Skip to content

Latest commit

 

History

History
185 lines (162 loc) · 21.5 KB

README.md

File metadata and controls

185 lines (162 loc) · 21.5 KB

terraform-google-gcr-cleaner

Terraform module that implements gcr-cleaner, a tool that deletes untagged images in Google Cloud Container Registry and Google Cloud Artifact Registry.

GitHub contributors GitHub stars GitHub issues GitHub closed issues GitHub pull requests GitHub release (latest by date) GitHub commit activity GitHub license Twitter Follow

Usage

  • From current project (the provider's project)
    • in test/nginx repository, delete all untagged images
    • in test/python repository, delete all images older than 30 days (720h)
  • From another-project-id project
    • in test/os/centos repository, delete all untagged images
  • From project foobar-123
    • in foo/nginx docker repository in Google Artifact Registry foo, delete all untagged images
    • in foo/python docker repository in Google Artifact Registry foo, delete all untagged images
module "gcr_cleaner" {
  source  = "mirakl/gcr-cleaner/google"
  version = "x.y.z"

  app_engine_application_location = "europe-west3"
  gcr_repositories = [
    {
      storage_region = "eu"
      repositories = [
        {
          # in `test/nginx` repository, delete all untagged images
          name = "test/nginx"
        },
        {
          # in `test/python` repository, delete all images older than 30 days (720h)
          name  = "test/python"
          grace = "720h"
        }
      ]
    },
    {
      project_id     = "another-project-id"
      repositories = [
        {
          # in `test/os/centos` repository, delete all untagged images
          name = "test/nginx"
        }
      ]
    }
  ]
  gar_repositories = [
    {
      name          = "foo/nginx"
      registry_name = "foo"
      region        = "europe-west1"
      project_id    = "foobar-123"
    },
    {
      name          = "foo/python"
      registry_name = "foo"
      region        = "europe-west1"
      project_id    = "foobar-123"
    }
  ]
}
  • From yet-another-project-id project
    • in all repositories, delete all untagged images
    • in all repositories, keep 5 beta tags, ignore anything newer than 5 days
  • From automation-project-id project
    • in in test/tools/ci repository and all its child repositories, keep only 5 tags
module "gcr_cleaner" {
  source  = "mirakl/gcr-cleaner/google"
  version = "x.y.z"

  app_engine_application_location = "us-central"
  gcr_repositories = [
    {
      # in all repositories, delete all untagged images
      project_id     = "yet-another-project-id"
      clean_all      = true
    },
    {
      # in all repositories, keep 5 `beta` tags, ignore anything newer than 5 days
      project_id     = "yet-another-project-id"
      clean_all      = true
      parameters = {
        keep           = 5
        grace          = "120h"
        tag_filter_all = "^beta.+$"
      }
    }
  ]
}

Examples

  • complete - complete usage of the module (setting values for all variables)
  • minimal - minimal usage of the module (using default values for variables)

Requirements

Name Version
terraform >= 1.3.0
google >= 4.37.0
google-beta >= 4.37.0

Providers

Name Version
google 5.12.0
google-beta 5.12.0

Modules

No modules.

Resources

Name Type
google-beta_google_artifact_registry_repository_iam_member.this resource
google_app_engine_application.this resource
google_cloud_run_service.this resource
google_cloud_run_service_iam_binding.this resource
google_cloud_scheduler_job.this resource
google_project_iam_member.this resource
google_project_service.this resource
google_service_account.cleaner resource
google_service_account.invoker resource
google_service_account_iam_member.tf_as_cleaner resource
google_service_account_iam_member.tf_as_invoker resource
google_storage_bucket_access_control.this resource
google_storage_bucket_iam_member.this resource
google_client_openid_userinfo.terraform data source
google_project.this data source
google_storage_bucket.bucket data source

