Remove use of template provider

* Switch to using Terraform `templatefile` instead of the `template` provider (i.e. `data.template_file`) * Available since Terraform v0.12
poseidon · Jan 14, 2022 · 0d2135e · 0d2135e
1 parent 4dc0388
commit 0d2135e
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 58 deletions.
diff --git a/auth.tf b/auth.tf
@@ -1,72 +1,66 @@
 locals {
   # component kubeconfigs assets map
   auth_kubeconfigs = {
-    "auth/admin.conf" = data.template_file.kubeconfig-admin.rendered,
-    "auth/controller-manager.conf" = data.template_file.kubeconfig-controller-manager.rendered,
-    "auth/scheduler.conf" = data.template_file.kubeconfig-scheduler.rendered,
+    "auth/admin.conf"              = local.kubeconfig-admin,
+    "auth/controller-manager.conf" = local.kubeconfig-controller-manager
+    "auth/scheduler.conf"          = local.kubeconfig-scheduler
   }
 }
 
-# Generated admin kubeconfig to bootstrap control plane
-data "template_file" "kubeconfig-admin" {
-  template = file("${path.module}/resources/kubeconfig-admin")
-
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-controller-manager" {
-  template = file("${path.module}/resources/kubeconfig-admin")
-
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-scheduler" {
-  template = file("${path.module}/resources/kubeconfig-admin")
+locals {
+  # Generated admin kubeconfig to bootstrap control plane
+  kubeconfig-admin = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-controller-manager = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-# Generated kubeconfig to bootstrap Kubelets
-data "template_file" "kubeconfig-bootstrap" {
-  template = file("${path.module}/resources/kubeconfig-bootstrap")
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-scheduler = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-  vars = {
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-    token_id     = random_password.bootstrap-token-id.result
-    token_secret = random_password.bootstrap-token-secret.result
-  }
+  # Generated kubeconfig to bootstrap Kubelets
+  kubeconfig-bootstrap = templatefile("${path.module}/resources/kubeconfig-bootstrap",
+    {
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+      token_id     = random_password.bootstrap-token-id.result
+      token_secret = random_password.bootstrap-token-secret.result
+    }
+  )
 }
 
 # Generate a cryptographically random token id (public)
-resource random_password "bootstrap-token-id" {
+resource "random_password" "bootstrap-token-id" {
   length  = 6
   upper   = false
   special = false
 }
 
 # Generate a cryptographically random token secret
-resource random_password "bootstrap-token-secret" {
+resource "random_password" "bootstrap-token-secret" {
   length  = 16
   upper   = false
   special = false

diff --git a/outputs.tf b/outputs.tf
@@ -5,13 +5,13 @@ output "cluster_dns_service_ip" {
 
 // Generated kubeconfig for Kubelets (i.e. lower privilege than admin)
 output "kubeconfig-kubelet" {
-  value     = data.template_file.kubeconfig-bootstrap.rendered
+  value     = local.kubeconfig-bootstrap
   sensitive = true
 }
 
 // Generated kubeconfig for admins (i.e. human super-user)
 output "kubeconfig-admin" {
-  value     = data.template_file.kubeconfig-admin.rendered
+  value     = local.kubeconfig-admin
   sensitive = true
 }
 

diff --git a/tls-k8s.tf b/tls-k8s.tf
@@ -94,7 +94,7 @@ resource "tls_cert_request" "controller-manager" {
   private_key_pem = tls_private_key.controller-manager.private_key_pem
 
   subject {
-    common_name  = "system:kube-controller-manager"
+    common_name = "system:kube-controller-manager"
   }
 }
 
@@ -126,7 +126,7 @@ resource "tls_cert_request" "scheduler" {
   private_key_pem = tls_private_key.scheduler.private_key_pem
 
   subject {
-    common_name  = "system:kube-scheduler"
+    common_name = "system:kube-scheduler"
   }
 }
 

diff --git a/versions.tf b/versions.tf
@@ -3,8 +3,7 @@
 terraform {
   required_version = ">= 0.13.0, < 2.0.0"
   required_providers {
-    random   = "~> 3.1"
-    template = "~> 2.2"
-    tls      = "~> 3.1"
+    random = "~> 3.1"
+    tls    = "~> 3.1"
   }
 }