I am creating a GKE cluster like this with the following authentication settings:
master_auth {
# Setting an empty username and password explicitly disables basic auth
username = ""
password = ""
# Whether client certificate authorization is enabled for this cluster.
client_certificate_config {
issue_client_certificate = false
}
}
Once the cluster is created I am using another provider to install helm charts:
provider "helm" {
kubernetes {
host = ...
}
tiller_image = "gcr.io/kubernetes-helm/tiller:v2.14.1"
}
My question is how to fill the kubernetes block with the auth info presumably obtainable from the cluster creation step?
You can interpolate the values to setup an provider the same as you can with anything else in Terraform.
So in your case you could use something like the following:
resource "google_container_cluster" "cluster" {
# ...
}
provider "helm" {
kubernetes {
host = "https://${google_container_cluster.cluster.endpoint}"
username = "${google_container_cluster.cluster.master_auth.0.username}"
password = "${google_container_cluster.cluster.master_auth.0.password}"
client_certificate = "${google_container_cluster.cluster.master_auth.0.client_certificate}"
client_key = "${google_container_cluster.cluster.master_auth.0.client_key}"
cluster_ca_certificate = "${google_container_cluster.cluster.master_auth.0.cluster_ca_certificate}"
}
}
Note that not all providers can interpolate from a non existing resource as some providers do feature detection during the provider initialisation which happens before the dependency graph needs to use the provider. The Postgresql provider is an example of this. These providers can still work with a resource once it has already been created or they can use a data source to access the information if the dependent resource was created in another context/state file.