I want to create a GKE cluster and then import it as an existing cluster to Rancher. For the second step I need to install some Kubernetes resources into the cluster.
The cluster creation works fine. I set
master_auth {
client_certificate_config {
issue_client_certificate = true
}
}
and then later access the values in
provider "kubernetes" {
host = var.kubernetes_endpoint
client_certificate = var.kubernetes_client_certificate
client_key = var.kubernetes_client_key
cluster_ca_certificate = var.kubernetes_cluster_ca_certificate
}
However, I get an error when trying to create Kubernetes resources in the cluster
Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "client" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
on modules/install-rancher/resources.tf line 1, in resource "kubernetes_cluster_role" "proxy-clusterrole-kubeapiserver":
1: resource "kubernetes_cluster_role" "proxy-clusterrole-kubeapiserver" {
Is there a way to get a client certificate with admins rights through Terraform?