FEAT: add ecr-credential-provider and crictl config (#17)

CHANGELOG.md

@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
 project adheres to [Semantic Versioning](http://semver.org/).
 
+<a name="v1.27.2.0"></a>
+## [v1.27.2.0] - 2023-06-21
+
+- add ecr credentail provider config
+
 
 <a name="v1.23.10.0"></a>
 ## [v1.23.10.0] - 2022-08-26
@@ -73,7 +78,8 @@ FEATURES:
 - add Docker drop-in module ([#1](https://github.com/getamis/terraform-ignition-kubernetes/issues/1))
 
 
-[Unreleased]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.23.10.0...HEAD
+[Unreleased]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.27.2.0...HEAD
+[v1.27.2.0]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.23.10.0...v1.27.2.0
 [v1.23.10.0]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.19.16.1...v1.23.10.0
 [v1.19.16.1]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.19.16.0...v1.19.16.1
 [v1.19.16.0]: https://github.com/getamis/terraform-ignition-kubernetes/compare/v1.1.5...v1.19.16.0

modules/containerd/files/crictl.yaml.tpl

@@ -0,0 +1 @@
+${replace(yamlencode(content),"\"", "")}

modules/containerd/main.tf

@@ -1,3 +1,11 @@
+locals {
+  crictl_config = {
+    runtime-endpoint = "unix:///run/containerd/containerd.sock"
+    image-endpoint   = "unix:///run/containerd/containerd.sock"
+    timeout          = 2
+  }
+}
+
 data "ignition_file" "containerd_config" {
   mode      = 292
   path      = "/etc/containerd/config.toml"
@@ -7,4 +15,17 @@ data "ignition_file" "containerd_config" {
     content = file("${path.module}/files/config.toml")
   }
 
+}
+
+data "ignition_file" "crictl_config" {
+  path      = "/etc/crictl.yaml"
+  mode      = 420
+  overwrite = true
+
+  content {
+    content = templatefile("${path.module}/files/crictl.yaml.tpl", {
+      content = local.crictl_config
+    })
+    mime = "text/yaml"
+  }
 }

modules/containerd/outputs.tf

@@ -1,5 +1,6 @@
 output "files" {
   value = [
-    data.ignition_file.containerd_config.rendered
+    data.ignition_file.containerd_config.rendered,
+    data.ignition_file.crictl_config.rendered,
   ]
 }

modules/ecr-credential-provider/ecr-credential-provider.tf

@@ -0,0 +1,10 @@
+data "ignition_file" "ecr_credential_provider" {
+  filesystem = "root"
+  path       = "/opt/bin/ecr-credential-provider/ecr-credential-provider"
+  mode       = 493
+
+  source {
+    source       = var.binary.source
+    verification = var.binary.checksum
+  }
+}

modules/ecr-credential-provider/outputs.tf

@@ -0,0 +1,9 @@
+output "systemd_units" {
+  value = []
+}
+
+output "files" {
+  value = [
+    data.ignition_file.ecr_credential_provider.rendered,
+  ]
+}

modules/ecr-credential-provider/variables.tf

@@ -0,0 +1,11 @@
+variable "binary" {
+  description = "Desired binary file url and checksum(sha512)."
+  type = object({
+    source   = string
+    checksum = string
+  })
+  default = {
+    source   = "https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64"
+    checksum = "sha512-b132e19a8b1330ae6b363e5332405f1781c71b73f36ca691c1f7add5a6573e39ce352e332062bf474489fb730906f172be024c7da3bc7aacbb49e6592832223c"
+  }
+}

modules/ecr-credential-provider/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    ignition = {
+      source = "terraform-providers/ignition"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    template = {
+      source = "hashicorp/template"
+    }
+  }
+  required_version = ">= 0.13"
+}