Allowing a more configurable kubeconfig

data.tf

@@ -44,7 +44,7 @@ data "aws_iam_policy_document" "cluster_assume_role_policy" {
   }
 }
 
-data template_file kubeconfig {
+data "template_file" "kubeconfig" {
   template = "${file("${path.module}/templates/kubeconfig.tpl")}"
 
   vars {
@@ -52,6 +52,23 @@ data template_file kubeconfig {
     endpoint            = "${aws_eks_cluster.this.endpoint}"
     region              = "${data.aws_region.current.name}"
     cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}"
+    context_name        = "${var.kubeconfig_context_name}"
+    user_name           = "${var.kubeconfig_user_name}"
+    aws_authenticator_command         = "${var.kubeconfig_aws_authenticator_command}"
+    aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : "" }"
+    aws_authenticator_env_variables   = "${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}"
+  }
+}
+
+data "template_file" "aws_authenticator_env_variables" {
+  template = <<EOF
+        - name: $${key}
+          value: $${value}
+EOF
+  count = "${length(var.kubeconfig_aws_authenticator_env_variables)}"
+  vars {
+    value = "${element(values(var.kubeconfig_aws_authenticator_env_variables), count.index)}"
+    key = "${element(keys(var.kubeconfig_aws_authenticator_env_variables), count.index)}"
   }
 }
 

templates/kubeconfig.tpl

@@ -6,22 +6,24 @@ clusters:
 - cluster:
     server: ${endpoint}
     certificate-authority-data: ${cluster_auth_base64}
-  name: kubernetes
+  name: ${cluster_name}
 
 contexts:
 - context:
-    cluster: kubernetes
-    user: aws
-  name: aws
-current-context: aws
+    cluster: ${cluster_name}
+    user: ${user_name}
+  name: ${context_name}
+current-context: ${context_name}
 
 users:
-- name: aws
+- name: ${user_name}
   user:
     exec:
       apiVersion: client.authentication.k8s.io/v1alpha1
-      command: heptio-authenticator-aws
+      command: ${aws_authenticator_command}
       args:
         - "token"
         - "-i"
         - "${cluster_name}"
+${aws_authenticator_additional_args}
+${aws_authenticator_env_variables}

variables.tf

@@ -73,3 +73,28 @@ variable "worker_sg_ingress_from_port" {
   description = "Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443)."
   default     = "1025"
 }
+
+variable "kubeconfig_context_name" {
+  description = "Name of the kubeconfig context."
+  default = "aws"
+}
+
+variable "kubeconfig_user_name" {
+  description = "Name of the kubeconfig user."
+  default = "aws"
+}
+
+variable "kubeconfig_aws_authenticator_command" {
+  description = "Command to use to to fetch AWS EKS credentials"
+  default = "heptio-authenticator-aws"
+}
+
+variable "kubeconfig_aws_authenticator_additional_args" {
+  description = "Any additional arguments to pass to the authenticator such as the role to assume [\"-r\", \"MyEksRole\"]"
+  default = []
+}
+
+variable "kubeconfig_aws_authenticator_env_variables" {
+  description = "Environment variables that should be used when executing the authenticator i.e. { AWS_PROFILE = \"eks\"}"
+  default = {}
+}