Skip to content

Commit a370b7d

Browse files
mglotovmglotov
authored
refactor: do not use templates/external-secrets-values.yaml and set necessary values in the eks-external-secrets.tf file (#194)
1 parent 77b5618 commit a370b7d

File tree

3 files changed

+20
-28
lines changed

3 files changed

+20
-28
lines changed

terraform/layer2-k8s/eks-external-secrets.tf

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,28 @@ locals {
44
enabled = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].enabled
55
chart = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].chart
66
repository = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].repository
7-
chart_version = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].version
7+
chart_version = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].chart_version
88
namespace = local.helm_releases[index(local.helm_releases.*.id, "external-secrets")].namespace
99
}
10-
}
10+
external_secrets_values = <<VALUES
11+
# Environment variables to set on deployment pod
12+
env:
13+
AWS_REGION: ${local.region}
14+
AWS_DEFAULT_REGION: ${local.region}
15+
POLLER_INTERVAL_MILLISECONDS: 30000
16+
# trace, debug, info, warn, error, fatal
17+
LOG_LEVEL: warn
18+
LOG_MESSAGE_KEY: 'msg'
19+
METRICS_PORT: 3001
1120
12-
data "template_file" "external_secrets" {
13-
count = local.external_secrets.enabled ? 1 : 0
21+
serviceAccount:
22+
annotations:
23+
"eks.amazonaws.com/role-arn": ${local.external_secrets.enabled ? module.aws_iam_external_secrets[0].role_arn : ""}
1424
15-
template = file("${path.module}/templates/external-secrets-values.yaml")
16-
vars = {
17-
role_arn = module.aws_iam_external_secrets[count.index].role_arn
18-
region = local.region
19-
}
25+
securityContext:
26+
# Required for use of IRSA, see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
27+
fsGroup: 1000
28+
VALUES
2029
}
2130

2231
#tfsec:ignore:kubernetes-network-no-public-egress tfsec:ignore:kubernetes-network-no-public-ingress
@@ -99,7 +108,7 @@ resource "helm_release" "external_secrets" {
99108
max_history = var.helm_release_history_size
100109

101110
values = [
102-
data.template_file.external_secrets[count.index].rendered,
111+
local.external_secrets_values
103112
]
104113

105114
}

terraform/layer2-k8s/helm-releases.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ releases:
5757
enabled: true
5858
chart: kubernetes-external-secrets
5959
repository: https://external-secrets.github.io/kubernetes-external-secrets
60-
version: 6.3.0
60+
chart_version: 6.3.0
6161
namespace: external-secrets
6262
- id: gitlab-runner
6363
enabled: false

terraform/layer2-k8s/templates/external-secrets-values.yaml

Lines changed: 0 additions & 17 deletions
This file was deleted.

0 commit comments

Comments
 (0)