将 GitLab CI 变量注入 Terraform 变量
[英]Inject GitLab CI Variables into Terraform Variables
问题描述
I'm having a set of Terraform files and in particular one variables.tf file which sort of holds my variables like aws access key, aws access token etc. I want to now automate the resource creation on AWS using GitLab CI / CD.
我有一组 Terraform 文件,特别是一个 variables.tf 文件,其中包含我的变量,如 aws 访问密钥、aws 访问令牌等。我现在想使用 GitLab CI / CD 在 AWS 上自动创建资源。
My plan is the following:我的计划如下:
Write a .gitlab-ci-yml file
编写一个 .gitlab-ci-yml 文件Have the terraform calls in the .gitlab-ci.yml file
在 .gitlab-ci.yml 文件中调用 terraform
I know that I can have secret environment variables in GitLab, but I'm not sure how I can push those variables into my Terraform variables.tf file which looks like this now!我知道我可以在 GitLab 中拥有秘密环境变量,但我不确定如何将这些变量推送到现在看起来像这样的 Terraform variables.tf 文件中!
# AWS Config
variable "aws_access_key" {
default = "YOUR_ADMIN_ACCESS_KEY"
}
variable "aws_secret_key" {
default = "YOUR_ADMIN_SECRET_KEY"
}
variable "aws_region" {
default = "us-west-2"
}
In my .gitlab-ci.yml, I have access to the secrets like this:在我的 .gitlab-ci.yml 中,我可以访问这样的秘密:
- 'AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'
- 'AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'
- 'AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'
How can I pipe it to my Terraform scripts?如何将它通过管道传输到我的 Terraform 脚本? Any ideas?有任何想法吗? I would need to read the secrets from GitLab's environment and pass it on to the Terraform scripts!我需要阅读 GitLab 环境中的秘密并将其传递给 Terraform 脚本!
2 个解决方案
解决方案1
6 已采纳 2019-06-06 07:20:10
Which executor are you using for your GitLab runners?您为 GitLab 跑步者使用哪个执行器?
You don't necessarily need to use the Docker executor but can use a runner installed on a bare-metal machine or in a VM.您不一定需要使用 Docker 执行程序,但可以使用安装在裸机或虚拟机中的运行程序。
If you install the gettext package on the respective machine/VM as well you can use the same method as I described in Referencing gitlab secrets in Terraform for the Docker executor.如果您也在相应的机器/VM 上安装gettext包,您可以使用我在 Terraform 中为 Docker 执行程序引用 gitlab 机密中描述的相同方法。
Another possibility could be that you set另一种可能性可能是您设置
job:
stage: ...
variables:
TF_VAR_SECRET1: ${GITLAB_SECRET}
or或者
job:
stage: ...
script:
- export TF_VAR_SECRET1=${GITLAB_SECRET}
in your CI job configuration and interpolate these.在您的 CI 作业配置中并插入这些。 Please see Getting an Environment Variable in Terraform configuration?请参阅在 Terraform 配置中获取环境变量? as well以及
解决方案2
1 2022-06-21 13:24:06
Bear in mind that terraform requires a TF_VAR_ prefix to environment variables.请记住,terraform 需要环境变量的 TF_VAR_ 前缀。 So actually you need something like this in .gitlab-ci.yml所以实际上你在 .gitlab-ci.yml 中需要这样的东西
- 'TF_VAR_AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'
- 'TF_VAR_AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}'
- 'TF_VAR_AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}'
Which also means you could just set the variable in the pipeline with that prefix as well and not need this extra mapping step.这也意味着您也可以使用该前缀在管道中设置变量,而不需要这个额外的映射步骤。
I see you actually did discover this per your comment---I'm still posting this answer since I missed your comment the first time and it would have saved me an hour of work.我看到您实际上确实根据您的评论发现了这一点-我仍在发布此答案,因为我第一次错过了您的评论,这可以节省我一个小时的工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.