We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform version: 1.7.3 Provider version: 2.12.1 Kubernetes version: N/A
resource "helm_release" "shared" { name = join("-", compact([var.product, "shared"])) repository = "https://gitlab.com/api/v4/projects/{ProjectID}/packages/helm/stable" chart = "shared" version = var.shared_chart_version namespace = join("-", compact([var.product, var.environment])) repository_username = "ce-automation" repository_password = var.helm_repo_pass wait = true set { name = "global.namespace" value = join("-", compact([var.product, var.environment])) } lint = true depends_on = [kubernetes_namespace_v1.namespace] }
terraform plan -out=tfplan
terraform apply tfplan
Terraform should be able to access the Helm repository
Terraform gets permission denied from the Helm repository because job 2 would reuse the CI_JOB_TOKEN of job 1 which already is expired
Helm repo password is stored in the plan file
The text was updated successfully, but these errors were encountered:
Also, in this type of automated setup, the plan always shows the helm releases to be updated because the password always changes
Sorry, something went wrong.
We pull the password from azure key vault using:
data "azurerm_key_vault_secret" "helm_password" { key_vault_id = "some-id" name = "helm-password" }
then we apply it with:
resource "helm_release" "twistlock-defender" { ... repository_password = data.azurerm_key_vault_secret.helm_password.value ... }
The password is updated in tfstate for the "azurerm_key_vault_secret" data object, but not for "helm_release".
When we run tf plan -> tf apply our account gets locked. I assume when read happens before apply it tries to use the old password which is expired.
I had to manually update the password in tf state after unlocking our account.
No branches or pull requests
Terraform, Provider, Kubernetes and Helm Versions
Affected Resource(s)
Terraform Configuration Files
Steps to Reproduce
terraform plan -out=tfplan
in GitLab automation job one with CI_JOB_TOKEN var.helm_repo_passterraform apply tfplan
in GitLab automation job two with CI_JOB_TOKEN as var.helm_repo_passExpected Behavior
Terraform should be able to access the Helm repository
Actual Behavior
Terraform gets permission denied from the Helm repository because job 2 would reuse the CI_JOB_TOKEN of job 1 which already is expired
Important Factoids
Helm repo password is stored in the plan file
The text was updated successfully, but these errors were encountered: