Using Private Repositories
In the event that the repository housing the Terraform module is private and necessitates authentication for access, it is possible to integrate the authentication credentials into a secret located within the namespace.
Using SSH Authentication
Assuming a scenario where a Terraform module is hosted in a private Github repository, the following steps outline the process of adding authentication details:
-
Generate an SSH deployment key for the repository, granting it the ability to clone.
-
Create a Kubernetes secret within the namespace, housing the SSH private key.
$ kubectl -n apps create secret generic ssh --from-file=SSH_AUTH_KEY=id.rsa
-
Update the Terraform module configuration resource, specifying the
spec.auth.name: [NAME]
as the name of the secret:spec:
auth:
name: ssh -
Reference a git repository as the module source
spec:
module: git::ssh://git@github.com/ORG/REPOSITORY?ref=<TAG|BRANCH|COMMIT>
In case there is a need to extract a specific folder within the repository, the syntax git::ssh://git@github.com/ORG/REPOSITORY//PATH?ref=<TAG|BRANCH|COMMIT>
can be utilized.
Using HTTP Authentication
To utilize HTTP authentication for a private repository, follow these steps:
- Create a Kubernetes secret containing the username and password:
$ kubectl -n app create secret generic httpauth --from-literal=GIT_USERNAME=USERNAME --from-literal=GIT_PASSWORD=PASSWORD
-
Update the Configuration to include the authentication reference:
spec:
auth:
name: httpauth -
Reference the Terraform module using HTTP:
spec:
module: https://git@github.com/ORG/REPOSITORY?ref=<TAG|BRANCH|COMMIT>
Using Token Authentication
Use the same process as above, creating a Kubernetes secret containing TOKEN
.
What sources are supported?
Our platform leverages the same library as Terraform, specifically go-getter, which provides support for the following source types:
- Git
- Mercurial
- HTTP
- Amazon S3
- Google GCP
For a comprehensive overview of the supported sources, please refer to the go-getter documentation.