-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.tf
73 lines (65 loc) · 2.52 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
locals {
useOldCredentials = var.credentials.token == null && var.token != null
context_name = "terraform-${var.cluster-name}"
kubectl_kubeconfig_param = var.credentials.kubeconfig-path != null ? "--kubeconfig='${var.credentials.kubeconfig-path}'" : "--kubeconfig <(echo $$KUBECONFIG | base64 -d)"
kubeconfig = var.credentials.kubeconfig-path != null? "DO NOTHING" : yamlencode({
apiVersion = "v1"
kind = "Config"
current-context = local.context_name
clusters = [{
name = var.cluster-name
cluster = {
certificate-authority-data = local.useOldCredentials ? var.ca-certificate : var.credentials.token.ca-certificate
server = local.useOldCredentials ? var.endpoint : var.credentials.token.endpoint
}
}]
contexts = [{
name = local.context_name
context = {
cluster = var.cluster-name
user = local.context_name
}
}]
users = [{
name = local.context_name
user = local.useOldCredentials || var.credentials.token != null ? {
token = local.useOldCredentials ? var.token : var.credentials.token.token
} : {
client-certificate-data = var.credentials.client-certificate
client-key-data = var.credentials.client-key
}
}]
})
logfile-name = "cmd-${var.app}.log"
}
resource "null_resource" "kubectl" {
count = length(var.cmds)
triggers = {
always_apply = var.always-apply ? timestamp() : 0
cmd = trim(replace(var.cmds[count.index], "/(kubectl\\s+[a-zA-Z0-9]+?\\s+|kubectl)/", "$0 ${local.kubectl_kubeconfig_param} "), "\n")
}
provisioner "local-exec" {
command = format("%s %s", self.triggers.cmd, ">> ${local.logfile-name}-${count.index}")
interpreter = var.interpreter
environment = {
KUBECONFIG = base64encode(local.kubeconfig)
}
}
}
resource "null_resource" "kubectl-destroy" {
count = length(var.destroy-cmds)
triggers = {
kubeconfig = local.kubeconfig
logfile-name = local.logfile-name
destroy_cmd = trim(replace(var.destroy-cmds[count.index], "/(kubectl\\s+[a-zA-Z0-9]+?\\s+|kubectl)/", "$0 ${local.kubectl_kubeconfig_param} "), "\n")
interpreter = jsonencode(var.interpreter)
}
provisioner "local-exec" {
when = destroy
command = format("%s %s", self.triggers.destroy_cmd, ">> ${self.triggers.logfile-name}-destroy-${count.index}")
interpreter = jsondecode(self.triggers.interpreter)
environment = {
KUBECONFIG = base64encode(self.triggers.kubeconfig)
}
}
}