Reference [Preview]
Terraform
Provider
Resources
Sks Kubeconfig

exoscale_sks_kubeconfig (Resource)

Manage Exoscale Scalable Kubernetes Service (SKS) Credentials (Kubeconfig).

!> WARNING: This resource stores sensitive information in your Terraform state. Please be sure to correctly understand implications and how to mitigate potential risks before using it.

Example Usage 

resource "exoscale_sks_cluster" "my_sks_cluster" {
  zone = "ch-gva-2"
  name = "my-sks-cluster"
}

resource "exoscale_sks_kubeconfig" "my_sks_kubeconfig" {
  cluster_id = exoscale_sks_cluster.my_sks_cluster.id
  zone       = exoscale_sks_cluster.my_sks_cluster.zone

  user   = "kubernetes-admin"
  groups = ["system:masters"]
}

Please refer to the examples directory for complete configuration examples.

Schema

Required

  • cluster_id (String) ❗ The parent exoscale_sks_cluster ID.
  • groups (Set of String) ❗ Group names in the generated Kubeconfig. The certificate present in the Kubeconfig will have these roles set in the Organization field.
  • user (String) ❗ User name in the generated Kubeconfig. The certificate present in the Kubeconfig will also have this name set for the CN field.
  • zone (String) ❗ The Exoscale Zone name.

Optional

  • early_renewal_seconds (Number) If set, the resource will consider the Kubeconfig to have expired the given number of seconds before its actual CA certificate or client certificate expiry time. This can be useful to deploy an updated Kubeconfig in advance of the expiration of its internal current certificate. Note however that the old certificate remains valid until its true expiration time since this resource does not (and cannot) support revocation. Also note this advance update can only take place if the Terraform configuration is applied during the early renewal period (seconds; default: 0).
  • timeouts (Block, Optional) (see below for nested schema)
  • ttl_seconds (Number) ❗ The Time-to-Live of the Kubeconfig, after which it will expire / become invalid (seconds; default: 2592000 = 30 days).

Read-Only

  • id (String) The ID of this resource.
  • kubeconfig (String, Sensitive) The generated Kubeconfig (YAML content).
  • ready_for_renewal (Boolean)

Nested Schema for timeouts

Optional:

  • create (String)
  • delete (String)
  • read (String)
  • update (String)

-> The symbol ❗ in an attribute indicates that modifying it, will force the creation of a new resource.

Automatic Renewal

This resource considers its instances to have been deleted after either their validity period ends or the early renewal period is reached. Past this period, applying the Terraform configuration will cause a new Kubeconfig to be generated.

Therefore in a development environment with frequent deployments, it may be convenient to set a relatively-short expiration time and use early renewal to automatically provision a new Kubeconfig when the current one is about to expire.

The creation of a new Kubeconfig may of course cause dependent resources to be updated or replaced, depending on the lifecycle rules applying to those resources.

Sks ClusterSks Nodepool