Make it possible to mount secrets as volumes

dzhlobo · dzhlobo · commit 9c39ea53b164 · 2021-06-24T04:12:22.000+03:00
Use `mount_secrets` within service definition:
	mount_secrets = {
		secret-name = "/destination/path"
	}

Every key in `data` in secret become a file in the destination path.
diff --git a/k8s/basic/cluster/cluster.tf b/k8s/basic/cluster/cluster.tf
@@ -119,6 +119,14 @@ resource "kubernetes_deployment" "deployment" {
               }
             }
           }
+
+          dynamic "volume_mount" {
+            for_each = each.value.mount_secrets
+            content {
+              name = volume_mount.key
+              mount_path = volume_mount.value
+            }
+          }
         }
 
         dynamic "init_container" {
@@ -158,6 +166,25 @@ resource "kubernetes_deployment" "deployment" {
                 }
               }
             }
+
+            dynamic "volume_mount" {
+              for_each = init_container.value.mount_secrets
+              content {
+                name = volume_mount.key
+                mount_path = volume_mount.value
+              }
+            }
+          }
+        }
+
+        dynamic "volume" {
+          for_each = each.value.mount_secrets
+
+          content {
+            name = volume.key
+            secret {
+              secret_name = volume.key
+            }
           }
         }
       }
diff --git a/k8s/basic/cluster/variables.tf b/k8s/basic/cluster/variables.tf
@@ -28,12 +28,14 @@ variable "services" {
       env_from_secrets = optional(list(string))
       env_from_field = optional(map(string))
       env = optional(map(string))
+      mount_secrets = optional(map(string))
       init_container = optional(object({
         image = optional(string)
         command = list(string)
         env_from_secrets = optional(list(string))
         env_from_field = optional(map(string))
         env = optional(map(string))
+        mount_secrets = optional(map(string))
       }))
     })
   )
diff --git a/k8s/basic/variables.tf b/k8s/basic/variables.tf
@@ -34,12 +34,14 @@ variable "services" {
       env_from_secrets = optional(list(string))
       env_from_field = optional(map(string))
       env = optional(map(string))
+      mount_secrets = optional(map(string))
       init_container = optional(object({
         image = optional(string)
         command = list(string)
         env_from_secrets = optional(list(string))
         env_from_field = optional(map(string))
         env = optional(map(string))
+        mount_secrets = optional(map(string))
       }))
     })
   )

Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,14 @@ resource "kubernetes_deployment" "deployment" {`
`119`	`119`	`}`
`120`	`120`	`}`
`121`	`121`	`}`
	`122`	`+`
	`123`	`+ dynamic "volume_mount" {`
	`124`	`+ for_each = each.value.mount_secrets`
	`125`	`+ content {`
	`126`	`+ name = volume_mount.key`
	`127`	`+ mount_path = volume_mount.value`
	`128`	`+ }`
	`129`	`+ }`
`122`	`130`	`}`
`123`	`131`
`124`	`132`	`dynamic "init_container" {`
`@@ -158,6 +166,25 @@ resource "kubernetes_deployment" "deployment" {`
`158`	`166`	`}`
`159`	`167`	`}`
`160`	`168`	`}`
	`169`	`+`
	`170`	`+ dynamic "volume_mount" {`
	`171`	`+ for_each = init_container.value.mount_secrets`
	`172`	`+ content {`
	`173`	`+ name = volume_mount.key`
	`174`	`+ mount_path = volume_mount.value`
	`175`	`+ }`
	`176`	`+ }`
	`177`	`+ }`
	`178`	`+ }`
	`179`	`+`
	`180`	`+ dynamic "volume" {`
	`181`	`+ for_each = each.value.mount_secrets`
	`182`	`+`
	`183`	`+ content {`
	`184`	`+ name = volume.key`
	`185`	`+ secret {`
	`186`	`+ secret_name = volume.key`
	`187`	`+ }`
`161`	`188`	`}`
`162`	`189`	`}`
`163`	`190`	`}`