Skip to content

Commit 0947d37

Browse files
mrsimonemmsmrsimonemms
committed
feat(kubernetes): add infisical secret to external-secrets namespace
1 parent 28de3eb commit 0947d37

File tree

3 files changed

+49
-0
lines changed

3 files changed

+49
-0
lines changed

modules/kubernetes/README.md

+4
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,9 @@ No modules.
3030
| [helm_release.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
3131
| [helm_release.hcloud_csi](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
3232
| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
33+
| [kubernetes_namespace_v1.external_secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
3334
| [kubernetes_secret_v1.hcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
35+
| [kubernetes_secret_v1.infisical](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
3436
| [random_integer.ingress_load_balancer_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
3537

3638
## Inputs
@@ -44,6 +46,8 @@ No modules.
4446
| <a name="input_hcloud_token"></a> [hcloud\_token](#input\_hcloud\_token) | Write token for the Hetzner API | `string` | n/a | yes |
4547
| <a name="input_hetzner_cloud_config_manager_version"></a> [hetzner\_cloud\_config\_manager\_version](#input\_hetzner\_cloud\_config\_manager\_version) | Version of the HCloud CCM to use - defaults to latest | `string` | `null` | no |
4648
| <a name="input_hetzner_csi_driver_version"></a> [hetzner\_csi\_driver\_version](#input\_hetzner\_csi\_driver\_version) | Tag of the CSI driver to use - defaults to latest | `string` | `null` | no |
49+
| <a name="input_infisical_client_id"></a> [infisical\_client\_id](#input\_infisical\_client\_id) | Infisical client ID | `string` | n/a | yes |
50+
| <a name="input_infisical_client_secret"></a> [infisical\_client\_secret](#input\_infisical\_client\_secret) | Infisical client secret | `string` | n/a | yes |
4751
| <a name="input_ingress_nginx_version"></a> [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Version of Ingress Nginx to install - defaults to latest | `string` | `null` | no |
4852
| <a name="input_k3s_cluster_cidr"></a> [k3s\_cluster\_cidr](#input\_k3s\_cluster\_cidr) | CIDR used for the k3s cluster | `string` | `"10.244.0.0/16"` | no |
4953
| <a name="input_kube_context"></a> [kube\_context](#input\_kube\_context) | Kubernetes context to use | `string` | `"default"` | no |

modules/kubernetes/external-secrets.tf

+33
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# Copyright 2024 Simon Emms <[email protected]>
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
resource "kubernetes_namespace_v1" "external_secrets" {
16+
metadata {
17+
name = "external-secrets"
18+
}
19+
}
20+
21+
resource "kubernetes_secret_v1" "infisical" {
22+
metadata {
23+
name = "infisical"
24+
namespace = kubernetes_namespace_v1.external_secrets.metadata[0].name
25+
}
26+
27+
data = {
28+
clientId = var.infisical_client_id
29+
clientSecret = var.infisical_client_secret
30+
}
31+
32+
type = "opaque"
33+
}

modules/kubernetes/variables.tf

+12
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,18 @@ variable "ingress_nginx_version" {
7676
default = null
7777
}
7878

79+
variable "infisical_client_id" {
80+
type = string
81+
description = "Infisical client ID"
82+
sensitive = true
83+
}
84+
85+
variable "infisical_client_secret" {
86+
type = string
87+
description = "Infisical client secret"
88+
sensitive = true
89+
}
90+
7991
variable "load_balancer_location" {
8092
type = string
8193
description = "Location to use for the load balancer"

0 commit comments

Comments
 (0)