-
Notifications
You must be signed in to change notification settings - Fork 2
/
kubeconfigs.tf
83 lines (64 loc) · 2.11 KB
/
kubeconfigs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
module "admin_kubeconfig" {
source = "./modules/kubeconfig"
config_path = "/etc/kubernetes/admin.conf"
cluster = "kubernetes"
context = "kubernetes-admin@kubernetes"
user = "kubernetes-admin"
endpoint = var.internal_endpoint
certificates = {
ca_cert = var.certs["ca_cert"]
client_cert = var.certs["admin_cert"]
client_key = var.certs["admin_key"]
}
}
module "controller_manager_kubeconfig" {
source = "./modules/kubeconfig"
config_path = "/etc/kubernetes/controller-manager.conf"
cluster = "kubernetes"
context = "system:kube-controller-manager@kubernetes"
user = "system:kube-controller-manager"
endpoint = var.internal_endpoint
certificates = {
ca_cert = var.certs["ca_cert"]
client_cert = var.certs["controller_manager_cert"]
client_key = var.certs["controller_manager_key"]
}
}
module "scheduler_kubeconfig" {
source = "./modules/kubeconfig"
config_path = "/etc/kubernetes/scheduler.conf"
cluster = "kubernetes"
context = "system:kube-scheduler@kubernetes"
user = "system:kube-scheduler"
endpoint = var.internal_endpoint
certificates = {
ca_cert = var.certs["ca_cert"]
client_cert = var.certs["scheduler_cert"]
client_key = var.certs["scheduler_key"]
}
}
module "kubelet_kubeconfig" {
source = "./modules/kubeconfig"
config_path = "/etc/kubernetes/kubelet.conf"
cluster = "kubernetes"
context = "system:kubelet@kubernetes"
user = "system:kubelet"
endpoint = var.internal_endpoint
certificates = {
ca_cert = var.certs["ca_cert"]
client_cert_path = "/var/lib/kubelet/pki/kubelet-client-current.pem"
client_key_path = "/var/lib/kubelet/pki/kubelet-client-current.pem"
}
}
module "bootstrapping_kubeconfig" {
source = "./modules/kubeconfig"
config_path = "/etc/kubernetes/bootstrap-kubelet.conf"
cluster = "kubernetes"
context = "kubelet-bootstrap@kubernetes"
user = "kubelet-bootstrap"
endpoint = var.internal_endpoint
certificates = {
ca_cert = var.certs["ca_cert"]
token = "${var.tls_bootstrap_token.id}.${var.tls_bootstrap_token.secret}"
}
}