-
Notifications
You must be signed in to change notification settings - Fork 1
/
secrets.tf
65 lines (52 loc) · 2.17 KB
/
secrets.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
##############################################################################
# Copy the image pull secrets from the default to the kube-system namespace
# so that you can pull images from Container Registry.
# https://cloud.ibm.com/docs/containers?topic=containers-registry#copy_imagePullSecret
##############################################################################
locals {
namespace = "kube-system"
}
data kubernetes_secret image_pull_secret {
metadata {
name = "all-icr-io"
namespace = "default"
}
}
resource kubernetes_secret copy_image_pull_secret {
metadata {
name = "${local.namespace}-icr-io"
namespace = local.namespace
}
data = {
".dockerconfigjson" = "${data.kubernetes_secret.image_pull_secret.data[".dockerconfigjson"]}"
}
type = "kubernetes.io/dockerconfigjson"
}
##############################################################################
##############################################################################
# Add the image pull secrets to the Kubernetes service account of the
# kube-system namespace.
# https://cloud.ibm.com/docs/containers?topic=containers-registry#store_imagePullSecret
##############################################################################
resource null_resource update_image_pull_secrets {
provisioner "local-exec" {
environment = {
NAMESPACE = local.namespace
CONFIGPATH = data.ibm_container_cluster_config.cluster.config_file_path
SECRET_NAME = kubernetes_secret.copy_image_pull_secret.metadata.0.name
}
interpreter = ["/bin/bash", "-c"]
command = file("${path.root}/scripts/update_image_pull_secrets.sh")
}
provisioner "local-exec" {
when = destroy
environment = {
NAMESPACE = local.namespace
CONFIGPATH = data.ibm_container_cluster_config.cluster.config_file_path
SECRET_NAME = kubernetes_secret.copy_image_pull_secret.metadata.0.name
}
interpreter = ["/bin/bash", "-c"]
command = file("${path.root}/scripts/update_image_pull_secrets_destroy.sh")
}
}
##############################################################################