» Kubernetes Provider
The Kubernetes (K8S) provider is used to interact with the resources supported by Kubernetes. The provider needs to be configured with the proper credentials before it can be used.
Use the navigation to the left to read about the available resources.
» Example Usage
provider "kubernetes" {
config_context_auth_info = "ops"
config_context_cluster = "mycluster"
}
resource "kubernetes_namespace" "example" {
metadata {
name = "my-first-namespace"
}
}
» Kubernetes versions
Both backward and forward compatibility with Kubernetes API is mostly defined
by the official K8S Go library (prior to 1.1
release)
and client Go library which we ship with Terraform.
Below are versions of the library bundled with given versions of Terraform.
- Terraform
<= 0.9.6
(prior to provider split) - Kubernetes1.5.4
- Terraform
0.9.7
(prior to provider split)< 1.1
(provider version) - Kubernetes1.6.1
-
1.1+
- Kubernetes1.7
» Authentication
There are generally two ways to configure the Kubernetes provider.
» File config
The provider always first tries to load a config file from a given
(or default) location. Depending on whether you have current context set
this may require config_context_auth_info
and/or config_context_cluster
and/or config_context
.
» Setting default config context
Here's an example for how to set default context and avoid all provider configuration:
kubectl config set-context default-system \
--cluster=chosen-cluster \
--user=chosen-user
kubectl config use-context default-system
Read more about kubectl
in the official docs.
» Statically defined credentials
The other way is statically define TLS certificate credentials:
provider "kubernetes" {
host = "https://104.196.242.174"
client_certificate = "${file("~/.kube/client-cert.pem")}"
client_key = "${file("~/.kube/client-key.pem")}"
cluster_ca_certificate = "${file("~/.kube/cluster-ca-cert.pem")}"
}
or username and password (HTTP Basic Authorization):
provider "kubernetes" {
host = "https://104.196.242.174"
username = "username"
password = "password"
}
If you have both valid configuration in a config file and static configuration, the static one is used as override. i.e. any static field will override its counterpart loaded from the config.
» Argument Reference
The following arguments are supported:
-
host
- (Optional) The hostname (in form of URI) of Kubernetes master. Can be sourced fromKUBE_HOST
. Defaults tohttps://localhost
. -
username
- (Optional) The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. Can be sourced fromKUBE_USER
. -
password
- (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint. Can be sourced fromKUBE_PASSWORD
. -
insecure
- (Optional) Whether server should be accessed without verifying the TLS certificate. Can be sourced fromKUBE_INSECURE
. Defaults tofalse
. -
client_certificate
- (Optional) PEM-encoded client certificate for TLS authentication. Can be sourced fromKUBE_CLIENT_CERT_DATA
. -
client_key
- (Optional) PEM-encoded client certificate key for TLS authentication. Can be sourced fromKUBE_CLIENT_KEY_DATA
. -
cluster_ca_certificate
- (Optional) PEM-encoded root certificates bundle for TLS authentication. Can be sourced fromKUBE_CLUSTER_CA_CERT_DATA
. -
config_path
- (Optional) Path to the kube config file. Can be sourced fromKUBE_CONFIG
orKUBECONFIG
. Defaults to~/.kube/config
. -
config_context
- (Optional) Context to choose from the config file. Can be sourced fromKUBE_CTX
. -
config_context_auth_info
- (Optional) Authentication info context of the kube config (name of the kubeconfig user,--user
flag inkubectl
). Can be sourced fromKUBE_CTX_AUTH_INFO
. -
config_context_cluster
- (Optional) Cluster context of the kube config (name of the kubeconfig cluster,--cluster
flag inkubectl
). Can be sourced fromKUBE_CTX_CLUSTER
. -
token
- (Optional) Token of your service account. Can be sourced fromKUBE_TOKEN
. -
load_config_file
- (Optional) By default the local config (~/.kube/config) is loaded when you use this provider. This option at false disable this behaviour. Can be sourced fromKUBE_LOAD_CONFIG_FILE
.