1

I am trying to call a shell script from within a local exec block in Terraform. The shell script basically uses terraform outputs (around 8 outputs) and generates a YML file( as variables) that I use later using the cat << EOT....>> method. In the script, I also do some formatting with for example the Ssh private key. This does not really work. What would be the best way to do this? Can I use any Linux command within local-exec? Is there a better way to make use of the terraform outputs? I mainly want to use certain outputs from different modules and create a YML file ( like key-value pair).

Improve this question
1
  • Can you edit your question to show what you've tried and then explain clearly what isn't working for you? Ideally this should be in the form of a minimal reproducible example. If it errors then also include the full error output. Commented Mar 29, 2020 at 19:03

1 Answer 1

Reset to default
3

Why not using template_file instead:

data "template_file" "kube_config" {
  template = "${file("${path.module}/kubeconfig.tpl")}"

  vars {
    vpc_name     = "${var.vpc_name}"
    eks_name     = "${aws_eks_cluster.eks_cluster.id}"
    eks_endpoint = "${aws_eks_cluster.eks_cluster.endpoint}"
    eks_cert     = "${aws_eks_cluster.eks_cluster.certificate_authority.0.data}"
  }
}

Where the file used for templating is as the following:

apiVersion: v1
clusters:
- cluster:
    server: ${eks_endpoint}
    certificate-authority-data: ${eks_cert}
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws-${vpc_name}
current-context: aws-${vpc_name}
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
        - "token"
        - "-i"
        - "${eks_name}"
        #- "-r"
        #- "<role ARN>"
      #env:
        #- name: AWS_PROFILE
        #  value: "<profile>"

If you don't need to do anything with the variables before generating the file, then template might be a better option.

Then you can run commands using the rendered file:

resource "null_resource" "config_setup" {
   triggers {
    kubeconfig_change  = "${data.template_file.kube_config.rendered}"
    configmap_change   = "{local.config-map-aws-auth}"
  }

  provisioner "local-exec" {
    command = "mkdir -p ${var.vpc_name}_output_EKS; echo '${data.template_file.kube_config.rendered}' >${var.vpc_name}_output_EKS/kubeconfig"
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Sevillo, thanks for your reply.Will try and test with a template_file
Hi @sevillo could you please take a look at my question here: stackoverflow.com/questions/65938396/…, it's also related to local-exec.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.