chore: Provide docker creds with talos (#17)

* Provide docker creds in talos * Fix
fluencelabs · Dec 2, 2024 · 17b0a77 · 17b0a77
1 parent f85b20d
commit 17b0a77
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 24 deletions.
diff --git a/terraform/controlplane.tf b/terraform/controlplane.tf
@@ -76,8 +76,9 @@ data "talos_machine_configuration" "cp" {
       dotoken         = base64encode(data.vault_generic_secret.spectrum.data.token)
       domain          = "${local.prefix}.fluence.dev"
       prefix          = local.prefix
-      docker          = base64encode(local.docker_config_json)
       pr_url          = var.github_pr_url
+      docker_username = data.vault_generic_secret.docker.data.username
+      docker_password = data.vault_generic_secret.docker.data.password
     })
   ]
 }
@@ -110,13 +111,14 @@ resource "digitalocean_droplet" "cp" {
   ]
 }
 
-resource "cloudflare_record" "cp" {
+resource "digitalocean_record" "cp" {
   for_each = { for index, name in local.cp : name => index }
 
-  zone_id = data.cloudflare_zone.fluence_dev.zone_id
-  name    = "${each.key}.${local.prefix}.fluence.dev"
-  content = digitalocean_droplet.cp[each.key].ipv4_address
-  type    = "A"
+  name   = each.key
+  value  = digitalocean_droplet.cp[each.key].ipv4_address
+  domain = digitalocean_domain.spectrum.id
+  type   = "A"
+  ttl    = 30
 }
 
 resource "talos_machine_bootstrap" "this" {

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,15 +1,6 @@
 locals {
   prefix           = terraform.workspace
   loadbalancer_dns = "kube.${local.prefix}.fluence.dev"
-
-  docker_config_json = jsonencode({
-    auths = {
-      "docker.fluence.dev" = {
-        username = data.vault_generic_secret.docker.data.username
-        password = data.vault_generic_secret.docker.data.password
-      }
-    }
-  })
 }
 
 resource "tls_private_key" "spectrum" {

diff --git a/terraform/templates/controlplane_patch.yml b/terraform/templates/controlplane_patch.yml
@@ -9,6 +9,12 @@ machine:
   time:
     servers:
       - time.cloudflare.com
+  registries:
+    config:
+      docker.fluence.dev:
+        auth:
+          username: ${docker_username}
+          password: ${docker_password}
 
 cluster:
   allowSchedulingOnControlPlanes: true
@@ -178,12 +184,3 @@ cluster:
             substituteFrom:
             - kind: ConfigMap
               name: terraform-config
-        ---
-        apiVersion: v1
-        kind: Secret
-        metadata:
-          name: docker-auth
-          namespace: default
-        type: kubernetes.io/dockerconfigjson
-        data:
-          .dockerconfigjson: ${docker}