Merge pull request #1 from aigisuk/develop

⚡ add kubeconfig to output (sensitive)
aigisuk · Jul 21, 2022 · 344160c · 344160c
2 parents b7736c4 + 1102273
commit 344160c
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 12 deletions.
diff --git a/kubeconfig_file_output.tf b/kubeconfig_file_output.tf
@@ -1,4 +1,4 @@
-resource "local_file" "k3s_kubeconfig" {
-  content  = local.kubeconfig
-  filename = "${path.root}/k3s.yaml"
-}
+# resource "local_sensitive_file" "k3s_kubeconfig" {
+#   content  = local.kubeconfig
+#   filename = "${path.root}/k3s.yaml"
+# }
diff --git a/locals.tf b/locals.tf
@@ -66,11 +66,39 @@ locals {
 
   client-key-data = tls_private_key.keys["client-admin"].private_key_pem
 
-  kubeconfig = templatefile("${path.module}/kubeconfig.yaml.tftpl", {
-    certificate-authority-data = base64encode(local.certificate-authority-data)
-    client-certificate-data    = base64encode(local.client-certificate-data)
-    client-key-data            = base64encode(local.client-key-data)
-    k3s_lb_ip                  = hcloud_load_balancer.k3s_api_lb.ipv4
+  # kubeconfig = templatefile("${path.module}/kubeconfig.yaml.tftpl", {
+  #   certificate-authority-data = base64encode(local.certificate-authority-data)
+  #   client-certificate-data    = base64encode(local.client-certificate-data)
+  #   client-key-data            = base64encode(local.client-key-data)
+  #   k3s_lb_ip                  = hcloud_load_balancer.k3s_api_lb.ipv4
+  # })
+
+  kubeconfig = yamlencode({
+    "apiVersion" : "v1",
+    "clusters" : [{
+      "cluster" : {
+        "certificate-authority-data" : base64encode(local.certificate-authority-data),
+        "server" : "https://${hcloud_load_balancer.k3s_api_lb.ipv4}:6443"
+      },
+      "name" : "default"
+    }]
+    "contexts" : [{
+      "context" : {
+        "cluster" : "default",
+        "user" : "default"
+      },
+      "name" : "default"
+    }]
+    "current-context" : "default",
+    "kind" : "Config",
+    "preferences" : {},
+    "users" : [{
+      "name" : "default",
+      "user" : {
+        "client-certificate-data" : base64encode(local.client-certificate-data),
+        "client-key-data" : base64encode(local.client-key-data)
+      }
+    }]
   })
 
   # The following IPs are important to be whitelisted because they communicate with Hetzner services and enable the CCM and CSI to work properly.

diff --git a/outputs.tf b/outputs.tf
@@ -1,3 +1,9 @@
 output "local_agent_nodepools" {
   value = local.agent_nodes
+}
+
+output "kubeconfig" {
+  description = "Kube Config for cluster"
+  value       = local.kubeconfig
+  sensitive   = true
 }
diff --git a/server_init.tf b/server_init.tf
@@ -34,9 +34,9 @@ resource "hcloud_server" "server_node_init" {
     ca_keys  = { for ca_name, key in tls_private_key.keys : ca_name => base64gzip(key.private_key_pem) if contains(local.ca_names, ca_name) }
     ca_certs = { for ca_name, cert in tls_self_signed_cert.ca_certs : ca_name => base64gzip(cert.cert_pem) }
     # --- END k3s generated keys & certs ---
-    hcloud_token = var.hcloud_token
-    k3s_net_id   = hcloud_network.k3s_net.id
-    flannel_backend = var.flannel_backend
+    hcloud_token     = var.hcloud_token
+    k3s_net_id       = hcloud_network.k3s_net.id
+    flannel_backend  = var.flannel_backend
     k8s_dashboard    = local.k8s_dash_yaml_tpl
     sys_upgrade_ctrl = local.sys_upgrade_ctrl_yaml_tpl
     cert_manager     = local.cert_manager_yaml_tpl