Add option to use private GCR to cos-generic-metadata (#86)
This commit is contained in:
parent
66bb75ff77
commit
99642be58a
|
@ -64,6 +64,7 @@ module "cos-envoy" {
|
|||
| name | description | type | required | default |
|
||||
|---|---|:---: |:---:|:---:|
|
||||
| container_image | Container image. | <code title="">string</code> | ✓ | |
|
||||
| *authenticate_gcr* | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *boot_commands* | List of cloud-init `bootcmd`s | <code title="list(string)">list(string)</code> | | <code title="">[]</code> |
|
||||
| *cloud_config* | Cloud config template path. If provided, takes precedence over all other arguments. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *config_variables* | Additional variables used to render the template passed via `cloud_config` | <code title="map(any)">map(any)</code> | | <code title="">{}</code> |
|
||||
|
|
|
@ -44,6 +44,10 @@ write_files:
|
|||
After=gcr-online.target docker.socket
|
||||
Wants=gcr-online.target docker.socket docker-events-collector.service
|
||||
[Service]
|
||||
%{ if authenticate_gcr && length(users) > 0 ~}
|
||||
Environment="HOME=/home/${users[0].username}"
|
||||
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
|
||||
%{ endif ~}
|
||||
ExecStart=/usr/bin/docker run --rm --name=${container_name} \
|
||||
%{ if length(users) > 0 ~}
|
||||
--user=${users[0].uid} \
|
||||
|
|
|
@ -26,6 +26,7 @@ locals {
|
|||
gcp_logging = var.gcp_logging
|
||||
run_commands = var.run_commands
|
||||
users = var.users
|
||||
authenticate_gcr = var.authenticate_gcr
|
||||
}))
|
||||
files = {
|
||||
for path, attrs in var.files : path => {
|
||||
|
|
|
@ -108,3 +108,9 @@ variable "users" {
|
|||
default = [
|
||||
]
|
||||
}
|
||||
|
||||
variable "authenticate_gcr" {
|
||||
description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue