Terraform Azure Container Groups appear to have no way to mount multiple volumes?

Question

When reviewing the documentation for Azure Container Groups, specifically this page on secrets: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-secret I noticed the volumes object is an array of what appear to be 1 or more volumes.

"volumes": [
      {
        "name": "secretvolume1",
        "secret": {
          "mysecret1": "TXkgZmlyc3Qgc2VjcmV0IEZPTwo=",
          "mysecret2": "TXkgc2Vjb25kIHNlY3JldCBCQVIK"
        }
      }
    ]

When reviewing the Terraform documentation here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/container_group I noticed the volume object is singular.

Is it not possible to make multiple volumes in terraform? Is this also not possible in say ARM, despite it appearing to be so in documentation? Testing would indicate Terrraform doesn't support multiple volumes, though I'm not proficient enough with ARM to verify.

Answer 1

Sure, it's possible to make multiple volumes with Terraform:

In my working sample, it creates two volumes, one is for a storage file share, another is a secret volume.

resource "azurerm_resource_group" "example" {
  name     = "${var.prefix}-resources"
  location = var.location
}

resource "azurerm_storage_account" "example" {
  name                     = "${var.prefix}stor"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_share" "example" {
  name                 = "aci-test-share"
  storage_account_name = azurerm_storage_account.example.name
  quota                = 50
}

resource "azurerm_container_group" "example" {
  name                = "${var.prefix}-continst"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  ip_address_type     = "public"
  dns_name_label      = "${var.prefix}-continst"
  os_type             = "Linux"

  container {
    name   = "hello-world"
    image  = "microsoft/aci-helloworld:latest"
    cpu    = "0.5"
    memory = "1.5"

    ports {
      port     = 443
      protocol = "TCP"
    }

    volume {
      name       = "logs"
      mount_path = "/aci/logs"
      read_only  = false
      share_name = azurerm_storage_share.example.name

      storage_account_name = azurerm_storage_account.example.name
      storage_account_key  = azurerm_storage_account.example.primary_access_key

    }

    volume {
      name       = "secretvolume1"
      mount_path = "/mnt/secrets"
      read_only  = false

      secret = {
        "mysecret1"=base64encode("My first secret FOO")
        "mysecret2"=base64encode("My second secret BAR")
      }
    }
  }

}

I am using the latest provider.

PS D:\Terraform> .\terraform.exe -v
Terraform v0.14.7
+ provider registry.terraform.io/hashicorp/azurerm v2.48.0

Verify the mount path from the container instance--->connect--->/bin/sh on the Azure portal.