From 0d2135e687e4939e8fc67b8715841d80747101d4 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Fri, 14 Jan 2022 09:41:33 -0800
Subject: [PATCH] Remove use of `template` provider

* Switch to using Terraform `templatefile` instead of the
`template` provider (i.e. `data.template_file`)
* Available since Terraform v0.12
---
 auth.tf     | 96 +++++++++++++++++++++++++----------------------------
 outputs.tf  |  4 +--
 tls-k8s.tf  |  4 +--
 versions.tf |  5 ++-
 4 files changed, 51 insertions(+), 58 deletions(-)

diff --git a/auth.tf b/auth.tf
index 8df38326..158bf363 100644
--- a/auth.tf
+++ b/auth.tf
@@ -1,72 +1,66 @@
 locals {
   # component kubeconfigs assets map
   auth_kubeconfigs = {
-    "auth/admin.conf" = data.template_file.kubeconfig-admin.rendered,
-    "auth/controller-manager.conf" = data.template_file.kubeconfig-controller-manager.rendered,
-    "auth/scheduler.conf" = data.template_file.kubeconfig-scheduler.rendered,
+    "auth/admin.conf"              = local.kubeconfig-admin,
+    "auth/controller-manager.conf" = local.kubeconfig-controller-manager
+    "auth/scheduler.conf"          = local.kubeconfig-scheduler
   }
 }
 
-# Generated admin kubeconfig to bootstrap control plane
-data "template_file" "kubeconfig-admin" {
-  template = file("${path.module}/resources/kubeconfig-admin")
-
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-controller-manager" {
-  template = file("${path.module}/resources/kubeconfig-admin")
-
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-scheduler" {
-  template = file("${path.module}/resources/kubeconfig-admin")
+locals {
+  # Generated admin kubeconfig to bootstrap control plane
+  kubeconfig-admin = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-controller-manager = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-# Generated kubeconfig to bootstrap Kubelets
-data "template_file" "kubeconfig-bootstrap" {
-  template = file("${path.module}/resources/kubeconfig-bootstrap")
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-scheduler = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )
 
-  vars = {
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-    token_id     = random_password.bootstrap-token-id.result
-    token_secret = random_password.bootstrap-token-secret.result
-  }
+  # Generated kubeconfig to bootstrap Kubelets
+  kubeconfig-bootstrap = templatefile("${path.module}/resources/kubeconfig-bootstrap",
+    {
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+      token_id     = random_password.bootstrap-token-id.result
+      token_secret = random_password.bootstrap-token-secret.result
+    }
+  )
 }
 
 # Generate a cryptographically random token id (public)
-resource random_password "bootstrap-token-id" {
+resource "random_password" "bootstrap-token-id" {
   length  = 6
   upper   = false
   special = false
 }
 
 # Generate a cryptographically random token secret
-resource random_password "bootstrap-token-secret" {
+resource "random_password" "bootstrap-token-secret" {
   length  = 16
   upper   = false
   special = false
diff --git a/outputs.tf b/outputs.tf
index efbd331f..08f78661 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -5,13 +5,13 @@ output "cluster_dns_service_ip" {
 
 // Generated kubeconfig for Kubelets (i.e. lower privilege than admin)
 output "kubeconfig-kubelet" {
-  value     = data.template_file.kubeconfig-bootstrap.rendered
+  value     = local.kubeconfig-bootstrap
   sensitive = true
 }
 
 // Generated kubeconfig for admins (i.e. human super-user)
 output "kubeconfig-admin" {
-  value     = data.template_file.kubeconfig-admin.rendered
+  value     = local.kubeconfig-admin
   sensitive = true
 }
 
diff --git a/tls-k8s.tf b/tls-k8s.tf
index 7a77f682..43544672 100644
--- a/tls-k8s.tf
+++ b/tls-k8s.tf
@@ -94,7 +94,7 @@ resource "tls_cert_request" "controller-manager" {
   private_key_pem = tls_private_key.controller-manager.private_key_pem
 
   subject {
-    common_name  = "system:kube-controller-manager"
+    common_name = "system:kube-controller-manager"
   }
 }
 
@@ -126,7 +126,7 @@ resource "tls_cert_request" "scheduler" {
   private_key_pem = tls_private_key.scheduler.private_key_pem
 
   subject {
-    common_name  = "system:kube-scheduler"
+    common_name = "system:kube-scheduler"
   }
 }
 
diff --git a/versions.tf b/versions.tf
index 37f93a2c..3abb5cb1 100644
--- a/versions.tf
+++ b/versions.tf
@@ -3,8 +3,7 @@
 terraform {
   required_version = ">= 0.13.0, < 2.0.0"
   required_providers {
-    random   = "~> 3.1"
-    template = "~> 2.2"
-    tls      = "~> 3.1"
+    random = "~> 3.1"
+    tls    = "~> 3.1"
   }
 }