-1

I have very simple use case that I am trying to run kubectl command using terraform's HCP

resource "null_resource" "meta_create_namespace_and_secret" {
  provisioner "local-exec" {
    command = "kubectl create namespace meta && kubectl create secret generic minio -n meta --from-literal=rootUser=jk_infra --from-literal=rootPassword=ab3c2#DcejC"]."
  }

  # adding static trigger to run this only once 
  triggers = {
    always_run = "true"
  }
}

I get the following errors

Executing: ["/bin/sh" "-c" "kubectl create namespace meta && kubectl create secret generic minio -n meta --from-literal=rootUser=jk_infra --from-literal=rootPassword=ab3c2#DcejC"].  //not in use
  /bin/sh: 1: kubectl: not found

I know I can do it using kubectl manifest provider but is there a way to do it using just commands ?

Improve this question
3
  • 1
    local exec commands run on your machine, so you'll need to have kubectl installed for that to work. you shouldn't need to use local exec for this, why can't you use proper terraform resources? Commented Dec 2, 2024 at 10:45
  • 1
    FYI this question seems to have disclosed a username and password. I mention it just in case that was a live password that you would now want to rotate. Commented Dec 5, 2024 at 0:51
  • It wasn't a live password just a test password which is also not in use Commented Dec 5, 2024 at 5:17

2 Answers 2

Reset to default
0

kubectl is not installed on HashiCorp Cloud Platform by default and it can be added by terraform with the help of null_resource or terraform_data which the later one is preferred.

resource "terraform_data" "meta_create_namespace_and_secret" {

  # trigger each time
  triggers_replace = [
    "${timestamp()}"
  ]

  # download kubectl
  provisioner "local-exec" {
    command = "curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl"
  }

  provisioner "local-exec" {
    command = "kubectl create namespace meta && kubectl create secret generic minio -n meta --from-literal=rootUser=ck_infra_admin --from-literal=rootPassword=f23ff2#DcejC:d"
  }

}

or

resource "null_resource" "meta_create_namespace_and_secret" {

  # download kubectl
  provisioner "local-exec" {
    command = "curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl"
  }

  provisioner "local-exec" {
    command = "kubectl create namespace meta && kubectl create secret generic minio -n meta --from-literal=rootUser=ck_infra_admin --from-literal=rootPassword=f23ff2#DcejC:d"
  }

  # adding static trigger to run this only once 
  triggers = {
    always_run = "true"
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I can show you 2 methods in order to create kubernetes components using terraform

1st method:

you can use this provider kubectl terraform provider

You need add this block to your providers.tf file

terraform {
  required_providers {
    kubectl = {
      source = "gavinbunney/kubectl"
      version = "1.16.0"
    }
  }
}

// you need to configure the kubectl provider section in order to enable terraform to authenticate to your cluster

provider "kubectl" {
  host                   = 
  cluster_ca_certificate = 
  token                  = 
}

After configuring the provider you just need to create a file named for example secret.yml For example we going to fill it with:

apiVersion: v1
kind: Secret
metadata:
  name: secret-sa
  namespace: test
type: kubernetes.io/service-account-token
data:
  extra: YmFyCg==

In order to deploy to secret.yml file you just need to add file name secret.tf that contain

resource "kubectl_manifest" "dapr_secret" {
  yaml_body = file("./secret.yml")
}

Finaly run:

terraform apply

2nd method: you can use this provider kubernetes terraform provider

You need to add this block to your providers.tf file

terraform {
  required_providers {
    kubernetes = {
      source = "hashicorp/kubernetes"
      version = "2.34.0"
    }
  }
}

// you need to configure the kubernetes provider section in order to enable terraform to authenticate to your cluster

provider "kubernetes" {
  host                   = 
  cluster_ca_certificate = 
  token                  = 
}

Create a file named secret.tf and copy this config In case your wondering where did I found this config

resource "kubernetes_secret" "example" { 
  metadata {
    name = "secret-sa"
    namespace ="test"
  }
  data = {
    "extra" = "base64secret"
  }

  type = "kubernetes.io/service-account-token"
}

In case your wondering where did I found this config Kubernetes secret terraform

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.