feat: use clustersecretstore, new version for terraform binary

tunacinsoy · Aug 27, 2024 · 5b3ee3a · 5b3ee3a
1 parent ac5b5b9
commit 5b3ee3a
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/.github/workflows/create-cluster.yml b/.github/workflows/create-cluster.yml
@@ -13,10 +13,10 @@ jobs:
       run: sed -i "s/HEAD/${GITHUB_REF##*/}/g" ../manifests/argocd/apps.yaml
     # Only necessary if we use external-secrets
     - name: Reformat external-secrets manifests
-      run: sed -i "s/SECRET_ACCESS_CREDS_PH/$(echo '${{ secrets.GCP_SM_CREDENTIALS }}' | base64 -w 0)/g" ../manifests/argocd/gcpsm-secret.yaml; sed -i "s/PROJECT_ID_PH/${{ secrets.PROJECT_ID }}/g" ../manifests/argocd/secret-store.yaml
+      run: sed -i "s/SECRET_ACCESS_CREDS_PH/$(echo '${{ secrets.GCP_SM_CREDENTIALS }}' | base64 -w 0)/g" ../manifests/argocd/gcpsm-secret.yaml; sed -i "s/PROJECT_ID_PH/${{ secrets.PROJECT_ID }}/g" ../manifests/argocd/cluster-secret-store.yaml
     - name: Install Terraform
       id: install-terraform
-      run: wget -O terraform.zip https://releases.hashicorp.com/terraform/1.9.4/terraform_1.9.4_linux_amd64.zip && unzip terraform.zip && chmod +x terraform && sudo mv terraform /usr/local/bin
+      run: wget -O terraform.zip https://releases.hashicorp.com/terraform/1.9.5/terraform_1.9.5_linux_amd64.zip && unzip terraform.zip && chmod +x terraform && sudo mv terraform /usr/local/bin
     - name: Apply Terraform
       id: apply-terraform
       # Bucket names have to be unique across gcloud, so it is best practice to add project_id suffix, since it is also unique

diff --git a/manifests/argocd/secret-store.yaml → manifests/argocd/cluster-secret-store.yaml b/manifests/argocd/secret-store.yaml → manifests/argocd/cluster-secret-store.yaml
@@ -1,5 +1,5 @@
 apiVersion: external-secrets.io/v1beta1
-# SecretStore is better for isolation compared to ClusterSecretStore
+# SecretStore is better for isolation compared to ClusterSecretStore, however let's stick with this one for the example
 kind: ClusterSecretStore
 metadata:
   name: gcp-backend

diff --git a/terraform/app.tf b/terraform/app.tf
@@ -45,16 +45,16 @@ resource "kubectl_manifest" "gcpsm-secret" {
   yaml_body = each.value
 }
 
-# SecretStore resource that uses secret resource to retrieve external secrets
-data "kubectl_file_documents" "secret-store" {
-    content = file("../manifests/argocd/secret-store.yaml")
+# ClusterSecretStore resource uses k8s-secret resource to retrieve application secrets from google cloud secret manager
+data "kubectl_file_documents" "cluster-secret-store" {
+    content = file("../manifests/argocd/cluster-secret-store.yaml")
 }
 
-resource "kubectl_manifest" "secret-store" {
+resource "kubectl_manifest" "cluster-secret-store" {
   depends_on = [
     kubectl_manifest.gcpsm-secret,
   ]
-  for_each  = data.kubectl_file_documents.secret-store.manifests
+  for_each  = data.kubectl_file_documents.cluster-secret-store.manifests
   yaml_body = each.value
 }