Improve service account secret docs example (hashicorp#2407)

The examples currently cause problems for users as per issue hashicorp#1943 This changes the examples to suggest using: - generate_name for the secret - wait_for_service_account_token for the secret - not using the secret attribute of the service_account terraform resource - which seems to do nothing as it doesn't map to the kubernetes manifest schema - creates a dependency in the wrong direction
opentofu · Feb 13, 2024 · 0efec8b · 0efec8b
1 parent fc5b9ed
commit 0efec8b
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 10 deletions.
diff --git a/website/docs/r/secret.html.markdown b/website/docs/r/secret.html.markdown
@@ -90,9 +90,12 @@ resource "kubernetes_secret" "example" {
     annotations = {
       "kubernetes.io/service-account.name" = "my-service-account"
     }
+
+    generate_name = "my-service-account-"
   }
 
-  type = "kubernetes.io/service-account-token"
+  type                           = "kubernetes.io/service-account-token"
+  wait_for_service_account_token = true
 }
 ```
 

diff --git a/website/docs/r/secret_v1.html.markdown b/website/docs/r/secret_v1.html.markdown
@@ -90,9 +90,12 @@ resource "kubernetes_secret_v1" "example" {
     annotations = {
       "kubernetes.io/service-account.name" = "my-service-account"
     }
+
+    generate_name = "my-service-account-"
   }
 
-  type = "kubernetes.io/service-account-token"
+  type                           = "kubernetes.io/service-account-token"
+  wait_for_service_account_token = true
 }
 ```
 

diff --git a/website/docs/r/service_account.html.markdown b/website/docs/r/service_account.html.markdown
@@ -19,15 +19,19 @@ resource "kubernetes_service_account" "example" {
   metadata {
     name = "terraform-example"
   }
-  secret {
-    name = "${kubernetes_secret.example.metadata.0.name}"
-  }
 }
 
 resource "kubernetes_secret" "example" {
   metadata {
-    name = "terraform-example"
+    annotations = {
+      "kubernetes.io/service-account.name" = kubernetes_service_account.example.metadata.0.name
+    }
+
+    generate_name = "terraform-example-"
   }
+
+  type                           = "kubernetes.io/service-account-token"
+  wait_for_service_account_token = true
 }
 ```
 

diff --git a/website/docs/r/service_account_v1.html.markdown b/website/docs/r/service_account_v1.html.markdown
@@ -19,15 +19,19 @@ resource "kubernetes_service_account_v1" "example" {
   metadata {
     name = "terraform-example"
   }
-  secret {
-    name = "${kubernetes_secret_v1.example.metadata.0.name}"
-  }
 }
 
 resource "kubernetes_secret_v1" "example" {
   metadata {
-    name = "terraform-example"
+    annotations = {
+      "kubernetes.io/service-account.name" = kubernetes_service_account_v1.example.metadata.0.name
+    }
+
+    generate_name = "terraform-example-"
   }
+
+  type                           = "kubernetes.io/service-account-token"
+  wait_for_service_account_token = true
 }
 ```