Make it possible to mount secrets as volumes

Use `mount_secrets` within service definition: mount_secrets = { secret-name = "/destination/path" } Every key in `data` in secret become a file in the destination path.
datarockets · Jun 24, 2021 · 9c39ea5 · 9c39ea5
1 parent 2df4f31
commit 9c39ea5
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/k8s/basic/cluster/cluster.tf b/k8s/basic/cluster/cluster.tf
@@ -119,6 +119,14 @@ resource "kubernetes_deployment" "deployment" {
               }
             }
           }
+
+          dynamic "volume_mount" {
+            for_each = each.value.mount_secrets
+            content {
+              name = volume_mount.key
+              mount_path = volume_mount.value
+            }
+          }
         }
 
         dynamic "init_container" {
@@ -158,6 +166,25 @@ resource "kubernetes_deployment" "deployment" {
                 }
               }
             }
+
+            dynamic "volume_mount" {
+              for_each = init_container.value.mount_secrets
+              content {
+                name = volume_mount.key
+                mount_path = volume_mount.value
+              }
+            }
+          }
+        }
+
+        dynamic "volume" {
+          for_each = each.value.mount_secrets
+
+          content {
+            name = volume.key
+            secret {
+              secret_name = volume.key
+            }
           }
         }
       }

diff --git a/k8s/basic/cluster/variables.tf b/k8s/basic/cluster/variables.tf
@@ -28,12 +28,14 @@ variable "services" {
       env_from_secrets = optional(list(string))
       env_from_field = optional(map(string))
       env = optional(map(string))
+      mount_secrets = optional(map(string))
       init_container = optional(object({
         image = optional(string)
         command = list(string)
         env_from_secrets = optional(list(string))
         env_from_field = optional(map(string))
         env = optional(map(string))
+        mount_secrets = optional(map(string))
       }))
     })
   )

diff --git a/k8s/basic/variables.tf b/k8s/basic/variables.tf
@@ -34,12 +34,14 @@ variable "services" {
       env_from_secrets = optional(list(string))
       env_from_field = optional(map(string))
       env = optional(map(string))
+      mount_secrets = optional(map(string))
       init_container = optional(object({
         image = optional(string)
         command = list(string)
         env_from_secrets = optional(list(string))
         env_from_field = optional(map(string))
         env = optional(map(string))
+        mount_secrets = optional(map(string))
       }))
     })
   )