mirror of
https://github.com/apricote/home-cloud.git
synced 2026-01-13 13:01:03 +00:00
feat: output working kubeconfig for new cluster
This commit is contained in:
parent
70a986913c
commit
9e528c9b7b
6 changed files with 71 additions and 13 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -4,3 +4,4 @@ terraform.tfstate*
|
|||
.terraform
|
||||
|
||||
kubeconfig.yaml
|
||||
kubeconfig-v2.yaml
|
||||
|
|
|
|||
18
.terraform.lock.hcl
generated
18
.terraform.lock.hcl
generated
|
|
@ -77,6 +77,24 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
|
|||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/local" {
|
||||
version = "2.1.0"
|
||||
hashes = [
|
||||
"h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
|
||||
"zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
|
||||
"zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
|
||||
"zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
|
||||
"zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
|
||||
"zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
|
||||
"zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
|
||||
"zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
|
||||
"zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
|
||||
"zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
|
||||
"zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
|
||||
"zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/null" {
|
||||
version = "2.1.2"
|
||||
constraints = "~> 2.1"
|
||||
|
|
|
|||
|
|
@ -53,38 +53,38 @@ provider "kubernetes" {
|
|||
client_key = module.k3s.kubernetes.client_key
|
||||
}
|
||||
|
||||
resource "kubernetes_service_account" "bootstrap" {
|
||||
resource "kubernetes_service_account" "admin" {
|
||||
depends_on = [module.k3s.kubernetes_ready]
|
||||
|
||||
metadata {
|
||||
name = "bootstrap"
|
||||
name = "admin"
|
||||
namespace = "default"
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_cluster_role_binding" "boostrap" {
|
||||
resource "kubernetes_cluster_role_binding" "admin" {
|
||||
depends_on = [module.k3s.kubernetes_ready]
|
||||
|
||||
metadata {
|
||||
name = "bootstrap"
|
||||
name = "admin"
|
||||
}
|
||||
|
||||
subject {
|
||||
kind = "ServiceAccount"
|
||||
name = "bootstrap"
|
||||
name = "admin"
|
||||
namespace = "default"
|
||||
}
|
||||
|
||||
role_ref {
|
||||
api_group = "rbac.authorization.k8s.io"
|
||||
kind = "ClusterRole"
|
||||
name = "admin"
|
||||
name = "cluster-admin"
|
||||
}
|
||||
}
|
||||
|
||||
data "kubernetes_secret" "sa_credentials" {
|
||||
metadata {
|
||||
name = kubernetes_service_account.bootstrap.default_secret_name
|
||||
name = kubernetes_service_account.admin.default_secret_name
|
||||
namespace = "default"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,8 +2,17 @@ output "summary" {
|
|||
value = module.k3s.summary
|
||||
}
|
||||
|
||||
output "bootstrap_sa" {
|
||||
description = "Bootstrap ServiceAccount. Can be used by Terraform to provision this cluster."
|
||||
value = data.kubernetes_secret.sa_credentials.data
|
||||
output "kubernetes" {
|
||||
description = "Authentication credentials of Kubernetes (full administrator)."
|
||||
value = {
|
||||
token = data.kubernetes_secret.sa_credentials.data.token
|
||||
cluster_ca_certificate = module.k3s.kubernetes.cluster_ca_certificate
|
||||
api_endpoint = "https://${var.domain}:6443"
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "kubernetes_ready" {
|
||||
description = "Dependency endpoint to synchronize k3s installation and provisioning."
|
||||
value = module.k3s.kubernetes_ready
|
||||
}
|
||||
|
|
|
|||
30
kubeconfig.tf
Normal file
30
kubeconfig.tf
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
provider "kubernetes" {
|
||||
host = module.k3s_cluster_v2.kubernetes.api_endpoint
|
||||
cluster_ca_certificate = module.k3s_cluster_v2.kubernetes.cluster_ca_certificate
|
||||
token = module.k3s_cluster_v2.kubernetes.token
|
||||
}
|
||||
|
||||
resource "local_file" "kubeconfig-v2" {
|
||||
filename = "${path.module}/kubeconfig-v2.yaml"
|
||||
|
||||
content = <<EOF
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: ${base64encode(module.k3s_cluster_v2.kubernetes.cluster_ca_certificate)}
|
||||
server: ${module.k3s_cluster_v2.kubernetes.api_endpoint}
|
||||
name: home-cloud-v2
|
||||
contexts:
|
||||
- context:
|
||||
cluster: home-cloud-v2
|
||||
user: admin
|
||||
name: home-cloud-v2
|
||||
current-context: home-cloud-v2
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: admin
|
||||
user:
|
||||
token: ${module.k3s_cluster_v2.kubernetes.token}
|
||||
EOF
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue