Why is talos_cluster_kubeconfig suddenly being considered to be a resource?

[Sacro]

Following on from #187, why is it no longer a data source? That's what it is, we don't configure it, we retrieve it, it's something the cluster generates, not Terraform.

[rotilho]

The reason is that data do not keep state, this cause all resources that use the data.talos_cluster_kubeconfig data to drift.

[Sacro]

The reason is that data do not keep state, this cause all resources that use the data.talos_cluster_kubeconfig data to drift.

What could drift, and how?

[rotilho]

Basically any resource that uses it. In my case it was the secret manager, every apply was replacing the kubeconfig.

[frezbo]

This is to allow regeneration the kubeconfig when it nears expiration and TF data sources provides no way to store that state

[Sacro]

So how are we supposed to bootstrap flux now then? I can't pass resources to a provider.

  kubernetes = {
    host                   = data.talos_cluster_kubeconfig.kubeconfig.kubernetes_client_configuration.host
    client_certificate     = base64decode(data.talos_cluster_kubeconfig.kubeconfig.kubernetes_client_configuration.client_certificate)
    client_key             = base64decode(data.talos_cluster_kubeconfig.kubeconfig.kubernetes_client_configuration.client_key)
    cluster_ca_certificate = base64decode(data.talos_cluster_kubeconfig.kubeconfig.kubernetes_client_configuration.ca_certificate)
  }

[rotilho]

@Sacro

provider "kubernetes" {
  host = talos_cluster_kubeconfig.home.kubernetes_client_configuration.host
  cluster_ca_certificate = base64decode(talos_cluster_kubeconfig.home.kubernetes_client_configuration.ca_certificate)

  client_key = base64decode(talos_cluster_kubeconfig.home.kubernetes_client_configuration.client_key)
  client_certificate = base64decode(talos_cluster_kubeconfig.home.kubernetes_client_configuration.client_certificate)
}

[Sacro]

Stupid me, no idea why I thought it needed a data prefix! Thanks