Home > front end >  Failed to retrieve sa token using terraform
Failed to retrieve sa token using terraform

Time:03-05

I need to retrieve SA token using output in my pipeline, i found an solution in here

Retrieve token data from Kubernetes Service Account in Terraform

but still dont work and get this error:

│ Error: Invalid function argument
│ 
│   on access.tf line 51, in output "deploy_user_token":
│   51:   value = lookup(data.kubernetes_secret.deploy_user_secret.data, "token")
│     ├────────────────
│     │ data.kubernetes_secret.deploy_user_secret.data has a sensitive value
│ 
│ Invalid value for "inputMap" parameter: argument must not be null.

My code:

resource "kubernetes_service_account" "deploy_user" {
  depends_on = [kubernetes_namespace.namespace]
  metadata {
    name      = "deploy-user"
    namespace = var.namespace
  }
}

resource "kubernetes_role" "deploy_user_full_access" {
  metadata {
    name      = "deploy-user-full-access"
    namespace = var.namespace
  }

  rule {
    api_groups = ["", "extensions", "apps", "networking.istio.io"]
    resources  = ["*"]
    verbs      = ["*"]
  }
  rule {
    api_groups = ["batch"]
    resources  = ["jobs", "cronjobs"]
    verbs      = ["*"]
  }
}

resource "kubernetes_role_binding" "deploy_user_view" {
  metadata {
    name      = "deploy-user-view"
    namespace = var.namespace
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "Role"
    name      = kubernetes_role.deploy_user_full_access.metadata.0.name
  }
  subject {
    kind      = "ServiceAccount"
    name      = kubernetes_service_account.deploy_user.metadata.0.name
    namespace = var.namespace
  }
}

data "kubernetes_secret" "deploy_user_secret" {
  metadata {
    name = kubernetes_service_account.deploy_user.default_secret_name
  }
}

output "deploy_user_token" {
  value = lookup(data.kubernetes_secret.deploy_user_secret.data, "token")
}

someone have an idea that what i do wrong?

Thanks!

CodePudding user response:

it seems that you missing the namespace declaration on your data object, you need it to look like that:

data "kubernetes_secret" "deploy_user_secret" {
  metadata {
    name = kubernetes_service_account.deploy_user.default_secret_name
    namespace = var.namespace
  }
}

you also need the set sensitive = true on your output:

output "deploy_user_token" {
  sensitive = true
  value = lookup(data.kubernetes_secret.deploy_user_secret.data, "token")
}

Page link:https//www.codepudding.com/frontend/323652.html

Prev:Terraform AKS error: services "azure-vote-back" already exists, how to deal with it?
Next:Kubernetes jobs are created but not executed immediately
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding