mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
2d09916f60
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves # N/A - Resolves an issue that prevents some locally pulled docker images from being pushed to ECR.
46 lines
1.1 KiB
HCL
46 lines
1.1 KiB
HCL
data "aws_ecr_authorization_token" "token" {}
|
|
|
|
resource "random_pet" "db_secret_postfix" {
|
|
length = 1
|
|
}
|
|
|
|
resource "aws_kms_key" "main" {
|
|
description = "${local.customer}-${random_pet.db_secret_postfix.id}"
|
|
deletion_window_in_days = 10
|
|
enable_key_rotation = true
|
|
}
|
|
|
|
resource "aws_ecr_repository" "fleet" {
|
|
name = local.customer
|
|
image_tag_mutability = "IMMUTABLE"
|
|
|
|
image_scanning_configuration {
|
|
scan_on_push = true
|
|
}
|
|
|
|
encryption_configuration {
|
|
encryption_type = "KMS"
|
|
kms_key = aws_kms_key.main.arn
|
|
}
|
|
|
|
force_delete = true
|
|
}
|
|
|
|
resource "docker_image" "dockerhub" {
|
|
name = "fleetdm/fleet:${var.tag}"
|
|
pull_triggers = [data.docker_registry_image.dockerhub.sha256_digest]
|
|
}
|
|
|
|
data "docker_registry_image" "dockerhub" {
|
|
name = "fleetdm/fleet:${var.tag}"
|
|
}
|
|
|
|
resource "docker_tag" "fleet" {
|
|
source_image = docker_image.dockerhub.name
|
|
target_image = "${aws_ecr_repository.fleet.repository_url}:${var.tag}-${split(":", data.docker_registry_image.dockerhub.sha256_digest)[1]}"
|
|
}
|
|
|
|
resource "docker_registry_image" "fleet" {
|
|
name = docker_tag.fleet.target_image
|
|
keep_remotely = true
|
|
}
|