create kubeconfig format file/string

.mdlrc

@@ -1,4 +1,4 @@
-# a seperate "style" file must be used to pass "parameters" to a rule
+# a separate "style" file must be used to pass "parameters" to a rule
 #
 # https://github.com/markdownlint/markdownlint/blob/master/docs/configuration.md
 # https://github.com/markdownlint/markdownlint/blob/master/docs/RULES.md

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 ---
 - repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.8.1
+  rev: v1.11.0
   hooks:
     - id: terraform_fmt
     - id: terraform_docs

.travis.yml

@@ -1,6 +1,5 @@
 ---
-sudo: false
-language: c
+language: minimal
 matrix:
   include:
     - env: TEST=markdownlint
@@ -13,11 +12,6 @@ matrix:
         - docker
       script: ./tests/pre-commit.sh
 
-    - env: TEST=pre-commit
-      services:
-        - docker
-      script: ./tests/pre-commit.sh
-
     - env: TEST=terraform
       services:
         - docker

.yamllint.yaml

@@ -3,4 +3,8 @@ extends: default
 
 rules:
   # 80 chars should be enough, but don't fail if a line is longer
-  line-length: disable
+  line-length: false
+  # do not obsess over comment formatting
+  comments-indentation: false
+  comments:
+    require-starting-space: false

README.md

@@ -6,35 +6,55 @@ terraform `gke-std` module
 Usage
 ---
 
-    module "gke4u" {
-      source             = "git::https://github.com/jhoblitt/terraform-gke-std.git//?ref=master"
-      name               = "mycluster"
-      google_project     = "plasma-geode-127520" # default
-      google_region      = "us-central1" # default
-      google_zone        = "us-central1-b" # default
-      initial_node_count = 3 # default
-      gke_version        = "latest" # default
-      machine_type       = "n1-standard-1" # default
-    }
-
-    provider "kubernetes" {
-      version = "~> 1.4"
-
-      load_config_file = true
-
-      host                   = "${module.gke4u.host}"
-      cluster_ca_certificate = "${base64decode("${module.gke4u.cluster_ca_certificate}")}"
-    }
+```hcl
+#
+# create gke cluster
+#
+
+provider "google" {
+  project = "${var.google_project}"
+  region  = "${var.google_region}"
+  zone    = "${var.google_zone}"
+}
+
+# uses google provider
+module "gke" {
+  source             = "git::https://github.com/jhoblitt/terraform-gke-std.git//?ref=master"
+  name               = "mycluster"
+  initial_node_count = 3 # default
+  gke_version        = "latest" # default
+  machine_type       = "n1-standard-1" # default
+}
+
+#
+# configure kubernetes provider
+#
+
+# write out our own copy of kubeconfig
+resource "local_file" "kubeconfig" {
+  content  = "${module.gke.kubeconfig}"
+  filename = "${local.kubeconfig_filename}"
+
+  # this forces the gke cluster to be up before proceeding to the efd deployment
+  depends_on = ["module.gke"]
+}
+
+provider "kubernetes" {
+  version = "~> 1.6.2"
+
+  config_path      = "${local_file.kubeconfig.filename}"
+  load_config_file = true
+}
+
+```
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| gcloud\_cmd | Whether to write a Kubectl config file containing the cluster configuration. Saved to `kubeconfig_output_path`. | string | `"gcloud"` | no |
 | gke\_version | gke master/node version | string | `"latest"` | no |
-| google\_project | google cloud project ID | string | `"plasma-geode-127520"` | no |
-| google\_region | google cloud region | string | `"us-central1"` | no |
-| google\_zone | google cloud region/zone | string | `"us-central1-b"` | no |
 | initial\_node\_count | number of gke nodes to start | string | `"3"` | no |
 | machine\_type | machine type of default gke pool nodes | string | `"n1-standard-1"` | no |
 | name | gke cluster name | string | n/a | yes |
@@ -43,11 +63,11 @@ Usage
 
 | Name | Description |
 |------|-------------|
-| client\_certificate |  |
-| client\_key |  |
 | cluster\_ca\_certificate |  |
 | host |  |
 | id |  |
+| kubeconfig | kubeconfig format string |
+| kubeconfig\_filename | path to output kubeconfig format file |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

kubeconfig.tf

@@ -0,0 +1,16 @@
+data "template_file" "kubeconfig" {
+  template = "${file("${path.module}/templates/kubeconfig.yaml")}"
+
+  vars {
+    kubeconfig_name     = "${var.name}"
+    endpoint            = "https://${google_container_cluster.gke_std.endpoint}"
+    cluster_auth_base64 = "${google_container_cluster.gke_std.master_auth.0.cluster_ca_certificate}"
+    gcloud_cmd          = "${var.gcloud_cmd}"
+  }
+}
+
+# there does not seem to be a sane way to ignore changes in the file on disk
+resource "local_file" "kubeconfig" {
+  content  = "${data.template_file.kubeconfig.rendered}"
+  filename = "${local.kubeconfig_filename}"
+}

main.tf

@@ -2,30 +2,42 @@ locals {
   gke_version = "${var.gke_version != "latest" ? var.gke_version : data.google_container_engine_versions.gke_std.latest_node_version}"
 }
 
-provider "google" {
-  alias = "gke_std"
+provider "kubernetes" {
+  version = "1.6.2"
+  alias   = "gke_std"
 
-  project = "${var.google_project}"
-  region  = "${var.google_region}"
-  zone    = "${var.google_zone}"
+  load_config_file = true
+  config_path      = "${local.kubeconfig_filename}"
 }
 
-provider "kubernetes" {
-  alias = "gke_std"
+resource "null_resource" "k8s_ready" {
+  provisioner "local-exec" {
+    working_dir = "${path.module}"
 
