Reputation: 9574
gcp cloud run, how to define multiple secret volumes via terraform, currently only 1 secret seems supported in documentation
Currently the terraform documentation for cloud run here shows you an example on how to mount 1 single secret volume to the cloud run service.
template {
spec {
containers {
image = "gcr.io/cloudrun/hello"
volume_mounts {
name = "a-volume"
mount_path = "/secrets"
}
}
volumes {
name = "a-volume"
secret {
secret_name = google_secret_manager_secret.secret.secret_id
default_mode = 292 # 0444
items {
key = "1"
path = "my-secret"
mode = 256 # 0400
}
}
}
}
}
I've tried to add multiple volumes and secret blocks but this will error out saying only 1 is allowed.
I've also tried to look through the documentation for a general example of multiple volumes but no such example exists.
Upvotes: 2
Views: 1864
Answers (2)
Reputation: 96
For those wondering per 2022, since the documentation is still somewhat unclear: Multiple secrets can be mounted under multiple mount points for Cloud Run by repeating the entries (assuming a secondary secret entry as well):
spec {
containers {
image = "gcr.io/cloudrun/hello"
volume_mounts {
name = "a-volume"
mount_path = "/secrets"
}
volume_mounts {
name = "secondary-volume"
mount_path = "/somewhere-else"
}
}
volumes {
name = "a-volume"
secret {
secret_name = google_secret_manager_secret.secret.secret_id
default_mode = 292 # 0444
items {
key = "1"
path = "my-secret"
mode = 256 # 0400
}
}
}
volumes {
name = "secondary-volume"
secret {
secret_name = google_secret_manager_secret.secondary_secret.secret_id
default_mode = 292 # 0444
items {
key = "1"
path = "my-secondary-secret"
mode = 256 # 0400
}
}
}
}
Upvotes: 5
Reputation: 21
In terraform documentation you can see : "The spec block supports: ...... volumes - (Optional) Volume represents a named volume in a container. Structure is"
You need to use the volume tag in spec context. like this
spec {
containers {
volume_mounts {
mount_path = "/secrets"
name = "secret"
}
}
**volumes {
name = "secret"
secret {
secret_name = "secret name"
}
}**
}
Upvotes: 0
Related Questions
- Create GCP service account and store service account key in secret manager in terraform
- Google Cloud Run Service Reference Secret within Terraform
- How to create a secret in Google Cloud Secret Manager by Terraform?
- Can I create GCP API keys using Terraform?
- Create multiple GCP storage buckets using terraform
- Azure Container Instance with Terraform - multiple secrets volumes
- terraform create k8s secret from gcp secret
- Google Cloud - How to grant access to group of secrets by label or name?
- Terraform multiple VM with multiple disk GCP
- Terraform Azure provider - How do I add via terraform more than one key and/or secret for my key vault?