diff --git a/CHANGELOG.md b/CHANGELOG.md index f95404c..7091c35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [v4.0.0] - 2024-10-29 +### Changed +- **Breaking**: Updated k8s-ces-setup configuration in vagrant environment and terraform module to support the new structure of the container registry secret. #96 +For terraform variable declaration see `container_registry_secrets` in [variables.tf](terraform/ces-module/variables.tf). +- Update default setup helm chart version to 3.0.0 in terraform module `ces-module`. + ## [v3.1.0] - 2024-09-19 ### Changed - Replace terraform kubernetes generic manifests resources with explicit corresponding resources (e.g. daemonsets) because they need the kubeconfig already in plan phase and prevent a single `terraform apply` #87 diff --git a/docs/operations/ces_installation_de.md b/docs/operations/ces_installation_de.md index 9812abe..0cab6c8 100644 --- a/docs/operations/ces_installation_de.md +++ b/docs/operations/ces_installation_de.md @@ -198,10 +198,10 @@ müssen benötigte Credentials mit einem `values.yaml` File konfiguriert werden. Minimales Beispiel: ```yaml -docker_registry_secret: - url: https://registry.cloudogu.com - username: - password: +container_registry_secrets: + - url: https://registry.cloudogu.com + username: + password: dogu_registry_secret: url: https://dogu.cloudogu.com/api/v2/dogus diff --git a/docs/operations/ces_installation_en.md b/docs/operations/ces_installation_en.md index 6af7b20..7581e98 100644 --- a/docs/operations/ces_installation_en.md +++ b/docs/operations/ces_installation_en.md @@ -197,10 +197,10 @@ required credentials must be configured with a `values.yaml` file. Minimal example: ```yaml -docker_registry_secret: - url: https://registry.cloudogu.com - username: - password: +container_registry_secrets: + - url: https://registry.cloudogu.com + username: + password: dogu_registry_secret: url: https://dogu.cloudogu.com/api/v2/dogus diff --git a/externalcloud/.env.template b/externalcloud/.env.template deleted file mode 100644 index 3feeca7..0000000 --- a/externalcloud/.env.template +++ /dev/null @@ -1,14 +0,0 @@ -export kube_context="k3ces.local" -export dogu_registry_url="https://dogu.cloudogu.com/api/v2/dogus" -export dogu_registry_username= -export dogu_registry_password= -export image_registry_url="registry.cloudogu.com" -export image_registry_username= -export image_registry_password= -export image_registry_email="test@mtest.de" -export helm_registry_host="registry.cloudogu.com" -export helm_registry_schema="oci" -export helm_registry_plain_http=false -export helm_registry_username= -export helm_registry_password= -export helm_repository_namespace="k8s" \ No newline at end of file diff --git a/externalcloud/createNamespace.sh b/externalcloud/createNamespace.sh deleted file mode 100755 index 043a844..0000000 --- a/externalcloud/createNamespace.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -cesNamespace="${1}" - -if kubectl get namespace | grep "${cesNamespace}" ; then - echo "Namespace ${cesNamespace} already exists. Done." - exit 0 -fi - -echo "Creating namespace [${cesNamespace}] in k3s cluster..." -kubectl create namespace "${cesNamespace}" diff --git a/externalcloud/install.sh b/externalcloud/install.sh deleted file mode 100755 index 476fc76..0000000 --- a/externalcloud/install.