chore: changes from shamil

florianow · florianow · commit 1b36d1f7de6c · 2026-03-16T17:43:08.000+01:00
diff --git a/modules/seaweedfs-instance/seaweedfs.tf b/modules/seaweedfs-instance/seaweedfs.tf
@@ -1,11 +1,31 @@
+resource "kubernetes_secret" "seaweedfs_identity" {
+  metadata {
+    name      = "seaweedfs-identity-config"
+    namespace = kubernetes_namespace.this.metadata[0].name
+  }
+
+  data = {
+    "identity.json" = jsonencode({
+      identities = [{
+        name = "admin"
+        credentials = [{
+          accessKey = var.seaweedfs_admin_access_key
+          secretKey = random_password.seaweedfs_admin_secret.result
+        }]
+        actions = ["Admin", "Read", "Write", "List", "Tagging"]
+      }]
+    })
+  }
+}
+
 resource "kubernetes_secret" "seaweedfs_iam" {
   metadata {
     name      = "seaweedfs-iam-config"
     namespace = kubernetes_namespace.this.metadata[0].name
   }
 
   data = {
-    "iam.json" = jsonencode({
+    "oidc.json" = jsonencode({
       sts = {
         enabled          = true
         tokenDuration    = "1h"
@@ -31,14 +51,6 @@ resource "kubernetes_secret" "seaweedfs_iam" {
           }
         }
       }]
-      identities = [{
-        name = "admin"
-        credentials = [{
-          accessKey = var.seaweedfs_admin_access_key
-          secretKey = random_password.seaweedfs_admin_secret.result
-        }]
-        actions = ["Admin", "Read", "Write", "List", "Tagging"]
-      }]
       policies = [
         {
           name = "Airliner1Policy"
@@ -206,7 +218,8 @@ resource "kubernetes_deployment" "seaweedfs" {
             "-s3",
             "-s3.port=8333",
             "-dir=/data",
-            "-iam.config=/etc/seaweed/iam.json"
+            "-s3.config=/etc/seaweed/identity/identity.json",
+            "-s3.iam.config=/etc/seaweed/iam/oidc.json"
           ]
 
           port {
@@ -238,9 +251,15 @@ resource "kubernetes_deployment" "seaweedfs" {
             mount_path = "/data"
           }
 
+          volume_mount {
+            name       = "identity-config"
+            mount_path = "/etc/seaweed/identity"
+            read_only  = true
+          }
+
           volume_mount {
             name       = "iam-config"
-            mount_path = "/etc/seaweed"
+            mount_path = "/etc/seaweed/iam"
             read_only  = true
           }
 
@@ -276,6 +295,14 @@ resource "kubernetes_deployment" "seaweedfs" {
           }
         }
 
+        volume {
+          name = "identity-config"
+
+          secret {
+            secret_name = kubernetes_secret.seaweedfs_identity.metadata[0].name
+          }
+        }
+
         volume {
           name = "iam-config"
 
