Kubernetes KUBECONFIG文件

xmjla07d  于 2023-10-17  发布在  Kubernetes
关注(0)|答案(1)|浏览(106)

我们有一个Helm Chart,我们希望将该图表安装在3个云(AWS,Azure和GCP)中的任何一个集群上。如何下载Kubernetes集群的kubeconfig文件并使用它来安装Helm Chart?

9w11ddsr

9w11ddsr1#

对于Azure:
删除群集的data

data "azurerm_kubernetes_cluster" "main" {
  name                = "your-cluster"
  resource_group_name = "your-rg"
}

在您的providers.tf文件中添加以下内容:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.6"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "2.9.0"
    }
  }

如果可以使用admin kubeconfig:

provider "helm" {
  load_config_file       = "false"
  host                   = azurerm_kubernetes_cluster.main.kube_admin_config.0.host
  username               = azurerm_kubernetes_cluster.main.kube_admin_config.0.username
  password               = azurerm_kubernetes_cluster.main.kube_admin_config.0.password
  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.client_certificate)}"
  client_key             = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.cluster_ca_certificate)}"
}

如果你想避免使用admin kubeconfig:

provider "helm" {
  host                   = data.azurerm_kubernetes_cluster.main.kube_config.0.host
  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command = "./kubelogin"
    args = [
      "get-token",
      "--login",
      "spn",
      "--environment",
      "AzurePublicCloud",
      "--tenant-id",
      var.tenant_id,
      "--server-id",
      var.aad_server_id,
      "--client-id",
      var.client_id,
      "--client-secret",
      var.client_secret
    ]
  }
}

请注意,您需要在repo中包含kubelogin二进制文件。More details here
然后你可以像这样安装Helm Chart:

resource "helm_release" "your-release" {  
  name       = "your-release"
  namespace  = "your-namespace"
  repository = "whatever/repo"
  chart      = "a-chart"
  version    = "1.2.3"
}

我不确定GCP或AWS,但我不会感到惊讶的过程是相似的

相关问题