remove docker dep and use dockerless provider for pulling and pushing…

… images
CDCgov · Sep 25, 2024 · 9a69221 · 9a69221
1 parent e17c22b
commit 9a69221
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 73 deletions.
diff --git a/terraform/implementation/ecs/deploy.sh b/terraform/implementation/ecs/deploy.sh
@@ -113,6 +113,7 @@ echo "Bucket: $BUCKET"
 echo "DynamoDB Table: $DYNAMODB_TABLE"
 echo "Region: $REGION"
 cat "$ENVIRONMENT.tfvars"
+echo ""
 
 terraform init \
     -var-file="$ENVIRONMENT.tfvars" \

diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf
@@ -24,6 +24,8 @@ module "ecs" {
   project = var.project
   tags    = local.tags
 
-  # If intent is to use the non-integrated viewer, set this to true (default is false)
+  # If intent is to pull from the phdi GHCR, set disable_ecr to true (default is false)
+  # disable_ecr = true
+  # If intent is to use the non-integrated viewer, set non_integrated_viewer to true (default is false)
   # non_integrated_viewer = "true"
 }
diff --git a/terraform/modules/ecs/_local.tf b/terraform/modules/ecs/_local.tf
@@ -15,7 +15,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-ecr-viewer",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-ecr-viewer" : "ecr-viewer",
       app_version    = var.phdi_version,
       container_port = 3000,
       host_port      = 3000,
@@ -61,7 +61,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-fhir-converter",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-fhir-converter" : "fhir-converter",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,
@@ -74,7 +74,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-ingestion",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-ingestion" : "ingestion",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,
@@ -87,7 +87,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-validation",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-validation" : "validation",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,
@@ -100,7 +100,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-trigger-code-reference",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-trigger-code-reference" : "trigger-code-reference",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,
@@ -113,7 +113,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-message-parser",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-message-parser" : "message-parser",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,
@@ -126,7 +126,7 @@ locals {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
       app_count      = 1
-      app_image      = "${terraform.workspace}-orchestration",
+      app_image      = var.disable_ecr == false ? "${terraform.workspace}-orchestration" : "orchestration",
       app_version    = var.phdi_version,
       container_port = 8080,
       host_port      = 8080,

diff --git a/terraform/modules/ecs/ecs.tf b/terraform/modules/ecs/ecs.tf
@@ -14,7 +14,7 @@ resource "aws_ecs_task_definition" "this" {
   container_definitions = jsonencode([
     {
       name        = each.key,
-      image       = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}",
+      image       = var.disable_ecr == false ? dockerless_remote_image.dibbs[each.key].target : "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}",
       networkMode = "awsvpc",
       logConfiguration = {
         logDriver = "awslogs",

diff --git a/terraform/modules/ecs/enable_ecr.tf b/terraform/modules/ecs/enable_ecr.tf
@@ -1,47 +1,7 @@
-data "docker_registry_image" "dibbs" {
+resource "dockerless_remote_image" "dibbs" {
   for_each = var.disable_ecr == false ? local.service_data : {}
-  name     = "ghcr.io/cdcgov/phdi/${each.key}:${each.value.app_version}"
-}
-
-resource "docker_image" "dibbs" {
-  for_each      = var.disable_ecr == false ? local.service_data : {}
-  name          = data.docker_registry_image.dibbs[each.key].name
-  keep_locally  = true
-  pull_triggers = [data.docker_registry_image.dibbs[each.key].sha256_digest, plantimestamp()]
-  force_remove  = true
-}
-
-resource "docker_tag" "this" {
-  for_each     = var.disable_ecr == false ? local.service_data : {}
-  source_image = docker_image.dibbs[each.key].name
-  target_image = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
-  lifecycle {
-    replace_triggered_by = [
-      null_resource.docker_tag
-    ]
-  }
-}
-
-resource "docker_registry_image" "this" {
-  for_each = var.disable_ecr == false ? local.service_data : {}
-  name     = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
-  depends_on = [
-    docker_image.dibbs,
-    docker_tag.this,
-    aws_ecr_repository.this
-  ]
-  keep_remotely = true
-
-  triggers = {
-    sha256_digest = data.docker_registry_image.dibbs[each.key].sha256_digest
-  }
-}
-
-resource "null_resource" "docker_tag" {
-  for_each = docker_image.dibbs
-  triggers = {
-    docker_image = each.value.id
-  }
+  source = "ghcr.io/cdcgov/phdi/${each.key}:${each.value.app_version}"
+  target = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
 }
 
 data "aws_ecr_authorization_token" "this" {}

diff --git a/terraform/modules/ecs/provider.tf b/terraform/modules/ecs/provider.tf
@@ -1,29 +1,17 @@
 terraform {
   required_providers {
-    docker = {
-      source  = "kreuzwerker/docker"
-      version = "3.0.2"
+    dockerless = {
+      source = "nullstone-io/dockerless"
+      version = "0.1.1"
     }
   }
 }
 
-provider "docker" {
-  # Note: Terraform will automatically communicate with the local 
-  # Docker daemon using the default Unix socket 
-  host = "unix:///var/run/docker.sock"
-  registry_auth {
-    auth_disabled = var.disable_ecr
-    address       = local.registry_auth
-    username      = local.registry_username
-    password      = local.registry_password
-
-    config_file_content = jsonencode({
-      "auths" = {
-        "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" = {},
-      }
-      "credHelpers" = {
-        "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" = "ecr-login",
-      }
-    })
+provider "dockerless" {
+  registry_auth = {
+    "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" = {
+      username = local.registry_username
+      password = local.registry_password
+    }
   }
 }