terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Data resource for TokenRequest API

Open z0rc opened this issue 3 years ago • 0 comments

Description

Starting with Kubernetes 1.24 there should be a way to fetch token for given service account. https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/

Potential Terraform Configuration

data "kubernetes_token_request" "token" {
  metadata {
    service_account = "sa"
    namespace = "default"
  }

  expiration = "1h"
}

References

After https://github.com/hashicorp/terraform-provider-kubernetes/pull/1792 it isn't clear how to correctly acquire SA's token. Kubernetes documentation recommends going TokenRequest way and using Secret only if TokenRequest isn't suitable.

Also even with Secret it isn't clear how to correctly get new token in terraform. Because we should create special Secret first and then wait for kubernetes to populate token field in it. I don't see a way to express this in terraform resources now. See https://github.com/hashicorp/terraform-provider-kubernetes/issues/1221.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

z0rc avatar Aug 30 '22 20:08 z0rc