Commit 8fabac4d authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: use centralized service images (gitlab.com)

parent a444abf5

README.md

+2 −2
Original line number Diff line number Diff line
@@ -612,7 +612,7 @@ In order to be able to communicate with the Vault server, the variant requires t 


| Name              | description                            | default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master` |

| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |

| `VAULT_BASE_URL`  | The Vault server base API url          | _none_ |

| `VAULT_OIDC_AUD`  | The `aud` claim for the JWT | `$CI_SERVER_URL` |

| :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
@@ -669,7 +669,7 @@ The variant requires the additional configuration parameters: 


| Name              | description                            | default value     |

| ----------------- | -------------------------------------- | ----------------- |

| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `$CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main` |

| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` |

| `GCP_OIDC_PROVIDER`      | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |

| `GCP_OIDC_ACCOUNT`       | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |

| `GCP_REVIEW_OIDC_PROVIDER` | Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment _(only define if different from default)_ | _none_ |

kicker.json

+2 −2
Original line number Diff line number Diff line
@@ -466,7 +466,7 @@ 
        {

          "name": "TBC_VAULT_IMAGE",

          "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",

          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",

          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",

          "advanced": true

        },

        {
@@ -502,7 +502,7 @@ 
        {

          "name": "TBC_GCP_PROVIDER_IMAGE",

          "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",

          "default": "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master",

          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",

          "advanced": true

        },

        {

templates/gitlab-ci-terraform-gcp.yml

+1 −1
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
# =====================================================================================================================

variables:

  # variabilized gcp-auth-provider image

  TBC_GCP_PROVIDER_IMAGE: $CI_REGISTRY/to-be-continuous/tools/gcp-auth-provider:main

  TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main

  GCP_OIDC_AUD: "$CI_SERVER_URL"



.tf-base:

templates/gitlab-ci-terraform-vault.yml

+1 −1
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
# =====================================================================================================================

variables:

  # variabilized vault-secrets-provider image

  TBC_VAULT_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/vault-secrets-provider:master"

  TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"

  # variables have to be explicitly declared in the YAML to be exported to the service

  VAULT_ROLE_ID: "$VAULT_ROLE_ID"

  VAULT_SECRET_ID: "$VAULT_SECRET_ID"

templates/gitlab-ci-terraform.yml

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ workflow: 


variables:

  # variabilized tracking image

  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"

  TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"



  # Default Docker image (can be overridden)

  TF_IMAGE: "registry.hub.docker.com/hashicorp/terraform:latest"