mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-23 01:14:38 +07:00
Code Issues Packages Projects Releases Wiki Activity

refactor: inject Terraform secrets with Terraform

Browse Source 
Instead of Ansible
This commit is contained in:
Khue Doan 2021-12-29 22:51:36 +07:00
parent f4b63c018f
commit 479016d737
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
external/Makefile
View File

@ -4,7 +4,7 @@
KUBECONFIG = ../metal/kubeconfig.yaml KUBECONFIG = ../metal/kubeconfig.yaml
KUBE_CONFIG_PATH = $(KUBECONFIG) KUBE_CONFIG_PATH = $(KUBECONFIG)
default: apply terraform-secrets default: apply
~/.terraform.d/credentials.tfrc.json: ~/.terraform.d/credentials.tfrc.json:
terraform login terraform login
@ -24,6 +24,3 @@ plan: .terraform.lock.hcl
apply: .terraform.lock.hcl namespaces apply: .terraform.lock.hcl namespaces
terraform apply terraform apply
terraform-secrets:
ansible-playbook terraform-secrets.yml

11
external/tekton.tf Normal file
View File

@ -0,0 +1,11 @@
resource "kubernetes_secret" "terraform_secrets" {
metadata {
name = "terraform-secrets"
namespace = "tekton-pipelines"
}
data = {
"credentials.tfrc.json" = file("~/.terraform.d/credentials.tfrc.json")
"terraform.tfvars" = file("${path.root}/terraform.tfvars")
}
}

15
external/terraform-secrets.yml
View File

@ -1,15 +0,0 @@
# pip install kuberentes
- hosts: localhost
tasks:
- name: Inject Terraform secrets to Tekton namespace
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: terraform-secrets
namespace: tekton-pipelines
data:
credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}"
terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}"