Merge pull request #52 from max-rocket-internet/kubeconfig-fixes

Making kubeconfig file path and generated config unique

README.md

@@ -102,8 +102,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | kubeconfig_aws_authenticator_additional_args | Any additional arguments to pass to the authenticator such as the role to assume ["-r", "MyEksRole"] | string | `<list>` | no |
 | kubeconfig_aws_authenticator_command | Command to use to to fetch AWS EKS credentials | string | `heptio-authenticator-aws` | no |
 | kubeconfig_aws_authenticator_env_variables | Environment variables that should be used when executing the authenticator i.e. { AWS_PROFILE = "eks"} | string | `<map>` | no |
-| kubeconfig_context_name | Name of the kubeconfig context. | string | `aws` | no |
-| kubeconfig_user_name | Name of the kubeconfig user. | string | `aws` | no |
+| kubeconfig_name | Override the default name used for items kubeconfig. | string | `` | no |
 | subnets | A list of subnets to place the EKS cluster and workers within. | list | - | yes |
 | tags | A map of tags to add to all resources. | string | `<map>` | no |
 | vpc_id | VPC where the cluster and workers will be deployed. | string | - | yes |

data.tf

@@ -49,11 +49,10 @@ data "template_file" "kubeconfig" {
 
   vars {
     cluster_name                      = "${var.cluster_name}"
+    kubeconfig_name                   = "${local.kubeconfig_name}"
     endpoint                          = "${aws_eks_cluster.this.endpoint}"
     region                            = "${data.aws_region.current.name}"
     cluster_auth_base64               = "${aws_eks_cluster.this.certificate_authority.0.data}"
-    context_name                      = "${var.kubeconfig_context_name}"
-    user_name                         = "${var.kubeconfig_user_name}"
     aws_authenticator_command         = "${var.kubeconfig_aws_authenticator_command}"
     aws_authenticator_additional_args = "${length(var.kubeconfig_aws_authenticator_additional_args) > 0 ? "        - ${join("\n        - ", var.kubeconfig_aws_authenticator_additional_args)}" : "" }"
     aws_authenticator_env_variables   = "${length(var.kubeconfig_aws_authenticator_env_variables) > 0 ? "      env:\n${join("\n", data.template_file.aws_authenticator_env_variables.*.rendered)}" : ""}"

kubectl.tf

@@ -1,18 +1,18 @@
 resource "local_file" "kubeconfig" {
   content  = "${data.template_file.kubeconfig.rendered}"
-  filename = "${var.config_output_path}/kubeconfig"
+  filename = "${var.config_output_path}/kubeconfig_${var.cluster_name}"
   count    = "${var.configure_kubectl_session ? 1 : 0}"
 }
 
 resource "local_file" "config_map_aws_auth" {
   content  = "${data.template_file.config_map_aws_auth.rendered}"
-  filename = "${var.config_output_path}/config-map-aws-auth.yaml"
+  filename = "${var.config_output_path}/config-map-aws-auth_${var.cluster_name}.yaml"
   count    = "${var.configure_kubectl_session ? 1 : 0}"
 }
 
 resource "null_resource" "configure_kubectl" {
   provisioner "local-exec" {
-    command = "kubectl apply -f ${var.config_output_path}/config-map-aws-auth.yaml --kubeconfig ${var.config_output_path}/kubeconfig"
+    command = "kubectl apply -f ${var.config_output_path}/config-map-aws-auth_${var.cluster_name}.yaml --kubeconfig ${var.config_output_path}/kubeconfig_${var.cluster_name}"
   }
 
   triggers {

local.tf

@@ -9,6 +9,8 @@ locals {
   workstation_external_cidr = "${chomp(data.http.workstation_external_ip.body)}/32"
   workstation_cidr          = "${coalesce(var.workstation_cidr, local.workstation_external_cidr)}"
 
+  kubeconfig_name = "${var.kubeconfig_name == "" ? "eks_${var.cluster_name}" : var.kubeconfig_name}"
+
   # Mapping from the node type that we selected and the max number of pods that it can run
   # Taken from https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml
   max_pod_per_node = {

templates/kubeconfig.tpl

@@ -6,17 +6,18 @@ clusters:
 - cluster:
     server: ${endpoint}
     certificate-authority-data: ${cluster_auth_base64}
-  name: ${cluster_name}
+  name: ${kubeconfig_name}
 
 contexts:
 - context:
-    cluster: ${cluster_name}
-    user: ${user_name}
-  name: ${context_name}
-current-context: ${context_name}
+    cluster: ${kubeconfig_name}
+    user: ${kubeconfig_name}
+  name: ${kubeconfig_name}
+
+current-context: ${kubeconfig_name}
 
 users:
-- name: ${user_name}
+- name: ${kubeconfig_name}
   user:
     exec:
       apiVersion: client.authentication.k8s.io/v1alpha1
@@ -26,4 +27,4 @@ users:
         - "-i"
         - "${cluster_name}"
 ${aws_authenticator_additional_args}
-${aws_authenticator_env_variables}
+${aws_authenticator_env_variables}

variables.tf

@@ -80,16 +80,6 @@ variable "worker_sg_ingress_from_port" {
   default     = "1025"
 }
 
-variable "kubeconfig_context_name" {
-  description = "Name of the kubeconfig context."
-  default     = "aws"
-}
-
-variable "kubeconfig_user_name" {
-  description = "Name of the kubeconfig user."
-  default     = "aws"
-}
-
 variable "kubeconfig_aws_authenticator_command" {
   description = "Command to use to to fetch AWS EKS credentials"
   default     = "heptio-authenticator-aws"
@@ -104,3 +94,8 @@ variable "kubeconfig_aws_authenticator_env_variables" {
   description = "Environment variables that should be used when executing the authenticator i.e. { AWS_PROFILE = \"eks\"}"
   default     = {}
 }
+
+variable "kubeconfig_name" {
+  description = "Override the default name used for items kubeconfig"
+  default     = ""
+}