Proposed Credential Changes for Kubernetes Provider v2.0.0

[redeux]

Description

We are proposing changes to the provider credential configuration and implementation for the upcoming v2.0.0 release. Through feedback provided by many of you, and our own research, we believe credential handling can be improved. The proposed changes seek to address two areas:

Accommodate the most common workflow as the default

Our research shows that, by a wide margin, most of you are using the Kubernetes provider with multiple Kubernetes clusters.

Limit surprise factor

Despite the fact that our provider handles credentials the same way as kubectl, many of you have expressed surprise that the provider defaults to the kubeconfig, unless the load_config_file attribute is set to false.

Proposed Changes

No longer default to the kubeconfig

Instead of defaulting to the kubeconfig, as happens in v1.x of the Kubernetes provider, the kubeconfig will be ignored unless the attribute config_path is set to the location of the kubeconfig. When the config_path is set, it implies everything you load in there will be loaded, with exception of other attributes specified in the provider attributes. If other attributes are specified in the config that conflict with the kubeconfig attributes, the specified attributes will override the kubeconfig attributes.

The load_config_file attribute will be removed.

Prefer explicit credential attributes by default

The provider will now prefer credentials specified in the provider block by default. If a config_path is not set, and no other credentials are specified, the provider will not work.

Other considerations

Certificate handling

The current provider requires that certificates that use base64 encoding be decoded by using the base64decode() function. This is a common occurrence when receiving a certificate from the output of a cloud resource and then using it in the Kubernetes provider configuration.

PEM-encoded certificate files can be provided using the file() function.

We intend to keep this functionality as is.

More in depth look

For a more in depth look at the proposed configuration please review the usage doc in the kubernetes-alpha provider.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[aareet]

This shipped with v2.0.0

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!