support env.valueFrom for TF_VAR_ values from Secrets?

GalleyBytes / terraform-operator

A Kubernetes CRD to handle terraform operations

http://tf.galleybytes.com

Apache License 2.0

364 stars 47 forks source link

support env.valueFrom for TF_VAR_ values from Secrets? #8

Closed jstrachan closed 3 years ago

jstrachan commented 3 years ago

being able to create environment variables from secrets is super handy in k8s - I wonder if we should extend the EnvVar struct to also support k8s style valueFrom too?

So you could populate your TF vars as:

apiVersion: tf.isaaguilar.com/v1alpha1
kind: Terraform
metadata:
  name: tf1
spec:
  env:
  - name: TF_VAR_foo
    value: someValue
  - name: TF_VAR_bar
     valueFrom:
       secretKeyRef:
         name: mysecret
         key: token

or is there a nicer TF way to inject secret values?

jstrachan commented 3 years ago

I've started on a little PR but thought I'd check you liked this approach first

isaaguilar commented 3 years ago

This is a good idea. The closer to k8s style resource definitions will have better adoption. Users can assume how to define their deployments more accurately; especially users like me who like to work by trail and error. :)