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -source .env.sh - -kubectl config set-context "${kube_context}" -namespace="ecosystem" -./createNamespace.sh "${namespace}" -./installLatestK8sCesSetup.sh "${namespace}" "${helm_repository_namespace}" "${dogu_registry_username}" "${dogu_registry_password}" "${dogu_registry_url}" "${image_registry_username}" "${image_registry_password}" "${image_registry_url}" "${helm_registry_username}" "${helm_registry_password}" "${helm_registry_host}" "${helm_registry_schema}" "${helm_registry_plain_http}" \ No newline at end of file diff --git a/externalcloud/installLatestK8sCesSetup.sh b/externalcloud/installLatestK8sCesSetup.sh deleted file mode 100755 index 1a1d2bd..0000000 --- a/externalcloud/installLatestK8sCesSetup.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# This file is responsible to install the latest ces setup. -set -o errexit -set -o nounset -set -o pipefail - -CES_NAMESPACE=${1} -helm_repository_namespace=${2} -dogu_registry_username=${3} -dogu_registry_password=${4} -dogu_registry_url=${5} -image_registry_username=${6} -image_registry_password=${7} -image_registry_url=${8} -helm_registry_username=${9} -helm_registry_password=${10} -helm_registry_host=${11} -helm_registry_schema=${12} -helm_registry_plaint_http=${13} - -# Apply the setup resources to the current namespace. -applyResources() { - echo "Applying resources for setup..." - helm registry login "${helm_registry_host}" --username "${helm_registry_username}" --password "${helm_registry_password}" - helm upgrade -i k8s-ces-setup "${helm_registry_schema}://${helm_registry_host}/${helm_repository_namespace}/k8s-ces-setup" \ - --namespace="${CES_NAMESPACE}" \ - --set-file=setup_json=image/scripts/dev/setup.json \ - --set=dogu_registry_secret.url="${dogu_registry_url}" \ - --set=dogu_registry_secret.username="${dogu_registry_username}" \ - --set=dogu_registry_secret.password="${dogu_registry_password//,/\\,}" \ - --set=docker_registry_secret.url="${image_registry_url}" \ - --set=docker_registry_secret.username="${image_registry_username}" \ - --set=docker_registry_secret.password="${image_registry_password//,/\\,}" \ - --set=helm_registry_secret.host="${helm_registry_host}" \ - --set=helm_registry_secret.schema="${helm_registry_host}" \ - --set=helm_registry_secret.plainHttp="${helm_registry_plaint_http}" \ - --set=helm_registry_secret.username="${helm_registry_username}" \ - --set=helm_registry_secret.password="${helm_registry_password//,/\\,}" -} - - -checkIfSetupIsInstalled() { - echo "Check if setup is already installed or executed" - if kubectl --namespace "${CES_NAMESPACE}" get deployments k8s-ces-setup | grep -q k8s-ces-setup - then - echo "Setup is already installed: Found k8s-ces-setup deployment" - exit 0 - fi - - if kubectl --namespace "${CES_NAMESPACE}" get deployments k8s-dogu-operator-controller-manager | grep -q k8s-dogu-operator - then - echo "Setup is already executed: Found k8s-dogu-operator deployment" - exit 0 - fi -} - -echo "**** Executing installLatestK8sCesSetup.sh..." - -checkIfSetupIsInstalled -applyResources - -echo "**** Finished installLatestK8sCesSetup.sh" diff --git a/externalcloud/setup.json b/externalcloud/setup.json deleted file mode 100644 index 9b9314a..0000000 --- a/externalcloud/setup.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "naming": { - "fqdn": "", - "domain": "k3ces.local", - "certificateType": "selfsigned", - "relayHost": "asdf", - "completed": true, - "useInternalIp": false, - "internalIp": "" - }, - "dogus": { - "defaultDogu": "ldap", - "install": [ - "official/ldap", - "official/postfix", - "k8s/nginx-static", - "k8s/nginx-ingress", - "official/cas" - ], - "completed": true - }, - "admin": { - "username": "admin", - "mail": "admin@admin.admin", - "password": "admin123cloudogu$", - "adminGroup": "cesAdmin", - "completed": true, - "adminMember": true, - "sendWelcomeMail": false - }, - "userBackend": { - "dsType": "embedded", - "server": "", - "attributeID": "uid", - "attributeGivenName": "", - "attributeSurname": "", - "attributeFullname": "cn", - "attributeMail": "mail", - "attributeGroup": "memberOf", - "baseDN": "", - "searchFilter": "(objectClass=person)", - "connectionDN": "", - "password": "", - "host": "ldap", - "port": "389", - "loginID": "", - "loginPassword": "", - "encryption": "", - "completed": true, - "groupBaseDN": "", - "groupSearchFilter": "", - "groupAttributeName": "", - "groupAttributeDescription": "", - "groupAttributeMember": "" - } -} diff --git a/externalcloud/syncFQDN.sh b/externalcloud/syncFQDN.sh deleted file mode 100755 index 453b290..0000000 --- a/externalcloud/syncFQDN.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -kubectl rollout restart deployment k8s-service-discovery-controller-manager -n ecosystem -kubectl rollout status deployment k8s-service-discovery-controller-manager -n ecosystem - -etcdClientPod="$(kubectl -n ecosystem get pod | grep etcd-client | awk '{print $1}')" -fqdn=$(kubectl get -n ecosystem svc ces-loadbalancer -o json | jq -r '.status.loadBalancer.ingress[0].ip') -kubectl exec -n ecosystem -it "${etcdClientPod}" -- etcdctl set config/_global/fqdn "${fqdn}" -sleep 15 - -kubectl -n ecosystem get dogus | grep -v AGE | awk '{print $1}' | xargs kubectl rollout restart deployment -n ecosystem \ No newline at end of file diff --git a/image/scripts/dev/additionalValues.yaml.tpl b/image/scripts/dev/additionalValues.yaml.tpl index f95b44a..55389d1 100644 --- a/image/scripts/dev/additionalValues.yaml.tpl +++ b/image/scripts/dev/additionalValues.yaml.tpl @@ -1,7 +1,7 @@ -docker_registry_secret: - url: DOCKER_REGISTRY_SECRET_URL - username: "DOCKER_REGISTRY_SECRET_USERNAME" - password: "DOCKER_REGISTRY_SECRET_PASSWORD" # Base64 encoded password +container_registry_secrets: + - url: CONTAINER_REGISTRY_SECRET_URL + username: "CONTAINER_REGISTRY_SECRET_USERNAME" + password: "CONTAINER_REGISTRY_SECRET_PASSWORD" # Base64 encoded password dogu_registry_secret: url: DOGU_REGISTRY_SECRET_URL urlschema: "DOGU_REGISTRY_SECRET_URL_SCHEMA" @@ -28,7 +28,4 @@ components: attacherReplicaCount: DEFAULTCLASSREPLICACOUNT provisionerReplicaCount: DEFAULTCLASSREPLICACOUNT resizerReplicaCount: DEFAULTCLASSREPLICACOUNT - snapshotterReplicaCount: DEFAULTCLASSREPLICACOUNT - longhornUI: - # Scale this up, if UI is needed - replicas: 0 \ No newline at end of file + snapshotterReplicaCount: DEFAULTCLASSREPLICACOUNT \ No newline at end of file diff --git a/image/scripts/dev/installLatestK8sCesSetup.sh b/image/scripts/dev/installLatestK8sCesSetup.sh index e171c2a..1f9fd5f 100755 --- a/image/scripts/dev/installLatestK8sCesSetup.sh +++ b/image/scripts/dev/installLatestK8sCesSetup.sh @@ -44,9 +44,9 @@ applyResources() { # Replace values in yaml template cp ${ADDITIONAL_VALUES_TEMPLATE} ${ADDITIONAL_VALUES_YAML} - sed --in-place "s|DOCKER_REGISTRY_SECRET_URL|${image_registry_url}|g" ${ADDITIONAL_VALUES_YAML} - sed --in-place "s|DOCKER_REGISTRY_SECRET_USERNAME|${image_registry_username}|g" ${ADDITIONAL_VALUES_YAML} - sed --in-place "s|DOCKER_REGISTRY_SECRET_PASSWORD|${image_registry_password}|g" ${ADDITIONAL_VALUES_YAML} + sed --in-place "s|CONTAINER_REGISTRY_SECRET_URL|${image_registry_url}|g" ${ADDITIONAL_VALUES_YAML} + sed --in-place "s|CONTAINER_REGISTRY_SECRET_USERNAME|${image_registry_username}|g" ${ADDITIONAL_VALUES_YAML} + sed --in-place "s|CONTAINER_REGISTRY_SECRET_PASSWORD|${image_registry_password}|g" ${ADDITIONAL_VALUES_YAML} sed --in-place "s|DOGU_REGISTRY_SECRET_URL|${dogu_registry_url}|g" ${ADDITIONAL_VALUES_YAML} sed --in-place "s|DOGU_REGISTRY_SECRET_URL_SCHEMA|${dogu_registry_urlschema}|g" ${ADDITIONAL_VALUES_YAML} sed --in-place "s|DOGU_REGISTRY_SECRET_USERNAME|${dogu_registry_username}|g" ${ADDITIONAL_VALUES_YAML} diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf index 9b170bf..c95cf0d 100644 --- a/terraform/ces-module/main.tf +++ b/terraform/ces-module/main.tf @@ -35,9 +35,7 @@ resource "helm_release" "k8s-ces-setup" { "dogu_registry_username" = var.dogu_registry_username "dogu_registry_password" = var.dogu_registry_password "dogu_registry_url_schema" = var.dogu_registry_url_schema - "docker_registry_url" = var.image_registry_url - "docker_registry_username" = var.image_registry_username - "docker_registry_password" = var.image_registry_password + "container_registry_secrets" = var.container_registry_secrets "helm_registry_host" = var.helm_registry_host "helm_registry_schema" = var.helm_registry_schema "helm_registry_plain_http" = var.helm_registry_plain_http diff --git a/terraform/ces-module/values.yaml.tftpl b/terraform/ces-module/values.yaml.tftpl index e0c0ac4..07e4f61 100644 --- a/terraform/ces-module/values.yaml.tftpl +++ b/terraform/ces-module/values.yaml.tftpl @@ -14,9 +14,8 @@ components: # version: latest # helmRepositoryNamespace: k8s # deployNamespace: longhorn-system - k8s-etcd: - version: latest - helmRepositoryNamespace: k8s + k8s-blueprint-operator: null + k8s-blueprint-operator-crd: null k8s-dogu-operator: version: latest helmRepositoryNamespace: k8s @@ -63,10 +62,12 @@ ${resource_patches} # Credentials for the docker registry used by the components. # It is mandatory to set username and the base64-encoded password. -docker_registry_secret: - url: "${docker_registry_url}" - username: "${docker_registry_username}" - password: "${docker_registry_password}" +container_registry_secrets: +%{ for secret in container_registry_secrets ~} + - url: "${secret.url}" + username: "${secret.username}" + password: "${secret.password}" +%{ endfor ~} # Credentials for the dogu registry used by the components. # It is mandatory to set username and the base64-encoded password. diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf index b7fb746..956c662 100644 --- a/terraform/ces-module/variables.tf +++ b/terraform/ces-module/variables.tf @@ -1,7 +1,7 @@ variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "1.0.0" + default = "3.0.0" } variable "setup_chart_namespace" { @@ -81,20 +81,13 @@ variable "additional_components" { default = [] } -variable "image_registry_url" { - description = "The url for the docker-image-registry" - type = string -} - -variable "image_registry_username" { - description = "The username for the docker-image-registry" - type = string -} - -variable "image_registry_password" { - description = "The base64-encoded password for the docker-image-registry" - type = string - sensitive = true +variable "container_registry_secrets" { + description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url." + type = list(object({ + url = string + username = string + password = string + })) } variable "dogu_registry_username" { diff --git a/terraform/examples/ces_azure_aks/main.tf b/terraform/examples/ces_azure_aks/main.tf index 9514cd6..3eb1f12 100644 --- a/terraform/examples/ces_azure_aks/main.tf +++ b/terraform/examples/ces_azure_aks/main.tf @@ -53,18 +53,18 @@ module "azure" { azure_resource_group_location = var.azure_resource_group_location } -module "kubelet_private_registry" { - depends_on = [module.azure] - source = "../../kubelet-private-registry" - - private_registries = [ - { - "url" = var.image_registry_url - "username" = var.image_registry_username - "password" = var.image_registry_password - } - ] -} +#module "kubelet_private_registry" { +# depends_on = [module.azure] +# source = "../../kubelet-private-registry" +# +# private_registries = [ +# { +# "url" = var.image_registry_url +# "username" = var.image_registry_username +# "password" = var.image_registry_password +# } +# ] +#} module "ces" { depends_on = [module.azure] @@ -79,13 +79,10 @@ module "ces" { resource_patches = file(var.resource_patches_file) # Configure access for the registries. Passwords need to be base64-encoded. - image_registry_url = var.image_registry_url - image_registry_username = var.image_registry_username - image_registry_password = var.image_registry_password - - dogu_registry_username = var.dogu_registry_username - dogu_registry_password = var.dogu_registry_password - dogu_registry_endpoint = var.dogu_registry_endpoint + container_registry_secrets = var.container_registry_secrets + dogu_registry_username = var.dogu_registry_username + dogu_registry_password = var.dogu_registry_password + dogu_registry_endpoint = var.dogu_registry_endpoint helm_registry_host = var.helm_registry_host helm_registry_schema = var.helm_registry_schema diff --git a/terraform/examples/ces_azure_aks/secretVars.tfvars.template b/terraform/examples/ces_azure_aks/secretVars.tfvars.template index eb9a83d..c8ff272 100644 --- a/terraform/examples/ces_azure_aks/secretVars.tfvars.template +++ b/terraform/examples/ces_azure_aks/secretVars.tfvars.template @@ -1,6 +1,11 @@ // EcoSystem Credentials -image_registry_username = "username" -image_registry_password = "cGFzc3dvcmQ=" # Base64-encoded +container_registry_secrets = [ + { + url = "registry.cloudougu.com" + username = "username" + password = "cGFzc3dvcmQ=" # Base64-encoded + } +] dogu_registry_username = "username" dogu_registry_password = "cGFzc3dvcmQ=" # Base64-encoded helm_registry_username = "username" diff --git a/terraform/examples/ces_azure_aks/variables.tf b/terraform/examples/ces_azure_aks/variables.tf index b40198a..78cc218 100644 --- a/terraform/examples/ces_azure_aks/variables.tf +++ b/terraform/examples/ces_azure_aks/variables.tf @@ -1,18 +1,10 @@ -variable "image_registry_url" { - description = "The url for the docker-image-registry" - type = string - default = "registry.cloudogu.com" -} - -variable "image_registry_username" { - description = "The username for the docker-image-registry" - type = string -} - -variable "image_registry_password" { - description = "The base64-encoded password for the docker-image-registry" - type = string - sensitive = true +variable "container_registry_secrets" { + description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url." + type = list(object({ + url = string + username = string + password = string + })) } variable "dogu_registry_username" { @@ -107,11 +99,11 @@ variable "dogus" { description = "A list of Dogus to install" type = list(string) default = [ - "official/ldap:2.6.2-7", - "official/postfix:3.8.4-1", - "k8s/nginx-static:1.23.1-6", - "k8s/nginx-ingress:1.6.4-4", - "official/cas:7.0.4.1-1", + "official/ldap", + "official/postfix", + "k8s/nginx-static", + "k8s/nginx-ingress", + "official/cas", "official/jenkins", "official/nexus", "official/scm" @@ -133,7 +125,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "1.0.0" + default = "3.0.0" } variable "resource_patches_file" { diff --git a/terraform/examples/ces_google_gke/ces_cluster/main.tf b/terraform/examples/ces_google_gke/ces_cluster/main.tf index e5d5487..09b7b12 100644 --- a/terraform/examples/ces_google_gke/ces_cluster/main.tf +++ b/terraform/examples/ces_google_gke/ces_cluster/main.tf @@ -77,18 +77,18 @@ module "increase_max_map_count" { source = "../../../max-map-count" } -module "kubelet_private_registry" { - depends_on = [module.google_gke] - source = "../../../kubelet-private-registry" - - private_registries = [ - { - "url" = var.image_registry_url - "username" = var.image_registry_username - "password" = var.image_registry_password - } - ] -} +#module "kubelet_private_registry" { +# depends_on = [module.google_gke] +# source = "../../../kubelet-private-registry" +# +# private_registries = [ +# { +# "url" = var.image_registry_url +# "username" = var.image_registry_username +# "password" = var.image_registry_password +# } +# ] +#} module "ces" { depends_on = [module.google_gke] @@ -104,14 +104,11 @@ module "ces" { resource_patches = file(var.resource_patches_file) # Configure access for the registries. Passwords need to be base64-encoded. - image_registry_url = var.image_registry_url - image_registry_username = var.image_registry_username - image_registry_password = var.image_registry_password - - dogu_registry_username = var.dogu_registry_username - dogu_registry_password = var.dogu_registry_password - dogu_registry_endpoint = var.dogu_registry_endpoint - dogu_registry_url_schema = var.dogu_registry_url_schema + container_registry_secrets = var.container_registry_secrets + dogu_registry_username = var.dogu_registry_username + dogu_registry_password = var.dogu_registry_password + dogu_registry_endpoint = var.dogu_registry_endpoint + dogu_registry_url_schema = var.dogu_registry_url_schema helm_registry_host = var.helm_registry_host helm_registry_schema = var.helm_registry_schema diff --git a/terraform/examples/ces_google_gke/ces_cluster/secretVars.tfvars.template b/terraform/examples/ces_google_gke/ces_cluster/secretVars.tfvars.template index 2d3623f..b83202f 100644 --- a/terraform/examples/ces_google_gke/ces_cluster/secretVars.tfvars.template +++ b/terraform/examples/ces_google_gke/ces_cluster/secretVars.tfvars.template @@ -1,6 +1,11 @@ // EcoSystem Credentials -image_registry_username = "username" -image_registry_password = "cGFzc3dvcmQ=" # Base64-encoded +container_registry_secrets = [ + { + url = "registry.cloudougu.com" + username = "username" + password = "cGFzc3dvcmQ=" # Base64-encoded + } +] dogu_registry_username = "username" dogu_registry_password = "cGFzc3dvcmQ=" # Base64-encoded helm_registry_username = "username" diff --git a/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf b/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf index c3ed148..373d40f 100644 --- a/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf +++ b/terraform/examples/ces_google_gke/ces_cluster/variables_ces.tf @@ -1,20 +1,11 @@ -variable "image_registry_url" { - description = "The url for the docker-image-registry" - type = string - default = "registry.cloudogu.com" -} - -variable "image_registry_username" { - description = "The username for the docker-image-registry" - type = string +variable "container_registry_secrets" { + description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url." + type = list(object({ + url = string + username = string + password = string + })) } - -variable "image_registry_password" { - description = "The base64-encoded password for the docker-image-registry" - type = string - sensitive = true -} - variable "dogu_registry_username" { description = "The username for the dogu-registry" type = string @@ -89,11 +80,11 @@ variable "dogus" { description = "A list of Dogus to install" type = list(string) default = [ - "official/ldap:2.6.2-7", - "official/postfix:3.8.4-1", - "k8s/nginx-static:1.23.1-6", - "k8s/nginx-ingress:1.6.4-4", - "official/cas:7.0.4.1-1", + "official/ldap", + "official/postfix", + "k8s/nginx-static", + "k8s/nginx-ingress", + "official/cas", "official/jenkins", "official/nexus", "official/scm" @@ -115,7 +106,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "1.0.0" + default = "3.0.0" } variable "resource_patches_file" { diff --git a/terraform/examples/ces_local/.terraform.lock.hcl b/terraform/examples/ces_local/.terraform.lock.hcl index c5f247b..f196833 100644 --- a/terraform/examples/ces_local/.terraform.lock.hcl +++ b/terraform/examples/ces_local/.terraform.lock.hcl @@ -2,40 +2,41 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/helm" { - version = "2.14.0" + version = "2.16.1" constraints = ">= 2.12.1, >= 2.13.2" hashes = [ - "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=", - "zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575", - "zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7", - "zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106", - "zh:6ed09d405ade276dfc6ec591d113ca328ea3fe423405d4bc1116f7a06dfd86ec", - "zh:9039de4cbee5ae006d9cbf27f40f0a285feb02c3b00901535a1112853de55b5f", - "zh:aea6311b0f29edddefa21b8c7953314459caeace77d72d60588d1277f1723c54", - "zh:bd6a4fea3461c2751527f1c4e4c2c160e72f5b5a3b5cfbfe051adf61badd5ead", - "zh:c5f12a2ea4c3b62d9dd2d8f62c9918ef77b1f9dd4d6ccf1758a2a24139ab5319", - "zh:cd84d7258f263c3bd24138e7633b022451fdc1935a11e34932b63f71bbe6059f", - "zh:e637d01ee4dc2e5702d62c158399ab0d0ba3269e71f5db38db922ff05505ae2a", + "h1:TerRBdq69SxIWg3ET2VE0bcP0BYRIWZOp1QxXj/14Fk=", + "zh:0003f6719a32aee9afaeeb001687fc0cfc8c2d5f54861298cf1dc5711f3b4e65", + "zh:16cd5bfee09e7bb081b8b4470f31a9af508e52220fd97fd81c6dda725d9422fe", + "zh:51817de8fdc2c2e36785f23fbf4ec022111bd1cf7679498c16ad0ad7471c16db", + "zh:51b95829b2873be40a65809294bffe349e40cfccc3ff6fee0f471d01770e0ebd", + "zh:56b158dde897c47e1460181fc472c3e920aa23db40579fdc2aad333c1456d2dd", + "zh:916641d26c386959eb982e680028aa677b787687ef7c1283241e45620bc8df50", + "zh:aec15ca8605babba77b283f2ca35daca53e006d567e1c3a3daf50497035b820b", + "zh:c2cecf710b87c8f3a4d186da2ea12cf08041f97ae0c6db82649720d6ed929d65", + "zh:dbdd96f17aea25c7db2d516ab8172a5e683c6686c72a1a44173d2fe96319be39", + "zh:de11e180368434a796b1ab6f20fde7554dc74f7800e063b8e4c8ec3a86d0be63", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fbf9c9936ae547b75a81170b7bd20f72bc5538e015efcf7d12f822358d758f57", + "zh:f827a9c1540d210c56053a2d5d5a6abda924896ffa8eeedc94054cf6d44c5f60", ] } provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.31.0" + version = "2.33.0" + constraints = "~> 2.30" hashes = [ - "h1:wGHbATbv/pBVTST1MtEn0zyVhZbzZJD2NYq2EddASHY=", - "zh:0d16b861edb2c021b3e9d759b8911ce4cf6d531320e5dc9457e2ea64d8c54ecd", - "zh:1bad69ed535a5f32dec70561eb481c432273b81045d788eb8b37f2e4a322cc40", - "zh:43c58e3912fcd5bb346b5cb89f31061508a9be3ca7dd4cd8169c066203bcdfb3", - "zh:4778123da9206918a92dfa73cc711475d2b9a8275ff25c13a30513c523ac9660", - "zh:8bfa67d2db03b3bfae62beebe6fb961aee8d91b7a766efdfe4d337b33dfd23dd", - "zh:9020bb5729db59a520ade5e24984b737e65f8b81751fbbd343926f6d44d22176", - "zh:90431dbfc5b92498bfbce38f0b989978c84421a6c33245b97788a46b563fbd6e", - "zh:b71a061dda1244f6a52500e703a9524b851e7b11bbf238c17bbd282f27d51cb2", - "zh:d6232a7651b834b89591b94bf4446050119dcde740247e6083a4d55a2cefd28a", - "zh:d89fba43e699e28e2b5e92fff2f75fc03dbc8de0df9dacefe1a8836f8f430753", - "zh:ef85c0b744f5ba1b10dadc3c11e331ba4225c45bb733e024d7218c24b02b0512", + "h1:Z2R1cnALV1BgzldRWir/TUvg10gkWSdEGsYJHFqD3bc=", + "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329", + "