Skip to content

Commit

Permalink
add doc showcasing how to consume secrets with custom backend
Browse files Browse the repository at this point in the history
  • Loading branch information
avish42 committed Apr 6, 2024
1 parent 600e9e0 commit 118b07d
Showing 1 changed file with 51 additions and 5 deletions.
56 changes: 51 additions & 5 deletions docs/use-tf-controller/with-a-custom-backend.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,56 @@ spec:
image: registry.io/tf-runner:xyz
```
To add fields from secrets or configMaps, use `-backend-config` arguments of the `init` command to set the values:
To add fields from secrets or configMaps, use `backendConfigsFrom`, for example to add `access_key` and `secret_key` from a secret:

```
terraform init \
-backend-config="access_key=<your access key>" \
-backend-config="secret_key=<your secret key>"
```yaml
apiVersion: v1
kind: Secret
metadata:
name: terraform-s3-backend
namespace: flux-system
type: Opaque
data:
access_key: <base64 encoded key>
secret_key: <base64 encoded key>
---
apiVersion: infra.contrib.fluxcd.io/v1alpha2
kind: Terraform
metadata:
name: helloworld
namespace: flux-system
spec:
approvePlan: auto
backendConfig:
customConfiguration: |
backend "s3" {
bucket = "s3-terraform-state1"
key = "dev/terraform.tfstate"
region = "us-east-1"
endpoint = "http://localhost:4566"
skip_credentials_validation = true
skip_metadata_api_check = true
force_path_style = true
dynamodb_table = "terraformlock"
dynamodb_endpoint = "http://localhost:4566"
encrypt = true
}
backendConfigsFrom:
- kind: Secret
name: terraform-s3-backend
keys:
- access_key
- secret_key
optional: false
interval: 1m
path: ./
sourceRef:
kind: GitRepository
name: helloworld
namespace: flux-system
runnerPodTemplate:
spec:
image: registry.io/tf-runner:xyz
```

0 comments on commit 118b07d

Please sign in to comment.