gke-k8s-example.tf

provider "google" {
  region = "us-west1"
}

data "google_compute_zones" "available" {}

resource "google_container_cluster" "primary" {
  name = "the-only-marcellus-wallace"
  zone = "${data.google_compute_zones.available.names[0]}"
  initial_node_count = 3

  additional_zones = [
    "${data.google_compute_zones.available.names[1]}"
  ]

  master_auth {
    username = "mr.yoda"
    password = "adoy.rm"
  }

  node_config {
    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring"
    ]
  }
}

provider "kubernetes" {
  host = "https://${google_container_cluster.primary.endpoint}"
  username = "${google_container_cluster.primary.master_auth.0.username}"
  password = "${google_container_cluster.primary.master_auth.0.password}"
  client_certificate = "${base64decode(google_container_cluster.primary.master_auth.0.client_certificate)}"
  client_key = "${base64decode(google_container_cluster.primary.master_auth.0.client_key)}"
  cluster_ca_certificate = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
}

resource "kubernetes_namespace" "n" {
  metadata {
    name = "blablah"
  }
}

how-to.md

How to launch

GKE

terraform apply -target=google_container_cluster.primary

data.google_compute_zones.available: Refreshing state...
google_container_cluster.primary: Creating...
  additional_zones.#:                   "" => "1"
  additional_zones.0:                   "" => "us-west1-b"
  cluster_ipv4_cidr:                    "" => "<computed>"
  endpoint:                             "" => "<computed>"
  initial_node_count:                   "" => "3"
  instance_group_urls.#:                "" => "<computed>"
  logging_service:                      "" => "<computed>"
  master_auth.#:                        "" => "1"
  master_auth.0.client_certificate:     "" => "<computed>"
  master_auth.0.client_key:             "" => "<computed>"
  master_auth.0.cluster_ca_certificate: "" => "<computed>"
  master_auth.0.password:               "" => "adoy.rm"
  master_auth.0.username:               "" => "mr.yoda"
  monitoring_service:                   "" => "<computed>"
  name:                                 "" => "the-only-marcellus-wallace"
  network:                              "" => "default"
  node_config.#:                        "" => "1"
  node_config.0.disk_size_gb:           "" => "<computed>"
  node_config.0.machine_type:           "" => "<computed>"
  node_config.0.oauth_scopes.#:         "" => "4"
  node_config.0.oauth_scopes.0:         "" => "https://www.googleapis.com/auth/compute"
  node_config.0.oauth_scopes.1:         "" => "https://www.googleapis.com/auth/devstorage.read_only"
  node_config.0.oauth_scopes.2:         "" => "https://www.googleapis.com/auth/logging.write"
  node_config.0.oauth_scopes.3:         "" => "https://www.googleapis.com/auth/monitoring"
  node_version:                         "" => "<computed>"
  zone:                                 "" => "us-west1-a"
google_container_cluster.primary: Still creating... (10s elapsed)
google_container_cluster.primary: Still creating... (20s elapsed)
google_container_cluster.primary: Still creating... (30s elapsed)
google_container_cluster.primary: Still creating... (40s elapsed)
google_container_cluster.primary: Still creating... (50s elapsed)
google_container_cluster.primary: Still creating... (1m0s elapsed)
google_container_cluster.primary: Still creating... (1m10s elapsed)
google_container_cluster.primary: Still creating... (1m20s elapsed)
google_container_cluster.primary: Still creating... (1m30s elapsed)
google_container_cluster.primary: Still creating... (1m40s elapsed)
google_container_cluster.primary: Still creating... (1m50s elapsed)
google_container_cluster.primary: Still creating... (2m0s elapsed)
google_container_cluster.primary: Still creating... (2m10s elapsed)
google_container_cluster.primary: Still creating... (2m20s elapsed)
google_container_cluster.primary: Still creating... (2m30s elapsed)
google_container_cluster.primary: Still creating... (2m40s elapsed)
google_container_cluster.primary: Still creating... (2m50s elapsed)
google_container_cluster.primary: Still creating... (3m0s elapsed)
google_container_cluster.primary: Creation complete (ID: the-only-...-wallace)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path:

K8S

terraform apply

data.google_compute_zones.available: Refreshing state...
google_container_cluster.primary: Refreshing state... (ID: the-only-...-wallace)
kubernetes_namespace.n: Creating...
  metadata.#:                  "" => "1"
  metadata.0.generation:       "" => "<computed>"
  metadata.0.name:             "" => "blablah"
  metadata.0.resource_version: "" => "<computed>"
  metadata.0.self_link:        "" => "<computed>"
  metadata.0.uid:              "" => "<computed>"
kubernetes_namespace.n: Creation complete (ID: blablah)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path:

Why

Applying twice is unfortunately necessary until hashicorp/terraform#12393 is addressed.

Does this work even with an empty kube config file? I get errors unless I've added a kube context prior to running these commands.

For anyone else getting * provider.kubernetes: Failed to load config (/home/XXX/.kube/config; default context): invalid configuration: no configuration has been provided I solved this by deleting the /home/XXX/.kube then terraform apply started saying sensible things.