Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/krestomatio/terraform-aws-multiarch-builder

Terraform module for building multi-architecture container images (amd64 and arm64) using remote (TLS) ephemeral EC2 instances as builders
https://github.com/krestomatio/terraform-aws-multiarch-builder

aws buildkit buildx docker ec2 ec2-spot terraform terraform-module tls

Last synced: 6 days ago
JSON representation

Terraform module for building multi-architecture container images (amd64 and arm64) using remote (TLS) ephemeral EC2 instances as builders

Awesome Lists containing this project

README 

        
Terraform module for building multi-architecture container images (amd64 and arm64) using remote (TLS) ephemeral EC2 instances as builders. Two AWS Spot instances are launched (one for each architecture). They both run docker (moby) in TLS mode. The module generates the remote builders and client certificates to connect and authenticate between them. The module installs the certificates and applies the respective [buildx](https://github.com/docker/buildx) configuration in the client (see `create_client_certs` and `handle_client_config` input variables).



The builders are intended for ephemeral use cases, during pipelines, for instance. Therefore, [caching](https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#cache-from) usage is also recommended.



## Dependencies

The following are the dependencies to make use of the remote ephemeral builders, once they are deployed:

* [docker](https://docs.docker.com/engine/install/)

* [buildx](https://github.com/docker/buildx)



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.13.1 |

|  [aws](#requirement\_aws) | ~> 4.0 |

|  [tls](#requirement\_tls) | ~> 3.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 4.20.0 |

|  [local](#provider\_local) | 2.2.3 |

|  [null](#provider\_null) | 3.1.1 |

|  [template](#provider\_template) | 2.2.0 |

|  [tls](#provider\_tls) | 3.4.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_spot_instance_request.multiarch_builder_amd64](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_instance_request) | resource |

| [aws_spot_instance_request.multiarch_builder_arm64](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_instance_request) | resource |

| [local_sensitive_file.ca_cert](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |

| [local_sensitive_file.client_cert](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |

| [local_sensitive_file.client_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |

| [null_resource.client_config](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [null_resource.client_config_amd64](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [null_resource.client_config_arm64](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

| [tls_cert_request.client](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |

| [tls_cert_request.server](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |

| [tls_locally_signed_cert.client](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |

| [tls_locally_signed_cert.server](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/locally_signed_cert) | resource |

| [tls_private_key.ca](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |

| [tls_private_key.client](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |

| [tls_private_key.server](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |

| [tls_self_signed_cert.ca](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource |

| [aws_ami.amazon_linux_amd64](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

| [aws_ami.amazon_linux_arm64](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

| [template_cloudinit_config.multiarch_builder](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [az](#input\_az) | The multiarch builder instances availability zone | `any` | `null` | no |

|  [create\_amd64](#input\_create\_amd64) | Whether to create amd64 builder instance | `bool` | `true` | no |

|  [create\_arm64](#input\_create\_arm64) | Whether to create arm64 builder instance | `bool` | `true` | no |

|  [create\_client\_certs](#input\_create\_client\_certs) | Whether client certificate files are stored on the disk | `bool` | `true` | no |

|  [docker\_cert\_path](#input\_docker\_cert\_path) | Location for storing generated client docker certificates | `string` | `"~/.docker/multiarch-builder/certs"` | no |

|  [handle\_client\_config](#input\_handle\_client\_config) | Whether client buildx config is created or removed (when destroyed) | `bool` | `true` | no |

|  [iam\_instance\_profile](#input\_iam\_instance\_profile) | The multiarch builder instances iam instance profile | `any` | `null` | no |

|  [instance\_type\_amd64](#input\_instance\_type\_amd64) | The amd64 builder instance type | `string` | `"t3.medium"` | no |

|  [instance\_type\_arm64](#input\_instance\_type\_arm64) | The arm64 builder instance type | `string` | `"t4g.medium"` | no |

|  [key\_name](#input\_key\_name) | The multiarch builder instances ssh key name | `any` | `null` | no |

|  [prefix\_name](#input\_prefix\_name) | The multiarch builder instances prefix name | `string` | `"multiarch-builder"` | no |

|  [security\_group\_ids](#input\_security\_group\_ids) | The multiarch builder instances security group ids list | `list(string)` | `[]` | no |

|  [subnet\_id](#input\_subnet\_id) | The multiarch builder instances (public) subnet id | `any` | `null` | no |

|  [tls\_validity\_period\_hours](#input\_tls\_validity\_period\_hours) | Number of hours, after initial issuing, that the certificate will remain valid for | `number` | `24` | no |

|  [volume\_root\_size](#input\_volume\_root\_size) | The multiarch builder instances root volume size | `number` | `15` | no |



## Outputs



| Name | Description |

|------|-------------|

|  [ca\_cert](#output\_ca\_cert) | This CA certificate |

|  [client\_cert](#output\_client\_cert) | The client certificate sign by this CA |

|  [client\_config\_amd64\_cmd](#output\_client\_config\_amd64\_cmd) | Command to configure the client (docker and buildx) with amd64 instance |

|  [client\_config\_arm64\_cmd](#output\_client\_config\_arm64\_cmd) | Command to configure the client (docker and buildx) with arm64 instance |

|  [client\_key](#output\_client\_key) | The client private key |

|  [docker\_host\_amd64](#output\_docker\_host\_amd64) | Docker host (TLS) for amd64 instance |

|  [docker\_host\_arm64](#output\_docker\_host\_arm64) | Docker host (TLS) for arm64 instance |



## [About Krestomatio](https://krestomatio.com/about)

[Krestomatio is a managed service for Moodle™ e-learning platforms](https://krestomatio.com/). It allows you to have open-source instances managed by a service optimized for Moodle™, complete with an additional plugin pack and customization options.