diff --git a/README.md b/README.md index 4ef3379..85ca9b4 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,8 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a | Name | Description | |------|-------------| -| [helm\_values](#output\_helm\_values) | The values.yaml file for installing Nebuly on the provisioned resources. | +| [helm\_values](#output\_helm\_values) | The `values.yaml` file for installing Nebuly with Helm.
The default standard configuration is used, which uses Nginx as ingress controller and exposes the application to the Internet.
This configuration can be customized according to specific needs. | +| [secret\_provider\_class](#output\_secret\_provider\_class) | The secret-provider-class.yaml file for referencing from Kubernetes the secrets stored in the Key Vault. | ## Inputs @@ -78,44 +79,44 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a ## Resources -- resource.azuread_application.main (/terraform-docs/main.tf#217) -- resource.azuread_service_principal.main (/terraform-docs/main.tf#223) -- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#228) -- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#412) -- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#431) -- resource.azurerm_key_vault.main (/terraform-docs/main.tf#151) -- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#449) -- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#232) -- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#237) -- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#393) -- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#382) -- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#621) -- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#325) -- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#333) -- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#251) -- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#302) -- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#295) -- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#317) -- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#309) -- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#112) -- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#130) -- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#94) -- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#118) -- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#136) -- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#100) -- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#484) -- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#524) -- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#504) -- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#177) -- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#207) -- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#202) -- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#479) -- resource.azurerm_storage_account.main (/terraform-docs/main.tf#461) -- resource.azurerm_storage_container.models (/terraform-docs/main.tf#475) -- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#246) -- resource.tls_private_key.aks (/terraform-docs/main.tf#548) -- data source.azurerm_client_config.current (/terraform-docs/main.tf#71) -- data source.azurerm_resource_group.main (/terraform-docs/main.tf#68) -- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#77) -- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#82) -- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#73) +- resource.azuread_application.main (/terraform-docs/main.tf#218) +- resource.azuread_service_principal.main (/terraform-docs/main.tf#224) +- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#229) +- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#413) +- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#432) +- resource.azurerm_key_vault.main (/terraform-docs/main.tf#152) +- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#450) +- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#233) +- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#238) +- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#394) +- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#383) +- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#622) +- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#326) +- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#334) +- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#252) +- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#303) +- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#296) +- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#318) +- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#310) +- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#113) +- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#131) +- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#95) +- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#119) +- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#137) +- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#101) +- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#485) +- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#525) +- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#505) +- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#178) +- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#208) +- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#203) +- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#480) +- resource.azurerm_storage_account.main (/terraform-docs/main.tf#462) +- resource.azurerm_storage_container.models (/terraform-docs/main.tf#476) +- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#247) +- resource.tls_private_key.aks (/terraform-docs/main.tf#549) +- data source.azurerm_client_config.current (/terraform-docs/main.tf#72) +- data source.azurerm_resource_group.main (/terraform-docs/main.tf#69) +- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#78) +- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#83) +- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#74) diff --git a/main.tf b/main.tf index af82b35..0d1d036 100644 --- a/main.tf +++ b/main.tf @@ -58,7 +58,8 @@ locals { } - key_vault_name = format("%snebulykv", var.resource_prefix) + key_vault_name = format("%snebulykv", var.resource_prefix) + secret_provider_class_name = "nebuly-platform" } @@ -658,7 +659,14 @@ locals { helm_values = templatefile( "templates/helm-values.tpl.yaml", { - platform_domain = var.platform_domain + platform_domain = var.platform_domain + secret_provider_class_name = local.secret_provider_class_name + }, + ) + secret_provider_class = templatefile( + "templates/secret-provider-class.tpl.yaml", + { + secret_provider_class_name = local.secret_provider_class_name }, ) } diff --git a/outputs.tf b/outputs.tf index 651cf05..a9b4cec 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,14 @@ output "helm_values" { value = local.helm_values sensitive = true - description = "The values.yaml file for installing Nebuly on the provisioned resources." + description = <