From c9ea2f04992a8b12f7c726f04e785c67e0d6da48 Mon Sep 17 00:00:00 2001 From: matttrach Date: Mon, 9 Feb 2026 12:43:05 -0600 Subject: [PATCH] fix: switch out secret for secret_v1 Signed-off-by: matttrach --- examples/downstream/main.tf | 2 +- examples/downstream_splitrole/main.tf | 2 +- examples/one/main.tf | 2 +- examples/prod/main.tf | 2 +- examples/three/main.tf | 2 +- flake.lock | 6 ++-- modules/install_rancher/rancher/main.tf | 16 ++++----- .../rancher_externalTLS/main.tf | 36 +++++++++---------- 8 files changed, 34 insertions(+), 34 deletions(-) diff --git a/examples/downstream/main.tf b/examples/downstream/main.tf index f7599d5..a8f4931 100644 --- a/examples/downstream/main.tf +++ b/examples/downstream/main.tf @@ -67,7 +67,7 @@ module "rancher" { # rke2 rke2_version = local.rke2_version local_file_path = local.local_file_path - install_method = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise + install_method = "rpm" cni = "canal" node_configuration = { "rancher" = { diff --git a/examples/downstream_splitrole/main.tf b/examples/downstream_splitrole/main.tf index 05578a7..41d65ba 100644 --- a/examples/downstream_splitrole/main.tf +++ b/examples/downstream_splitrole/main.tf @@ -67,7 +67,7 @@ module "rancher" { # rke2 rke2_version = local.rke2_version local_file_path = local.local_file_path - install_method = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise + install_method = "rpm" cni = "canal" node_configuration = { "rancher" = { diff --git a/examples/one/main.tf b/examples/one/main.tf index 1048ea3..822aa6a 100644 --- a/examples/one/main.tf +++ b/examples/one/main.tf @@ -56,7 +56,7 @@ module "rancher" { # rke2 rke2_version = local.rke2_version local_file_path = local.local_file_path - install_method = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise + install_method = "tar" # this installs RKE using the tar method, but it isn't an air-gapped install, Rancher install still uses public helm chart cni = "canal" node_configuration = { "rancher" = { diff --git a/examples/prod/main.tf b/examples/prod/main.tf index 13d10cb..9c15e6a 100644 --- a/examples/prod/main.tf +++ b/examples/prod/main.tf @@ -87,7 +87,7 @@ module "rancher" { # rke2 rke2_version = local.rke2_version local_file_path = local.local_file_path - install_method = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise + install_method = "tar" # tar install, but not air-gapped cni = "canal" node_configuration = { "initial" = { diff --git a/examples/three/main.tf b/examples/three/main.tf index ffb031c..bd7f736 100644 --- a/examples/three/main.tf +++ b/examples/three/main.tf @@ -124,7 +124,7 @@ module "rancher" { # rke2 rke2_version = local.rke2_version local_file_path = local.local_file_path - install_method = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise + install_method = "tar" # tar install, but not air-gapped cni = "canal" node_configuration = local.node_configuration # rancher diff --git a/flake.lock b/flake.lock index 11b6cad..c97bf14 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763934636, - "narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=", + "lastModified": 1770169770, + "narHash": "sha256-awR8qIwJxJJiOmcEGgP2KUqYmHG4v/z8XpL9z8FnT1A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261", + "rev": "aa290c9891fa4ebe88f8889e59633d20cc06a5f2", "type": "github" }, "original": { diff --git a/modules/install_rancher/rancher/main.tf b/modules/install_rancher/rancher/main.tf index 2fa1491..133e7c3 100644 --- a/modules/install_rancher/rancher/main.tf +++ b/modules/install_rancher/rancher/main.tf @@ -190,7 +190,7 @@ data "kubernetes_secret_v1" "certificate" { # we need to create the tls-ca and tls-ca-additional secrets while the rancher pod is starting up # the rancher pod will fail a few times, but once the secrets are in place it will start and everything will start to work -resource "kubernetes_secret" "rancher_tls_ca" { +resource "kubernetes_secret_v1" "rancher_tls_ca" { depends_on = [ time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, @@ -203,7 +203,7 @@ resource "kubernetes_secret" "rancher_tls_ca" { name = "tls-ca" namespace = "cattle-system" } - type = "generic" + type = "Opaque" # "generic" https://kubernetes.io/docs/concepts/configuration/secret/#secret-types data = { "cacerts.pem" = data.kubernetes_secret_v1.certificate.data["tls.crt"], # don't base64 encode } @@ -214,7 +214,7 @@ resource "kubernetes_secret" "rancher_tls_ca" { } } -resource "kubernetes_secret" "rancher_tls_ca_additional" { +resource "kubernetes_secret_v1" "rancher_tls_ca_additional" { depends_on = [ time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, @@ -227,7 +227,7 @@ resource "kubernetes_secret" "rancher_tls_ca_additional" { name = "tls-ca-additional" namespace = "cattle-system" } - type = "generic" + type = "Opaque" # "generic" https://kubernetes.io/docs/concepts/configuration/secret/#secret-types data = { "ca-additional.pem" = data.kubernetes_secret_v1.certificate.data["tls.crt"], # don't base64 encode } @@ -246,8 +246,8 @@ resource "terraform_data" "wait_for_rancher" { kubernetes_manifest.issuer, helm_release.rancher, data.kubernetes_secret_v1.certificate, - kubernetes_secret.rancher_tls_ca, - kubernetes_secret.rancher_tls_ca_additional, + kubernetes_secret_v1.rancher_tls_ca, + kubernetes_secret_v1.rancher_tls_ca_additional, ] provisioner "local-exec" { command = <<-EOT @@ -268,8 +268,8 @@ resource "terraform_data" "get_public_cert_info" { kubernetes_manifest.issuer, helm_release.rancher, data.kubernetes_secret_v1.certificate, - kubernetes_secret.rancher_tls_ca, - kubernetes_secret.rancher_tls_ca_additional, + kubernetes_secret_v1.rancher_tls_ca, + kubernetes_secret_v1.rancher_tls_ca_additional, terraform_data.wait_for_rancher, ] provisioner "local-exec" { diff --git a/modules/install_rancher/rancher_externalTLS/main.tf b/modules/install_rancher/rancher_externalTLS/main.tf index f25c14b..3d284b9 100644 --- a/modules/install_rancher/rancher_externalTLS/main.tf +++ b/modules/install_rancher/rancher_externalTLS/main.tf @@ -109,7 +109,7 @@ resource "terraform_data" "cattle-system" { } } -resource "kubernetes_secret" "tls_rancher_ingress" { +resource "kubernetes_secret_v1" "tls_rancher_ingress" { depends_on = [ time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, @@ -119,7 +119,7 @@ resource "kubernetes_secret" "tls_rancher_ingress" { name = "tls-rancher-ingress" namespace = "cattle-system" } - type = "kubernetes.io/tls" + type = "kubernetes.io/tls" #https://kubernetes.io/docs/concepts/configuration/secret/#secret-types data = { "tls.crt" = local.full_chain, "tls.key" = local.private_key, @@ -131,18 +131,18 @@ resource "kubernetes_secret" "tls_rancher_ingress" { } } -resource "kubernetes_secret" "rancher_tls_ca" { +resource "kubernetes_secret_v1" "rancher_tls_ca" { depends_on = [ time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, terraform_data.cattle-system, - kubernetes_secret.tls_rancher_ingress, + kubernetes_secret_v1.tls_rancher_ingress, ] metadata { name = "tls-ca" namespace = "cattle-system" } - type = "generic" + type = "Opaque" #https://kubernetes.io/docs/concepts/configuration/secret/#secret-types data = { "cacerts.pem" = local.ca_certs } @@ -153,19 +153,19 @@ resource "kubernetes_secret" "rancher_tls_ca" { } } -resource "kubernetes_secret" "rancher_tls_ca_additional" { +resource "kubernetes_secret_v1" "rancher_tls_ca_additional" { depends_on = [ time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, terraform_data.cattle-system, - kubernetes_secret.tls_rancher_ingress, - kubernetes_secret.rancher_tls_ca, + kubernetes_secret_v1.tls_rancher_ingress, + kubernetes_secret_v1.rancher_tls_ca, ] metadata { name = "tls-ca-additional" namespace = "cattle-system" } - type = "generic" + type = "Opaque" #"generic" https://kubernetes.io/docs/concepts/configuration/secret/#secret-types data = { "ca-additional.pem" = local.ca_certs, } @@ -182,9 +182,9 @@ resource "helm_release" "rancher" { time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, terraform_data.cattle-system, - kubernetes_secret.tls_rancher_ingress, - kubernetes_secret.rancher_tls_ca, - kubernetes_secret.rancher_tls_ca_additional, + kubernetes_secret_v1.tls_rancher_ingress, + kubernetes_secret_v1.rancher_tls_ca, + kubernetes_secret_v1.rancher_tls_ca_additional, ] name = "rancher" chart = "${local.rancher_helm_repo}/${local.rancher_helm_channel}/rancher-${local.rancher_version}.tgz" @@ -211,9 +211,9 @@ resource "terraform_data" "wait_for_rancher" { time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, terraform_data.cattle-system, - kubernetes_secret.tls_rancher_ingress, - kubernetes_secret.rancher_tls_ca, - kubernetes_secret.rancher_tls_ca_additional, + kubernetes_secret_v1.tls_rancher_ingress, + kubernetes_secret_v1.rancher_tls_ca, + kubernetes_secret_v1.rancher_tls_ca_additional, helm_release.rancher, ] provisioner "local-exec" { @@ -231,9 +231,9 @@ resource "terraform_data" "get_public_cert_info" { time_sleep.settle_before_rancher, terraform_data.wait_for_nginx, terraform_data.cattle-system, - kubernetes_secret.tls_rancher_ingress, - kubernetes_secret.rancher_tls_ca, - kubernetes_secret.rancher_tls_ca_additional, + kubernetes_secret_v1.tls_rancher_ingress, + kubernetes_secret_v1.rancher_tls_ca, + kubernetes_secret_v1.rancher_tls_ca_additional, helm_release.rancher, terraform_data.wait_for_rancher, ]