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d", + "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c", + "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf", + "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275", + "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a", + "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979", + "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201", + "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc", + "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d", + "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/examples/ces_local/main.tf b/terraform/examples/ces_local/main.tf index cb07de4..cea95c0 100644 --- a/terraform/examples/ces_local/main.tf +++ b/terraform/examples/ces_local/main.tf @@ -39,9 +39,7 @@ module "ces" { resource_patches = file(var.resource_patches_file) # Configure access for the registries. Passwords need to be base64-encoded. - image_registry_url = var.image_registry_url - image_registry_username = var.image_registry_username - image_registry_password = var.image_registry_password + container_registry_secrets = var.container_registry_secrets dogu_registry_username = var.dogu_registry_username dogu_registry_password = var.dogu_registry_password diff --git a/terraform/examples/ces_local/secretVars.tfvars.template b/terraform/examples/ces_local/secretVars.tfvars.template index 1cc5348..3052706 100644 --- a/terraform/examples/ces_local/secretVars.tfvars.template +++ b/terraform/examples/ces_local/secretVars.tfvars.template @@ -1,6 +1,11 @@ // EcoSystem Credentials -image_registry_username = "username" -image_registry_password = "cGFzc3dvcmQ=" # Base64-encoded +container_registry_secrets = [ + { + url = "registry.cloudougu.com" + username = "username" + password = "cGFzc3dvcmQ=" # Base64-encoded + } +] dogu_registry_username = "username" dogu_registry_password = "cGFzc3dvcmQ=" # Base64-encoded helm_registry_username = "username" diff --git a/terraform/examples/ces_local/variables_ces.tf b/terraform/examples/ces_local/variables_ces.tf index 01b7e6e..cf9da8f 100644 --- a/terraform/examples/ces_local/variables_ces.tf +++ b/terraform/examples/ces_local/variables_ces.tf @@ -1,18 +1,10 @@ -variable "image_registry_url" { - description = "The url for the docker-image-registry" - type = string - default = "registry.cloudogu.com" -} - -variable "image_registry_username" { - description = "The username for the docker-image-registry" - type = string -} - -variable "image_registry_password" { - description = "The base64-encoded password for the docker-image-registry" - type = string - sensitive = true +variable "container_registry_secrets" { + description = "A list of credentials for container registries used by dogus and components. The password must be base64 encoded. The regular configuration would contain registry.cloudogu.com as url." + type = list(object({ + url = string + username = string + password = string + })) } variable "dogu_registry_username" { @@ -89,11 +81,11 @@ variable "dogus" { description = "A list of Dogus to install" type = list(string) default = [ - "official/ldap:2.6.2-7", - "official/postfix:3.8.4-1", - "k8s/nginx-static:1.23.1-6", - "k8s/nginx-ingress:1.6.4-4", - "official/cas:7.0.4.1-1", + "official/ldap", + "official/postfix", + "k8s/nginx-static", + "k8s/nginx-ingress", + "official/cas", "official/jenkins", "official/nexus", "official/scm" @@ -126,7 +118,7 @@ variable "setup_chart_namespace" { variable "setup_chart_version" { description = "The version of the k8s-ces-setup chart" type = string - default = "1.0.0" + default = "3.0.0" } variable "resource_patches_file" {