如何检索EKS kubeconfig？

Question

我将aws_eks_cluster和aws_eks_node_group定义为：

resource "aws_eks_cluster" "example" {
  count = var.create_eks_cluster ? 1 : 0
  name     = local.cluster_name
  role_arn = aws_iam_role.example[count.index].arn

  vpc_config {
    subnet_ids = [
      aws_subnet.main2.id, 
      aws_subnet.main3.id
    ]
    security_group_ids = [
      module.network.security_group_allow_all_from_client_ip,
      module.network.security_group_main_id
    ]
    endpoint_private_access = true
    endpoint_public_access = false
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Cluster handling.
  # Otherwise, EKS will not be able to properly delete EKS managed EC2 infrastructure such as Security Groups.
  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
    aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController,
  ]
}


resource "aws_eks_node_group" "example" {
  count = var.create_eks_cluster ? 1 : 0
  cluster_name    = aws_eks_cluster.example[count.index].name
  node_group_name = random_uuid.deployment_uuid.result
  node_role_arn   = aws_iam_role.eks-node-group-example[count.index].arn
  subnet_ids      = [
    aws_subnet.main2.id, 
    aws_subnet.main3.id
    ]

  scaling_config {
    desired_size = 1
    max_size     = 5
    min_size     = 1
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
  # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
  ]
}

如何检索KubeConfig？

我已经看到kubeconfig可以作为ek模块上的输出。

我是否需要用aws_eks_cluster和aws_eks_node_group模块取代

Answer 1

EKS模块构成基于模板的kubeconfig。

您可以将该模板与您的terraform代码放在一起。

您需要为模板函数调用中的所有变量提供默认值，并引用您自己的EKS资源名称。也可以删除所有的coalescelist函数。

例如：

locals {
  kubeconfig = templatefile("templates/kubeconfig.tpl", {
    kubeconfig_name                   = local.kubeconfig_name
    endpoint                          = aws_eks_cluster.example.endpoint
    cluster_auth_base64               = aws_eks_cluster.example.certificate_authority[0].data
    aws_authenticator_command         = "aws-iam-authenticator"
    aws_authenticator_command_args    = ["token", "-i", aws_eks_cluster.example.name]
    aws_authenticator_additional_args = []
    aws_authenticator_env_variables   = {}
  })
}

output "kubeconfig" { value = local.kubeconfig }