itsmunim · December 18, 2022 08:03
diff --git a/blueprint.tf b/blueprint.tf
 # First obtain your doks cluster details
 data "digitalocean_kubernetes_cluster" "my_cluster" {
  name = var.my_cluster_name # The name of your doks cluster
 }

 # Supply the cluster details to kubernetes provider
 provider "kubernetes" {
  host  = data.digitalocean_kubernetes_cluster.my_cluster.endpoint
  token = data.digitalocean_kubernetes_cluster.my_cluster.kube_config[0].token
  cluster_ca_certificate = base64decode(
    data.digitalocean_kubernetes_cluster.my_cluster.kube_config[0].cluster_ca_certificate
  )
 }

 # Init secrethub provider which should use SECRETHUB_CREDENTIAL from env
 provider "secrethub" {}

 # Create a secrethub service account against a particular secret repository
 resource "secrethub_service" "secrethub_service_account" {
  repo = "my-app/credentials"
 }

 # Give it proper access in the repository 
 resource "secrethub_access_rule" "secrethub_service_account_access" {
  account_name = secrethub_service.secrethub_service_account.id
  dir          = "my-app/credentials"
  permission   = "read"
 }

 # Finally, inject secrethub service account as kubernetes secret into proper namespace
 resource "kubernetes_secret" "k8s_secrethub_service_account" {
  metadata {
    name      = "secrethub-service-account"
    namespace = var.my_app_namespace # Your cluster namespace where your service is deployed
  }
  type = "Opaque"
  data = {
    ".secrethub-credential" = "${secrethub_service.secrethub_service_account.credential}"
  }
 }
	# First obtain your doks cluster details
	data "digitalocean_kubernetes_cluster" "my_cluster" {
	name = var.my_cluster_name # The name of your doks cluster
	}

	# Supply the cluster details to kubernetes provider
	provider "kubernetes" {
	host = data.digitalocean_kubernetes_cluster.my_cluster.endpoint
	token = data.digitalocean_kubernetes_cluster.my_cluster.kube_config[0].token
	cluster_ca_certificate = base64decode(
	data.digitalocean_kubernetes_cluster.my_cluster.kube_config[0].cluster_ca_certificate
	)
	}

	# Init secrethub provider which should use SECRETHUB_CREDENTIAL from env
	provider "secrethub" {}

	# Create a secrethub service account against a particular secret repository
	resource "secrethub_service" "secrethub_service_account" {
	repo = "my-app/credentials"
	}

	# Give it proper access in the repository
	resource "secrethub_access_rule" "secrethub_service_account_access" {
	account_name = secrethub_service.secrethub_service_account.id
	dir = "my-app/credentials"
	permission = "read"
	}

	# Finally, inject secrethub service account as kubernetes secret into proper namespace
	resource "kubernetes_secret" "k8s_secrethub_service_account" {
	metadata {
	name = "secrethub-service-account"
	namespace = var.my_app_namespace # Your cluster namespace where your service is deployed
	}
	type = "Opaque"
	data = {
	".secrethub-credential" = "${secrethub_service.secrethub_service_account.credential}"
	}
	}