Hi there,
currently I´m trying to set the annotations for the Vault agent sidecar injector in a helm release with Terraform.
However when setting the vault.hashicorp.com/agent-inject-template annotation I´m getting the error:
Error: failed parsing key “grafana.podAnnotations.vault\.hashicorp\.com/agent-inject-template-tls\.cer” with value {{- with secret “tm-euc1-dev-kube-prometheus-stack-grafana-pki/issue/tm-euc1-dev-kube-prometheus-stack-grafana-pki” “common_name=grafana.tm-npe.mydomain.top” -}}{{ .Data.certificate }}{{- end }}, key map "}{{ " has no value
The set block in the “helm_release” is configured this way:
dynamic "set" {
for_each = var.grafana_enable_ssl_via_injection ? local.grafana_vault_inject_ssl_annotation : {}
content {
name = "grafana.podAnnotations.${replace(set.key, ".", "\\.")}"
value = set.value
}
}
The local “grafana_vault_inject_ssl_annotation”’ has the following content:
grafana_vault_inject_ssl_annotation = {
"vault.hashicorp.com/agent-inject" = "true"
"vault.hashicorp.com/agent-inject-secret-tls.key" = "${module.standard_label.id}-grafana-pki/issue/${module.standard_label.id}-grafana-pki"
"vault.hashicorp.com/agent-inject-template-tls.key" = "{{- with secret \"${module.standard_label.id}-grafana-pki/issue/${module.standard_label.id}-grafana-pki\" \"common_name=${replace(var.grafana_addr, "https://", "")}\" -}}{{ .Data.private_key }}{{- end }}"
"vault.hashicorp.com/agent-inject-secret-tls.cer" = "${module.standard_label.id}-grafana-pki/issue/${module.standard_label.id}-grafana-pki"
"vault.hashicorp.com/agent-inject-template-tls.cer" = "{{- with secret \"${module.standard_label.id}-grafana-pki/issue/${module.standard_label.id}-grafana-pki\" \"common_name=${replace(var.grafana_addr, "https://", "")}\" -}}{{ .Data.certificate }}{{- end }}"
"vault.hashicorp.com/role" = "${module.standard_label.id}-grafana-pki"
}
Any hint on what I´m missing would be greatly appreaciated 