From f3798de785fa23d01dd41b93c8e5f76b0a72c3e6 Mon Sep 17 00:00:00 2001 From: Martin Schneppenheim Date: Mon, 6 Sep 2021 13:23:18 +0200 Subject: [PATCH] Add variables for topic doc secrets --- modules/kowl/deployment.tf | 38 +++++++++++++++++++++++++++++++------- modules/kowl/secret.tf | 4 ++++ modules/kowl/variables.tf | 12 ++++++++++++ 3 files changed, 47 insertions(+), 7 deletions(-) diff --git a/modules/kowl/deployment.tf b/modules/kowl/deployment.tf index 50f6266..99c57a4 100644 --- a/modules/kowl/deployment.tf +++ b/modules/kowl/deployment.tf @@ -48,17 +48,26 @@ resource "kubernetes_deployment" "this" { name = "kowl" image = "${var.deployment_kowl_image}:${var.deployment_kowl_image_tag}" args = concat( - ["--config.filepath=/etc/kowl/configs/config.yaml"], - var.secret_kafka_sasl_password != "" ? ["--kafka.sasl.password=$(KAFKA_SASL_PASSWORD)"] : [], - var.secret_kafka_tls_passphrase != "" ? ["--kafka.tls.passphrase=$(KAFKA_TLS_PASSPHRASE)"] : [], - var.secret_cloudhut_license_token != "" ? ["--cloudhut.license-token=$(CLOUDHUT_LICENSE_TOKEN)"] : [], + [ + "--config.filepath=/etc/kowl/configs/config.yaml"], + var.secret_kafka_sasl_password != "" ? [ + "--kafka.sasl.password=$(KAFKA_SASL_PASSWORD)"] : [], + var.secret_kafka_tls_passphrase != "" ? [ + "--kafka.tls.passphrase=$(KAFKA_TLS_PASSPHRASE)"] : [], + var.secret_cloudhut_license_token != "" ? [ + "--cloudhut.license-token=$(CLOUDHUT_LICENSE_TOKEN)"] : [], # Secrets for login providers - var.secret_cloudhut_license_token != "" ? ["--login.jwt-secret=$(LOGIN_JWT_SECRET)"] : [], - var.secret_login_google_oauth_client_secret != "" ? [ + var.secret_cloudhut_license_token != "" ? [ + "--login.jwt-secret=$(LOGIN_JWT_SECRET)"] : [], + var.secret_login_google_oauth_client_secret != "" ? [ "--login.google.client-secret=$(LOGIN_GOOGLE_CLIENT_SECRET)"] : [], - var.secret_login_github_oauth_client_secret != "" ? [ + var.secret_login_github_oauth_client_secret != "" ? [ "--login.github.client-secret=$(LOGIN_GITHUB_CLIENT_SECRET)"] : [], + + # Secrets for GitHub + var.secret_topic_docs_git_basic_auth_password != "" ? [ + "owl.topic-documentation.git.basic-auth.password=$(TOPIC_DOCUMENTATION_BASIC_AUTH_PASSWORD)"] : [], ) port { @@ -173,6 +182,21 @@ resource "kubernetes_deployment" "this" { } } + dynamic "env" { + for_each = length(var.secret_topic_docs_git_basic_auth_password) > 0 ? [1] : [] + + content { + name = "TOPIC_DOCUMENTATION_BASIC_AUTH_PASSWORD" + + value_from { + secret_key_ref { + name = kubernetes_secret.this.metadata.0.name + key = "github-topic-docs-basic-auth-password" + } + } + } + } + liveness_probe { http_get { path = "/admin/health" diff --git a/modules/kowl/secret.tf b/modules/kowl/secret.tf index d5fd2d4..2e553e4 100644 --- a/modules/kowl/secret.tf +++ b/modules/kowl/secret.tf @@ -27,5 +27,9 @@ resource "kubernetes_secret" "this" { "login-google-groups-service-account.json" = var.secret_login_google_groups_service_account login-github-oauth-client-secret = var.secret_login_github_oauth_client_secret "login-github-private-key.pem" = var.secret_login_github_private_key + + # Topic Docs / GitHub + "github-topic-docs-private-key.pem" = var.secret_topic_docs_git_ssh_private_key + "github-topic-docs-basic-auth-password" = var.secret_topic_docs_git_basic_auth_password } } \ No newline at end of file diff --git a/modules/kowl/variables.tf b/modules/kowl/variables.tf index 74121bb..6939cfd 100644 --- a/modules/kowl/variables.tf +++ b/modules/kowl/variables.tf @@ -157,6 +157,18 @@ variable "secret_login_github_private_key" { default = "" } +variable "secret_topic_docs_git_ssh_private_key" { + type = string + description = "Private SSH key that grants access to the repository with topic documentation " + default = "" +} + +variable "secret_topic_docs_git_basic_auth_password" { + type = string + description = "Basic auth password that grants access to the repository with topic documentation " + default = "" +} + #---------------------------------------- # Configmap #----------------------------------------