refactor: inject Terraform secrets with Terraform

Instead of Ansible
2024-12-23 01:04:32 +07:00 · 2021-12-29 22:51:36 +07:00 · 2021-12-29 22:51:36 +07:00 · 479016d737
commit 479016d737
parent f4b63c018f
3 changed files with 12 additions and 19 deletions
--- a/external/Makefile
+++ b/external/Makefile
@ -4,7 +4,7 @@
 KUBECONFIG = ../metal/kubeconfig.yaml
 KUBE_CONFIG_PATH = $(KUBECONFIG)

-default: apply terraform-secrets
+default: apply

 ~/.terraform.d/credentials.tfrc.json:
 	terraform login
@ -24,6 +24,3 @@ plan: .terraform.lock.hcl

 apply: .terraform.lock.hcl namespaces
 	terraform apply
-
-terraform-secrets:
-	ansible-playbook terraform-secrets.yml
--- a/external/tekton.tf
+++ b/external/tekton.tf
@ -0,0 +1,11 @@
+resource "kubernetes_secret" "terraform_secrets" {
+  metadata {
+    name      = "terraform-secrets"
+    namespace = "tekton-pipelines"
+  }
+
+  data = {
+    "credentials.tfrc.json" = file("~/.terraform.d/credentials.tfrc.json")
+    "terraform.tfvars" = file("${path.root}/terraform.tfvars")
+  }
+}
--- a/external/terraform-secrets.yml
+++ b/external/terraform-secrets.yml
@ -1,15 +0,0 @@
-# pip install kuberentes
- hosts: localhost
-  tasks:
-    - name: Inject Terraform secrets to Tekton namespace
-      kubernetes.core.k8s:
-        definition:
-          apiVersion: v1
-          kind: Secret
-          type: Opaque
-          metadata:
-            name: terraform-secrets
-            namespace: tekton-pipelines
-          data:
-            credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}"
-            terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}"