如何通过 terraform 定义投影在体积中的秘密项目列表
How to define list of secret items projected in volume via terraform
我打算通过 terraform 创建一个 k8s 作业。
在处理过程中,我需要在其中创建秘密项目的卷和项目列表。
我能够通过下面的 yaml 配置片段实现这一点
volumeMounts:
- name: certs
mountPath: /app/certs
- name: ca-certs
mountPath: /app/ca-certs
volumes:
- name: certs
secret:
secretName: "tls-cert-internal"
items:
- key: tls.crt
path: crt.pem
- key: tls.key
path: key.pem
- name: ca-certs
secret:
secretName: ca-bundle
items:
- key: tls.crt
path: ca_crt.pem
不过我喜欢使用 terraform 来创建它,我尝试将其作为
resource "kubernetes_job" "xxx" {
metadata {
name = "xxxxx"
namespace = "test"
}
wait_for_completion = true
spec {
template {
metadata {}
spec {
container {
name = "test"
image = "test"
image_pull_policy = "Always"
volume_mount {
name = "certs"
mount_path = "/app/certs"
}
volume_mount {
name = "ca-certs"
mount_path = "/app/ca-certs"
}
volume {
name = "certs"
secret {
secret_name = "tls-cert-internal"
items = [
{
key = tls.crt
path = crt.pem
},
{
key = tls.key
path= key.pem
}
]
}
}
volume {
name = "ca-certs"
secret {
secret_name = "ca-bundle"
items = [
{
key = tls.crt
path = tls.crt
}
]
}
}
}
然而它失败了:
on xxxxx, in resource "kubernetes_job" "xxx":
: items = [
An argument named "items" is not expected here. Did you mean to define a block
of type "items"?
我厌倦了这个https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod#secret
不过我似乎没有提供不正确的语法。请指导我做同样的事情
我想你可以有多个 items 块:
secret {
secret_name = "ca-bundle"
items {
key = tls.crt
path = tls.crt
}
items {
key = tls2.crt
path = tls2.crt
}
}
我打算通过 terraform 创建一个 k8s 作业。
在处理过程中,我需要在其中创建秘密项目的卷和项目列表。
我能够通过下面的 yaml 配置片段实现这一点
volumeMounts:
- name: certs
mountPath: /app/certs
- name: ca-certs
mountPath: /app/ca-certs
volumes:
- name: certs
secret:
secretName: "tls-cert-internal"
items:
- key: tls.crt
path: crt.pem
- key: tls.key
path: key.pem
- name: ca-certs
secret:
secretName: ca-bundle
items:
- key: tls.crt
path: ca_crt.pem
不过我喜欢使用 terraform 来创建它,我尝试将其作为
resource "kubernetes_job" "xxx" {
metadata {
name = "xxxxx"
namespace = "test"
}
wait_for_completion = true
spec {
template {
metadata {}
spec {
container {
name = "test"
image = "test"
image_pull_policy = "Always"
volume_mount {
name = "certs"
mount_path = "/app/certs"
}
volume_mount {
name = "ca-certs"
mount_path = "/app/ca-certs"
}
volume {
name = "certs"
secret {
secret_name = "tls-cert-internal"
items = [
{
key = tls.crt
path = crt.pem
},
{
key = tls.key
path= key.pem
}
]
}
}
volume {
name = "ca-certs"
secret {
secret_name = "ca-bundle"
items = [
{
key = tls.crt
path = tls.crt
}
]
}
}
}
然而它失败了:
on xxxxx, in resource "kubernetes_job" "xxx":
: items = [
An argument named "items" is not expected here. Did you mean to define a block
of type "items"?
我厌倦了这个https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod#secret
不过我似乎没有提供不正确的语法。请指导我做同样的事情
我想你可以有多个 items 块:
secret {
secret_name = "ca-bundle"
items {
key = tls.crt
path = tls.crt
}
items {
key = tls2.crt
path = tls2.crt
}
}