Why terraform is not allowing me to use the image_pull_secrets?

Question

I have an image to pull from a private registry. I did all the configs and added the secret to the pod config under pod.spec.image_pull_secrets. But I am getting an error like

An argument named "image_pull_secrets" is not expected here. Did you mean to define a block of type "image_pull_secrets"?

As per documentation this should be ok. https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod#nested-blocks

resource "kubernetes_pod" "main" {
  count = data.coder_workspace.me.start_count
  metadata {
    name = "coder-${lower(data.coder_workspace.me.owner)}-${lower(data.coder_workspace.me.name)}"
    namespace = var.workspaces_namespace
  }
  spec {
      image_pull_secrets = {
       name = ["coder-ocir-secret"]
      }   
     security_context {
    #   run_as_user = "1000"
       fs_group    = "1000"

     }


     init_container {
       name    = "init-eclipse"
       image   = "busybox:latest"      
       command = [ "chown","-R","1000:1000","/data"]

          security_context {
        run_as_user = "0"
        privileged = "true"
        allow_privilege_escalation = "true"
        read_only_root_filesystem = "false"
        run_as_non_root = "false"
        capabilities {
          add = ["CAP_SYS_ADMIN","CHOWN",
                 "FOWNER",
                  "DAC_OVERRIDE"]
     
        drop = [
      "ALL"]
        }
      }
       volume_mount {
         mount_path = "/data"
         name       = "home-coder-vol-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
       } 

    }    
    container {
      name    = "eclipse"
      image   = "docker.io/manumaan/eclipsevncv2.2:latest"
      command = ["sh", "-c", coder_agent.coder.init_script]
      image_pull_policy = "Always"
      security_context {
        run_as_user = "1000"
        # fs_group    = "1000"
      }
      env {
        name  = "CODER_AGENT_TOKEN"
        value = coder_agent.coder.token
      }
      resources {
        requests = {
          cpu    = "${var.cpu}"
          memory = "${var.memory}G"
          ephemeral-storage = "2Gi"
        }        
        limits = {
          cpu    = "${var.cpu}"
          memory = "${var.memory}G"
          ephemeral-storage = "4Gi"
        }
      }    
                
      volume_mount {
        mount_path = "/home/coder"
        name       = "home-coder-vol-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
      }        
    }

I also tried giving it inside container, after all containers etc inside spec but it does not accept it.I am going crazy!

Also made it not a list: No difference.

  image_pull_secrets = {
   name = "coder-ocir-secret"
  }

Fcmam5 · Accepted Answer

This might be caused by a typo, image_pull_secrets is a block, so you don't need the =, neither the square brackets ([]) here:

  image_pull_secrets = {
   name = ["coder-ocir-secret"]
  }

It should be instead:

image_pull_secrets {
  name = "coder-ocir-secret"
}

If you need to define multiple pull_secrets you can define multiple ones, or use dynamic blocks

Why terraform is not allowing me to use the image_pull_secrets?

Answers (2)

Related Questions