feat: private registries config (#4)

UCL-MIRSG · Feb 9, 2025 · f85321b · f85321b
1 parent 90a9d44
commit f85321b
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 6 deletions.
diff --git a/modules/k3s-cluster/README.md b/modules/k3s-cluster/README.md
@@ -49,6 +49,7 @@
 | <a name="input_networks"></a> [networks](#input\_networks) | Map of harvester VM networks to add NICs for. Key should be interface name. | <pre>map(object({<br/>    ips     = list(string)<br/>    cidr    = number<br/>    gateway = string<br/>    dns     = string<br/>    network = string<br/>  }))</pre> | n/a | yes |
 | <a name="input_openiscsi_version"></a> [openiscsi\_version](#input\_openiscsi\_version) | Version of openiscsi to install on Harvester VMs. | `string` | `""` | no |
 | <a name="input_primary_interface"></a> [primary\_interface](#input\_primary\_interface) | Name of the primary network interface | `string` | `"eth0"` | no |
+| <a name="input_private_registries"></a> [private\_registries](#input\_private\_registries) | List of private container image registries to use in the cluster | `list(map(string))` | `[]` | no |
 | <a name="input_root_disk_size"></a> [root\_disk\_size](#input\_root\_disk\_size) | n/a | `string` | `"30Gi"` | no |
 | <a name="input_run_strategy"></a> [run\_strategy](#input\_run\_strategy) | n/a | `string` | `"RerunOnFailure"` | no |
 | <a name="input_ssh_common_args"></a> [ssh\_common\_args](#input\_ssh\_common\_args) | n/a | `string` | `""` | no |

diff --git a/modules/k3s-cluster/main.tf b/modules/k3s-cluster/main.tf
@@ -49,6 +49,7 @@ module "install_k3s" {
   metallb_version    = var.metallb_version
   openiscsi_version  = var.openiscsi_version
   primary_interface  = var.primary_interface
+  private_registries = var.private_registries
   ssh_common_args    = var.ssh_common_args
   ssh_private_key    = tls_private_key.ssh.private_key_openssh
   vm_username        = var.vm_username

diff --git a/modules/k3s-cluster/provision/README.md b/modules/k3s-cluster/provision/README.md
@@ -50,6 +50,7 @@ No modules.
 | <a name="input_metallb_version"></a> [metallb\_version](#input\_metallb\_version) | n/a | `any` | n/a | yes |
 | <a name="input_openiscsi_version"></a> [openiscsi\_version](#input\_openiscsi\_version) | n/a | `any` | n/a | yes |
 | <a name="input_primary_interface"></a> [primary\_interface](#input\_primary\_interface) | n/a | `any` | n/a | yes |
+| <a name="input_private_registries"></a> [private\_registries](#input\_private\_registries) | n/a | `any` | n/a | yes |
 | <a name="input_ssh_common_args"></a> [ssh\_common\_args](#input\_ssh\_common\_args) | n/a | `any` | n/a | yes |
 | <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key) | n/a | `any` | n/a | yes |
 | <a name="input_vm_username"></a> [vm\_username](#input\_vm\_username) | n/a | `any` | n/a | yes |

diff --git a/modules/k3s-cluster/provision/ansible/roles/k3s/tasks/main.yaml b/modules/k3s-cluster/provision/ansible/roles/k3s/tasks/main.yaml
@@ -35,3 +35,10 @@
         K3S_TOKEN: "{{ node_token }}"
         K3S_URL: "{{ k3s_url | default('') }}"
       changed_when: true
+
+- name: Configure private registries
+  ansible.builtin.template:
+    src: registries.yaml.j2
+    dest: /etc/rancher/k3s/registries.yaml
+    mode: "0600"
+  when: private_registries | length > 0
diff --git a/modules/k3s-cluster/provision/ansible/roles/k3s/templates/registries.yaml.j2 b/modules/k3s-cluster/provision/ansible/roles/k3s/templates/registries.yaml.j2
@@ -0,0 +1,14 @@
+{% for registry in (private_registries | from_yaml) %}
+mirrors:
+  {{ registry.registry }}:
+    endpoint:
+      - {{ registry.endpoint }}
+configs:
+  {{ registry.registry }}:
+    auth:
+      username: {{ registry.username }}
+      password: {{ registry.password }}
+      token: {{ registry.token | default("") }}
+    tls:
+      insecure_skip_verify: true
+{% endfor %}
diff --git a/modules/k3s-cluster/provision/locals.tf b/modules/k3s-cluster/provision/locals.tf
@@ -21,12 +21,13 @@ locals {
       "-o ControlPath=~/%r@%h:%p",
       var.ssh_common_args
     ])
-    ansible_user      = var.vm_username
-    k3s_version       = var.k3s_version
-    kubeconfig_path   = local.kubeconfig_path
-    leader_ip         = var.leader_ip
-    node_token        = local.node_token
-    openiscsi_version = var.openiscsi_version
+    ansible_user       = var.vm_username
+    k3s_version        = var.k3s_version
+    kubeconfig_path    = local.kubeconfig_path
+    leader_ip          = var.leader_ip
+    node_token         = local.node_token
+    openiscsi_version  = var.openiscsi_version
+    private_registries = yamlencode(var.private_registries)
   }
 
   server_ansible_args = {

diff --git a/modules/k3s-cluster/provision/variables.tf b/modules/k3s-cluster/provision/variables.tf
@@ -25,6 +25,8 @@ variable "openiscsi_version" {}
 
 variable "primary_interface" {}
 
+variable "private_registries" {}
+
 variable "ssh_common_args" {}
 
 variable "ssh_private_key" {}

diff --git a/modules/k3s-cluster/variables.tf b/modules/k3s-cluster/variables.tf
@@ -106,6 +106,12 @@ variable "primary_interface" {
   default     = "eth0"
 }
 
+variable "private_registries" {
+  type        = list(map(string))
+  description = "List of private container image registries to use in the cluster"
+  default     = []
+}
+
 variable "root_disk_size" {
   type    = string
   default = "30Gi"