Static Credentials
Using static credentials
This section contains example Resource Definitions using static credentials for connecting to generic Kubernetes clusters.
generic-k8s-client-certificate.tf
: use a client certificate to connect to the cluster. This format is for use with the Humanitec Terraform providergeneric-k8s-static-credentials.yaml
: use a client certificate to connect to the cluster. This format is for use with the Humanitec CLI.
generic-k8s-client-certificate.tf
(view on GitHub)
:
# Provide access to the kubeconfig file
locals {
parsed_kubeconfig = yamldecode(file("/path/to/kubeconfig"))
}
# Resource Definition for a generic Kubernetes cluster
resource "humanitec_resource_definition" "generic_cluster" {
id = "generic-k8s-static-credentials"
name = "generic-k8s-static-credentials"
type = "k8s-cluster"
driver_type = "humanitec/k8s-cluster"
driver_inputs = {
values_string = jsonencode({
loadbalancer = "35.10.10.10"
# The index [0] assumes the target cluster is the first cluster definition
cluster_data = local.parsed_kubeconfig["clusters"][0]["cluster"]
})
secrets_string = jsonencode({
# Setting the URL for the Humanitec Agent. Remove the line if not used
agent_url = "$${resources['agent#agent'].outputs.url}"
# The index [0] assumes the target user is the first user definition
credentials = local.parsed_kubeconfig["users"][0]["user"]
})
}
}
generic-k8s-client-certificate.yaml
(view on GitHub)
:
# Resource Definition for a generic Kubernetes cluster
# Make sure all ${ENVIRONMENT_VARIABLES} are set when applying this Resource Definition.
apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
id: generic-k8s-static-credentials
entity:
name: generic-k8s-static-credentials
type: k8s-cluster
driver_type: humanitec/k8s-cluster
driver_inputs:
values:
name: my-generic-k8s-cluster
loadbalancer: 35.10.10.10
cluster_data:
server: https://35.11.11.11:6443
# Single line base64-encoded cluster CA data in the format "LS0t...ca-data....=="
certificate-authority-data: ${CLUSTER_CERTIFICATE_CA_DATA}
secrets:
credentials:
# Single line base64-encoded client certificate data in the format "LS0t...cert-data...=="
client-certificate-data: ${USER_CLIENT_CERTIFICATE_DATA}
# Single line base64-encoded client key data in the format "LS0t...key-data...=="
client-key-data: ${USER_CLIENT_KEY_DATA}