Terraform module for building multi-architecture container images (amd64 and arm64) using remote (TLS) ephemeral EC2 instances as builders. Two AWS Spot instances are launched (one for each architecture). They both run docker (moby) in TLS mode. The module generates the remote builders and client certificates to connect and authenticate between them. The module installs the certificates and applies the respective buildx configuration in the client (see create_client_certs and handle_client_config input variables).
The builders are intended for ephemeral use cases, during pipelines, for instance. Therefore, caching usage is also recommended.
The following are the dependencies to make use of the remote ephemeral builders, once they are deployed:
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | ~> 4.0 |
| tls | ~> 3.0 |
| Name | Version |
|---|---|
| aws | 4.20.0 |
| local | 2.2.3 |
| null | 3.1.1 |
| template | 2.2.0 |
| tls | 3.4.0 |
No modules.
| Name | Type |
|---|---|
| aws_spot_instance_request.multiarch_builder_amd64 | resource |
| aws_spot_instance_request.multiarch_builder_arm64 | resource |
| local_sensitive_file.ca_cert | resource |
| local_sensitive_file.client_cert | resource |
| local_sensitive_file.client_key | resource |
| null_resource.client_config | resource |
| null_resource.client_config_amd64 | resource |
| null_resource.client_config_arm64 | resource |
| tls_cert_request.client | resource |
| tls_cert_request.server | resource |
| tls_locally_signed_cert.client | resource |
| tls_locally_signed_cert.server | resource |
| tls_private_key.ca | resource |
| tls_private_key.client | resource |
| tls_private_key.server | resource |
| tls_self_signed_cert.ca | resource |
| aws_ami.amazon_linux_amd64 | data source |
| aws_ami.amazon_linux_arm64 | data source |
| template_cloudinit_config.multiarch_builder | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| az | The multiarch builder instances availability zone | any |
null |
no |
| create_amd64 | Whether to create amd64 builder instance | bool |
true |
no |
| create_arm64 | Whether to create arm64 builder instance | bool |
true |
no |
| create_client_certs | Whether client certificate files are stored on the disk | bool |
true |
no |
| docker_cert_path | Location for storing generated client docker certificates | string |
"~/.docker/multiarch-builder/certs" |
no |
| handle_client_config | Whether client buildx config is created or removed (when destroyed) | bool |
true |
no |
| iam_instance_profile | The multiarch builder instances iam instance profile | any |
null |
no |
| instance_type_amd64 | The amd64 builder instance type | string |
"t3.medium" |
no |
| instance_type_arm64 | The arm64 builder instance type | string |
"t4g.medium" |
no |
| key_name | The multiarch builder instances ssh key name | any |
null |
no |
| prefix_name | The multiarch builder instances prefix name | string |
"multiarch-builder" |
no |
| security_group_ids | The multiarch builder instances security group ids list | list(string) |
[] |
no |
| subnet_id | The multiarch builder instances (public) subnet id | any |
null |
no |
| tls_validity_period_hours | Number of hours, after initial issuing, that the certificate will remain valid for | number |
24 |
no |
| volume_root_size | The multiarch builder instances root volume size | number |
15 |
no |
| Name | Description |
|---|---|
| ca_cert | This CA certificate |
| client_cert | The client certificate sign by this CA |
| client_config_amd64_cmd | Command to configure the client (docker and buildx) with amd64 instance |
| client_config_arm64_cmd | Command to configure the client (docker and buildx) with arm64 instance |
| client_key | The client private key |
| docker_host_amd64 | Docker host (TLS) for amd64 instance |
| docker_host_arm64 | Docker host (TLS) for arm64 instance |
Krestomatio is a managed service for Moodle™ e-learning platforms. It allows you to have open-source instances managed by a service optimized for Moodle™, complete with an additional plugin pack and customization options.