terraform-kubernetes-provider how to create secret from file?is there a way to create a Kubernetes Secret subdirectory?Should I commit .tfstate files to Git?Kubernetes - Why use dotfiles in secret volumes?Terraform: How to conditionally assign an EBS volume to an ECS ClusterKubernetes doesn't allow to mount file to containerKubernetes pod secrets /var/run/secrets missingHow to mount entire directory in Kubernetes using configmap?Is it possible to reuse Terraform templates for different resources providing different values for variables?Can I use variables in the TerraForm main.tf file?Terraform - Passing variable to template file at time of rendering?
Are the plates of a battery really charged?
Phrasing "it says" or "it reads"
Magento 2: I am not aware about magneto optimization. Can you please share the steps for this?
Who pays for increased security measures on flights to the US?
Yield on municipal bonds versus treasury
Are there advantages in writing by hand over typing out a story?
Should I warn my boss I might take sick leave
Can you use a reaction to affect initiative rolls?
Which are more efficient in putting out wildfires: planes or helicopters?
How long had Bertha Mason been in the attic at the point of the events in Jane Eyre
Fine-tuning parameters for existing methods
What caused the flashes in the video footage of Chernobyl?
Where is read command?
Why is quantum gravity non-renormalizable?
Isn't "Dave's protocol" good if only the database, and not the code, is leaked?
My mother co-signed for my car. Can she take it away from me if I am the one making car payments?
Did Snape really give Umbridge a fake Veritaserum potion that Harry later pretended to drink?
List of Implementations for common OR problems
3D nonogram – What's going on?
Phrase origin: "You ain't got to go home but you got to get out of here."
CPLEX exceeds time limit issue
Do I need to be legally qualified to install a Hive smart thermostat?
Performance of loop vs expansion
My players like to search everything. What do they find?
terraform-kubernetes-provider how to create secret from file?
is there a way to create a Kubernetes Secret subdirectory?Should I commit .tfstate files to Git?Kubernetes - Why use dotfiles in secret volumes?Terraform: How to conditionally assign an EBS volume to an ECS ClusterKubernetes doesn't allow to mount file to containerKubernetes pod secrets /var/run/secrets missingHow to mount entire directory in Kubernetes using configmap?Is it possible to reuse Terraform templates for different resources providing different values for variables?Can I use variables in the TerraForm main.tf file?Terraform - Passing variable to template file at time of rendering?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:
kubectl create secret generic my-secret --from-file mysecret.json
It seems, however the secret resource's data field expects only a TF map.
I've tried something like
data "template_file" "my-secret"
template = "$file("$path.module/my-secret.json")"
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data = "data.template_file.my-secret.template"
But it complains that this is not a map. So, I can do something like this:
data =
"my-secret.json" = "data.template_file.my-secret.template"
But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.
What is the trick here?
kubernetes terraform terraform-template-file asked Mar 25 at 18:14
Davis FordDavis Ford
1
add a comment |
I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:
kubectl create secret generic my-secret --from-file mysecret.json
It seems, however the secret resource's data field expects only a TF map.
I've tried something like
data "template_file" "my-secret"
template = "$file("$path.module/my-secret.json")"
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data = "data.template_file.my-secret.template"
But it complains that this is not a map. So, I can do something like this:
data =
"my-secret.json" = "data.template_file.my-secret.template"
But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.
What is the trick here?
kubernetes terraform terraform-template-file asked Mar 25 at 18:14
Davis FordDavis Ford
1
add a comment |
I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:
kubectl create secret generic my-secret --from-file mysecret.json
It seems, however the secret resource's data field expects only a TF map.
I've tried something like
data "template_file" "my-secret"
template = "$file("$path.module/my-secret.json")"
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data = "data.template_file.my-secret.template"
But it complains that this is not a map. So, I can do something like this:
data =
"my-secret.json" = "data.template_file.my-secret.template"
But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.
What is the trick here?
kubernetes terraform terraform-template-file asked Mar 25 at 18:14
Davis FordDavis Ford
1
I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:
kubectl create secret generic my-secret --from-file mysecret.json
It seems, however the secret resource's data field expects only a TF map.
