Skip to content

notablehealth/terraform-google-gke-eso-namespace

BranchesTags

Repository files navigation

terraform-google-gke-eso-namespace

Releases

Terraform Module Registry

Setup External Secrets Operator (ESO) in a GKE namespace

Module sets up a Kubernetes namespace for ESO

  • Create GCP service account
  • Create k8 namespace
  • Create Kubernetes service account for ESO
  • Create ESO secret store
  • Create ESO namespace secret rule
  • Create ESO shared secret rules

Limitations

  • Kubernetes secrets are limited to 1 MB

Provider setup required in calling module

Access GKE cluster with DNS endpoint

data "google_client_config" "self" {}
data "google_container_cluster" "self" {
  name     = var.cluster_name
  location = var.cluster_location
  project  = var.project_id
}
provider "kubectl" {
  host             = "https://${data.google_container_cluster.self.control_plane_endpoints_config[0].dns_endpoint_config[0].endpoint}"
  token            = data.google_client_config.self.access_token
  load_config_file = false
}
provider "kubernetes" {
  host  = "https://${data.google_container_cluster.self.control_plane_endpoints_config[0].dns_endpoint_config[0].endpoint}"
  token = data.google_client_config.self.access_token
}
terraform {
  required_providers {
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = ">= 1.18.0"
    }
  }
}

Usage

Basic usage of this module is as follows:

module "example" {
    source = "notablehealth/<module-name>/google"
    # Recommend pinning every module to a specific version
    # version = "x.x.x"

    # Required variables
    cluster_name =
    namespace =
    project_id =
    project_number =
}

Requirements

Name Version
terraform >= 1.5
google >= 6.0
kubectl >= 1.18.0
kubernetes >= 2.0.0
local >= 2.5.1

Providers

Name Version
google 6.14.1
kubectl 1.18.0
kubernetes 2.35.1
local 2.5.2

Modules

No modules.

Resources

Name Type
google_project_iam_member.secretAccessor resource
google_project_iam_member.viewer resource
google_service_account.self resource
google_service_account_iam_binding.k8-service-account-iam resource
kubectl_manifest.eso_namespace_secrets resource
kubectl_manifest.eso_secret_store resource
kubectl_manifest.eso_shared_secrets resource
kubernetes_namespace.self resource
kubernetes_service_account.self resource
local_file.eso_namespace_secrets resource
local_file.eso_shared_secrets resource
local_file.k8_eso_secret_store resource

Inputs

Name Description Type Default Required
cluster_location GKE cluster location string "us-central1" no
cluster_name GKE cluster name string n/a yes
gcpsm_secret_prefix Prefix for GCPSM secrets string "k8-" no
local_manifests Create local manifests? Mostly for debugging bool false no
namespace The name of the Kubernetes namespace to manage. string n/a yes
namespace_secret_name Kubernetes namespace secret name. string "all" no
project_id GCP Project ID string n/a yes
project_number GCP Project Number string n/a yes
secret_separator Separator for GCPSM secrets between namespace and secret key string "__" no
shared_prefix GCPSM secret prefix for shared secrets string "global" no
shared_secret_name Kubernetes shared secret name. string "global" no
shared_secrets Shared secrets list list(string) [] no

Outputs

No outputs.

About

Terraform module to setup ESO in a GKE namespace

registry.terraform.io/modules/notablehealth/gke-eso-namespace/google

Topics

kubernetes google gke eso terraform-module external-secrets-operator

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 4

Change to use Workload Identity instead of static key Latest
Dec 29, 2024
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages