resource "random_password" "rancher_admin_password" {
  length  = 20
  special = false
}

resource "vault_kv_secret_v2" "rancher_creds" {
  mount               = "management"
  name                = "rancher"
  delete_all_versions = true
  data_json = jsonencode({
    admin_password = random_password.rancher_admin_password.result
  })
}

resource "helm_release" "rancher" {
  name             = "rancher"
  namespace        = "cattle-system"
  chart            = "https://releases.rancher.com/server-charts/latest/rancher-2.9.1.tgz"

  reuse_values     = true
  recreate_pods    = false

  set_sensitive {
    name  = "adminPassword"
    value = vault_kv_secret_v2.rancher_creds.data["admin_password"]
  }

  lifecycle {
    ignore_changes = [
      set,
      set_sensitive,
    ]
  }
}