forked from poseidon/terraform-render-bootstrap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.tf
75 lines (62 loc) · 2.41 KB
/
auth.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
locals {
# auth kubeconfig assets map
auth_kubeconfigs = {
"auth/kubeconfig" = data.template_file.kubeconfig-admin.rendered,
}
}
# Generate a cryptographically random token id (public)
resource random_string "bootstrap-token-id" {
length = 6
upper = false
special = false
}
# Generate a cryptographically random token secret
resource random_string "bootstrap-token-secret" {
length = 16
upper = false
special = false
}
# Generated kubeconfig to bootstrap Kubelets
data "template_file" "kubeconfig-bootstrap" {
template = file("${path.module}/resources/kubeconfig-bootstrap")
vars = {
ca_cert = base64encode(var.ca_certificate.cert_pem)
server = format("https://%s:%s", var.api_virtual_ip, var.external_apiserver_port)
token_id = random_string.bootstrap-token-id.result
token_secret = random_string.bootstrap-token-secret.result
}
}
# Generated admin kubeconfig to bootstrap control plane
data "template_file" "kubeconfig-admin" {
template = file("${path.module}/resources/kubeconfig-admin")
vars = {
name = var.cluster_name
ca_cert = base64encode(var.ca_certificate.cert_pem)
kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
kubelet_key = base64encode(tls_private_key.admin.private_key_pem)
server = format("https://%s:%s", var.api_virtual_ip, var.external_apiserver_port)
}
}
# Generated admin kubeconfig to bootstrap control plane
resource "local_file" "kubeconfig-admin" {
count = var.asset_dir == "" ? 0 : 1
content = data.template_file.kubeconfig-admin.rendered
filename = "${var.asset_dir}/auth/kubeconfig"
}
# Generated admin kubeconfig in a file named after the cluster
data "template_file" "kubeconfig-admin-named" {
template = file("${path.module}/resources/kubeconfig-admin")
vars = {
name = var.cluster_name
ca_cert = base64encode(var.ca_certificate.cert_pem)
kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
kubelet_key = base64encode(tls_private_key.admin.private_key_pem)
server = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
}
}
# Generated admin kubeconfig in a file named after the cluster
resource "local_file" "kubeconfig-admin-named" {
count = var.asset_dir == "" ? 0 : 1
content = data.template_file.kubeconfig-admin-named.rendered
filename = "${var.asset_dir}/auth/${var.cluster_name}-config"
}