Static Credentials

Using static credentials

This section contains example Resource Definitions using static credentials for connecting to generic Kubernetes clusters.

generic-k8s-client-certificate.tf: use a client certificate to connect to the cluster. This format is for use with the Humanitec Terraform provider
generic-k8s-static-credentials.yaml: use a client certificate to connect to the cluster. This format is for use with the Humanitec CLI.

generic-k8s-client-certificate.tf (view on GitHub) :

# Provide access to the kubeconfig file
locals {
  parsed_kubeconfig = yamldecode(file("/path/to/kubeconfig"))
}

# Resource Definition for a generic Kubernetes cluster
resource "humanitec_resource_definition" "generic_cluster" {
  id          = "generic-k8s-static-credentials"
  name        = "generic-k8s-static-credentials"
  type        = "k8s-cluster"
  driver_type = "humanitec/k8s-cluster"

  driver_inputs = {
    values_string = jsonencode({
      loadbalancer = "35.10.10.10"
      # The index [0] assumes the target cluster is the first cluster definition
      cluster_data = local.parsed_kubeconfig["clusters"][0]["cluster"]
    })
    secrets_string = jsonencode({
      # Setting the URL for the Humanitec Agent. Remove the line if not used
      agent_url   = "$${resources['agent#agent'].outputs.url}"
      # The index [0] assumes the target user is the first user definition
      credentials = local.parsed_kubeconfig["users"][0]["user"]
    })
  }
}

generic-k8s-client-certificate.yaml (view on GitHub) :

# Resource Definition for a generic Kubernetes cluster
# Make sure all ${ENVIRONMENT_VARIABLES} are set when applying this Resource Definition.
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: generic-k8s-static-credentials
entity:
  name: generic-k8s-static-credentials
  type: k8s-cluster
  driver_type: humanitec/k8s-cluster
  driver_inputs:
    values:
      name: my-generic-k8s-cluster
      loadbalancer: 35.10.10.10
      cluster_data:
        server: https://35.11.11.11:6443
        # Single line base64-encoded cluster CA data in the format "LS0t...ca-data....=="
        certificate-authority-data: ${CLUSTER_CERTIFICATE_CA_DATA}
    secrets:
      credentials:
        # Single line base64-encoded client certificate data in the format "LS0t...cert-data...=="
        client-certificate-data: ${USER_CLIENT_CERTIFICATE_DATA}
        # Single line base64-encoded client key data in the format "LS0t...key-data...=="
        client-key-data: ${USER_CLIENT_KEY_DATA}

Resource Definitions

Driver

Capability

Static Credentials

Using static credentials

Resource Definitions

Driver

Capability

Static Credentials

Using static credentials #

Using static credentials