-  load_config_file = true
+    command = <<EOS
+for i in `seq 1 10`; do \
+kubectl --kubeconfig ${null_resource.k8s_ready.triggers.config_path} get ns && break || \
+sleep 10; \
+done; \
+EOS
 
-  host                   = "${google_container_cluster.gke_std.endpoint}"
-  cluster_ca_certificate = "${base64decode("${google_container_cluster.gke_std.master_auth.0.cluster_ca_certificate}")}"
-}
+    interpreter = ["/bin/sh", "-c"]
+  }
+
+  triggers {
+    config_path = "${local_file.kubeconfig.filename}"
+    kubeconfig  = "${local_file.kubeconfig.content}"
+  }
 
-data "google_container_engine_versions" "gke_std" {
-  provider = "google.gke_std"
+  depends_on = [
+    "local_file.kubeconfig",
+    "google_container_cluster.gke_std",
+  ]
 }
 
-resource "google_container_cluster" "gke_std" {
-  provider = "google.gke_std"
+data "google_container_engine_versions" "gke_std" {}
 
+resource "google_container_cluster" "gke_std" {
   name               = "${var.name}"
   min_master_version = "${local.gke_version}"
   node_version       = "${local.gke_version}"

outputs.tf

@@ -2,19 +2,22 @@ output "host" {
   value = "${google_container_cluster.gke_std.endpoint}"
 }
 
-output "client_certificate" {
+output "cluster_ca_certificate" {
+  # not actually sensitive... just a lot of output
   sensitive = true
-  value     = "${google_container_cluster.gke_std.master_auth.0.client_certificate}"
+  value     = "${google_container_cluster.gke_std.master_auth.0.cluster_ca_certificate}"
 }
 
-output "client_key" {
-  sensitive = true
-  value     = "${google_container_cluster.gke_std.master_auth.0.client_key}"
+output "kubeconfig_filename" {
+  description = "path to output kubeconfig format file"
+  value       = "${pathexpand(local_file.kubeconfig.*.filename[0])}"
 }
 
-output "cluster_ca_certificate" {
-  sensitive = true
-  value     = "${google_container_cluster.gke_std.master_auth.0.cluster_ca_certificate}"
+output "kubeconfig" {
+  # not actually sensitive... just a lot of output
+  sensitive   = true
+  description = "kubeconfig format string"
+  value       = "${data.template_file.kubeconfig.rendered}"
 }
 
 output "id" {

pd-ssd-storageclass.tf

@@ -17,5 +17,7 @@ resource "kubernetes_storage_class" "pd_ssd" {
   }
 
   # needed when the gke cluster is recreated
-  depends_on = ["google_container_cluster.gke_std"]
+  depends_on = [
+    "null_resource.k8s_ready",
+  ]
 }

templates/kubeconfig.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+preferences: {}
+kind: Config
+
+clusters:
+  - cluster:
+      certificate-authority-data: ${cluster_auth_base64}
+      server: ${endpoint}
+    name: ${kubeconfig_name}
+
+contexts:
+  - context:
+      cluster: ${kubeconfig_name}
+      user: ${kubeconfig_name}
+    name: ${kubeconfig_name}
+
+current-context: ${kubeconfig_name}
+
+users:
+  - name: ${kubeconfig_name}
+    user:
+      auth-provider:
+        config:
+          cmd-args: config config-helper --format=json
+          cmd-path: ${gcloud_cmd}
+          expiry-key: '{.credential.token_expiry}'
+          token-key: '{.credential.access_token}'
+        name: gcp

tests/shellcheck.sh

@@ -4,7 +4,7 @@ set -e
 shopt -s globstar nullglob
 
 CHECK=( **/*.sh )
-IGNORE=( environments/** .bundle/** .tmp/** )
+IGNORE=( {environments,.bundle,.tmp}/** )
 
 for c in "${!CHECK[@]}"; do
   for i in "${IGNORE[@]}"; do

tests/terraform.sh

@@ -2,7 +2,7 @@
 
 set -e
 
-TF_VER="0.11.11"
+TF_VER="0.11.13"
 
 tf() {
   docker run -ti -v "$(pwd):$(pwd)" -w "$(pwd)" \

tests/yamllint.sh

@@ -8,7 +8,7 @@ EYAML=( **/*.eyaml )
 IGNORE=()
 CONF_FILE=".yamllint.yaml"
 
-# filter out plaintext versions of .eyaml files
+# filter out plain text versions of .eyaml files
 for e in "${!EYAML[@]}"; do
   uneyaml=${EYAML[e]/eyaml/yaml}
   for c in "${!CHECK[@]}"; do

variables.tf

@@ -2,21 +2,6 @@ variable "name" {
   description = "gke cluster name"
 }
 
-variable "google_project" {
-  description = "google cloud project ID"
-  default     = "plasma-geode-127520"
-}
-
-variable "google_region" {
-  description = "google cloud region"
-  default     = "us-central1"
-}
-
-variable "google_zone" {
-  description = "google cloud region/zone"
-  default     = "us-central1-b"
-}
-
 variable "initial_node_count" {
   description = "number of gke nodes to start"
   default     = 3
@@ -31,3 +16,12 @@ variable "machine_type" {
   description = "machine type of default gke pool nodes"
   default     = "n1-standard-1"
 }
+
+variable "gcloud_cmd" {
+  description = "Whether to write a Kubectl config file containing the cluster configuration. Saved to `kubeconfig_output_path`."
+  default     = "gcloud"
+}
+
+locals {
+  kubeconfig_filename = "${path.module}/kubeconfig_${var.name}"
+}