From 9e528c9b7bb5afe2c969db01bd9c5423129e5af9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20T=C3=B6lle?= <julian.toelle97@gmail.com>
Date: Mon, 3 Jan 2022 17:16:58 +0100
Subject: [PATCH] feat: output working kubeconfig for new cluster

---
 .gitignore               |  3 ++-
 .terraform.lock.hcl      | 18 ++++++++++++++++++
 Makefile                 |  2 +-
 k3s_cluster_v2/k3s.tf    | 14 +++++++-------
 k3s_cluster_v2/output.tf | 17 +++++++++++++----
 kubeconfig.tf            | 30 ++++++++++++++++++++++++++++++
 6 files changed, 71 insertions(+), 13 deletions(-)
 create mode 100644 kubeconfig.tf

diff --git a/.gitignore b/.gitignore
index b421c6f..d3ac539 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@ credentials.tfvars
 terraform.tfstate*
 .terraform
 
-kubeconfig.yaml
\ No newline at end of file
+kubeconfig.yaml
+kubeconfig-v2.yaml
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 0c5ec95..d072f8d 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -77,6 +77,24 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
   ]
 }
 
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.1.0"
+  hashes = [
+    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
+    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
+    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
+    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
+    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
+    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
+    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
+    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
+    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
+    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
+    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
+    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/null" {
   version     = "2.1.2"
   constraints = "~> 2.1"
diff --git a/Makefile b/Makefile
index 18d380a..0484fb8 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ TFFLAGS=-var-file=credentials.tfvars
 VALIDATE=terraform validate -check-variables=false
 
 apply: init
-	$(TF) apply $(TFFLAGS) 
+	$(TF) apply $(TFFLAGS)
 
 plan: init
 	$(TF) plan $(TFFLAGS)
diff --git a/k3s_cluster_v2/k3s.tf b/k3s_cluster_v2/k3s.tf
index 926371f..57f6f45 100644
--- a/k3s_cluster_v2/k3s.tf
+++ b/k3s_cluster_v2/k3s.tf
@@ -53,38 +53,38 @@ provider "kubernetes" {
   client_key             = module.k3s.kubernetes.client_key
 }
 
-resource "kubernetes_service_account" "bootstrap" {
+resource "kubernetes_service_account" "admin" {
   depends_on = [module.k3s.kubernetes_ready]
 
   metadata {
-    name      = "bootstrap"
+    name      = "admin"
     namespace = "default"
   }
 }
 
-resource "kubernetes_cluster_role_binding" "boostrap" {
+resource "kubernetes_cluster_role_binding" "admin" {
   depends_on = [module.k3s.kubernetes_ready]
 
   metadata {
-    name = "bootstrap"
+    name = "admin"
   }
 
   subject {
     kind      = "ServiceAccount"
-    name      = "bootstrap"
+    name      = "admin"
     namespace = "default"
   }
 
   role_ref {
     api_group = "rbac.authorization.k8s.io"
     kind      = "ClusterRole"
-    name      = "admin"
+    name      = "cluster-admin"
   }
 }
 
 data "kubernetes_secret" "sa_credentials" {
   metadata {
-    name      = kubernetes_service_account.bootstrap.default_secret_name
+    name      = kubernetes_service_account.admin.default_secret_name
     namespace = "default"
   }
 }
diff --git a/k3s_cluster_v2/output.tf b/k3s_cluster_v2/output.tf
index 6a2e5ce..dea0106 100644
--- a/k3s_cluster_v2/output.tf
+++ b/k3s_cluster_v2/output.tf
@@ -2,8 +2,17 @@ output "summary" {
   value = module.k3s.summary
 }
 
-output "bootstrap_sa" {
-  description = "Bootstrap ServiceAccount. Can be used by Terraform to provision this cluster."
-  value       = data.kubernetes_secret.sa_credentials.data
-  sensitive   = true
+output "kubernetes" {
+  description = "Authentication credentials of Kubernetes (full administrator)."
+  value = {
+    token                  = data.kubernetes_secret.sa_credentials.data.token
+    cluster_ca_certificate = module.k3s.kubernetes.cluster_ca_certificate
+    api_endpoint           = "https://${var.domain}:6443"
+  }
+  sensitive = true
+}
+
+output "kubernetes_ready" {
+  description = "Dependency endpoint to synchronize k3s installation and provisioning."
+  value       = module.k3s.kubernetes_ready
 }
diff --git a/kubeconfig.tf b/kubeconfig.tf
new file mode 100644
index 0000000..33e87b2
--- /dev/null
+++ b/kubeconfig.tf
@@ -0,0 +1,30 @@
+provider "kubernetes" {
+  host                   = module.k3s_cluster_v2.kubernetes.api_endpoint
+  cluster_ca_certificate = module.k3s_cluster_v2.kubernetes.cluster_ca_certificate
+  token                  = module.k3s_cluster_v2.kubernetes.token
+}
+
+resource "local_file" "kubeconfig-v2" {
+  filename = "${path.module}/kubeconfig-v2.yaml"
+
+  content = <<EOF
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: ${base64encode(module.k3s_cluster_v2.kubernetes.cluster_ca_certificate)}
+    server: ${module.k3s_cluster_v2.kubernetes.api_endpoint}
+  name: home-cloud-v2
+contexts:
+- context:
+    cluster: home-cloud-v2
+    user: admin
+  name: home-cloud-v2
+current-context: home-cloud-v2
+kind: Config
+preferences: {}
+users:
+- name: admin
+  user:
+    token: ${module.k3s_cluster_v2.kubernetes.token}
+  EOF
+}