The provider configuration contains kOps state store and authentication settings.
provider "kops" {
state_store = "s3://cluster.example.com"
}provider "kops" {
state_store = "s3://cluster.example.com"
// optionally set up your cloud provider access config
aws {
profile = "example_profile"
}
}provider "kops" {
state_store = "s3://cluster.example.com"
// optionally set up your cloud provider access config
aws {
region = "eu-west-1"
assume_role {
role_arn = "arn:aws:iam::0123456789:role/admin"
}
}
}Because kOps sometimes uses pointers to hold data and terraform doesn't offer a way to
differentiate between unset arguments and their default value in a configuration, it can
be necessary wrap those arguments in a nested resource to account for the null value.
An example of this is the anonymous_auth argument in the kube_api_server_config or kubelet_config_spec
resources. The null value cannot be considered equivalent to false on the kOps side, but terraform won't
let us know when it is set or not in the configuration and therefore will provide false in case it is unset
in the configuration.
To workaround this limitation, the nullable type is a resource with a single value argument. It wraps the
actual value of the argument and makes it possible to account for null. When using a nullable argument,
you should assign it this way in the configuration:
resource "kops_cluster" "cluster" {
// ...
kubelet {
anonymous_auth {
value = false
}
}
kube_api_server {
anonymous_auth {
value = false
}
}
// ...
}The following arguments are supported:
state_store- (Required) - String - StateStore defines the state store used by kops.aws- (Optional) - aws - Aws contains the aws configuration options.openstack- (Optional) - openstack - OpenStack contains the openstack configuration options.klog- (Optional) - klog - Klog contains the klog configuration options.mock- (Optional) - Bool - Mock sets up a cloud mock for integration tests.feature_flags- (Optional) - List(String) - FeatureFlags contains feature flags to enable or disable.
The following arguments are supported:
profile- (Optional) - String - Profile defines the AWS profile to load when calling aws services.region- (Optional) - String - Region defines the AWS region.access_key- (Optional) - String - Region defines the AWS access key.secret_key- (Optional) - String - Region defines the AWS secret key.assume_role- (Optional) - aws_assume_role - AssumeRole defines the AWS IAM role to be assumed.s3_endpoint- (Optional) - String - S3Endpoint defines S3 compatible endpoint.s3_region- (Optional) - String - S3Region defines S3 compatible endpoint region.s3_access_key- (Optional) - String - S3AccessKey defines S3 compatible endpoint access key.s3_secret_key- (Optional) - String - S3SecretKey defines S3 compatible endpoint secret key.skip_region_check- (Optional) - Bool - SkipRegionCheck skips validating region check.
The following arguments are supported:
role_arn- (Optional) - String - RoleArn defines the arn of the AWS IAM role to assume.
The following arguments are supported:
tenant_id- (Optional) - Stringtenant_name- (Optional) - Stringproject_id- (Optional) - Stringproject_name- (Optional) - Stringproject_domain_id- (Optional) - Stringproject_domain_name- (Optional) - Stringdomain_id- (Optional) - Stringdomain_name- (Optional) - Stringusername- (Optional) - Stringpassword- (Optional) - Stringauth_url- (Optional) - Stringregion_name- (Optional) - Stringapplication_credential_id- (Optional) - Stringapplication_credential_secret- (Optional) - String
The following arguments are supported:
verbosity- (Optional) - Int(Nullable) - Verbosity defines the verbosity of klog.