Remove use of template provider

* Switch to using Terraform `templatefile` instead of the `template` provider (i.e. `data.template_file`) * Available since Terraform v0.12
2026-01-27 02:20:37 +00:00 · 2022-01-14 09:41:33 -08:00
parent 4dc0388149
commit 0d2135e687
4 changed files with 51 additions and 58 deletions
--- a/auth.tf
+++ b/auth.tf
@@ -1,72 +1,66 @@
 locals {
  # component kubeconfigs assets map
  auth_kubeconfigs = {
-    "auth/admin.conf" = data.template_file.kubeconfig-admin.rendered,
-    "auth/controller-manager.conf" = data.template_file.kubeconfig-controller-manager.rendered,
-    "auth/scheduler.conf" = data.template_file.kubeconfig-scheduler.rendered,
+    "auth/admin.conf"              = local.kubeconfig-admin,
+    "auth/controller-manager.conf" = local.kubeconfig-controller-manager
+    "auth/scheduler.conf"          = local.kubeconfig-scheduler
  }
 }

-# Generated admin kubeconfig to bootstrap control plane
-data "template_file" "kubeconfig-admin" {
-  template = file("${path.module}/resources/kubeconfig-admin")
+locals {
+  # Generated admin kubeconfig to bootstrap control plane
+  kubeconfig-admin = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )

-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.admin.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.admin.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-controller-manager = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )

-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-controller-manager" {
-  template = file("${path.module}/resources/kubeconfig-admin")
+  # Generated kube-controller-manager kubeconfig
+  kubeconfig-scheduler = templatefile("${path.module}/resources/kubeconfig-admin",
+    {
+      name         = var.cluster_name
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
+      kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+    }
+  )

-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.controller-manager.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.controller-manager.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kube-controller-manager kubeconfig
-data "template_file" "kubeconfig-scheduler" {
-  template = file("${path.module}/resources/kubeconfig-admin")
-
-  vars = {
-    name         = var.cluster_name
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    kubelet_cert = base64encode(tls_locally_signed_cert.scheduler.cert_pem)
-    kubelet_key  = base64encode(tls_private_key.scheduler.private_key_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-  }
-}
-
-# Generated kubeconfig to bootstrap Kubelets
-data "template_file" "kubeconfig-bootstrap" {
-  template = file("${path.module}/resources/kubeconfig-bootstrap")
-
-  vars = {
-    ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
-    server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
-    token_id     = random_password.bootstrap-token-id.result
-    token_secret = random_password.bootstrap-token-secret.result
-  }
+  # Generated kubeconfig to bootstrap Kubelets
+  kubeconfig-bootstrap = templatefile("${path.module}/resources/kubeconfig-bootstrap",
+    {
+      ca_cert      = base64encode(tls_self_signed_cert.kube-ca.cert_pem)
+      server       = format("https://%s:%s", var.api_servers[0], var.external_apiserver_port)
+      token_id     = random_password.bootstrap-token-id.result
+      token_secret = random_password.bootstrap-token-secret.result
+    }
+  )
 }

 # Generate a cryptographically random token id (public)
-resource random_password "bootstrap-token-id" {
+resource "random_password" "bootstrap-token-id" {
  length  = 6
  upper   = false
  special = false
 }

 # Generate a cryptographically random token secret
-resource random_password "bootstrap-token-secret" {
+resource "random_password" "bootstrap-token-secret" {
  length  = 16
  upper   = false
  special = false
--- a/outputs.tf
+++ b/outputs.tf
@@ -5,13 +5,13 @@ output "cluster_dns_service_ip" {

 // Generated kubeconfig for Kubelets (i.e. lower privilege than admin)
 output "kubeconfig-kubelet" {
-  value     = data.template_file.kubeconfig-bootstrap.rendered
+  value     = local.kubeconfig-bootstrap
  sensitive = true
 }

 // Generated kubeconfig for admins (i.e. human super-user)
 output "kubeconfig-admin" {
-  value     = data.template_file.kubeconfig-admin.rendered
+  value     = local.kubeconfig-admin
  sensitive = true
 }

--- a/tls-k8s.tf
+++ b/tls-k8s.tf
@@ -94,7 +94,7 @@ resource "tls_cert_request" "controller-manager" {
  private_key_pem = tls_private_key.controller-manager.private_key_pem

  subject {
-    common_name  = "system:kube-controller-manager"
+    common_name = "system:kube-controller-manager"
  }
 }

@@ -126,7 +126,7 @@ resource "tls_cert_request" "scheduler" {
  private_key_pem = tls_private_key.scheduler.private_key_pem

  subject {
-    common_name  = "system:kube-scheduler"
+    common_name = "system:kube-scheduler"
  }
 }

--- a/versions.tf
+++ b/versions.tf
@@ -3,8 +3,7 @@
 terraform {
  required_version = ">= 0.13.0, < 2.0.0"
  required_providers {
-    random   = "~> 3.1"
-    template = "~> 2.2"
-    tls      = "~> 3.1"
+    random = "~> 3.1"
+    tls    = "~> 3.1"
  }
 }