1

I am trying to call a shell script from within a local exec block in Terraform. The shell script basically uses terraform outputs (around 8 outputs) and generates a YML file( as variables) that I use later using the cat << EOT....>> method. In the script, I also do some formatting with for example the Ssh private key. This does not really work. What would be the best way to do this? Can I use any Linux command within local-exec? Is there a better way to make use of the terraform outputs? I mainly want to use certain outputs from different modules and create a YML file ( like key-value pair).

Improve this question
1
  • Can you edit your question to show what you've tried and then explain clearly what isn't working for you? Ideally this should be in the form of a minimal reproducible example. If it errors then also include the full error output. Commented Mar 29, 2020 at 19:03

1 Answer 1

Reset to default
3

Why not using template_file instead:

data "template_file" "kube_config" {
  template = "${file("${path.module}/kubeconfig.tpl")}"

  vars {
    vpc_name     = "${var.vpc_name}"
    eks_name     = "${aws_eks_cluster.eks_cluster.id}"
    eks_endpoint = "${aws_eks_cluster.eks_cluster.endpoint}"
    eks_cert     = "${aws_eks_cluster.eks_cluster.certificate_authority.0.data}"
  }
}

Where the file used for templating is as the following:

apiVersion: v1
clusters:
- cluster:
    server: ${eks_endpoint}
    certificate-authority-data: ${eks_cert}
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: aws
  name: aws-${vpc_name}
current-context: aws-${vpc_name}
kind: Config
preferences: {}
users:
- name: aws
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1alpha1
      command: heptio-authenticator-aws
      args:
        - "token"
        - "-i"
        - "${eks_name}"
        #- "-r"
        #- "<role ARN>"
      #env:
        #- name: AWS_PROFILE
        #  value: "<profile>"

If you don't need to do anything with the variables before generating the file, then template might be a better option.

Then you can run commands using the rendered file:

resource "null_resource" "config_setup" {
   triggers {
    kubeconfig_change  = "${data.template_file.kube_config.rendered}"
    configmap_change   = "{local.config-map-aws-auth}"
  }

  provisioner "local-exec" {
    command = "mkdir -p ${var.vpc_name}_output_EKS; echo '${data.template_file.kube_config.rendered}' >${var.vpc_name}_output_EKS/kubeconfig"
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Sevillo, thanks for your reply.Will try and test with a template_file
Hi @sevillo could you please take a look at my question here: stackoverflow.com/questions/65938396/…, it's also related to local-exec.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.