Update examples used for testing ConflictsWith

Author: dak1n1

_examples/aks/aks-cluster/main.tf

@@ -1,16 +1,16 @@
-resource "azurerm_resource_group" "test" {
+resource "azurerm_resource_group" "default" {
   name     = var.cluster_name
   location = var.location
 }
 
-resource "azurerm_kubernetes_cluster" "test" {
+resource "azurerm_kubernetes_cluster" "default" {
   name                = var.cluster_name
-  location            = azurerm_resource_group.test.location
-  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.default.location
+  resource_group_name = azurerm_resource_group.default.name
   dns_prefix          = var.cluster_name
 
   default_node_pool {
-    name       = "default"
+    name       = "test"
     node_count = 1
     vm_size    = "Standard_DS2_v2"
   }
@@ -19,9 +19,3 @@ resource "azurerm_kubernetes_cluster" "test" {
     type = "SystemAssigned"
   }
 }
-
-resource "local_file" "kubeconfig" {
-  content = azurerm_kubernetes_cluster.test.kube_config_raw
-  filename = "${path.root}/kubeconfig"
-}
-

_examples/aks/aks-cluster/output.tf

@@ -54,3 +54,8 @@ resource helm_release nginx_ingress {
     value = "ClusterIP"
   }
 }
+
+resource "local_file" "kubeconfig" {
+  content = var.kubeconfig
+  filename = "${path.root}/kubeconfig"
+}

_examples/aks/kubernetes-config/main.tf

@@ -1,3 +1,7 @@
 variable "cluster_name" {
   type = string
 }
+
+variable "kubeconfig" {
+  type = string
+}

_examples/aks/kubernetes-config/variables.tf

@@ -2,32 +2,38 @@ terraform {
   required_providers {
     kubernetes = {
       source = "hashicorp/kubernetes"
-      version = ">= 2.0.0"
+      version = ">= 2.0.2"
     }
     azurerm = {
       source  = "hashicorp/azurerm"
       version = "2.42"
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.0.1"
+      version = ">= 2.0.2"
     }
   }
 }
 
+data "azurerm_kubernetes_cluster" "default" {
+  depends_on          = [module.aks-cluster] # refresh cluster state before reading
+  name                = local.cluster_name
+  resource_group_name = local.cluster_name
+}
+
 provider "kubernetes" {
-  host                   = module.aks-cluster.endpoint
-  client_key             = base64decode(module.aks-cluster.client_key)
-  client_certificate     = base64decode(module.aks-cluster.client_cert)
-  cluster_ca_certificate = base64decode(module.aks-cluster.ca_cert)
+  host                   = data.azurerm_kubernetes_cluster.default.kube_config.0.host
+  client_certificate     = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)
+  client_key             = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)
 }
 
 provider "helm" {
   kubernetes {
-    host                   = module.aks-cluster.endpoint
-    client_key             = base64decode(module.aks-cluster.client_key)
-    client_certificate     = base64decode(module.aks-cluster.client_cert)
-    cluster_ca_certificate = base64decode(module.aks-cluster.ca_cert)
+    host                   = data.azurerm_kubernetes_cluster.default.kube_config.0.host
+    client_certificate     = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate)
+    client_key             = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key)
+    cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate)
   }
 }
 
@@ -36,15 +42,14 @@ provider "azurerm" {
 }
 
 module "aks-cluster" {
-  providers    = { azurerm = azurerm }
   source       = "./aks-cluster"
   cluster_name = local.cluster_name
   location     = var.location
 }
 
 module "kubernetes-config" {
-  providers    = { kubernetes = kubernetes, helm = helm }
   depends_on   = [module.aks-cluster]
   source       = "./kubernetes-config"
   cluster_name = local.cluster_name
+  kubeconfig   = data.azurerm_kubernetes_cluster.default.kube_config_raw
 }

_examples/aks/main.tf

@@ -1,15 +1,4 @@
-provider "kubernetes" {
-  host                   = var.cluster_endpoint
-  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
-  exec {
-    api_version = "client.authentication.k8s.io/v1alpha1"
-    args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
-    command     = "aws"
-  }
-}
-
 resource "kubernetes_config_map" "name" {
-  depends_on  = [var.cluster_name]
   metadata {
     name      = "aws-auth"
     namespace = "kube-system"
@@ -23,26 +12,20 @@ resource "kubernetes_config_map" "name" {
   }
 }
 
