try with eks auth

camunda · Jul 17, 2024 · dba6ecc · dba6ecc
1 parent b9904e1
commit dba6ecc
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 30 deletions.
diff --git a/modules/eks-cluster/README.md b/modules/eks-cluster/README.md
@@ -44,8 +44,6 @@ module "eks_cluster" {
 | [kubernetes_storage_class_v1.ebs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class_v1) | resource |
 | [time_sleep.eks_cluster_warmup](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
-| [aws_eks_cluster.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
-| [aws_eks_cluster_auth.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 ## Inputs
 

diff --git a/modules/eks-cluster/cluster.tf b/modules/eks-cluster/cluster.tf
@@ -1,33 +1,5 @@
-/*
-The following 2 data resources are used get around the fact that we have to wait
-for the EKS cluster to be initialised before we can attempt to authenticate.
-*/
 
-data "aws_eks_cluster" "eks" {
-  name = module.eks.cluster_name
 
-  # depend on something of the eks module but nothing that would ever change
-  # workaround to only pull data on a later stage during initial creation
-  depends_on = [
-    module.eks.cluster_name
-  ]
-}
-
-data "aws_eks_cluster_auth" "eks" {
-  name = module.eks.cluster_name
-
-  # depend on something of the eks module but nothing that would ever change
-  # workaround to only pull data on a later stage during initial creation
-  depends_on = [
-    module.eks.cluster_name
-  ]
-}
-
-provider "kubernetes" {
-  host                   = data.aws_eks_cluster.eks.endpoint
-  cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data)
-  token                  = data.aws_eks_cluster_auth.eks.token
-}
 
 # https://github.com/terraform-aws-modules/terraform-aws-eks
 module "eks" {
@@ -164,6 +136,18 @@ resource "time_sleep" "eks_cluster_warmup" {
   depends_on = [module.eks]
 }
 
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    # This requires the awscli to be installed locally where Terraform is executed
+    args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name]
+  }
+}
+
 # gp3 storage class
 resource "kubernetes_storage_class_v1" "ebs_sc" {
   metadata {