this repo has no description
feat(infra): custom datasource to get kubeconfig
+53
+34
infra/_modules/nixos/kubeconfig_datasource.py
+34
infra/_modules/nixos/kubeconfig_datasource.py
···
1
+
#! /usr/bin/env nix-shell
2
+
#! nix-shell -i python3 -p python313Packages.pyyaml
3
+
4
+
import json
5
+
import subprocess
6
+
import sys
7
+
import yaml
8
+
9
+
def get_kubeconfig(host, user):
10
+
try:
11
+
result = subprocess.check_output(
12
+
["ssh", f"{user}@{host}", "cat /etc/rancher/k3s/k3s.yaml"],
13
+
stderr=subprocess.STDOUT
14
+
).decode("utf-8")
15
+
16
+
# Replace the value of the server field with the IP of the K3s server
17
+
config = yaml.safe_load(result)
18
+
config["clusters"][0]["cluster"]["server"] = f"https://[{host}]:6443"
19
+
20
+
updated_yaml = yaml.dump(config, default_flow_style=False)
21
+
22
+
return {"kubeconfig": updated_yaml}
23
+
# TODO fail hard when error
24
+
except subprocess.CalledProcessError as e:
25
+
return {"error": e.output.decode("utf-8")}
26
+
except Exception as e:
27
+
return {"error": str(e)}
28
+
29
+
if __name__ == "__main__":
30
+
args = json.load(sys.stdin)
31
+
host = args.get("host")
32
+
user = args.get("user", "root")
33
+
output = get_kubeconfig(host, user)
34
+
print(json.dumps(output))
+9
infra/_modules/nixos/main.tf
+9
infra/_modules/nixos/main.tf
+10
infra/_modules/nixos/outputs.tf
+10
infra/_modules/nixos/outputs.tf
···
1
+
output "credentials" {
2
+
value = {
3
+
client_certificate = base64decode(yamldecode(data.external.kubeconfig.result.kubeconfig).users[0].user["client-certificate-data"])
4
+
client_key = base64decode(yamldecode(data.external.kubeconfig.result.kubeconfig).users[0].user["client-key-data"])
5
+
cluster_ca_certificate = base64decode(yamldecode(data.external.kubeconfig.result.kubeconfig).clusters[0].cluster["certificate-authority-data"])
6
+
host = yamldecode(data.external.kubeconfig.result.kubeconfig).clusters[0].cluster["server"]
7
+
}
8
+
9
+
sensitive = true
10
+
}