I am learning terraform and trying to translate kubernetes infrastructure over to terraform.
I have a terraform script which creates a given namespace
, and then creates secrets from local files. Most of the files do not create properly due to the namespace not being created fast enough.
Is there a correct method to create and wait for confirmation of the name space before continuing within the terraform script? Such as depends_on
, etc.?
My current approach:
resource "kubernetes_namespace" "namespace" {
metadata {
name = "specialNamespace"
}
}
resource "kubernetes_secret" "api-env" {
metadata {
name = var.k8s_name_api_env
namespace = "specialNamespace"
}
data = {
".api" = file("${path.cwd},${var.local_dir_path_api_env_file}")
}
}
resource "kubernetes_secret" "password-env" {
metadata {
name = var.k8s_name_password_env
namespace = "specialNamespace"
}
data = {
".password" = file("${path.cwd},${var.local_dir_path_password_env_file}")
}
}
resource "kubernetes_secret" "tls-crt-env" {
metadata {
name = var.k8s_name_tls_crt_env
namespace = "specialNamespace"
}
data = {
"server.crt" = file("${path.cwd},${var.local_dir_path_tls_crt_env_file}")
}
}
resource "kubernetes_secret" "tls-key-env" {
metadata {
name = var.k8s_name_tls_key_env
namespace = "specialNamespace"
}
data = {
"server.key" = file("${path.cwd},${var.local_dir_path_tls_key_env_file}")
}
}
CodePudding user response:
Such as depends_on, etc.?
Exactly. Here, you should use depends_on:
resource "kubernetes_secret" "api-env" {
depends_on = [resource.kubernetes_namespace.namespace]
...
}
...
CodePudding user response:
Since there is a way to get the name
property of the metadata
from the kubernetes_namespace
resource, I would advise going with that. For example, for the kubernetes_secret
resource:
resource "kubernetes_secret" "api-env" {
metadata {
name = var.k8s_name_api_env
namespace = kubernetes_namespace.namespace.metadata[0].name
}
data = {
".api" = file("${path.cwd},${var.local_dir_path_api_env_file}")
}
}
Also, note that most of the resources also have the _v1
version (e.g., namespace [1], secret [2] etc.), so I would strongly suggest going with those ones.
[1] https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1
[2] https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1