I've tried something like
data "template_file" "my-secret"
template = "$file("$path.module/my-secret.json")"
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data = "data.template_file.my-secret.template"
But it complains that this is not a map. So, I can do something like this:
data =
"my-secret.json" = "data.template_file.my-secret.template"
But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.
What is the trick here?
kubernetes terraform terraform-template-file kubernetes terraform terraform-template-file asked Mar 25 at 18:14
Davis FordDavis Ford
1
asked Mar 25 at 18:14
Davis FordDavis Ford
1
asked Mar 25 at 18:14
Davis FordDavis Ford
1
asked Mar 25 at 18:14
Davis FordDavis Ford
1
asked Mar 25 at 18:14
Davis FordDavis Ford
1
1
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Basically you need to provide a map like this :
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"key1" = "value1"
"key2" = "value2"
you can refer to your internal variables using
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"USERNAME" = "$var.some_variable"
"PASSWORD" = "$random_string.root_password.result"
add a comment |
It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json
and then
$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
my-secret.json: ewogICA.....
kind: Secret
metadata:
creationTimestamp: "2019-03-25T18:20:43Z"
name: my-secret
namespace: default
resourceVersion: "67026"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque
it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.
answered Mar 25 at 18:46
Davis FordDavis Ford
1
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55344134%2fterraform-kubernetes-provider-how-to-create-secret-from-file%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Basically you need to provide a map like this :
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"key1" = "value1"
"key2" = "value2"
you can refer to your internal variables using
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"USERNAME" = "$var.some_variable"
"PASSWORD" = "$random_string.root_password.result"
add a comment |
Basically you need to provide a map like this :
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"key1" = "value1"
"key2" = "value2"
you can refer to your internal variables using
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"USERNAME" = "$var.some_variable"
"PASSWORD" = "$random_string.root_password.result"
add a comment |
Basically you need to provide a map like this :
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"key1" = "value1"
"key2" = "value2"
you can refer to your internal variables using
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"USERNAME" = "$var.some_variable"
"PASSWORD" = "$random_string.root_password.result"
Basically you need to provide a map like this :
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"key1" = "value1"
"key2" = "value2"
you can refer to your internal variables using
resource "kubernetes_secret" "sgw-config"
metadata
name = "my-secret"
type = "Opaque"
data
"USERNAME" = "$var.some_variable"
"PASSWORD" = "$random_string.root_password.result"
answered Mar 25 at 18:34
user4889345
add a comment |
add a comment |
It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json
and then
$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
my-secret.json: ewogICA.....
kind: Secret
metadata:
creationTimestamp: "2019-03-25T18:20:43Z"
name: my-secret
namespace: default
resourceVersion: "67026"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque
it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.
answered Mar 25 at 18:46
Davis FordDavis Ford
1
add a comment |
It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json
and then
$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
my-secret.json: ewogICA.....
kind: Secret
metadata:
creationTimestamp: "2019-03-25T18:20:43Z"
name: my-secret
namespace: default
resourceVersion: "67026"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque
it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.
answered Mar 25 at 18:46
Davis FordDavis Ford
1
add a comment |
It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json
and then
$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
my-secret.json: ewogICA.....
kind: Secret
metadata:
creationTimestamp: "2019-03-25T18:20:43Z"
name: my-secret
namespace: default
resourceVersion: "67026"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque
it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.
answered Mar 25 at 18:46
Davis FordDavis Ford
1
It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json
and then
$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
my-secret.json: ewogICA.....
kind: Secret
metadata:
creationTimestamp: "2019-03-25T18:20:43Z"
name: my-secret
namespace: default
resourceVersion: "67026"
selfLink: /api/v1/namespaces/default/secrets/my-secret
uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque
it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.
answered Mar 25 at 18:46
Davis FordDavis Ford
1
answered Mar 25 at 18:46
Davis FordDavis Ford
1
answered Mar 25 at 18:46
Davis FordDavis Ford
1
answered Mar 25 at 18:46
Davis FordDavis Ford
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55344134%2fterraform-kubernetes-provider-how-to-create-secret-from-file%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
