Kubernetes provider with Azure Openshift

I would like to know if the Kubernetes provider supports authentication to Openshift Cluster.

This doesn’t seem to work.

provider “kubernetes” {
host = “https://api.hidden:hidden/”
cluster_ca_certificate = file(“ca.pem”)
username = “kubeadmin”
password = “hidden”
}

Getting this error:

forbidden: User “system:anonymous” cannot get resource “namespaces” in API group “” in the namespace

Not sure why it talks about system:anonymouse when the user is set to kubeadmin ?

These are the supported authentication methods for the provider:
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#authentication

As you can see, HTTP Basic Auth isn’t one of them.

I see it supported ?

Docs overview | hashicorp/kubernetes | Terraform Registry

Docs overview | hashicorp/kubernetes | Terraform Registry

Sorry, missed that part of the doc. I don’t usually provide static creds to providers as I find it a hassle to deal with them in my pipelines.

I’m also not an Openshift user but can’t see why it wouldn’t be supported (at least for core Kubernetes components/APIs).

You can probably investigate it further by setting TF_LOG_PROVIDER_KUBERNETES env var to TRACE or DEBUG before running the usual terraform commands and check the HTTP auth request that is being made to the Openshift API.

If you do post the logs here be very careful as they may contain very sensitive data. I’m not sure how well Terraform tries to mask that from low-level API calls at those log levels.