Styjun

Are the plates of a battery really charged?

Phrasing "it says" or "it reads"

Magento 2: I am not aware about magneto optimization. Can you please share the steps for this?

Who pays for increased security measures on flights to the US?

Yield on municipal bonds versus treasury

Are there advantages in writing by hand over typing out a story?

Should I warn my boss I might take sick leave

Can you use a reaction to affect initiative rolls?

Which are more efficient in putting out wildfires: planes or helicopters?

How long had Bertha Mason been in the attic at the point of the events in Jane Eyre

Fine-tuning parameters for existing methods

What caused the flashes in the video footage of Chernobyl?

Where is read command?

Why is quantum gravity non-renormalizable?

Isn't "Dave's protocol" good if only the database, and not the code, is leaked?

My mother co-signed for my car. Can she take it away from me if I am the one making car payments?

Did Snape really give Umbridge a fake Veritaserum potion that Harry later pretended to drink?

List of Implementations for common OR problems

3D nonogram – What's going on?

Phrase origin: "You ain't got to go home but you got to get out of here."

CPLEX exceeds time limit issue

Do I need to be legally qualified to install a Hive smart thermostat?

Performance of loop vs expansion

My players like to search everything. What do they find?

terraform-kubernetes-provider how to create secret from file?

is there a way to create a Kubernetes Secret subdirectory?Should I commit .tfstate files to Git?Kubernetes - Why use dotfiles in secret volumes?Terraform: How to conditionally assign an EBS volume to an ECS ClusterKubernetes doesn't allow to mount file to containerKubernetes pod secrets /var/run/secrets missingHow to mount entire directory in Kubernetes using configmap?Is it possible to reuse Terraform templates for different resources providing different values for variables?Can I use variables in the TerraForm main.tf file?Terraform - Passing variable to template file at time of rendering?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

0

I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:

kubectl create secret generic my-secret --from-file mysecret.json

It seems, however the secret resource's data field expects only a TF map.

I've tried something like

data "template_file" "my-secret" 
 template = "$file("$path.module/my-secret.json")"


resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data = "data.template_file.my-secret.template"

But it complains that this is not a map. So, I can do something like this:

 data = 
 "my-secret.json" = "data.template_file.my-secret.template"
 

But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.

What is the trick here?

kubernetes terraform terraform-template-file

share|improve this question

asked Mar 25 at 18:14

Davis FordDavis Ford

1

add a comment | 

0

I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:

kubectl create secret generic my-secret --from-file mysecret.json

It seems, however the secret resource's data field expects only a TF map.

I've tried something like

data "template_file" "my-secret" 
 template = "$file("$path.module/my-secret.json")"


resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data = "data.template_file.my-secret.template"

But it complains that this is not a map. So, I can do something like this:

 data = 
 "my-secret.json" = "data.template_file.my-secret.template"
 

But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.

What is the trick here?

kubernetes terraform terraform-template-file

share|improve this question

asked Mar 25 at 18:14

Davis FordDavis Ford

1

add a comment | 

I'm using the terraform kubernetes-provider and I'd like to translate something like this kubectl command into TF:

kubectl create secret generic my-secret --from-file mysecret.json

It seems, however the secret resource's data field expects only a TF map.

I've tried something like

data "template_file" "my-secret" 
 template = "$file("$path.module/my-secret.json")"


resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data = "data.template_file.my-secret.template"

But it complains that this is not a map. So, I can do something like this:

 data = 
 "my-secret.json" = "data.template_file.my-secret.template"
 

But this will write the secret with a top-level field named my-secret.json and when I volume mount it, it won't work with other resources.

