Skip to content

Latest commit

 

History

History
139 lines (91 loc) · 4.53 KB

kubernetes_secret.md

File metadata and controls

139 lines (91 loc) · 4.53 KB
Title Description
Kubernetes Secret Resource
Creating the Kubernetes Secret resource.

Kubernetes Secret

Manage a Kubernetes Secret using this Terraform module.

In managed clusters, both attached and provisioned, you can create Kubernetes Secret that you can manage through Tanzu Mission Control.

To create a cluster secret, you must be associated with the cluster.admin role

The tanzu-mission-control_kubernetes_secret resource enables you to create cluster secret to a particular scope for management through Tanzu Mission Control.

You can optionally make export to true to make the secret available to all namespaces in the cluster.

Policy Scope and Inheritance

In the Tanzu Mission Control resource hierarchy, there is currently one levels at which you can specify cluster secret resources:

  • Kubernetes objects - cluster block under scope sub-resource

Note: The scope parameter is mandatory in the schema and the user needs to add one of the defined scopes to the script for the provider to function. Only one scope per resource is allowed.

Cluster scoped cluster secret

Example Usage

# Create Tanzu Mission Control kubernetes secret with attached set as default value.
resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
  name           = "tf-secret"                # Required
  namespace_name = "tf-secret-namespace-name" # Required 

  scope {
    cluster {
      cluster_name            = "testcluster" # Required
      provisioner_name        = "attached"    # Default: attached
      management_cluster_name = "attached"    # Default: attached
    }
  }

  export = false # Default: false

  meta {
    description = "Create namespace through terraform"
    labels      = { "key" : "value" }
  }

  spec {
    docker_config_json {
      username           = "testusername"         # Required
      password           = "testpassword"         # Required
      image_registry_url = "testimageregistryurl" # Required
    }
  }
}

Schema

Required

  • name (String) Name of the secret resource.
  • namespace_name (String) Name of Namespace where secret will be created.
  • scope (Block List, Min: 1, Max: 1) Scope for the secret having one of the valid scopes for secret: currently we have only cluster scope (see below for nested schema)
  • spec (Block List, Min: 1, Max: 1) Spec for the kubernetes secret (see below for nested schema)

Optional

  • export (Boolean) Export the secret to all namespaces.
  • meta (Block List, Max: 1) Metadata for the resource (see below for nested schema)
  • org_id (String) ID of Organization.

Read-Only

  • id (String) The ID of this resource.
  • status (Map of String) Status for the Secret Export.

Nested Schema for scope

Optional:

Nested Schema for scope.cluster

Required:

  • cluster_name (String) Name of this cluster

Optional:

  • management_cluster_name (String) Name of the management cluster
  • provisioner_name (String) Provisioner of the cluster

Nested Schema for spec

Required:

  • docker_config_json (Block List, Min: 1) SecretType definition - SECRET_TYPE_DOCKERCONFIGJSON, Kubernetes secrets type. (see below for nested schema)

Nested Schema for spec.docker_config_json

Required:

  • image_registry_url (String) SecretType definition - Server URL of the registry.
  • password (String, Sensitive) SecretType definition - Password of the registry.
  • username (String) SecretType definition - Username of the registry.

Nested Schema for meta

Optional:

  • annotations (Map of String) Annotations for the resource
  • description (String) Description of the resource
  • labels (Map of String) Labels for the resource

Read-Only:

  • resource_version (String) Resource version of the resource
  • uid (String) UID of the resource