-# This allows the kubeconfig file to be refreshed during every Terraform apply.
 # Optional: this kubeconfig file is only used for manual CLI access to the cluster.
 resource "null_resource" "generate-kubeconfig" {
   provisioner "local-exec" {
     command = "aws eks update-kubeconfig --name ${var.cluster_name} --kubeconfig ${path.root}/kubeconfig"
   }
-  triggers = {
-    always_run = timestamp()
-  }
 }
 
 resource "kubernetes_namespace" "test" {
-  depends_on  = [var.cluster_name]
   metadata {
     name = "test"
   }
 }
 
 resource "kubernetes_deployment" "test" {
-  depends_on  = [var.cluster_name]
   metadata {
     name = "test"
     namespace= kubernetes_namespace.test.metadata.0.name
@@ -81,20 +64,7 @@ resource "kubernetes_deployment" "test" {
   }
 }
 
-provider "helm" {
-  kubernetes {
-    host                   = var.cluster_endpoint
-    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
-    exec {
-      api_version = "client.authentication.k8s.io/v1alpha1"
-      args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
-      command     = "aws"
-    }
-  }
-}
-
 resource helm_release nginx_ingress {
-  depends_on  = [var.cluster_name]
   name       = "nginx-ingress-controller"
 
   repository = "https://charts.bitnami.com/bitnami"

_examples/eks/kubernetes-config/main.tf

@@ -1,12 +1,4 @@
 variable "k8s_node_role_arn" {
-  type = list(string)
-}
-
-variable "cluster_ca_cert" {
-  type = string
-}
-
-variable "cluster_endpoint" {
   type = string
 }
 

_examples/eks/kubernetes-config/variables.tf

@@ -15,6 +15,44 @@ terraform {
   }
 }
 
+data "aws_eks_cluster" "default" {
+  name = module.cluster.cluster_id
+}
+
+data "aws_eks_cluster_auth" "default" {
+  name = module.cluster.cluster_id
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.default.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1alpha1"
+    args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+    command     = "aws"
+  }
+}
+
+# This configuration is also valid, but the token may expire during long-running applies.
+#provider "kubernetes" {
+#  host                   = data.aws_eks_cluster.default.endpoint
+#  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+#  token                  = data.aws_eks_cluster_auth.default.token
+#}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.default.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.default.token
+    exec {
+      api_version = "client.authentication.k8s.io/v1alpha1"
+      args        = ["eks", "get-token", "--cluster-name", var.cluster_name]
+      command     = "aws"
+    }
+  }
+}
+
 provider "aws" {
   region = var.region
 }
@@ -51,9 +89,7 @@ module "cluster" {
 }
 
 module "kubernetes-config" {
-  source            = "./kubernetes-config"
-  k8s_node_role_arn = list(module.cluster.worker_iam_role_arn)
-  cluster_ca_cert   = module.cluster.cluster_certificate_authority_data
   cluster_name      = module.cluster.cluster_id # creates dependency on cluster creation
-  cluster_endpoint  = module.cluster.cluster_endpoint
+  source            = "./kubernetes-config"
+  k8s_node_role_arn = module.cluster.worker_iam_role_arn
 }

_examples/eks/main.tf

@@ -1,9 +1,3 @@
-provider "google" {
-  # Provider is configured using environment variables: GOOGLE_REGION, GOOGLE_PROJECT, GOOGLE_CREDENTIALS.
-  # This can be set statically, if preferred. See docs for details.
-  # https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#full-reference
-}
-
 # This is used to set local variable google_zone.
 # This can be replaced with a statically-configured zone, if preferred.
 data "google_compute_zones" "available" {
@@ -14,7 +8,7 @@ data "google_container_engine_versions" "supported" {
   version_prefix     = var.kubernetes_version
 }
 
-resource "google_container_cluster" "primary" {
+resource "google_container_cluster" "default" {
   name               = var.cluster_name
   location           = local.google_zone
   initial_node_count = var.workers_count

_examples/gke/gke-cluster/main.tf

@@ -1,21 +1,5 @@
 output "node_version" {
-  value = google_container_cluster.primary.node_version
-}
-
-output "cluster_id" {
-  value = google_container_cluster.primary.id
-}
-
-output "cluster_endpoint" {
-  value = google_container_cluster.primary.endpoint
-}
-
-output "cluster_ca_cert" {
-  value = google_container_cluster.primary.master_auth[0].cluster_ca_certificate
-}
-
-output "cluster_name" {
-  value = google_container_cluster.primary.name
+  value = google_container_cluster.default.node_version
 }
 
 output "google_zone" {