From 3b99dc435a351df8f123813273b9849945b2c62a Mon Sep 17 00:00:00 2001 From: Michele Zanotti Date: Tue, 6 Aug 2024 11:51:57 +0200 Subject: [PATCH] chore: update doc --- README.md | 85 ++++++++++++------------ main.tf | 12 +++- outputs.tf | 11 ++- templates/helm-values.tpl.yaml | 46 +++---------- templates/secret-provider-class.tpl.yaml | 0 5 files changed, 71 insertions(+), 83 deletions(-) create mode 100644 templates/secret-provider-class.tpl.yaml diff --git a/README.md b/README.md index 4ef3379..85ca9b4 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,8 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a | Name | Description | |------|-------------| -| [helm\_values](#output\_helm\_values) | The values.yaml file for installing Nebuly on the provisioned resources. | +| [helm\_values](#output\_helm\_values) | The `values.yaml` file for installing Nebuly with Helm.
The default standard configuration is used, which uses Nginx as ingress controller and exposes the application to the Internet.
This configuration can be customized according to specific needs. | +| [secret\_provider\_class](#output\_secret\_provider\_class) | The secret-provider-class.yaml file for referencing from Kubernetes the secrets stored in the Key Vault. | ## Inputs @@ -78,44 +79,44 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a ## Resources -- resource.azuread_application.main (/terraform-docs/main.tf#217) -- resource.azuread_service_principal.main (/terraform-docs/main.tf#223) -- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#228) -- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#412) -- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#431) -- resource.azurerm_key_vault.main (/terraform-docs/main.tf#151) -- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#449) -- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#232) -- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#237) -- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#393) -- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#382) -- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#621) -- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#325) -- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#333) -- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#251) -- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#302) -- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#295) -- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#317) -- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#309) -- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#112) -- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#130) -- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#94) -- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#118) -- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#136) -- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#100) -- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#484) -- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#524) -- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#504) -- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#177) -- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#207) -- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#202) -- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#479) -- resource.azurerm_storage_account.main (/terraform-docs/main.tf#461) -- resource.azurerm_storage_container.models (/terraform-docs/main.tf#475) -- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#246) -- resource.tls_private_key.aks (/terraform-docs/main.tf#548) -- data source.azurerm_client_config.current (/terraform-docs/main.tf#71) -- data source.azurerm_resource_group.main (/terraform-docs/main.tf#68) -- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#77) -- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#82) -- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#73) +- resource.azuread_application.main (/terraform-docs/main.tf#218) +- resource.azuread_service_principal.main (/terraform-docs/main.tf#224) +- resource.azuread_service_principal_password.main (/terraform-docs/main.tf#229) +- resource.azurerm_cognitive_account.main (/terraform-docs/main.tf#413) +- resource.azurerm_cognitive_deployment.main (/terraform-docs/main.tf#432) +- resource.azurerm_key_vault.main (/terraform-docs/main.tf#152) +- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#450) +- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#233) +- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#238) +- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#394) +- resource.azurerm_key_vault_secret.postgres_users (/terraform-docs/main.tf#383) +- resource.azurerm_kubernetes_cluster_node_pool.linux_pools (/terraform-docs/main.tf#622) +- resource.azurerm_management_lock.postgres_server (/terraform-docs/main.tf#326) +- resource.azurerm_monitor_metric_alert.postgres_server_alerts (/terraform-docs/main.tf#334) +- resource.azurerm_postgresql_flexible_server.main (/terraform-docs/main.tf#252) +- resource.azurerm_postgresql_flexible_server_configuration.mandatory_configurations (/terraform-docs/main.tf#303) +- resource.azurerm_postgresql_flexible_server_configuration.optional_configurations (/terraform-docs/main.tf#296) +- resource.azurerm_postgresql_flexible_server_database.main (/terraform-docs/main.tf#318) +- resource.azurerm_postgresql_flexible_server_firewall_rule.main (/terraform-docs/main.tf#310) +- resource.azurerm_private_dns_zone.blob (/terraform-docs/main.tf#113) +- resource.azurerm_private_dns_zone.dfs (/terraform-docs/main.tf#131) +- resource.azurerm_private_dns_zone.file (/terraform-docs/main.tf#95) +- resource.azurerm_private_dns_zone_virtual_network_link.blob (/terraform-docs/main.tf#119) +- resource.azurerm_private_dns_zone_virtual_network_link.dfs (/terraform-docs/main.tf#137) +- resource.azurerm_private_dns_zone_virtual_network_link.file (/terraform-docs/main.tf#101) +- resource.azurerm_private_endpoint.blob (/terraform-docs/main.tf#485) +- resource.azurerm_private_endpoint.dfs (/terraform-docs/main.tf#525) +- resource.azurerm_private_endpoint.file (/terraform-docs/main.tf#505) +- resource.azurerm_private_endpoint.key_vault (/terraform-docs/main.tf#178) +- resource.azurerm_role_assignment.key_vault_secret_officer__current (/terraform-docs/main.tf#208) +- resource.azurerm_role_assignment.key_vault_secret_user__aks (/terraform-docs/main.tf#203) +- resource.azurerm_role_assignment.storage_container_models__data_contributor (/terraform-docs/main.tf#480) +- resource.azurerm_storage_account.main (/terraform-docs/main.tf#462) +- resource.azurerm_storage_container.models (/terraform-docs/main.tf#476) +- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#247) +- resource.tls_private_key.aks (/terraform-docs/main.tf#549) +- data source.azurerm_client_config.current (/terraform-docs/main.tf#72) +- data source.azurerm_resource_group.main (/terraform-docs/main.tf#69) +- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#78) +- data source.azurerm_subnet.private_endpoints (/terraform-docs/main.tf#83) +- data source.azurerm_virtual_network.main (/terraform-docs/main.tf#74) diff --git a/main.tf b/main.tf index af82b35..0d1d036 100644 --- a/main.tf +++ b/main.tf @@ -58,7 +58,8 @@ locals { } - key_vault_name = format("%snebulykv", var.resource_prefix) + key_vault_name = format("%snebulykv", var.resource_prefix) + secret_provider_class_name = "nebuly-platform" } @@ -658,7 +659,14 @@ locals { helm_values = templatefile( "templates/helm-values.tpl.yaml", { - platform_domain = var.platform_domain + platform_domain = var.platform_domain + secret_provider_class_name = local.secret_provider_class_name + }, + ) + secret_provider_class = templatefile( + "templates/secret-provider-class.tpl.yaml", + { + secret_provider_class_name = local.secret_provider_class_name }, ) } diff --git a/outputs.tf b/outputs.tf index 651cf05..a9b4cec 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,14 @@ output "helm_values" { value = local.helm_values sensitive = true - description = "The values.yaml file for installing Nebuly on the provisioned resources." + description = <