I would like to know if the Kubernetes provider supports authentication to Openshift Cluster.
This doesn’t seem to work.
provider “kubernetes” {
host = “https://api.hidden:hidden/”
cluster_ca_certificate = file(“ca.pem”)
username = “kubeadmin”
password = “hidden”
}
Getting this error:
forbidden: User “system:anonymous” cannot get resource “namespaces” in API group “” in the namespace
Not sure why it talks about system:anonymouse when the user is set to kubeadmin ?
These are the supported authentication methods for the provider:
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#authentication
As you can see, HTTP Basic Auth isn’t one of them.
Sorry, missed that part of the doc. I don’t usually provide static creds to providers as I find it a hassle to deal with them in my pipelines.
I’m also not an Openshift user but can’t see why it wouldn’t be supported (at least for core Kubernetes components/APIs).
You can probably investigate it further by setting TF_LOG_PROVIDER_KUBERNETES
env var to TRACE
or DEBUG
before running the usual terraform
commands and check the HTTP auth request that is being made to the Openshift API.
If you do post the logs here be very careful as they may contain very sensitive data. I’m not sure how well Terraform tries to mask that from low-level API calls at those log levels.