terraform-provider-oci icon indicating copy to clipboard operation
terraform-provider-oci copied to clipboard

Published 20 hours ago verified publisher icon oracle

Add oci_containerengine_cluster_token Data Source

Open steve-gray opened this issue 10 months ago • 7 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There is no data source object that permits creation of a cluster bearer token (oci ce cluster generate-token from the CLI). This bearer token can be used to chain up other providers/resources such as Helm against a Kubernetes cluster being provisioned. Should be implemented as a data-source resource, and obtain a new token each time Terraform is run to use with any steps.

Ideally should coordinate with upstream OCI services/API team to ensure this is present in the Go SDK if not present, but also be able to set a custom expiration time on the token to allow for suitable durations for creating a cluster and provisioning a resource into it.

Existing solutions (i.e. the terraform OKE module) attempt to solve this by creating a server, running SSH scripts, but cannot reason about the state of resources nor chain that into native terraform, leading to highly fragmented solutions. AWS, AKS and other engines permit this directly via Terraform easily. Cannot use the exec-credential plugin (OCI CLI) based authentication in most cases as tools such as terraform cloud do not include the relevant OCI tools, not provide organic ways to configure them.

Example use cases:

  • Installing Helm charts into cluster post-creation via the helm provider.
  • Creating namespaces or other resources via the kubernetes provider

New or Affected Resource(s)

  • oci_containerengine_cluster_token (Data-Source).
    • Inputs would be cluster_id and then outputs would be token.

Potential Terraform Configuration

data "oci_containerengine_cluster_token" "test_cluster" {
    cluster_id = oci_containerengine_cluster.test_cluster.id
}

helm {
    etc etc
    .... token = data.oci_containerengine_cluster_token.test_cluster.token
}

References

image

steve-gray avatar Aug 24 '23 20:08 steve-gray