feat: added support GCP Artifact Registry

part of fix for jenkins-x/jx#8656
sergiogiuffrida · Apr 25, 2024 · 6d61937 · 6d61937
1 parent 5d60c60
commit 6d61937
Show file tree

Hide file tree

Showing 8 changed files with 104 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -114,6 +114,10 @@ The following two paragraphs provide the full list of configuration and output v
 | <a name="input_apex_domain"></a> [apex\_domain](#input\_apex\_domain) | The parent / apex domain to be used for the cluster | `string` | `""` | no |
 | <a name="input_apex_domain_gcp_project"></a> [apex\_domain\_gcp\_project](#input\_apex\_domain\_gcp\_project) | The GCP project the apex domain is managed by, used to write recordsets for a subdomain if set. Defaults to current project. | `string` | `""` | no |
 | <a name="input_apex_domain_integration_enabled"></a> [apex\_domain\_integration\_enabled](#input\_apex\_domain\_integration\_enabled) | Flag that when set attempts to create delegation records in apex domain to point to domain created by this module | `bool` | `true` | no |
+| <a name="input_artifact_description"></a> [artifact\_description](#input\_artifact\_description) | artifact registry repository Description | `string` | `"jenkins-x Docker Repository"` | no |
+| <a name="input_artifact_enable"></a> [artifact\_enable](#input\_artifact\_enable) | Create artifact registry repository | `bool` | `true` | no |
+| <a name="input_artifact_location"></a> [artifact\_location](#input\_artifact\_location) | artifact registry repository Location | `string` | `"us-central1"` | no |
+| <a name="input_artifact_repository_id"></a> [artifact\_repository\_id](#input\_artifact\_repository\_id) | artifact registry repository Name, Defaul Cluster Name | `string` | `""` | no |
 | <a name="input_autoscaler_location_policy"></a> [autoscaler\_location\_policy](#input\_autoscaler\_location\_policy) | location policy for primary node pool | `string` | `"ANY"` | no |
 | <a name="input_autoscaler_max_node_count"></a> [autoscaler\_max\_node\_count](#input\_autoscaler\_max\_node\_count) | primary node pool max nodes | `number` | `5` | no |
 | <a name="input_autoscaler_min_node_count"></a> [autoscaler\_min\_node\_count](#input\_autoscaler\_min\_node\_count) | primary node pool min nodes | `number` | `3` | no |

diff --git a/main.tf b/main.tf
@@ -129,6 +129,12 @@ resource "google_project_service" "container_api" {
  disable_on_destroy = false
 }
 
+resource "google_project_service" "artifactregistry" {
+ provider = google
+ project = var.gcp_project
+ service = "artifactregistry.googleapis.com"
+ disable_on_destroy = false
+}
 // ----------------------------------------------------------------------------
 // Create Kubernetes cluster
 // ----------------------------------------------------------------------------
@@ -148,6 +154,9 @@ module "cluster" {
  ip_range_services = var.ip_range_services
  max_pods_per_node = var.max_pods_per_node
  bucket_location = var.bucket_location
+ artifact_enable = var.artifact_enable
+ artifact_location = var.artifact_location 
+ artifact_repository_id = var.artifact_repository_id
  jenkins_x_namespace = var.jenkins_x_namespace
  force_destroy = var.force_destroy
  enable_primary_node_pool = var.enable_primary_node_pool
@@ -267,6 +276,10 @@ locals {
  git_owner_requirement_repos = var.git_owner_requirement_repos
  dev_env_approvers = var.dev_env_approvers
  lets_encrypt_production = var.lets_encrypt_production
+ // GCP Artifact
+ enable_artifact = var.artifact_enable
+ registry = module.cluster.artifact_registry_repository
+ docker_registry_org = module.cluster.artifact_registry_repository_name
  // Storage buckets
  log_storage_url = module.cluster.log_storage_url
  report_storage_url = module.cluster.report_storage_url

