I'm trying to figure out how to specify the password to Azure DevOps git repository in terraform resource, which means I'm deploying infrastructure by pipeline with inputs.azureSubscription and then deploying AKS cluster by terraform from this pipeline and adding GitOps configuration azurerm_kubernetes_flux_configuration but I cannot figure out how to set credentials for the git. It seems it is possible by setting TF_VAR_name from the Azure pipeline and set PAT from particular pipeline steps.task.env:[TF_VAR_my_git_access_token] $(ACCESS_TOKEN) but I'm sure this is best practice because I have to store it in KeyVault and then pick it up and the second one that I do not manage this PAT. Could you explain how to set azurerm_kubernetes_flux_configuration in the correct way? Maybe somehow through the CSI driver to KeyVault deploy it with federated identity or deploy it by helm charts after the secret is created through CSI. Thank you!
Access Azure devops repository from gitops by terraform
131 views Asked by AleksP At
1
There are 1 answers
Related Questions in AZURE-DEVOPS
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Error: VS800075 when downloading artifact from another project
- Azure Scale Sets and Parallel Jobs
- Get current Timestamp in CET format and concatenate with string in yml file
- Post-Job Checkout Hanging in Azure DevOps Pipelines
- Referencing yml file from submodule in main pipeline
- Where to find a User Story draft?
- Self Hosted Agent service startup getting failed on VM restart
- Azure pipeline unable to deploy via a bicep file and set values for its parameters
- Dacpac deployment to Azure via SSMS failed: Cannot alter the role db_owner
- NodeJS [Errno 13] Permission denied - Azure DevOps pipleline AWS Lambda deployment
- Share variables across stages in azure pipelines with templates
- Can I move an Azure Data Factory Pipeline to Azure DevOps?
- How to migrate a single workitem in Devops
- Deploy Docker Image into AKS cluster using Azure Release Pipelines with the parameters like clustername, acr, resourcegroup
Related Questions in TERRAFORM
- Why does terraform aws_cognito_user_pool always show as "updated in-place" on every single terraform plan?
- Terraform - loop over complex data in data source
- Terraform cidrsubnets
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Problem to add service principal permissions with terraform
- Multiple resources for the depends_on dependencies is throwing an Error
- Parametrizing backend in terraform on gcp
- AWS EKS Fargate pod scheduling issue with Prometheus deployment
- Terraform valdiate that one of N variables is set to "true"
- How to assign a value to a string variable, that includes embedded '=' in the value
- Terraform loop over Map variable to provision multiple Databricks catalogs
- Terraform OCI error when creating Network Load Balancer
- logiapp teams api connection terraform user sign in
- Difference between google_project_iam_* and other google_*_iam_* resources
- JSON representation of the current Terraform configuration
Related Questions in AZURE-PIPELINES
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Get current Timestamp in CET format and concatenate with string in yml file
- Post-Job Checkout Hanging in Azure DevOps Pipelines
- What changed from xcode 13.2.1 to 14.2 that would affect an app's entitlements?
- Azure pipeline unable to deploy via a bicep file and set values for its parameters
- NodeJS [Errno 13] Permission denied - Azure DevOps pipleline AWS Lambda deployment
- To can I reference the error code of a failed step in an Azure pipeline
- Share variables across stages in azure pipelines with templates
- Deploy Docker Image into AKS cluster using Azure Release Pipelines with the parameters like clustername, acr, resourcegroup
- Getting CI/CD error on biulding step in React Azure Pipeline
- Custom Conditions in Azure Pipelines break ability to cancel
- Why multiple azure pipelines are being triggered although I am triggering only once?
- Devops passing output from one job template step to another job template step
- Integrate Deployment status to Work Items in TFS
- Because my api, after publishing through the AzureDevops pipeline in flurl methods, the entryPointNotFoundException exception is occurring
Related Questions in GITOPS
- ArgoCD Doesn't Trigger Kubernetes Job on Image Tag Update Using Hooks
- syncing of helmrelease through flux
- ArgoCD deploy app-of-apps to remote cluster
- ArgoCD: Multiple sources for a helm chart
- Kustomize args field in Kubernetes deployment resource and encrypt/manage the args password for Git (ArgoCD)
- Preventing Unnecessary Syncs in Argo CD with Multi-Service Helm Chart Repo Setup
- Azure Kubernetes GitOps flux
- issue while deploying applicationset using list generator in argocd
- Issue in adding eks cluster as a remote in argocd
- ArgoCD App-of-Apps - Ensuring Strimzi Child App Health Before Kafka App Sync
- Access Azure devops repository from gitops by terraform
- Argocd: Matrix generator: map has no entry for key "config"
- How to manage keycloak using gitops for multiple environment
- GitOps and Liquibase
- ArgoCD ignoreDifferences not working for openshift machinesets with kyverno mutation
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Based on your requirement, you are deploying infrastructure via Azure Pipeline and don't want to manage PAT.
I suggest that you can directly use the Predefined variable:
$(system.accesstoken)in Azure Pipeline if the repo and Pipeline are in the same organization.This variable will be valid during the running of the Pipeline, and it will use the Build Service Account to access the Azure Repo.
It automatically refreshes every time the build runs so you don't have to manage it.
You can refer to the following steps:
Step1: Grant the Repo Read Permission to the Build Service Accounts: YourProjectName Build Service(YourOrganme) and Project Collection Build Service(YourOrgName)
For example:
Note: When you using classic pipeline, you need to enable the otpion: Allow scripts to access the OAuth token
Step2.You can pass the variable with the environment.
Or
Step3: User the variable in terraform file.
For example:
For more detailed info, you can refer to the docs: System.accesstoken and Access repositories, artifacts, and other resources