diff --git a/README.md b/README.md index 991d8a8..11a2b2f 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ Examples codified under the [`examples`](https://github.com/aws-ia/terraform-aws | [aws_iam_policy.emrcontainers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [time_sleep.dataplane](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source | | [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | | [aws_iam_policy.amp](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | | [aws_iam_policy.api_gatewayv2_admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index d39ed45..db12d8d 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -20,8 +20,6 @@ data "aws_eks_cluster_auth" "this" { name = module.eks_blueprints.eks_cluster_id } -data "aws_ecr_authorization_token" "token" {} - data "aws_availability_zones" "available" {} data "aws_caller_identity" "current" {} data "aws_partition" "current" {} @@ -104,7 +102,7 @@ module "eks_ack_addons" { enable_rds = true enable_amp = true enable_emrcontainers = true - + tags = local.tags } diff --git a/main.tf b/main.tf index d2a5d07..3c6299c 100644 --- a/main.tf +++ b/main.tf @@ -6,6 +6,9 @@ data "aws_eks_cluster" "this" { name = local.cluster_id } +# Equivalent of aws ecr get-login +data "aws_ecrpublic_authorization_token" "token" {} + locals { # this makes downstream resources wait for data plane to be ready cluster_id = time_sleep.dataplane.triggers["cluster_id"] @@ -52,12 +55,14 @@ module "api_gatewayv2" { helm_config = merge( { - name = local.api_gatewayv2_name - chart = "apigatewayv2-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0.1.4" - namespace = local.api_gatewayv2_name - description = "ACK API Gateway Controller v2 Helm chart deployment configuration" + name = local.api_gatewayv2_name + chart = "apigatewayv2-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0.1.4" + namespace = local.api_gatewayv2_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + description = "ACK API Gateway Controller v2 Helm chart deployment configuration" values = [ # shortens pod name from `ack-api-gatewayv2-apigatewayv2-chart-xxxxxxxxxxxxx` to `ack-api-gatewayv2-xxxxxxxxxxxxx` <<-EOT @@ -126,12 +131,14 @@ module "dynamodb" { helm_config = merge( { - name = local.dynamodb_name - chart = "dynamodb-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0-stable" - namespace = local.dynamodb_name - description = "ACK DynamoDB Controller v2 Helm chart deployment configuration" + name = local.dynamodb_name + chart = "dynamodb-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0-stable" + namespace = local.dynamodb_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + description = "ACK DynamoDB Controller v2 Helm chart deployment configuration" values = [ # shortens pod name from `ack-dynamodb-dynamodb-chart-xxxxxxxxxxxxx` to `ack-dynamodb-xxxxxxxxxxxxx` <<-EOT @@ -191,12 +198,14 @@ module "s3" { helm_config = merge( { - name = local.s3_name - chart = "s3-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0.1.5" - namespace = local.s3_name - description = "ACK S3 Controller v2 Helm chart deployment configuration" + name = local.s3_name + chart = "s3-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0.1.5" + namespace = local.s3_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + description = "ACK S3 Controller v2 Helm chart deployment configuration" values = [ # shortens pod name from `ack-s3-s3-chart-xxxxxxxxxxxxx` to `ack-s3-xxxxxxxxxxxxx` <<-EOT @@ -256,13 +265,15 @@ module "rds" { helm_config = merge( { - name = local.rds_name - chart = "rds-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0.1.1" - namespace = local.rds_name - create_namespace = true - description = "ACK RDS Controller v2 Helm chart deployment configuration" + name = local.rds_name + chart = "rds-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0.1.1" + namespace = local.rds_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + create_namespace = true + description = "ACK RDS Controller v2 Helm chart deployment configuration" values = [ # shortens pod name from `ack-rds-rds-chart-xxxxxxxxxxxxx` to `ack-rds-xxxxxxxxxxxxx` <<-EOT @@ -322,13 +333,15 @@ module "amp" { helm_config = merge( { - name = local.amp_name - chart = "prometheusservice-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0.1.1" - namespace = local.amp_name - create_namespace = true - description = "ACK amp Controller v2 Helm chart deployment configuration" + name = local.amp_name + chart = "prometheusservice-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0.1.1" + namespace = local.amp_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + create_namespace = true + description = "ACK amp Controller v2 Helm chart deployment configuration" values = [ # shortens pod name from `ack-amp-amp-chart-xxxxxxxxxxxxx` to `ack-amp-xxxxxxxxxxxxx` <<-EOT @@ -388,12 +401,14 @@ module "emrcontainers" { helm_config = merge( { - name = local.emr_name - chart = "emrcontainers-chart" - repository = "oci://public.ecr.aws/aws-controllers-k8s" - version = "v0-stable" - namespace = local.emr_name - description = "Helm Charts for the emrcontainers controller for AWS Controllers for Kubernetes (ACK)" + name = local.emr_name + chart = "emrcontainers-chart" + repository = "oci://public.ecr.aws/aws-controllers-k8s" + version = "v0-stable" + namespace = local.emr_name + repository_username = data.aws_ecrpublic_authorization_token.token.user_name + repository_password = data.aws_ecrpublic_authorization_token.token.password + description = "Helm Charts for the emrcontainers controller for AWS Controllers for Kubernetes (ACK)" values = [ # shortens pod name from `ack-emrcontainers-emrcontainers-chart-xxxxxxxxxxxxx` to `ack-emrcontainers-xxxxxxxxxxxxx` <<-EOT @@ -441,7 +456,7 @@ resource "aws_iam_policy" "emrcontainers" { policy = data.aws_iam_policy_document.emrcontainers.json } -// inline policy providered by ack https://raw.githubusercontent.com/aws-controllers-k8s/emrcontainers-controller/main/config/iam/recommended-inline-policy +# inline policy providered by ack https://raw.githubusercontent.com/aws-controllers-k8s/emrcontainers-controller/main/config/iam/recommended-inline-policy data "aws_iam_policy_document" "emrcontainers" { statement { effect = "Allow"