fix: Make use of shell resource more robust (#20)

tibordp · Jul 18, 2021 · 35d9753 · 35d9753
1 parent 480b5cc
commit 35d9753
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 41 deletions.
diff --git a/joinconfig.tf b/joinconfig.tf
@@ -4,8 +4,10 @@ locals {
 }
 
 module "join_config" {
-  source     = "matti/resource/shell"
-  depends_on = [null_resource.cluster_bootstrap]
+  source        = "matti/resource/shell"
+  version       = "1.3.0"
+  depends_on    = [null_resource.cluster_bootstrap]
+  fail_on_error = true
 
   trigger = null_resource.cluster_bootstrap.id
 

diff --git a/kubeconfig.tf b/kubeconfig.tf
@@ -1,6 +1,8 @@
 module "kubeconfig" {
-  source     = "matti/resource/shell"
-  depends_on = [null_resource.cluster_bootstrap]
+  source        = "matti/resource/shell"
+  version       = "1.3.0"
+  depends_on    = [null_resource.cluster_bootstrap]
+  fail_on_error = true
 
   trigger = null_resource.cluster_bootstrap.id
 
@@ -10,38 +12,9 @@ module "kubeconfig" {
   EOT
 }
 
-module "certificate_authority_data" {
-  source     = "matti/resource/shell"
-  depends_on = [null_resource.cluster_bootstrap]
-
-  trigger = null_resource.cluster_bootstrap.id
-
-  command = <<EOT
-    ssh -i ${var.ssh_private_key_path}  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-      root@${local.kubeadm_host} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.clusters[0].cluster.certificate-authority-data}''
-  EOT
-}
-
-module "client_certificate_data" {
-  source     = "matti/resource/shell"
-  depends_on = [null_resource.cluster_bootstrap]
-
-  trigger = null_resource.cluster_bootstrap.id
-
-  command = <<EOT
-    ssh -i ${var.ssh_private_key_path}  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-      root@${local.kubeadm_host} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.users[0].user.client-certificate-data}''
-  EOT
+locals {
+  kubeconfig                 = yamldecode(module.kubeconfig.stdout)
+  certificate_authority_data = base64decode(local.kubeconfig.clusters[0].cluster.certificate-authority-data)
+  client_certificate_data    = base64decode(local.kubeconfig.users[0].user.client-certificate-data)
+  client_key_data            = base64decode(local.kubeconfig.users[0].user.client-key-data)
 }
-
-module "client_key_data" {
-  source     = "matti/resource/shell"
-  depends_on = [null_resource.cluster_bootstrap]
-
-  trigger = null_resource.cluster_bootstrap.id
-
-  command = <<EOT
-    ssh -i ${var.ssh_private_key_path}  -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
-      root@${local.kubeadm_host} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.users[0].user.client-key-data}''
-  EOT
-}
diff --git a/outputs.tf b/outputs.tf
@@ -20,17 +20,17 @@ output "apiserver_url" {
 
 output "client_certificate_data" {
   description = "kubeconfig for the cluster"
-  value       = base64decode(module.client_certificate_data.stdout)
+  value       = local.client_certificate_data
 }
 
 output "certificate_authority_data" {
   description = "kubeconfig for the cluster"
-  value       = base64decode(module.certificate_authority_data.stdout)
+  value       = local.certificate_authority_data
 }
 
 output "client_key_data" {
   description = "kubeconfig for the cluster"
-  value       = base64decode(module.client_key_data.stdout)
+  value       = local.client_key_data
 }
 
 output "kubeconfig" {