Support loading secrets directly into services
Managed Cloud Run now has support for loading secrets into environment variables and files.
Extend this module to support loading secrets.
Activity
changed milestone to %DevOps Sprint 122
added priority2 Medium label
added Operations label
added to epic uis/devops&25
added workflowSprint Ready label and removed 1 deleted label
changed milestone to %DevOps Sprint 124
changed milestone to %DevOps Sprint 122
assigned to @ap2261
The Terraform module
google_cloud_run_servicenow supports direct reference to the secrets in SM as env vars or files. Determine what needs to be mounted where.
Supports volumes
volumes { name = "a-volume" secret { secret_name = google_secret_manager_secret.secret.secret_id items { key = "1" path = "my-secret" } } }env { name = "SECRET_ENV_VAR" value_from { secret_key_ref { name = google_secret_manager_secret.secret.secret_id key = "1" }added workflowIn Progress label and removed workflowSprint Ready label
I ran into an "obfuscated" error message:
Details: [ { "@type": "type.googleapis.com/google.rpc.BadRequest", "fieldViolations": [ { "description": "spec.template.spec.containers[0].volumeMounts should be empty", "field": "spec.template.spec.containers[0].volumeMounts" } ] } ]Which turned out to be a bug in the docs (from the links above):
metadata { annotations = { generated-by = "magic-modules" "run.googleapis.com/launch-stage" = "ALPHA" } }Should be
BETA. And if you have already appliedALPHA, remove any lifecyle rule, probablyrm -rf .terraform/and re-apply.
mentioned in merge request !25 (merged)
