Add imagepullsecret to airflow and envoy-gateway

Author: BryanFauble

modules/apache-airflow/main.tf

@@ -79,3 +79,25 @@ spec:
     namespace: ${var.namespace}
 YAML
 }
+
+resource "kubernetes_secret" "docker-cfg" {
+  metadata {
+    name      = "docker-cfg"
+    namespace = var.namespace
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "${var.docker_server}" = {
+          "username" = var.docker_username,
+          "password" = var.docker_access_token,
+          "email"    = var.docker_email
+          "auth"     = base64encode("${var.docker_username}:${var.docker_access_token}")
+        }
+      }
+    })
+  }
+}

modules/apache-airflow/templates/values.yaml

@@ -2354,7 +2354,7 @@ redis:
 # Auth secret for a private registry
 # This is used if pulling airflow images from a private registry
 registry:
-  secretName: ~
+  secretName: docker-cfg
 
   # Example:
   # connection:

modules/apache-airflow/variables.tf

@@ -19,4 +19,27 @@ variable "git_revision" {
 variable "namespace" {
   description = "The namespace to deploy into"
   type        = string
-}
+}
+
+variable "docker_server" {
+  description = "The docker registry URL"
+  default     = "https://index.docker.io/v1/"
+  type        = string
+}
+
+variable "docker_username" {
+  description = "Username to log into docker for authenticated pulls"
+  default     = "dpesagebionetworks"
+  type        = string
+}
+
+variable "docker_access_token" {
+  description = "The access token to use for docker authenticated pulls. Created via by setting 'TF_VAR_docker_access_token' within spacelift as an environment variable"
+  type        = string
+}
+
+variable "docker_email" {
+  description = "The email for the docker account"
+  default     = "[email protected]"
+  type        = string
+}

modules/envoy-gateway/main.tf

@@ -68,3 +68,25 @@ spec:
     namespace: ${var.namespace}
 YAML
 }
+
+resource "kubernetes_secret" "docker-cfg" {
+  metadata {
+    name      = "docker-cfg"
+    namespace = var.namespace
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "${var.docker_server}" = {
+          "username" = var.docker_username,
+          "password" = var.docker_access_token,
+          "email"    = var.docker_email
+          "auth"     = base64encode("${var.docker_username}:${var.docker_access_token}")
+        }
+      }
+    })
+  }
+}

modules/envoy-gateway/templates/values.yaml

@@ -9,15 +9,17 @@ global:
       # Default behavior: latest images will be Always else IfNotPresent.
       pullPolicy: IfNotPresent
       # List of secrets in the same namespace of the component that can be used to pull images from private repositories.
-      pullSecrets: []
+      pullSecrets:
+        - "docker-cfg"
     ratelimit:
       # This is the full image name including the hub, repo, and tag.
       image: "docker.io/envoyproxy/ratelimit:master"
       # Specify image pull policy if default behavior isn't desired.
       # Default behavior: latest images will be Always else IfNotPresent.
       pullPolicy: IfNotPresent
       # List of secrets in the same namespace of the component that can be used to pull images from private repositories.
-      pullSecrets: []
+      pullSecrets:
+        - "docker-cfg"
 podDisruptionBudget:
   minAvailable: 0
   # maxUnavailable: 1

modules/envoy-gateway/variables.tf

@@ -35,3 +35,26 @@ variable "ssl_hostname" {
   description = "The hostname to use for the SSL certificate"
   type        = string
 }
+
+variable "docker_server" {
+  description = "The docker registry URL"
+  default     = "https://index.docker.io/v1/"
+  type        = string
+}
+
+variable "docker_username" {
+  description = "Username to log into docker for authenticated pulls"
+  default     = "dpesagebionetworks"
+  type        = string
+}
+
+variable "docker_access_token" {
+  description = "The access token to use for docker authenticated pulls. Created via by setting 'TF_VAR_docker_access_token' within spacelift as an environment variable"
+  type        = string
+}
+
+variable "docker_email" {
+  description = "The email for the docker account"
+  default     = "[email protected]"
+  type        = string
+}