feat: Replace the local-exec script with a http datasource for waiting cluster (#1339)

NOTES: Using the [terraform-aws-modules/http](https://registry.terraform.io/providers/terraform-aws-modules/http/latest) provider is a more platform agnostic way to wait for the cluster availability than using a local-exec. With this change we're able to provision EKS clusters and manage the `aws_auth` configmap while still using the `hashicorp/tfc-agent` docker image.
2026-03-25 02:41:03 +01:00 · 2021-05-17 10:11:36 +02:00
parent 781f673295
commit e3bf48bba2
7 changed files with 35 additions and 64 deletions
--- a/cluster.tf
+++ b/cluster.tf
@@ -64,21 +64,10 @@ resource "aws_security_group_rule" "cluster_private_access" {
 }


-resource "null_resource" "wait_for_cluster" {
-  count = var.create_eks && var.manage_aws_auth ? 1 : 0
-
-  depends_on = [
-    aws_eks_cluster.this,
-    aws_security_group_rule.cluster_private_access,
-  ]
-
-  provisioner "local-exec" {
-    command     = var.wait_for_cluster_cmd
-    interpreter = var.wait_for_cluster_interpreter
-    environment = {
-      ENDPOINT = aws_eks_cluster.this[0].endpoint
-    }
-  }
+data "http" "wait_for_cluster" {
+  count          = var.create_eks && var.manage_aws_auth ? 1 : 0
+  url            = format("%s/healthz", aws_eks_cluster.this[0].endpoint)
+  ca_certificate = base64decode(coalescelist(aws_eks_cluster.this[*].certificate_authority[0].data, [""])[0])
 }

 resource "aws_security_group" "cluster" {