3

When reviewing the documentation for Azure Container Groups, specifically this page on secrets: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-secret I noticed the volumes object is an array of what appear to be 1 or more volumes.

"volumes": [
      {
        "name": "secretvolume1",
        "secret": {
          "mysecret1": "TXkgZmlyc3Qgc2VjcmV0IEZPTwo=",
          "mysecret2": "TXkgc2Vjb25kIHNlY3JldCBCQVIK"
        }
      }
    ]

When reviewing the Terraform documentation here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_group I noticed the volume object is singular.

Is it not possible to make multiple volumes in terraform? Is this also not possible in say ARM, despite it appearing to be so in documentation? Testing would indicate Terrraform doesn't support multiple volumes, though I'm not proficient enough with ARM to verify.

user3216649
  • 71
  • 9

1 Answers1

7

Sure, it's possible to make multiple volumes with Terraform:

In my working sample, it creates two volumes, one is for a storage file share, another is a secret volume.

resource "azurerm_resource_group" "example" {
  name     = "${var.prefix}-resources"
  location = var.location
}

resource "azurerm_storage_account" "example" {
  name                     = "${var.prefix}stor"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_share" "example" {
  name                 = "aci-test-share"
  storage_account_name = azurerm_storage_account.example.name
  quota                = 50
}

resource "azurerm_container_group" "example" {
  name                = "${var.prefix}-continst"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  ip_address_type     = "public"
  dns_name_label      = "${var.prefix}-continst"
  os_type             = "Linux"

  container {
    name   = "hello-world"
    image  = "microsoft/aci-helloworld:latest"
    cpu    = "0.5"
    memory = "1.5"

    ports {
      port     = 443
      protocol = "TCP"
    }

    volume {
      name       = "logs"
      mount_path = "/aci/logs"
      read_only  = false
      share_name = azurerm_storage_share.example.name

      storage_account_name = azurerm_storage_account.example.name
      storage_account_key  = azurerm_storage_account.example.primary_access_key

    }

    volume {
      name       = "secretvolume1"
      mount_path = "/mnt/secrets"
      read_only  = false

      secret = {
        "mysecret1"=base64encode("My first secret FOO")
        "mysecret2"=base64encode("My second secret BAR")
      }
    }
  }

}

I am using the latest provider.

PS D:\Terraform> .\terraform.exe -v
Terraform v0.14.7
+ provider registry.terraform.io/hashicorp/azurerm v2.48.0

enter image description here

Verify the mount path from the container instance--->connect--->/bin/sh on the Azure portal.

enter image description here

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • Thank you Nancy! In my experience, validate threw an error at me when I tried, saying that only one volume could be made at a time: 2021-02-12T19:34:07.5424698Z Error: only one of `empty_dir` volume, `git_repo` volume, `secret` volume or storage account volume (`share_name`, `storage_account_name`, and `storage_account_key`) can be specified I think there might be a provider difference between us. Can you tell me your provider version? Maybe include the rest of your terraform config please? – user3216649 Feb 24 '21 at 21:25
  • 1
    I am using the latest provider. `Terraform v0.14.7 + provider registry.terraform.io/hashicorp/azurerm v2.48.0`, please check my update. See the example usage https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#example-usage – Nancy Feb 25 '21 at 08:34
  • Thanks so much, I appreciate it Nancy – user3216649 Feb 25 '21 at 09:32