Skip to content

Commit

Permalink
Add variables for topic doc secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@weeco
weeco committed Sep 6, 2021
1 parent 31875f4 commit f3798de
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 7 deletions.
38 changes: 31 additions & 7 deletions modules/kowl/deployment.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,26 @@ resource "kubernetes_deployment" "this" {
name = "kowl"
image = "${var.deployment_kowl_image}:${var.deployment_kowl_image_tag}"
args = concat(
["--config.filepath=/etc/kowl/configs/config.yaml"],
var.secret_kafka_sasl_password != "" ? ["--kafka.sasl.password=$(KAFKA_SASL_PASSWORD)"] : [],
var.secret_kafka_tls_passphrase != "" ? ["--kafka.tls.passphrase=$(KAFKA_TLS_PASSPHRASE)"] : [],
var.secret_cloudhut_license_token != "" ? ["--cloudhut.license-token=$(CLOUDHUT_LICENSE_TOKEN)"] : [],
[
"--config.filepath=/etc/kowl/configs/config.yaml"],
var.secret_kafka_sasl_password != "" ? [
"--kafka.sasl.password=$(KAFKA_SASL_PASSWORD)"] : [],
var.secret_kafka_tls_passphrase != "" ? [
"--kafka.tls.passphrase=$(KAFKA_TLS_PASSPHRASE)"] : [],
var.secret_cloudhut_license_token != "" ? [
"--cloudhut.license-token=$(CLOUDHUT_LICENSE_TOKEN)"] : [],

# Secrets for login providers
var.secret_cloudhut_license_token != "" ? ["--login.jwt-secret=$(LOGIN_JWT_SECRET)"] : [],
var.secret_login_google_oauth_client_secret != "" ? [
var.secret_cloudhut_license_token != "" ? [
"--login.jwt-secret=$(LOGIN_JWT_SECRET)"] : [],
var.secret_login_google_oauth_client_secret != "" ? [
"--login.google.client-secret=$(LOGIN_GOOGLE_CLIENT_SECRET)"] : [],
var.secret_login_github_oauth_client_secret != "" ? [
var.secret_login_github_oauth_client_secret != "" ? [
"--login.github.client-secret=$(LOGIN_GITHUB_CLIENT_SECRET)"] : [],

# Secrets for GitHub
var.secret_topic_docs_git_basic_auth_password != "" ? [
"owl.topic-documentation.git.basic-auth.password=$(TOPIC_DOCUMENTATION_BASIC_AUTH_PASSWORD)"] : [],
)

port {
Expand Down Expand Up @@ -173,6 +182,21 @@ resource "kubernetes_deployment" "this" {
}
}

dynamic "env" {
for_each = length(var.secret_topic_docs_git_basic_auth_password) > 0 ? [1] : []

content {
name = "TOPIC_DOCUMENTATION_BASIC_AUTH_PASSWORD"

value_from {
secret_key_ref {
name = kubernetes_secret.this.metadata.0.name
key = "github-topic-docs-basic-auth-password"
}
}
}
}

liveness_probe {
http_get {
path = "/admin/health"
Expand Down
4 changes: 4 additions & 0 deletions modules/kowl/secret.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,9 @@ resource "kubernetes_secret" "this" {
"login-google-groups-service-account.json" = var.secret_login_google_groups_service_account
login-github-oauth-client-secret = var.secret_login_github_oauth_client_secret
"login-github-private-key.pem" = var.secret_login_github_private_key

# Topic Docs / GitHub
"github-topic-docs-private-key.pem" = var.secret_topic_docs_git_ssh_private_key
"github-topic-docs-basic-auth-password" = var.secret_topic_docs_git_basic_auth_password
}
}
12 changes: 12 additions & 0 deletions modules/kowl/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,18 @@ variable "secret_login_github_private_key" {
default = ""
}

variable "secret_topic_docs_git_ssh_private_key" {
type = string
description = "Private SSH key that grants access to the repository with topic documentation "
default = ""
}

variable "secret_topic_docs_git_basic_auth_password" {
type = string
description = "Basic auth password that grants access to the repository with topic documentation "
default = ""
}

#----------------------------------------
# Configmap
#----------------------------------------
Expand Down

0 comments on commit f3798de

Please sign in to comment.