github-personal/terraform-render-bootstrap
1
0
Fork 0
mirror of https://github.com/outbackdingo/terraform-render-bootstrap.git synced 2026-01-27 18:20:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
terraform-render-bootstrap/outputs.tf
Dalton Hubble c50071487c Add service_account_issuer variable for kube-apiserver 
* Allow the service account token issuer to be adjusted or served
from a public bucket or static cache
* Output the public key used to sign service account tokens so that
it can be used to compute JWKS (JSON Web Key Sets) if desired

Docs: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery
2025-02-07 10:58:54 -08:00

77 lines
1.6 KiB
HCL
Raw Permalink Blame History

output "cluster_dns_service_ip" {
value = cidrhost(var.service_cidr, 10)
}
// Generated kubeconfig for Kubelets (i.e. lower privilege than admin)
output "kubeconfig-kubelet" {
value = local.kubeconfig-bootstrap
sensitive = true
}
// Generated kubeconfig for admins (i.e. human super-user)
output "kubeconfig-admin" {
value = local.kubeconfig-admin
sensitive = true
}
# assets to distribute to controllers
# { some/path => content }
output "assets_dist" {
# combine maps of assets
value = merge(
local.auth_kubeconfigs,
local.etcd_tls,
local.kubernetes_tls,
local.aggregation_tls,
local.static_manifests,
local.manifests,
local.flannel_manifests,
local.cilium_manifests,
)
sensitive = true
}
# etcd TLS assets
output "etcd_ca_cert" {
value = tls_self_signed_cert.etcd-ca.cert_pem
sensitive = true
}
output "etcd_client_cert" {
value = tls_locally_signed_cert.client.cert_pem
sensitive = true
}
output "etcd_client_key" {
value = tls_private_key.client.private_key_pem
sensitive = true
}
output "etcd_server_cert" {
value = tls_locally_signed_cert.server.cert_pem
sensitive = true
}
output "etcd_server_key" {
value = tls_private_key.server.private_key_pem
sensitive = true
}
output "etcd_peer_cert" {
value = tls_locally_signed_cert.peer.cert_pem
sensitive = true
}
output "etcd_peer_key" {
value = tls_private_key.peer.private_key_pem
sensitive = true
}
# Kubernetes TLS assets
output "service_account_public_key" {
value = tls_private_key.service-account.public_key_pem
}
Reference in New Issue View Git Blame Copy Permalink