-
Notifications
You must be signed in to change notification settings - Fork 0
/
vso.tf
58 lines (49 loc) · 1.34 KB
/
vso.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// DEPLOY VAULT SECRETS OPERATOR
resource "helm_release" "vso" {
count = var.vso_enabled ? 1 : 0
name = "vault-secrets-operator"
namespace = var.namespace_vso
create_namespace = true
repository = "https://helm.releases.hashicorp.com"
chart = "vault-secrets-operator"
version = "0.8.0"
atomic = true
timeout = 240
depends_on = [
vault_kubernetes_auth_backend_role.backend_role
]
}
// DEPLOY VAULT CONNECTION
resource "kubernetes_manifest" "vault_connection" {
for_each = {
for auth in var.k8s_auths :
auth.name => auth
if var.vso_enabled
}
manifest = yamldecode(templatefile(
"${path.module}/templates/vault-connection.tpl",
{
"name" = each.value["name"]
"namespace" = each.value["namespace"]
"vault_addr" = var.vault_addr
}
))
depends_on = [helm_release.vso]
}
// DEPLOY VAULT AUTH
resource "kubernetes_manifest" "vault_auth" {
for_each = {
for auth in var.k8s_auths :
auth.name => auth
if var.vso_enabled
}
manifest = yamldecode(templatefile(
"${path.module}/templates/vault-auth.tpl",
{
"name" = each.value["name"]
"namespace" = each.value["namespace"]
"cluster_name" = var.cluster_name
}
))
depends_on = [kubernetes_manifest.vault_connection]
}