This module allows configuring authentication to a GKE cluster
using an OpenID Connect token
retrieved from GCP as a kubeconfig file or as outputs intended for use with
the kubernetes / helm providers.
This module retrieves a token for the account configured with the google
provider as the Terraform runner using the provider's credentials,
access_token, or other means of authentication.
If you run a private cluster, you can set the use_private_endpoint property to return the GKE private_endpoint IP address.
module "gke_auth" {
source = "terraform-google-modules/kubernetes-engine/google//modules/auth"
project_id = "my-project-id"
cluster_name = "my-cluster-name"
location = module.gke.location
use_private_endpoint = true
}resource "local_file" "kubeconfig" {
content = module.gke_auth.kubeconfig_raw
filename = "${path.module}/kubeconfig"
}provider "kubernetes" {
cluster_ca_certificate = module.gke_auth.cluster_ca_certificate
host = module.gke_auth.host
token = module.gke_auth.token
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_name | The name of the GKE cluster. | string |
n/a | yes |
| location | The location (region or zone) of the GKE cluster. | string |
n/a | yes |
| project_id | The GCP project of the GKE cluster. | string |
n/a | yes |
| use_private_endpoint | Connect on the private GKE cluster endpoint | bool |
false |
no |
| Name | Description |
|---|---|
| cluster_ca_certificate | The cluster_ca_certificate value for use with the kubernetes provider. |
| host | The host value for use with the kubernetes provider. |
| kubeconfig_raw | A kubeconfig file configured to access the GKE cluster. |
| token | The token value for use with the kubernetes provider. |