mirror of
https://github.com/apricote/home-cloud.git
synced 2026-02-07 10:17:01 +00:00
feat: output working kubeconfig for new cluster
This commit is contained in:
parent
70a986913c
commit
9e528c9b7b
6 changed files with 71 additions and 13 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -4,3 +4,4 @@ terraform.tfstate*
|
||||||
.terraform
|
.terraform
|
||||||
|
|
||||||
kubeconfig.yaml
|
kubeconfig.yaml
|
||||||
|
kubeconfig-v2.yaml
|
||||||
|
|
|
||||||
18
.terraform.lock.hcl
generated
18
.terraform.lock.hcl
generated
|
|
@ -77,6 +77,24 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hashicorp/local" {
|
||||||
|
version = "2.1.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
|
||||||
|
"zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
|
||||||
|
"zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
|
||||||
|
"zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
|
||||||
|
"zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
|
||||||
|
"zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
|
||||||
|
"zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
|
||||||
|
"zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
|
||||||
|
"zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
|
||||||
|
"zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
|
||||||
|
"zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
|
||||||
|
"zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/null" {
|
provider "registry.terraform.io/hashicorp/null" {
|
||||||
version = "2.1.2"
|
version = "2.1.2"
|
||||||
constraints = "~> 2.1"
|
constraints = "~> 2.1"
|
||||||
|
|
|
||||||
|
|
@ -53,38 +53,38 @@ provider "kubernetes" {
|
||||||
client_key = module.k3s.kubernetes.client_key
|
client_key = module.k3s.kubernetes.client_key
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_service_account" "bootstrap" {
|
resource "kubernetes_service_account" "admin" {
|
||||||
depends_on = [module.k3s.kubernetes_ready]
|
depends_on = [module.k3s.kubernetes_ready]
|
||||||
|
|
||||||
metadata {
|
metadata {
|
||||||
name = "bootstrap"
|
name = "admin"
|
||||||
namespace = "default"
|
namespace = "default"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_cluster_role_binding" "boostrap" {
|
resource "kubernetes_cluster_role_binding" "admin" {
|
||||||
depends_on = [module.k3s.kubernetes_ready]
|
depends_on = [module.k3s.kubernetes_ready]
|
||||||
|
|
||||||
metadata {
|
metadata {
|
||||||
name = "bootstrap"
|
name = "admin"
|
||||||
}
|
}
|
||||||
|
|
||||||
subject {
|
subject {
|
||||||
kind = "ServiceAccount"
|
kind = "ServiceAccount"
|
||||||
name = "bootstrap"
|
name = "admin"
|
||||||
namespace = "default"
|
namespace = "default"
|
||||||
}
|
}
|
||||||
|
|
||||||
role_ref {
|
role_ref {
|
||||||
api_group = "rbac.authorization.k8s.io"
|
api_group = "rbac.authorization.k8s.io"
|
||||||
kind = "ClusterRole"
|
kind = "ClusterRole"
|
||||||
name = "admin"
|
name = "cluster-admin"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
data "kubernetes_secret" "sa_credentials" {
|
data "kubernetes_secret" "sa_credentials" {
|
||||||
metadata {
|
metadata {
|
||||||
name = kubernetes_service_account.bootstrap.default_secret_name
|
name = kubernetes_service_account.admin.default_secret_name
|
||||||
namespace = "default"
|
namespace = "default"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,17 @@ output "summary" {
|
||||||
value = module.k3s.summary
|
value = module.k3s.summary
|
||||||
}
|
}
|
||||||
|
|
||||||
output "bootstrap_sa" {
|
output "kubernetes" {
|
||||||
description = "Bootstrap ServiceAccount. Can be used by Terraform to provision this cluster."
|
description = "Authentication credentials of Kubernetes (full administrator)."
|
||||||
value = data.kubernetes_secret.sa_credentials.data
|
value = {
|
||||||
sensitive = true
|
token = data.kubernetes_secret.sa_credentials.data.token
|
||||||
|
cluster_ca_certificate = module.k3s.kubernetes.cluster_ca_certificate
|
||||||
|
api_endpoint = "https://${var.domain}:6443"
|
||||||
|
}
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
output "kubernetes_ready" {
|
||||||
|
description = "Dependency endpoint to synchronize k3s installation and provisioning."
|
||||||
|
value = module.k3s.kubernetes_ready
|
||||||
}
|
}
|
||||||
|
|
|
||||||
30
kubeconfig.tf
Normal file
30
kubeconfig.tf
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
provider "kubernetes" {
|
||||||
|
host = module.k3s_cluster_v2.kubernetes.api_endpoint
|
||||||
|
cluster_ca_certificate = module.k3s_cluster_v2.kubernetes.cluster_ca_certificate
|
||||||
|
token = module.k3s_cluster_v2.kubernetes.token
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "local_file" "kubeconfig-v2" {
|
||||||
|
filename = "${path.module}/kubeconfig-v2.yaml"
|
||||||
|
|
||||||
|
content = <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
clusters:
|
||||||
|
- cluster:
|
||||||
|
certificate-authority-data: ${base64encode(module.k3s_cluster_v2.kubernetes.cluster_ca_certificate)}
|
||||||
|
server: ${module.k3s_cluster_v2.kubernetes.api_endpoint}
|
||||||
|
name: home-cloud-v2
|
||||||
|
contexts:
|
||||||
|
- context:
|
||||||
|
cluster: home-cloud-v2
|
||||||
|
user: admin
|
||||||
|
name: home-cloud-v2
|
||||||
|
current-context: home-cloud-v2
|
||||||
|
kind: Config
|
||||||
|
preferences: {}
|
||||||
|
users:
|
||||||
|
- name: admin
|
||||||
|
user:
|
||||||
|
token: ${module.k3s_cluster_v2.kubernetes.token}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue