terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

GKE Hub enhancements

Open bharathkkb opened this issue 5 years ago • 1 comments

Currently we support GKE hub membership registration via SA key. Moving forward we should also consider supporting hub memberships via Workload Identity and via kubeconfig for non GCP Kubernetes clusters.

  • using Workload Identity
module "hub" {
  source                = "terraform-google-modules/kubernetes-engine/google//modules/hub"
  project_id            = "my-project-id"
  cluster_name          = "my-cluster-name"
  location              = module.gke.location
  cluster_endpoint      = module.gke.endpoint
+ use_workload_identity = true
}
  • via kubeconfig
    • kubeconfig will be generated dynamically to prevent diff issues
module "hub" {
  source                = "terraform-google-modules/kubernetes-engine/google//modules/hub"
  project_id            = "my-project-id"
  cluster_name          = "my-cluster-name"
  location              = module.gke.location
  cluster_endpoint      = module.gke.endpoint
+ use_kubeconfig = true
}

TODO:

  • [x] #605

bharathkkb avatar Aug 20 '20 07:08 bharathkkb

@bharathkkb Following up on kubeconfig support, it looks like there is no explicit integration test for the hub module. It is being tested with asm in simple_zonal_with_asm.

To test the use_kubeconfig feature, would it make sense to create a new integration test based on the simple_zonal_with_asm test and use kubeconfig to register with hub?

abhinavrau avatar Jan 11 '21 23:01 abhinavrau