diff --git a/README.md b/README.md
index 4ef3379..85ca9b4 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,8 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a
| Name | Description |
|------|-------------|
-| [helm\_values](#output\_helm\_values) | The values.yaml file for installing Nebuly on the provisioned resources. |
+| [helm\_values](#output\_helm\_values) | The `values.yaml` file for installing Nebuly with Helm.
The default standard configuration is used, which uses Nginx as ingress controller and exposes the application to the Internet.
This configuration can be customized according to specific needs. |
+| [secret\_provider\_class](#output\_secret\_provider\_class) | The secret-provider-class.yaml file for referencing from Kubernetes the secrets stored in the Key Vault. |
## Inputs
@@ -78,44 +79,44 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a
## Resources
-- resource.azuread_application.main (/terraform-docs/main.tf#217)
-- resource.azuread_service_principal.main (/terraform-docs/main.tf#223)
-- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#228)
-- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#412)
-- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#431)
-- resource.azurerm_key_vault.main (/terraform-docs/main.tf#151)
-- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#449)
-- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#232)
-- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#237)
-- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#393)
-- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#382)
-- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#621)
-- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#325)
-- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#333)
-- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#251)
-- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#302)
-- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#295)
-- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#317)
-- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#309)
-- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#112)
-- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#130)
-- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#94)
-- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#118)
-- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#136)
-- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#100)
-- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#484)
-- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#524)
-- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#504)
-- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#177)
-- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#207)
-- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#202)
-- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#479)
-- resource.azurerm_storage_account.main (/terraform-docs/main.tf#461)
-- resource.azurerm_storage_container.models (/terraform-docs/main.tf#475)
-- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#246)
-- resource.tls_private_key.aks (/terraform-docs/main.tf#548)
-- data source.azurerm_client_config.current (/terraform-docs/main.tf#71)
-- data source.azurerm_resource_group.main (/terraform-docs/main.tf#68)
-- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#77)
-- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#82)
-- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#73)
+- resource.azuread_application.main (/terraform-docs/main.tf#218)
+- resource.azuread_service_principal.main (/terraform-docs/main.tf#224)
+- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#229)
+- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#413)
+- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#432)
+- resource.azurerm_key_vault.main (/terraform-docs/main.tf#152)
+- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#450)
+- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#233)
+- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#238)
+- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#394)
+- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#383)
+- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#622)
+- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#326)
+- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#334)
+- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#252)
+- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#303)
+- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#296)
+- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#318)
+- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#310)
+- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#113)
+- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#131)
+- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#95)
+- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#119)
+- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#137)
+- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#101)
+- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#485)
+- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#525)
+- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#505)
+- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#178)
+- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#208)
+- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#203)
+- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#480)
+- resource.azurerm_storage_account.main (/terraform-docs/main.tf#462)
+- resource.azurerm_storage_container.models (/terraform-docs/main.tf#476)
+- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#247)
+- resource.tls_private_key.aks (/terraform-docs/main.tf#549)
+- data source.azurerm_client_config.current (/terraform-docs/main.tf#72)
+- data source.azurerm_resource_group.main (/terraform-docs/main.tf#69)
+- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#78)
+- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#83)
+- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#74)
diff --git a/main.tf b/main.tf
index af82b35..0d1d036 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,8 @@ locals {
}
- key_vault_name = format("%snebulykv", var.resource_prefix)
+ key_vault_name = format("%snebulykv", var.resource_prefix)
+ secret_provider_class_name = "nebuly-platform"
}
@@ -658,7 +659,14 @@ locals {
helm_values = templatefile(
"templates/helm-values.tpl.yaml",
{
- platform_domain = var.platform_domain
+ platform_domain = var.platform_domain
+ secret_provider_class_name = local.secret_provider_class_name
+ },
+ )
+ secret_provider_class = templatefile(
+ "templates/secret-provider-class.tpl.yaml",
+ {
+ secret_provider_class_name = local.secret_provider_class_name
},
)
}
diff --git a/outputs.tf b/outputs.tf
index 651cf05..a9b4cec 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,5 +1,14 @@
output "helm_values" {
value = local.helm_values
sensitive = true
- description = "The values.yaml file for installing Nebuly on the provisioned resources."
+ description = <