diff --git a/modules/infra/harbor/main.tf b/modules/infra/harbor/main.tf index c790f25..1825abc 100644 --- a/modules/infra/harbor/main.tf +++ b/modules/infra/harbor/main.tf @@ -1,6 +1,6 @@ locals { values_yaml = templatefile("${path.module}/values.yaml", { - harbor_url = var.harbor_url + harbor_url = "https://registry.goboolean.io" harbor_password = var.harbor_password }) } @@ -17,5 +17,4 @@ resource "helm_release" "harbor" { resource "kubernetes_manifest" "harbor_gateway" { manifest = yamldecode(file("${path.module}/gateway.yaml")) - depends_on = [helm_release.harbor] } diff --git a/modules/infra/harbor/config.tf b/modules/infra/harbor/policy/main.tf similarity index 83% rename from modules/infra/harbor/config.tf rename to modules/infra/harbor/policy/main.tf index c5eef47..bd4e7db 100644 --- a/modules/infra/harbor/config.tf +++ b/modules/infra/harbor/policy/main.tf @@ -2,7 +2,6 @@ resource "harbor_project" "fetch-system" { name = "fetch-system" public = true vulnerability_scanning = true - depends_on = [kubernetes_manifest.harbor_gateway] } resource "harbor_retention_policy" "fetch-system-retention" { @@ -20,5 +19,4 @@ resource "harbor_retention_policy" "fetch-system-retention" { resource "harbor_garbage_collection" "gc-schedule" { schedule = "Daily" workers = 1 - depends_on = [kubernetes_manifest.harbor_gateway] } diff --git a/modules/infra/harbor/provider.tf b/modules/infra/harbor/policy/provider.tf similarity index 100% rename from modules/infra/harbor/provider.tf rename to modules/infra/harbor/policy/provider.tf diff --git a/modules/infra/harbor/variables.tf b/modules/infra/harbor/variables.tf index 2c0e1e7..1edf27c 100644 --- a/modules/infra/harbor/variables.tf +++ b/modules/infra/harbor/variables.tf @@ -1,8 +1,3 @@ -variable "harbor_url" { - description = "The URL of the Harbor instance" - type = string -} - variable "harbor_username" { description = "The username for the Harbor admin user" type = string diff --git a/projects/infra/main.tf b/projects/infra/main.tf index 4654fa3..1f207a5 100644 --- a/projects/infra/main.tf +++ b/projects/infra/main.tf @@ -21,11 +21,6 @@ module "opentelemetry" { source = "../../modules/infra/opentelemetry" } -/* - The following infrastructure depends on Vault. - Therefore, it should be separated into a distinct module - and divided into stages. -*/ # module "argocd-application" { # source = "../../modules/infra/argocd/application" # depends_on = [module.argocd, module.namespace] @@ -33,7 +28,8 @@ module "opentelemetry" { # argocd = argocd # } # } -/* + + data "vault_kv_secret_v2" "harbor" { mount = "kv" name = "infra/harbor" @@ -43,11 +39,15 @@ module "harbor" { source = "../../modules/infra/harbor" harbor_username = data.vault_kv_secret_v2.harbor.data["username"] harbor_password = data.vault_kv_secret_v2.harbor.data["password"] +} + +module "harbor_policy" { + source = "../../modules/infra/harbor/policy" providers = { harbor = harbor } } -*/ + data "vault_kv_secret_v2" "postgresql" { mount = "kv" name = "infra/postgresql" @@ -81,14 +81,6 @@ data "vault_kv_secret_v2" "grafana" { name = "infra/grafana" } -# module "grafana" { -# source = "../../modules/infra/grafana" -# depends_on = [module.namespace] -# grafana_username = data.vault_kv_secret_v2.grafana.data["username"] -# grafana_password = data.vault_kv_secret_v2.grafana.data["password"] -# influxdb_token = data.vault_kv_secret_v2.influxdb.data["token"] -# } - module "kube-prometheus-stack" { source = "../../modules/infra/monitoring/kube-prometheus-stack" grafana_username = data.vault_kv_secret_v2.grafana.data["username"] diff --git a/projects/infra/provider.tf b/projects/infra/provider.tf index 2c6e6af..b963ab0 100644 --- a/projects/infra/provider.tf +++ b/projects/infra/provider.tf @@ -104,10 +104,8 @@ provider "argocd" { password = data.vault_kv_secret_v2.argocd.data["password"] } -/* provider "harbor" { url = "https://registry.goboolean.io" username = data.vault_kv_secret_v2.harbor.data["username"] password = data.vault_kv_secret_v2.harbor.data["password"] } -*/