Inputs

Name Description Type Default Required
app_engine_application_location The location to serve the app from. string "europe-west1" no
cloud_run_service_location The location of the cloud run instance. Make sure to provide a valid location. More at https://cloud.google.com/run/docs/locations. string "europe-west1" no
cloud_run_service_maximum_instances The number of maximum instances to set for this revision. This value will be used in the autoscaling.knative.dev/maxScale annotation key. number 100 no
cloud_run_service_name The name of the cloud run service. string "gcr-cleaner" no
cloud_run_service_timeout_seconds TimeoutSeconds holds the max duration the instance is allowed for responding to a request. number 60 no
cloud_scheduler_job_attempt_deadline The deadline for job attempts in seconds. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. Value must be between 15 seconds and 24 hours number 320 no
cloud_scheduler_job_max_backoff_duration The maximum amount of time to wait before retrying a job after it fails. A duration in seconds with up to nine fractional digits. number 3600 no
cloud_scheduler_job_max_doublings The time between retries will double maxDoublings times. A job's retry interval starts at minBackoffDuration, then doubles maxDoublings times, then increases linearly, and finally retries retries at intervals of maxBackoffDuration up to retryCount times. number 5 no
cloud_scheduler_job_max_retry_duration The time limit for retrying a failed job, measured from time when an execution was first attempted. If specified with retryCount, the job will be retried until both limits are reached. A duration in seconds with up to nine fractional digits. number 0 no
cloud_scheduler_job_min_backoff_duration The minimum amount of time to wait before retrying a job after it fails. A duration in seconds with up to nine fractional digits. number 5 no
cloud_scheduler_job_retry_count The number of attempts that the system will make to run a job using the exponential backoff procedure described by maxDoublings. Values greater than 5 and negative values are not allowed. number 1 no
cloud_scheduler_job_schedule Describes the schedule on which the job will be executed. string "0 4 * * 1" no
cloud_scheduler_job_time_zone Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the tz database. More on https://en.wikipedia.org/wiki/List_of_tz_database_time_zones string "Europe/Brussels" no
create_app_engine_app Whether to create an App Engine application. bool false no
disable_dependent_services If true, services that are enabled and which depend on this service should also be disabled when this service is destroyed. If false or unset, an error will be generated if any enabled services depend on this service when destroying it. bool false no
disable_on_destroy If true, disable the service when the terraform resource is destroyed. May be useful in the event that a project is long-lived but the infrastructure running in that project changes frequently. bool false no
gar_repositories List of Google Artifact Registry objects:
list(object({
project_id = Value of the Google project id, if ommited, it will be assigned google_project_id local value, which is the provider's project_id (string)
region = Location of the storage bucket (string)
name = Name of the Artifact Registry with the full repository path (string)
registry_name = Name of the Artifact Registry Docker Registry (string)
parameters = Map of parameters to apply to all repositories when clean_all is set to true (optional(object({
grace = Relative duration in which to ignore references. This value is specified as a time duration value like "5s" or "3h". If set, refs newer than the duration will not be deleted. If unspecified, the default is no grace period (all untagged image refs are deleted) (optional(string))
keep = If an integer is provided, it will always keep that minimum number of images. Note that it will not consider images inside the grace duration (optional(string))
tag_filter = (Deprecated) If specified, any image where the first tag matches this given regular expression will be deleted. The image will not be deleted if other tags match the regular expression (optional(string))
tag_filter_any = If specified, any image with at least one tag that matches this given regular expression will be deleted. The image will be deleted even if it has other tags that do not match the given regular expression (optional(string))
tag_filter_all = If specified, any image where all tags match this given regular expression will be deleted. The image will not be delete if it has other tags that do not match the given regular expression (optional(string))
recursive = If set to true, will recursively search all child repositories (optional(bool))
dry_run = If set to true, will not delete anything and outputs what would have been deleted. (optional(bool))
scheduler_job_name = If specified, uses this as name for the Cloud Scheduler job. (optional(string))
scheduler_job_description = If specified, uses this as description for the Cloud Scheduler job. (optional(string))
})))
}))
list(object({
project_id = optional(string)
region = string
name = string
registry_name = string
parameters = optional(object({