diff --git a/modules/cluster/outputs.tf b/modules/cluster/outputs.tf
@@ -45,3 +45,11 @@ output "tekton_sa_email" {
 output "tekton_sa_name" {
  value = google_service_account.tekton_sa.name
 }
+
+output "artifact_registry_repository" {
+ value = local.artifact_registry_repository
+}
+
+output "artifact_registry_repository_name" {
+ value = local.artifact_repositoryid
+}
diff --git a/modules/cluster/serviceaccount.tf b/modules/cluster/serviceaccount.tf
@@ -237,3 +237,18 @@ resource "google_service_account_iam_member" "boot_sa_workload_identity_user" {
  role = "roles/iam.workloadIdentityUser"
  member = "serviceAccount:${var.gcp_project}.svc.id.goog[jx-git-operator/jx-boot-job]"
 }
+
+// Artifact Registry
+resource "google_artifact_registry_repository_iam_member" "writers" {
+ count = var.artifact_enable ? 1 : 0
+ project = google_artifact_registry_repository.repo[count.index].project
+ location = google_artifact_registry_repository.repo[count.index].location
+ repository = google_artifact_registry_repository.repo[count.index].name
+
+ role = "roles/artifactregistry.writer"
+ member = "serviceAccount:${google_service_account.tekton_sa.email}"
+
+ depends_on = [
+ google_artifact_registry_repository.repo
+ ]
+}
diff --git a/modules/cluster/storage.tf b/modules/cluster/storage.tf
@@ -33,3 +33,19 @@ resource "google_storage_bucket" "repository_bucket" {
 
  force_destroy = var.force_destroy
 }
+
+// Artifact Registry
+locals {
+ artifact_repositoryid = var.artifact_repository_id == "" ? var.cluster_name : var.artifact_repository_id
+ artifact_registry_repository = "${var.artifact_location}-docker.pkg.dev/${var.gcp_project}" 
+}
+
+resource "google_artifact_registry_repository" "repo" {
+ count = var.artifact_enable ? 1 : 0
+ format = "DOCKER"
+ location = var.artifact_location
+ mode = "STANDARD_REPOSITORY"
+ project = var.gcp_project
+ repository_id = local.artifact_repositoryid
+ description = var.artifact_description
+}
diff --git a/modules/cluster/variables.tf b/modules/cluster/variables.tf
@@ -517,4 +517,26 @@ variable "delete_protect" {
  type = bool
  default = true
 }
+// Artifact Registry
+variable "artifact_location" {
+ description = "artifact registry repository Location"
+ type = string
+ default = "us-central1" 
+}
 
+variable "artifact_repository_id" {
+ description = "artifact registry repository Name, Defaul Cluster Name"
+ type = string
+ default = "oci"
+}
+variable "artifact_description" {
+ description = "artifact registry repository Description"
+ type = string
+ default = "jenkins-x Docker Repository" 
+}
+
+variable "artifact_enable" {
+ description = "Create artifact registry repository"
+ type = bool
+ default = true
+}
diff --git a/modules/jx-requirements-v3.yml.tpl b/modules/jx-requirements-v3.yml.tpl
@@ -6,6 +6,10 @@ spec:
  project: "${gcp_project}"
  provider: gke
  zone: "${zone}"
+%{ if enable_artifact }
+ dockerRegistryOrg: "${docker_registry_org}"
+ registry: "${registry}"
+%{ endif }
  ingress:
 %{ if subdomain != "" }
  domain: "${subdomain}.${apex_domain}"

diff --git a/variables.tf b/variables.tf
@@ -358,3 +358,25 @@ variable "delete_protect" {
  default = true
 }
 
+// GCP Artifact
+variable "artifact_location" {
+ description = "artifact registry repository Location"
+ type = string
+ default = "us-central1" 
+}
+variable "artifact_repository_id" {
+ description = "artifact registry repository Name"
+ type = string
+ default = "oci"
+}
+variable "artifact_description" {
+ description = "artifact registry repository Description"
+ type = string
+ default = "jenkins-x Docker Repository" 
+}
+
+variable "artifact_enable" {
+ description = "Create artifact registry repository"
+ type = bool
+ default = true
+}