terraform-provider-ibm icon indicating copy to clipboard operation
terraform-provider-ibm copied to clipboard

Published 20 hours ago verified publisher icon IBM-Cloud

no resource definition for image_secret, have to create manually and then pass to ibm_code_engine_app

Open marifse opened this issue 1 year ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform IBM Provider Version

Affected Resource(s)

  • ibm_code_engine_app

Description

I am going to provision a Springboot application on Code-Engine using terraform, though I can not find any resource definition for creating an image secret to pull from a private repository, so when I am passing a new image_secret name, I am getting an error when the code-engine app is trying to pull the image from Private IBM ICR, as this image secret is not there and neither it being created with ibm_code_engine_app resource.

Terraform Configuration Files

data "ibm_resource_group" "rg" {
  name = "Default"
}
resource "ibm_cr_namespace" "rg_namespace" {
  name              = var.namespace_name
  resource_group_id = data.ibm_resource_group.rg.id

}

resource "docker_registry_image" "helloworld" {
  name          = docker_image.image.name
  keep_remotely = true
}

resource "docker_image" "image" {
  name = "${var.authRegitry}/${var.namespace_name}/${var.application_name}"
  build {
    context = "${path.cwd}/springboot-ibmcloud-main"
    tag = ["${var.imageURLRegistry}/${var.namespace_name}/${var.application_name}:latest","${var.authRegitry}/${var.namespace_name}/${var.application_name}:latest"]
    
  }
}

resource "ibm_code_engine_project" "code_engine_project_instance" {
  name              = var.projectName
  resource_group_id = data.ibm_resource_group.rg.id

}

resource "ibm_code_engine_app" "code_engine_app_instance" {
  project_id      = ibm_code_engine_project.code_engine_project_instance.project_id
  name            = var.application_name
  image_reference = "${var.imageURLRegistry}/${var.namespace_name}/${var.application_name}"
  image_secret = var.code_engine_build_output_secret
  
  image_port =  "8080"

  depends_on = [
    docker_image.image,
    docker_registry_image.helloworld
  ]
}

https://github.com/marifse/springboot-ibmcloud/tree/main/code-engine

Debug Output

Error: Error waiting for resource IbmCodeEngineApp (548eba03-899a-4c98-9a49-e8514f03cd81/springboot-app14) to be created: The instance getAppOptions failed: %!s()

Expected Behavior

The IBM should include the resource for Code Engine Image Secret as ibm_code_image_secret so that this can be created individually and passed to ibm_code_engine_app and it does not require to be manually created.

Actual Behavior

It is giving errors and failing to successfully create code engine application as it can not pull the image from private IBM ICR and that is because it does not have image_secret defined.

Steps to Reproduce

  1. terraform apply

References

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/code_engine_app

marifse avatar Jun 01 '23 22:06 marifse

Hello @marifse, you can use the ibm_code_engine_secret resource for that. Here is an example of how to set it up:

resource "ibm_code_engine_secret" "code_engine_registry_access_secret" {
  project_id = ibm_code_engine_project.code_engine_project_instance.project_id
  name       = "my-registry-secret"
  format     = "registry"
  data       = {
    "username" = "foo.update"
    "password" = "foouser_update"
    "server"   = "foopass_update"
    "email"    = "[email protected]"
  }
}

You can see detailed definitions of the ibm_code_engine_secret properties here and here. Hope that helps, feel free to reach out if you need clarification on the topic.

michael-magrian avatar Jun 12 '23 19:06 michael-magrian

@michael-magrian thank you for your quick response, can you please help me how can i submit the image build in terraform when creating the image build as it is not auto building and pushing the image to ICR, or either i have to use the code engine job to make it worked.

Your help in this will be really appreciated. thanks

marifse avatar Aug 29 '23 16:08 marifse

Hello @marifse,

sorry for the late response. Unfortunately we don't support to run image builds via Terraform at the moment. But as I mentioned in your other issue, there is a workaround: https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4774#issuecomment-1774719245

michael-magrian avatar Jan 05 '24 10:01 michael-magrian