From 847ec5929b4b4b3d8b922dbbee4a3ecefd71f597 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sat, 5 Jan 2019 14:31:10 -0800
Subject: [PATCH] Consolidate both variants of the admin kubeconfig

* Provide an admin kubeconfig which includes a named context
and also sets that context as the current-context
* Retains support for both the KUBECONFIG=path style of usage
or adding many kubeconfig's to a ~/.kube/configs folder and
using `kubectl use-context CLUSTER-context`
---
 assets.tf                          | 17 +++--------------
 outputs.tf                         |  9 ++-------
 resources/kubeconfig-admin         | 12 +++++++-----
 resources/kubeconfig-admin-context | 17 -----------------
 resources/user-kubeconfig          | 17 -----------------
 5 files changed, 12 insertions(+), 60 deletions(-)
 delete mode 100644 resources/kubeconfig-admin-context
 delete mode 100644 resources/user-kubeconfig

diff --git a/assets.tf b/assets.tf
index 08f6881..78bd6c6 100644
--- a/assets.tf
+++ b/assets.tf
@@ -63,9 +63,9 @@ resource "local_file" "kubeconfig-admin" {
   filename = "${var.asset_dir}/auth/kubeconfig"
 }
 
-# Generated admin kubeconfig with a named context
-resource "local_file" "kubeconfig-admin-context" {
-  content  = "${data.template_file.kubeconfig-admin-context.rendered}"
+# Generated admin kubeconfig in a file named after the cluster
+resource "local_file" "kubeconfig-admin-named" {
+  content  = "${data.template_file.kubeconfig-admin.rendered}"
   filename = "${var.asset_dir}/auth/${var.cluster_name}-config"
 }
 
@@ -83,17 +83,6 @@ data "template_file" "kubeconfig-kubelet" {
 data "template_file" "kubeconfig-admin" {
   template = "${file("${path.module}/resources/kubeconfig-admin")}"
 
-  vars {
-    ca_cert      = "${base64encode(var.ca_certificate == "" ? join(" ", tls_self_signed_cert.kube-ca.*.cert_pem) : var.ca_certificate)}"
-    kubelet_cert = "${base64encode(tls_locally_signed_cert.admin.cert_pem)}"
-    kubelet_key  = "${base64encode(tls_private_key.admin.private_key_pem)}"
-    server       = "${format("https://%s:%s", element(var.api_servers, 0), var.apiserver_port)}"
-  }
-}
-
-data "template_file" "kubeconfig-admin-context" {
-  template = "${file("${path.module}/resources/kubeconfig-admin-context")}"
-
   vars {
     name         = "${var.cluster_name}"
     ca_cert      = "${base64encode(var.ca_certificate == "" ? join(" ", tls_self_signed_cert.kube-ca.*.cert_pem) : var.ca_certificate)}"
diff --git a/outputs.tf b/outputs.tf
index 6c09386..38c1518 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -15,9 +15,9 @@ output "cluster_dns_service_ip" {
 //  value = "${data.template_file.kubeconfig.rendered}"
 // }
 
-// Deprecated (use kubeconfig-admin-context)
+// Deprecated (use kubeconfig-admin)
 output "user-kubeconfig" {
-  value = "${data.template_file.kubeconfig-admin-context.rendered}"
+  value = "${data.template_file.kubeconfig-admin.rendered}"
 }
 
 // Generated kubeconfig for Kubelets (i.e. lower privilege than admin)
@@ -30,11 +30,6 @@ output "kubeconfig-admin" {
   value = "${data.template_file.kubeconfig-admin.rendered}"
 }
 
-// Generated kubeconfig for admins with a context
-output "kubeconfig-admin-context" {
-  value = "${data.template_file.kubeconfig-admin-context.rendered}"
-}
-
 # etcd TLS assets
 
 output "etcd_ca_cert" {
diff --git a/resources/kubeconfig-admin b/resources/kubeconfig-admin
index 1a42eff..8ed410b 100644
--- a/resources/kubeconfig-admin
+++ b/resources/kubeconfig-admin
@@ -1,16 +1,18 @@
 apiVersion: v1
 kind: Config
 clusters:
-- name: local
+- name: ${name}-cluster
   cluster:
     server: ${server}
     certificate-authority-data: ${ca_cert}
 users:
-- name: admin
+- name: ${name}-user
   user:
     client-certificate-data: ${kubelet_cert}
     client-key-data: ${kubelet_key}
+current-context: ${name}-context
 contexts:
-- context:
-    cluster: local
-    user: admin
+- name: ${name}-context
+  context:
+    cluster: ${name}-cluster
+    user: ${name}-user
diff --git a/resources/kubeconfig-admin-context b/resources/kubeconfig-admin-context
deleted file mode 100644
index 95e1eba..0000000
--- a/resources/kubeconfig-admin-context
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
-- name: ${name}-cluster
-  cluster:
-    server: ${server}
-    certificate-authority-data: ${ca_cert}
-users:
-- name: ${name}-user
-  user:
-    client-certificate-data: ${kubelet_cert}
-    client-key-data: ${kubelet_key}
-contexts:
-- name: ${name}-context
-  context:
-    cluster: ${name}-cluster
-    user: ${name}-user
diff --git a/resources/user-kubeconfig b/resources/user-kubeconfig
deleted file mode 100644
index 95e1eba..0000000
--- a/resources/user-kubeconfig
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Config
-clusters:
-- name: ${name}-cluster
-  cluster:
-    server: ${server}
-    certificate-authority-data: ${ca_cert}
-users:
-- name: ${name}-user
-  user:
-    client-certificate-data: ${kubelet_cert}
-    client-key-data: ${kubelet_key}
-contexts:
-- name: ${name}-context
-  context:
-    cluster: ${name}-cluster
-    user: ${name}-user