What is the trick here?

kubernetes terraform terraform-template-file

share|improve this question

asked Mar 25 at 18:14

Davis FordDavis Ford

1

kubectl create secret generic my-secret --from-file mysecret.json

data "template_file" "my-secret" 
 template = "$file("$path.module/my-secret.json")"


resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data = "data.template_file.my-secret.template"

 data = 
 "my-secret.json" = "data.template_file.my-secret.template"
 

kubernetes terraform terraform-template-file

kubernetes terraform terraform-template-file

share|improve this question

asked Mar 25 at 18:14

Davis FordDavis Ford

1

share|improve this question

asked Mar 25 at 18:14

Davis FordDavis Ford

1

asked Mar 25 at 18:14

Davis FordDavis Ford

1

asked Mar 25 at 18:14

Davis FordDavis Ford

1

2 Answers
2

active

oldest

votes

1

Basically you need to provide a map like this :

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "key1" = "value1"
 "key2" = "value2"
 

you can refer to your internal variables using

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "USERNAME" = "$var.some_variable"
 "PASSWORD" = "$random_string.root_password.result"
 
 

share|improve this answer

answered Mar 25 at 18:34

user4889345

add a comment | 

0

It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json

and then

$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
 my-secret.json: ewogICA.....
kind: Secret
metadata:
 creationTimestamp: "2019-03-25T18:20:43Z"
 name: my-secret
 namespace: default
 resourceVersion: "67026"
 selfLink: /api/v1/namespaces/default/secrets/my-secret
 uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque

it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.

share|improve this answer

answered Mar 25 at 18:46

Davis FordDavis Ford

1

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55344134%2fterraform-kubernetes-provider-how-to-create-secret-from-file%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "key1" = "value1"
 "key2" = "value2"
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "USERNAME" = "$var.some_variable"
 "PASSWORD" = "$random_string.root_password.result"
 
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "key1" = "value1"
 "key2" = "value2"
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "USERNAME" = "$var.some_variable"
 "PASSWORD" = "$random_string.root_password.result"
 
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "key1" = "value1"
 "key2" = "value2"
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "USERNAME" = "$var.some_variable"
 "PASSWORD" = "$random_string.root_password.result"
 
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "key1" = "value1"
 "key2" = "value2"
 

resource "kubernetes_secret" "sgw-config" 
 metadata 
 name = "my-secret"
 
 type = "Opaque"
 data 
 "USERNAME" = "$var.some_variable"
 "PASSWORD" = "$random_string.root_password.result"
 
 

0

It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json

and then

$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
 my-secret.json: ewogICA.....
kind: Secret
metadata:
 creationTimestamp: "2019-03-25T18:20:43Z"
 name: my-secret
 namespace: default
 resourceVersion: "67026"
 selfLink: /api/v1/namespaces/default/secrets/my-secret
 uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque

it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.

share|improve this answer

answered Mar 25 at 18:46

Davis FordDavis Ford

1

add a comment | 

0

It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json

and then

$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
 my-secret.json: ewogICA.....
kind: Secret
metadata:
 creationTimestamp: "2019-03-25T18:20:43Z"
 name: my-secret
 namespace: default
 resourceVersion: "67026"
 selfLink: /api/v1/namespaces/default/secrets/my-secret
 uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque

it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.

share|improve this answer

answered Mar 25 at 18:46

Davis FordDavis Ford

1

add a comment | 

It seems if you run the command kubectl create secret generic my-secret --from-file mysecret.json

and then

$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
 my-secret.json: ewogICA.....
kind: Secret
metadata:
 creationTimestamp: "2019-03-25T18:20:43Z"
 name: my-secret
 namespace: default
 resourceVersion: "67026"
 selfLink: /api/v1/namespaces/default/secrets/my-secret
 uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque

it stores it similarly with the filename as the single key. When I mount this in a volume/volumeMount it works as expected. I was afraid that it wouldn't but when I create the secret using the --from-file argument, this is exactly how it stores it.

share|improve this answer

answered Mar 25 at 18:46

Davis FordDavis Ford

1

$ kubectl get secrets my-secret -o yaml
apiVersion: v1
data:
 my-secret.json: ewogICA.....
kind: Secret
metadata:
 creationTimestamp: "2019-03-25T18:20:43Z"
 name: my-secret
 namespace: default
 resourceVersion: "67026"
 selfLink: /api/v1/namespaces/default/secrets/my-secret
 uid: b397a29c-4f2a-11e9-9806-000c290425d0
type: Opaque

share|improve this answer

answered Mar 25 at 18:46

Davis FordDavis Ford

1

answered Mar 25 at 18:46

Davis FordDavis Ford

1

answered Mar 25 at 18:46

Davis FordDavis Ford

1