use ca

Author: libracoder

.github/workflows/crossplane-release.yaml

@@ -123,6 +123,8 @@ jobs:
           -var-file=${{ inputs.environment }}.tfvars \
           -var="commit_hash=${{ github.sha }}" \
           -var="config_path=${{ github.workspace }}/kubeconfig.yaml" \
+          -var="cluster_ca_certificate=${{ secrets.EKS_PRD_CA_DATA }}" \
+          -var="cluster_endpoint=${{ secrets.EKS_PRD_HOST }}" \
           -var="service_name=${{ inputs.service_name }}"
         env:
           TF_WORKSPACE: ${{ inputs.environment }}

crossplane/variables.tf

@@ -22,3 +22,13 @@ variable "config_path" {
   description = "path to the config file"
   type = string
 }
+
+ variable "cluster_endpoint" {
+  description = "endpoint of the eks cluster"
+  type = string
+}
+
+variable "cluster_ca_certificate" {
+  description = "certificate of the eks cluster"
+  type = string
+}

crossplane/versions.tf

@@ -24,7 +24,16 @@ terraform {
 }
 
 provider "kubectl" {
-  config_path       = var.config_path
-  load_config_file  = true
-  apply_retry_count = 15
+  apply_retry_count      = 5
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_ca_certificate)
+  load_config_file       = false
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", var.cluster_name]
+  }
 }
+