terraform-provider-flux
terraform-provider-flux copied to clipboard
terraform how to enable aws-autologin-for-ecr
Hi,
I use terraform to install flux
data "flux_install" "main" {
target_path = var.target_path
network_policy = false
namespace = var.flux_namespace
components_extra = ["image-reflector-controller", "image-automation-controller"]
}
I use ImageRepository to pull my images from aws ecr, and I bind my aws pull ecr roles to my k8s node to get images, but I get the error
{"level":"info","ts":"2022-02-18T10:35:29.508Z","logger":"controller.imagerepository","msg":"No image credentials secret referenced, and ECR authentication is not enabled. To enable, set the controller flag --aws-autologin-for-ecr","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageRepository","name":"podinfo","namespace":"flux-system"}
I search document in terraform to enable flag --aws-autologin-for-ecr
but not find, so could you give a demo, thanks!
Hi,
Having same issue as yynmsl, would like to enable the flag
Hi, here I had created a patch in a variable defined in a local block, then I used this local variable as my kustomize file content, like this exemple:
local {
kustomize_patches = <<EOT
${data.flux_sync.main.kustomize_content}
patches:
- target:
version: v1
group: apps
kind: Deployment
name: image-reflector-controller
namespace: flux-system
patch: |-
- op: add
path: /spec/template/spec/containers/0/args/-
value: --aws-autologin-for-ecr
EOT
}
resource "github_repository_file" "kustomize" {
count = var.deploy_flux ? 1 : 0
repository = data.github_repository.main.name
file = data.flux_sync.main.kustomize_path
content = local.kustomize_patches
branch = var.branch
}
This had generated the following file:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-sync.yaml
- gotk-components.yaml
patches:
- target:
version: v1
group: apps
kind: Deployment
name: image-reflector-controller
namespace: flux-system
patch: |-
- op: add
path: /spec/template/spec/containers/0/args/-
value: --aws-autologin-for-ecr
I hope this helps you to use the ECR Autologin
Hello. But this is only generate kustomization.yaml file but not apply it to Kubernetes. Maybe someone know how to do this with auto apply to K8S without doing manual action like kubectl apply -k .
from flux directory.
Thanks
We are already using the kubectl provider to apply the other manifests. https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs