If you weren’t aware, I submitted on November a Terraform Module I made to the Alibaba Cloud Open Platform Challenge. Said challenge was designed to bring developers closer to the tools Alibaba Cloud is trying to push across the community. Good news! I was among the winners!
They launched the challenge on November 12th and gave a full month for participants to submit the modules. The team at Alibaba Cloud was very helpful with the developers who were not very experienced with Terraform, and were giving a lot of help on the DingTalk group. Around 70 participants accessed the group and many questions were resolved by the official support and other experienced Terraform users.
My module: terraform-alicloud-cr
To participate in the challenge, I listed every product Alibaba Cloud has in their offering list (which is huge) and compared to the existing Terraform Modules in the official Terraform Registry. I noticed the lack of support for the Container Registry, so I decided to create a complete module (but easy to use) so anyone can get started with it.
Let’s remember that Container Service is a high-performance and scalable container application management service that enables you to use Docker and Kubernetes to manage the lifecycle of containerized applications. It pretty much lets any developer to create their own registry for docker images, private and public. Very convenient.
Using it in a real-world scenario
Let’s assume you have an application that is based on 4 docker images. Ideally, we would create a namespace and then store the 4 images inside it. Since we are organising the images within one namespace, we would need a RAM user able to manage it using docker actions such as “docker login”, “docker push”, “docker pull” and others.
In the scenario that applies to us we have an application called “aliapp” with a proxy, the codebase and a web server. All 3 services are represented by 3 containers,
main.tf file as follows:
terraform apply, a file called
cr-aliapp-ak.json will be generated with the AccessKey & SecretKey needed to query the
GetAuthorizationToken API for
cr and be able to push/pull to/from the repositories inside the namespace created.
The 3 repositories will be called
In order to activate the newly created RAM user on the Registry, only for the first time and due to a security measure by Alibaba Cloud (this may change in the future), you need to navigate to the Container Registry Console using the newly created RAM user (with the one-time password outputted on
terraform apply as
disposable_password) and follow the on-screen instructions to activate the account.
After that, with the
cr-aliapp-ak.json file credentials, you can get, by using the
aliyun-cli SDK, a temporary secure login credentials by running
aliyun cr GetAuthorizationToken.
From now, you can just use the registry for your project, either using a normal Docker approach or by using Kubernetes. Enjoy!