0

I want to create a GKE cluster and then import it as an existing cluster to Rancher. For the second step I need to install some Kubernetes resources into the cluster.

The cluster creation works fine. I set

master_auth {
  client_certificate_config {
    issue_client_certificate = true
  }
}

and then later access the values in

provider "kubernetes" {
  host                   = var.kubernetes_endpoint
  client_certificate     = var.kubernetes_client_certificate
  client_key             = var.kubernetes_client_key
  cluster_ca_certificate = var.kubernetes_cluster_ca_certificate
}

However, I get an error when trying to create Kubernetes resources in the cluster

Error: clusterroles.rbac.authorization.k8s.io is forbidden: User "client" cannot create resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope
  on modules/install-rancher/resources.tf line 1, in resource "kubernetes_cluster_role" "proxy-clusterrole-kubeapiserver":
   1: resource "kubernetes_cluster_role" "proxy-clusterrole-kubeapiserver" {

Is there a way to get a client certificate with admins rights through Terraform?

Moritz Schmitz v. Hülst
  • 161
  • 1
  • 6

1 Answers1

1

This is how you can resolve my problem and chain different Terraform providers/deployments.

data "google_client_config" "client_config" {
  provider = google-beta
}

provider "kubernetes" {
  load_config_file = false

  host                   = var.endpoint_from_created_cluster
  token                  = data.google_client_config.client_config.access_token
  cluster_ca_certificate = var.ca_certificate_from_created_cluster
}
Moritz Schmitz v. Hülst
  • 161
  • 1
  • 6