Есть ли способ предоставить секреты кластеру GKE среды Composer на GCP? Или, точнее, чтобы определить поставщика Kubernetes на основе google_composer_environment?
Я ожидал, что сработает следующее:
resource "google_composer_environment" "job-scheduler" {
provider = google-beta
name = "job-scheduler"
region = var.region
config {
...
}
}
provider "kubernetes" {
host = google_composer_environment.job-scheduler.config.0.gke_cluster.endpoint
client_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_certificate)
client_key = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_key)
cluster_ca_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.cluster_ca_certificate)
}
resource "kubernetes_secret" "sa-credentials" {
metadata {
name = "sa-credentials"
}
data = {
"secret" = "${file("${var.service_account_credentials_path}")}"
}
}
Но я получаю следующие ошибки:
Error: Unsupported attribute
on main.tf line 53, in provider "kubernetes":
53: host = google_composer_environment.job-scheduler.config.0.gke_cluster.endpoint
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 54, in provider "kubernetes":
54: client_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_certificate)
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 55, in provider "kubernetes":
55: client_key = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.client_key)
This value does not have any attributes.
Error: Unsupported attribute
on main.tf line 56, in provider "kubernetes":
56: cluster_ca_certificate = base64decode(google_composer_environment.job-scheduler.config.0.gke_cluster.master_auth.0.cluster_ca_certificate)
This value does not have any attributes.
Любая подсказка будет принята с благодарностью. Ура!