allow user to overwrite the kubeconfig default args (#129)

* allow user to overwrite the kubeconfig default args * quote args to auth command
2026-03-11 21:11:32 +01:00 · 2018-11-01 11:14:07 -05:00
parent 31ec0f7db3
commit e1e265bf21
3 changed files with 9 additions and 5 deletions
--- a/data.tf
+++ b/data.tf
@@ -44,13 +44,13 @@ data "template_file" "kubeconfig" {
  template = "${file("${path.module}/templates/kubeconfig.tpl")}"

  vars {
-    cluster_name                      = "${aws_eks_cluster.this.name}"
    kubeconfig_name                   = "${local.kubeconfig_name}"
    endpoint                          = "${aws_eks_cluster.this.endpoint}"
    region                            = "${data.aws_region.current.name}"
    cluster_auth_base64               = "${aws_eks_cluster.this.certificate_authority.0.data}"
    aws_authenticator_command         = "${var.kubeconfig_aws_authenticator_command}"
-    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : "" }"
+    aws_authenticator_command_args    = "${length(var.kubeconfig_aws_authenticator_command_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_command_args)}" : "        - ${join("\n        - ", formatlist("\"%s\"", list("token", "-i", aws_eks_cluster.this.name)))}"}"
+    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : ""}"
    aws_authenticator_env_variables   = "${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}"
  }
 }
--- a/templates/kubeconfig.tpl
+++ b/templates/kubeconfig.tpl
@@ -23,8 +23,6 @@ users:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: ${aws_authenticator_command}
      args:
-        - "token"
-        - "-i"
-        - "${cluster_name}"
+${aws_authenticator_command_args}
 ${aws_authenticator_additional_args}
 ${aws_authenticator_env_variables}
--- a/variables.tf
+++ b/variables.tf
@@ -102,6 +102,12 @@ variable "kubeconfig_aws_authenticator_command" {
  default     = "aws-iam-authenticator"
 }

+variable "kubeconfig_aws_authenticator_command_args" {
+  description = "Default arguments passed to the authenticator command. Defaults to [token -i $cluster_name]."
+  type        = "list"
+  default     = []
+}
+
 variable "kubeconfig_aws_authenticator_additional_args" {
  description = "Any additional arguments to pass to the authenticator such as the role to assume. e.g. [\"-r\", \"MyEksRole\"]."
  type        = "list"