Giters

splunk / qbec

configure kubernetes objects on multiple clusters using jsonnet

Home Page:https://qbec.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add ability to run qbec without kubeconfig and override qbec.yaml

Andor opened this issue · comments

commented

Right now, qbec relies on ~/.kube/config and qbec.yaml files when it tries to find cluster credentials.

I think it would be rather nice if qbec will have the ability to provide all the parameters to connect to the cluster via command line.

In my specific case, I want the ability to run qbec from Terraform.
For instance, Terraform providers have configuration like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

provider "kubernetes" {
  host                   = aws_eks_cluster.main[0].endpoint
  cluster_ca_certificate = base64decode(aws_eks_cluster.main[0].certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
}

And I imagine I want to run qbec from terraform with options like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

resource "null_resource" "cluster" {
  provisioner "local-exec" {
    command = <<COMMAND
qbec \
--k8s:token=${data.aws_eks_cluster_auth.cluster.token} \
--k8s:cluster-server=${aws_eks_cluster.cluster.endpoint} \
--k8s:cluster-ca-certificate=${aws_eks_cluster.cluster.certificate_authority.0.data} \
apply
COMMAND
  }
}

And/or with environment variables like this:

resource "aws_eks_cluster" "cluster" {
  name = "mycluster"
}

data "aws_eks_cluster_auth" "cluster" {
  name = aws_eks_cluster.cluster.id
}

resource "null_resource" "cluster" {
  provisioner "local-exec" {
    command = "qbec apply"
    environment = {
      QBEC_K8S_TOKEN = data.aws_eks_cluster_auth.cluster.token
      QBEC_K8S_CLUSTER_SERVER = aws_eks_cluster.cluster.endpoint
      QBEC_K8S_CLUSTER_CA_CERTIFICATE = aws_eks_cluster.cluster.certificate_authority.0.data
    }
  }
}

Options names are discussable ofc.

commented

Sorry, this issue fell through the cracks. Are you saying that even the environments defined in qbec.yaml should not exist?

qbec does need an env name to set the labels correctly for GC etc.

we already support a --force:k8s-context environment variable - we could conceivably add a new special value called __none__ and use everything from explicit env vars.

But it seems to be that it would be just as easy in terraform to create a kubeconfig with a single context containing the things of interest and force that to be the qbec context. (and explicitly set the --k8s:kubeconfig option to point to the file data file created in the terraform).

commented

@gotwarlost That issue was only about cluster credentials, which are taken from kubeconfig file, which can be non-existant in some cases.