add git-crypt terraform

2021-02-14 13:17:24 +00:00 · 2021-02-14 13:17:24 +00:00 · c01eed321d
commit c01eed321d
parent 53fa7b58d2
10 changed files with 112 additions and 54 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -3,36 +3,26 @@ type: kubernetes
 name: default

 steps:
-  - name: Get terraform files
+  - name: PRepare terraform files
    image: alpine
-    # environment:
-      # kek:
-      #   from_secret: tfstate
    commands:
-      - "apk update && apk add jq curl"
+      - "apk update && apk add jq curl git git-crypt"
      - |
-        curl -k https://kubernetes:6443/api/v1/namespaces/drone/configmaps/tfstate -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq -r .data.tfstate | base64 -d | gzip -d > /terraform.tfstate
-      - |
-        curl -k https://kubernetes:6443/api/v1/namespaces/drone/configmaps/tfvars -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq -r .data.tfvars | base64 -d | gzip -d > /terraform.tfvars
-      - "cp /terraform.tfstate . && cp /terraform.tfvars ."
-      # - "cat /terraform.tfvars | head"
-      # - "env | grep kek"
-      # - 'echo $kek > /terraform.tfstate'
-      # - "sleep 300"
-    # volumes:
-    #   - name: tfstate
-    #     path: /terraform.tfstate
+        curl -k https://kubernetes:6443/api/v1/namespaces/drone/configmaps/git-crypt-key -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | jq -r .data.key | base64 -d > /tmp/key
+      - "git-crypt unlock /tmp/key"
  - name: Terraform apply
    image: hashicorp/terraform:latest
+    environment:
+      TF_VAR_prod: "true"
    commands:
      - "terraform init"
      - "terraform plan -target=module.kubernetes_cluster"

-  - name: Update configmap
-    image: alpine
-    commands:
-      - "apk update && apk add curl"
-      - "head terraform.tfstate"
+  # - name: Update configmap
+  #   image: alpine
+  #   commands:
+  #     - "apk update && apk add curl"
+  #     - "head terraform.tfstate"
    # plan: true
    # root_dir: "/data/src"
    # var_files:
@ -47,3 +37,8 @@ steps:
 # get:
 #   path: tfstate-default-state
 #   name: tfstate
+
+# ---
+# kind: secret
+# name: tfstate
+# data: zQSRlrUlUyY/lJL4AADpjTt+CfLmybuZqI4uHbPKv8kn2Aq4jomsNmseYgvrxbOF