terraform-k8s icon indicating copy to clipboard operation
terraform-k8s copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Override output name / namespace

Open ejhayes opened this issue 3 years ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It would be great if it were possible to change the generated outputs:

  • Ability to add outputs to a different namespace (defaults to same namespace - https://github.com/hashicorp/terraform-k8s/blob/master/workspacehelper/k8s_configmap.go#L125)
    • Update CRD to include optional config (maybe outputNamespace?)
  • Ability to change name of the output (looks to be hardcoded to <workspace name>-outputs - https://github.com/hashicorp/terraform-k8s/blob/master/workspacehelper/k8s_configmap.go#L122)
    • Update CRD to include optional config (maybe outputName?)

The motivation for this is that there may be cases where we want to reference terraform outputs from a different namespace (for example a service residing in namespace A may use terraform operator running in namespace B to create a database and then be able to pass the database host name to the pod via a configmap/secret reference). Since the existing functionality of this operator only creates outputs in the same namespace it is not possible to accomplish this:

  • https://kubernetes.io/docs/concepts/configuration/configmap/#configmaps-and-pods

You can write a Pod spec that refers to a ConfigMap and configures the container(s) in that Pod based on the data in the ConfigMap. The Pod and the ConfigMap must be in the same namespace.

  • https://kubernetes.io/docs/concepts/configuration/secret/#restrictions

Secret resources reside in a namespace. Secrets can only be referenced by Pods in that same namespace.

Potential Terraform Configuration

This functionality could be used like this:

apiVersion: app.terraform.io/v1alpha1
kind: Workspace
metadata:
  name: test-workspace
  namespace: terraform
spec:
  module:
    source: app.terraform.io/some_org/some_module/some_provider
    version: 1.0.0
  organization: some_org
  outputNamespace: my_namespace
  outputName: my_secret
  outputs:
  - key: some_output
    moduleOutputName: some_output
  secretsMountPath: /tmp/secrets
  variables:
  - key: some_key
    value: some_value
    sensitive: false
    environmentVariable: false

The above would create secret my_secret in the my_namespace namespace.

References

  • https://kubernetes.io/docs/concepts/configuration/configmap/#configmaps-and-pods
  • https://kubernetes.io/docs/concepts/configuration/secret/#restrictions

ejhayes avatar Oct 06 '21 19:10 ejhayes