wip

_examples/aks/main.tf

@@ -2,21 +2,21 @@ terraform {
   required_providers {
     kubernetes = {
       source = "hashicorp/kubernetes"
-      version = ">= 2.0.1"
+      version = ">= 2.0.2"
     }
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "2.42"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.0.1"
+      version = ">= 2.0.2"
     }
   }
 }
 
 data "azurerm_kubernetes_cluster" "default" {
-  depends_on          = [module.aks-cluster.cluster_id] # refresh cluster state before reading
+  depends_on          = [module.aks-cluster] # refresh cluster state before reading
   name                = local.cluster_name
   resource_group_name = local.cluster_name
 }
@@ -42,14 +42,12 @@ provider "azurerm" {
 }
 
 module "aks-cluster" {
-  providers    = { azurerm = azurerm }
   source       = "./aks-cluster"
   cluster_name = local.cluster_name
   location     = var.location
 }
 
 module "kubernetes-config" {
-  providers    = { kubernetes = kubernetes, helm = helm }
   depends_on   = [module.aks-cluster]
   source       = "./kubernetes-config"
   cluster_name = local.cluster_name

_examples/gke/gke-cluster/main.tf

@@ -8,7 +8,7 @@ data "google_container_engine_versions" "supported" {
   version_prefix     = var.kubernetes_version
 }
 
-resource "google_container_cluster" "primary" {
+resource "google_container_cluster" "default" {
   name               = var.cluster_name
   location           = local.google_zone
   initial_node_count = var.workers_count

_examples/gke/gke-cluster/output.tf

@@ -1,21 +1,5 @@
 output "node_version" {
-  value = google_container_cluster.primary.node_version
-}
-
-output "cluster_id" {
-  value = google_container_cluster.primary.id
-}
-
-output "cluster_endpoint" {
-  value = google_container_cluster.primary.endpoint
-}
-
-output "cluster_ca_cert" {
-  value = google_container_cluster.primary.master_auth[0].cluster_ca_certificate
-}
-
-output "cluster_name" {
-  value = google_container_cluster.primary.name
+  value = google_container_cluster.default.node_version
 }
 
 output "google_zone" {

_examples/gke/kubernetes-config/kubeconfig-template.yaml → _examples/gke/kubeconfig-template.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 clusters:
 - cluster:
     certificate-authority-data: ${cluster_ca}
-    server: https://${endpoint}
+    server: ${endpoint}
   name: ${cluster_name}
 contexts:
 - context:

_examples/gke/kubernetes-config/main.tf

@@ -54,20 +54,3 @@ resource helm_release nginx_ingress {
     value = "ClusterIP"
   }
 }
-
-data "template_file" "kubeconfig" {
-  template = file("${path.module}/kubeconfig-template.yaml")
-
-  vars = {
-    cluster_name    = var.cluster_name
-    endpoint        = var.cluster_endpoint
-    cluster_ca      = var.cluster_ca_cert
-    cluster_token   = var.cluster_token
-  }
-}
-
-resource "local_file" "kubeconfig" {
-  content  = data.template_file.kubeconfig.rendered
-  filename = "${path.root}/kubeconfig"
-}
-

_examples/gke/kubernetes-config/variables.tf

@@ -1,19 +1,3 @@
 variable "cluster_name" {
   type = string
 }
-
-variable "cluster_id" {
-  type = string
-}
-
-variable "cluster_endpoint" {
-  type = string
-}
-
-variable "cluster_ca_cert" {
-  type = string
-}
-
-variable "cluster_token" {
-  type = string
-}

_examples/gke/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     kubernetes = {
       source = "hashicorp/kubernetes"
-      version = ">= 2.0.1"
+      version = ">= 9.9.9"
     }
     google = {
       source  = "hashicorp/google"
@@ -24,12 +24,13 @@ provider "google" {}
 # https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
 # This fetches a new token, which will expire in 1 hour.
 data "google_client_config" "default" {
-  depends_on = [module.gke-cluster.cluster_id]
+  depends_on = [module.gke-cluster]
 }
 
+# Defer reading the cluster data until the latest ca_cert data exists.
 data "google_container_cluster" "default" {
   name = local.cluster_name
-  depends_on = [module.gke-cluster.cluster_id]
+  depends_on = [module.gke-cluster]
 }
 
 provider "kubernetes" {
@@ -51,19 +52,31 @@ provider "helm" {
 }
 
 module "gke-cluster" {
-  providers    = { google = google }
   source       = "./gke-cluster"
   cluster_name = local.cluster_name
 }
 
 module "kubernetes-config" {
   depends_on       = [module.gke-cluster]
-  providers        = { kubernetes = kubernetes, helm = helm }
   source           = "./kubernetes-config"
   cluster_name     = local.cluster_name
-  cluster_token    = data.google_client_config.default.access_token
-  cluster_id       = module.gke-cluster.cluster_id # creates dependency on cluster creation
-  cluster_endpoint = module.gke-cluster.cluster_endpoint
-  cluster_ca_cert  = module.gke-cluster.cluster_ca_cert
+}
+
+# optional: used for manual CLI access to the cluster when gcloud tool is unavailable.
+# The gcloud tool can make a longer-lived kubeconfig. This one expires in one hour and can be updated using `terraform apply`.
+data "template_file" "kubeconfig" {
+  template = file("kubeconfig-template.yaml")
+
+  vars = {
+    cluster_name    = local.cluster_name
+    endpoint        = "https://${data.google_container_cluster.default.endpoint}"
+    cluster_ca      = data.google_container_cluster.default.master_auth[0].cluster_ca_certificate
+    cluster_token   = data.google_client_config.default.access_token
+  }
+}
+
+resource "local_file" "kubeconfig" {
+  content  = data.template_file.kubeconfig.rendered
+  filename = "${path.root}/kubeconfig"
 }