add kubectl update

SCT-Engineering · Jul 18, 2024 · 712ca16 · 712ca16
1 parent 4237400
commit 712ca16
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 54 deletions.
diff --git a/.gitignore b/.gitignore
diff --git a/main.tf b/main.tf
@@ -55,20 +55,20 @@ locals {
   # This below is just an example, in practice we'd notionally be creating a role (or multiple) specific to the cluster and setting policy
   # to allow the cluster users to assume said role; but we need to spend some time parsing what exactly are the permissions we plan to hand 
   # out to these clusters.
-  # access_entries = {
-  #   inf-admin-t2 = {
-  #     principal_arn     = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
-  #     kubernetes_groups = []
-  #     policy_associations = {
-  #       admin = {
-  #         policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
-  #         access_scope = {
-  #           type = "cluster"
-  #         }
-  #       }
-  #     }
-  #   }
-  # }
+  access_entries = {
+    inf-admin-t2 = {
+      principal_arn     = "arn:aws-us-gov:iam::224384469011:role/aws-reserved/sso.amazonaws.com/us-gov-east-1/AWSReservedSSO_inf-admin-t2_f3912d726991bbfa"
+      kubernetes_groups = []
+      policy_associations = {
+        admin = {
+          policy_arn = "arn:aws-us-gov:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          access_scope = {
+            type = "cluster"
+          }
+        }
+      }
+    }
+  }
 }
 
 module "cluster" {
@@ -79,7 +79,7 @@ module "cluster" {
   cluster_version                          = var.cluster_version
   cluster_endpoint_public_access           = var.cluster_endpoint_public_access
   enable_cluster_creator_admin_permissions = var.enable_cluster_creator_admin_permissions
-  # access_entries                           = local.access_entries
+  access_entries                           = local.access_entries
 
   cluster_enabled_log_types = [
     "audit",
@@ -166,6 +166,18 @@ resource "aws_security_group_rule" "allow_sidecar_injection" {
   source_security_group_id = module.cluster.cluster_primary_security_group_id
 }
 
+#################################################################
+# Update KubeConfig after cluster complete
+################################################################
+resource "null_resource" "kube_config_create" {
+  depends_on = [module.eks.cluster_name]
+  provisioner "local-exec" {
+    interpreter = ["/bin/bash", "-c"]
+    command     = "aws eks --region ${var.region} update-kubeconfig --name ${module.eks.cluster_name} --profile=${var.profile} && export KUBE_CONFIG_PATH=~/.kube/config && export KUBERNETES_MASTER=~/.kube/config"
+  }
+}
+
+
 # resource "kubernetes_namespace" "operators" {
 #   depends_on = [
 #     module.cluster.eks_managed_node_groups,
@@ -175,4 +187,3 @@ resource "aws_security_group_rule" "allow_sidecar_injection" {
 #     name = var.operators_ns
 #   }
 # }
-