) && can(var.registry.username) && can(var.registry.password) ? 1 : 0 + metadata { + name = "docker-cfg" + } + type = "kubernetes.io/dockerconfigjson" + data = { + ".dockerconfigjson" = jsonencode({ + auths = { + "${var.registry.server}" = { + "username" = var.registry.username + "password" = var.registry.password + "email" = var.admin.email + "auth" = base64encode("${var.registry.username}:${var.registry.password}") + } + } + }) + } +} + resource "helm_release" "hpcc" { count = var.disable_helm ? 0 : 1 @@ -118,28 +138,35 @@ resource "helm_release" "hpcc" { try([for v in var.hpcc.values : file(v)], []), [file("${path.root}/values/values-retained-azurefile.yaml")]) dynamic "set" { - for_each = var.image_root != "" && var.image_root != null ? [1] : [] + for_each = can(var.hpcc.image_root) ? [1] : [] content { name = "global.image.root" - value = var.image_root + value = var.hpcc.image_root } } dynamic "set" { - for_each = var.image_name != "" && var.image_name != null ? [1] : [] + for_each = can(var.hpcc.image_name) ? [1] : [] content { name = "global.image.name" - value = var.image_name + value = var.hpcc.image_name } } dynamic "set" { - for_each = var.image_version != "" && var.image_version != null ? [1] : [] + for_each = can(var.hpcc.image_version) ? [1] : [] content { name = "global.image.version" - value = var.image_version + value = var.hpcc.image_version } + } + dynamic "set" { + for_each = can(var.hpcc.image_root) ? [1] : [] + content { + name = "global.image.imagePullSecrets" + value = kubernetes_secret.private_docker_registry[0].metadata[0].name + } } depends_on = [helm_release.storage, module.kubernetes] diff --git a/variables.tf b/variables.tf index 58fd28a..760e109 100644 --- a/variables.tf +++ b/variables.tf @@ -134,3 +134,9 @@ variable "elk" { type = any default = { default = { name = "myhpccelk", enable = true } } } + +variable "registry" { + description = "Use if image is hosted on a private docker repository." + type = any + default = {} +}