grace = optional(string)
keep = optional(string)
tag_filter = optional(string)
tag_filter_any = optional(string)
tag_filter_all = optional(string)
dry_run = optional(bool)
recursive = optional(bool)
scheduler_job_name = optional(string)
scheduler_job_description = optional(string)
}))
}))
[] no
gcr_cleaner_image The docker image of the gcr cleaner to deploy to Cloud Run. string "gcr.io/gcr-cleaner/gcr-cleaner:latest" no
gcr_cleaner_log_level By default, GCR Cleaner only emits user-level logging at the "info" level. More logs are available at the "debug" level. More at https://github.com/GoogleCloudPlatform/gcr-cleaner#debugging. string "info" no
gcr_repositories List of Google Container Registries objects to create:
list(object({
project_id = Value of the Google project id, if ommited, it will be assigned google_project_id local value, which is the provider's project_id (optional(string))
storage_region = Location of the storage bucket (optional(string))
repositories = Docker image repositories to clean (optional(list(object({
name = Name of the repository (string)
grace = Relative duration in which to ignore references. This value is specified as a time duration value like "5s" or "3h". If set, refs newer than the duration will not be deleted. If unspecified, the default is no grace period (all untagged image refs are deleted) (optional(string))
keep = If an integer is provided, it will always keep that minimum number of images. Note that it will not consider images inside the grace duration (optional(string))
tag_filter = (Deprecated) If specified, any image where the first tag matches this given regular expression will be deleted. The image will not be deleted if other tags match the regular expression (optional(string))
tag_filter_any = If specified, any image with at least one tag that matches this given regular expression will be deleted. The image will be deleted even if it has other tags that do not match the given regular expression (optional(string))
tag_filter_all = If specified, any image where all tags match this given regular expression will be deleted. The image will not be delete if it has other tags that do not match the given regular expression (optional(string))
recursive = If set to true, will recursively search all child repositories (optional(bool))
dry_run = If set to true, will not delete anything and outputs what would have been deleted. (optional(bool))
scheduler_job_name = If specified, uses this as name for the Cloud Scheduler job. (optional(string))
scheduler_job_description = If specified, uses this as description for the Cloud Scheduler job. (optional(string))
}))))
clean_all = Set to true to clean all project's repositories (optional(bool))
parameters = Map of parameters to apply to all repositories when clean_all is set to true (optional(object({
grace = Relative duration in which to ignore references. This value is specified as a time duration value like "5s" or "3h". If set, refs newer than the duration will not be deleted. If unspecified, the default is no grace period (all untagged image refs are deleted) (optional(string))
keep = If an integer is provided, it will always keep that minimum number of images. Note that it will not consider images inside the grace duration (optional(string))
tag_filter = (Deprecated) If specified, any image where the first tag matches this given regular expression will be deleted. The image will not be deleted if other tags match the regular expression (optional(string))
tag_filter_any = If specified, any image with at least one tag that matches this given regular expression will be deleted. The image will be deleted even if it has other tags that do not match the given regular expression (optional(string))
tag_filter_all = If specified, any image where all tags match this given regular expression will be deleted. The image will not be delete if it has other tags that do not match the given regular expression (optional(string))
dry_run = If set to true, will not delete anything and outputs what would have been deleted. (optional(bool))
scheduler_job_name = If specified, uses this as name for the Cloud Scheduler job. (optional(string))
scheduler_job_description = If specified, uses this as description for the Cloud Scheduler job. (optional(string))
})))
}))
list(object({
project_id = optional(string)
storage_region = optional(string)
repositories = optional(list(object({
name = string
grace = optional(string)
keep = optional(string)
tag_filter = optional(string)
tag_filter_any = optional(string)
tag_filter_all = optional(string)
recursive = optional(bool)
dry_run = optional(bool)
scheduler_job_name = optional(string)
scheduler_job_description = optional(string)
})))
clean_all = optional(bool)
parameters = optional(object({
grace = optional(string)
keep = optional(string)
tag_filter = optional(string)
tag_filter_any = optional(string)
tag_filter_all = optional(string)
dry_run = optional(bool)
scheduler_job_name = optional(string)
scheduler_job_description = optional(string)
}))
}))
[] no

Outputs

Name Description
app_engine_application_name The name of the app engine application.
cloud_run_service_id The ID of the cloud run service.
cloud_scheduler_jobs List of the created scheduler jobs.