search

rancher / terraform-provider-rancher2

Terraform Rancher2 provider
https://www.terraform.io/docs/providers/rancher2/
Mozilla Public License 2.0
259 stars 223 forks source link

[RFE] Use internal CA certificates for local auth endpoint #1299

Open eliaoggian opened 8 months ago

eliaoggian commented 8 months ago

Is your feature request related to a problem? Please describe.

When enabling the local auth endpoint, it should be possible to use the internally generated CA certificates. At the moment it is not possible, and trying to retrieve it with a data resource leads to a dependency cycle:

resource "rancher2_cluster_v2" "my-cluster" {
  name = var.clustername
  local_auth_endpoint {
    enabled = true
    fqdn = "${var.local_auth_endpoint_fqdn}:6443"
    ca_certs = base64decode(data.rancher2_cluster.cluster.ca_cert)
  }
}

data "rancher2_cluster" "cluster" {
  depends_on = [ rancher2_cluster_v2.terra-cluster ]
  name = var.clustername
}

The above fails.

Describe the solution you'd like

Have a boolean configuration option use_internal_ca_certs in the local_auth_endpoint block in order to directly use the internally generated CA certificates.

Describe alternatives you've considered

Have the option to provide externally generated CA certificates for the kubernetes the cluster and the local auth endpoint.