How-To: Pull Terraform modules from private git repositories
Categories:
This how-to guide will describe how to:
- Configure a Radius Environment to be able to pull Terraform Recipe templates from a private git repository.
Prerequisites
Before you get started, you’ll need to make sure you have the following tools and resources:
Step 1: Create a personal access token
Create a personal access token, this can be from GitHub, GitLab, Azure DevOps, or any other Git platform.
The PAT should have access to read the files inside the specific private repository.
Step 2: Define a secret store resource
Configure a Radius Secret Store with the personal access token or username + password you previously created, which has access to your private git repository. Define the namespace for the cluster that will contain your Kubernetes Secret with the resource property.
While this example shows a Radius-managed secret store where Radius creates the underlying secrets infrastructure, you can also bring your own existing secrets. Refer to the secrets documentation for more information.
Create a Bicep file env.bicep, import Radius, and define your resource:
extension radius
@description('Required value, refers to the personal access token or password of the git platform')
@secure()
param pat string
resource secretStoreGit 'Applications.Core/secretStores@2023-10-01-preview' = {
name: 'my-git-secret-store'
properties: {
resource: 'my-secret-namespace/github'
type: 'generic'
data: {
pat: {
value: pat
}
}
}
}
The property
patis required and refers to your personal access token or password, whileusernameis optional and refers to a username, if your git platform requires one.
Step 3: Configure Terraform Recipe git authentication
recipeConfig allows you to configure how Recipes should be setup and run. One available option is to specify git credentials for pulling Terraform Recipes from git sources. For more information refer to the Radius Environment schema page.
In your env.bicep file add an Environment resource, along with Recipe configuration which leverages the previously defined secret store for git authentication.
resource env 'Applications.Core/environments@2023-10-01-preview' = {
name: 'my-env'
properties: {
compute: {
kind: 'kubernetes'
namespace: 'my-namespace'
}
recipeConfig: {
terraform: {
authentication: {
git: {
pat: {
// The hostname of your git platform, such as 'dev.azure.com' or 'github.com'
'github.com':{
secret: secretStoreGit.id
}
}
}
}
}
}
}
}
Step 4: Add a Terraform Recipe
Update your Environment with a Terraform Recipe, pointing to your private git repository. Note that your templatePath should contain a git:: prefix, per the Terraform module documentation.
resource env 'Applications.Core/environments@2023-10-01-preview' = {
name: 'my-env'
properties: {
compute: {
kind: 'kubernetes'
namespace: 'my-namespace'
}
recipeConfig: {
terraform: {
authentication: {
git: {
pat: {
// The hostname of your git platform, such as 'dev.azure.com' or 'github.com'
'github.com':{
secret: secretStoreGit.id
}
}
}
}
}
}
recipes: {
'Applications.Datastores/redisCaches': {
default: {
templateKind: 'terraform'
// Git template path
templatePath:'git::https://github.com/my-org/my-repo'
}
}
}
}
}
Step 5: Deploy your Radius Environment
Deploy your new Radius Environment:
rad deploy ./env.bicep -p pat=******
Done
Your Radius Environment is now ready to utilize your Radius Recipes stored inside your private registry. For more information on Radius Recipes visit the Recipes overview page.
Cleanup
You can delete a Radius Environment by running the following command:
rad env delete my-env
Further reading
Feedback
Was this page helpful?
Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.
Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.