Adding Private ACR for k8s test

Signed-off-by: ritikaguptams <ritikagupta@microsoft.com>
kubernetes · Jul 15, 2024 · e5601df · e5601df
1 parent b37ac11
commit e5601df
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/infra/azure/terraform/README.md b/infra/azure/terraform/README.md
@@ -12,6 +12,8 @@ main.tf
 
 # Prerequiste 
 The az-cli-prow service principal is required to be created by a tenant admin. Also to add a federated credentials for the prow ask a tenant admin or the SP admin. iam-config\param.json can be used for creating the fededrated credentials. 
+TODO: Add EKS federated creds 
+
 The service principal needs:
 - Contributor role access to the sub. 
 - Creation of a custom role to give write access

diff --git a/infra/azure/terraform/capz/container-registry/main.tf b/infra/azure/terraform/capz/container-registry/main.tf
@@ -10,8 +10,17 @@ resource "azurerm_container_registry" "capzci_registry" {
   name                = "capzcicommunity"
   location            = var.location
   resource_group_name = var.resource_group_name
-  sku                 = "Standard"
+  sku                 = "Premium"
   anonymous_pull_enabled = true
+
+  retention_policy {
+    days    = 7
+    enabled = true
+  }
+
+  tags = {
+    RetentionPolicy = "7days"
+  }
 }
 
 resource "azurerm_management_lock" "registry_lock" {
@@ -32,7 +41,7 @@ resource "azurerm_container_registry_task" "registry_task" {
     type                        = "Runtime"
     update_trigger_payload_type = "Default"
   }
-  encoded_step {
+   encoded_step {
     task_content = base64encode(<<EOF
 version: v1.1.0
 steps:
@@ -54,4 +63,31 @@ EOF
 
 output "container_registry_id" {
   value = azurerm_container_registry.capzci_registry.id
+}
+
+resource "azurerm_container_registry" "e2eprivate_registry" {
+  name                = "e2eprivatecommunity"
+  location            = var.location
+  resource_group_name = var.resource_group_name
+  sku                 = "Premium"
+
+  retention_policy {
+    days    = 7
+    enabled = true
+  }
+
+  tags = {
+    RetentionPolicy = "7days"
+  }
+}
+
+resource "azurerm_management_lock" "e2eregistry_lock" {
+  name       = "DO-NOT_DELETE"
+  scope      = azurerm_container_registry.e2eprivate_registry.id
+  lock_level = "CanNotDelete"
+  notes      = "Contact Capz"
+}
+
+output "e2eprivate_registry_id" {
+  value = azurerm_container_registry.e2eprivate_registry.id
 }