terraform-provider-flux icon indicating copy to clipboard operation
terraform-provider-flux copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

terraform how to enable aws-autologin-for-ecr

Open yynmsl opened this issue 2 years ago • 4 comments

Hi,

I use terraform to install flux

data "flux_install" "main" {
  target_path    = var.target_path
  network_policy = false
  namespace   = var.flux_namespace
  components_extra = ["image-reflector-controller", "image-automation-controller"]
}

I use ImageRepository to pull my images from aws ecr, and I bind my aws pull ecr roles to my k8s node to get images, but I get the error

{"level":"info","ts":"2022-02-18T10:35:29.508Z","logger":"controller.imagerepository","msg":"No image credentials secret referenced, and ECR authentication is not enabled. To enable, set the controller flag --aws-autologin-for-ecr","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageRepository","name":"podinfo","namespace":"flux-system"}

I search document in terraform to enable flag --aws-autologin-for-ecr but not find, so could you give a demo, thanks!

yynmsl avatar Feb 18 '22 11:02 yynmsl

Hi,

Having same issue as yynmsl, would like to enable the flag

tibz-enex avatar Jun 01 '22 13:06 tibz-enex

Hi, here I had created a patch in a variable defined in a local block, then I used this local variable as my kustomize file content, like this exemple:

local {
  kustomize_patches = <<EOT
${data.flux_sync.main.kustomize_content}
patches:
- target:
    version: v1
    group: apps
    kind: Deployment
    name: image-reflector-controller
    namespace: flux-system
  patch: |-
    - op: add
      path: /spec/template/spec/containers/0/args/-
      value: --aws-autologin-for-ecr
EOT
}

resource "github_repository_file" "kustomize" {
  count = var.deploy_flux ? 1 : 0

  repository          = data.github_repository.main.name
  file                = data.flux_sync.main.kustomize_path
  content             = local.kustomize_patches
  branch              = var.branch
}

This had generated the following file:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-sync.yaml
- gotk-components.yaml

patches:
- target:
    version: v1
    group: apps
    kind: Deployment
    name: image-reflector-controller
    namespace: flux-system
  patch: |-
    - op: add
      path: /spec/template/spec/containers/0/args/-
      value: --aws-autologin-for-ecr

I hope this helps you to use the ECR Autologin

tfrigini avatar Jun 09 '22 01:06 tfrigini

Hello. But this is only generate kustomization.yaml file but not apply it to Kubernetes. Maybe someone know how to do this with auto apply to K8S without doing manual action like kubectl apply -k . from flux directory. Thanks

Dgadavin avatar Dec 02 '22 07:12 Dgadavin

We are already using the kubectl provider to apply the other manifests. https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs

phillebaba avatar Dec 02 '22 09:12 phillebaba