improvement: Make kubeconfig file permission cofigurable

terraform-aws-modules · Jan 29, 2021 · 623b9ea · 623b9ea
1 parent 9b20147
commit 623b9ea
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -186,6 +186,7 @@ MIT Licensed. See [LICENSE](https:/terraform-aws-modules/terraform-a
 | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | `string` | `""` | no |
 | cluster\_service\_ipv4\_cidr | service ipv4 cidr for the kubernetes cluster | `string` | `null` | no |
 | cluster\_version | Kubernetes version to use for the EKS cluster. | `string` | n/a | yes |
+| config\_output\_file\_permission | File permission of the Kubectl config file containing cluster configuration saved to `config_output_path.` | `string` | `"0600"` | no |
 | config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Assumed to be a directory if the value ends with a forward slash `/`. | `string` | `"./"` | no |
 | create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no |
 | create\_fargate\_pod\_execution\_role | Controls if the EKS Fargate pod execution IAM role should be created. | `bool` | `true` | no |

diff --git a/kubectl.tf b/kubectl.tf
@@ -2,6 +2,6 @@ resource "local_file" "kubeconfig" {
  count = var.write_kubeconfig && var.create_eks ? 1 : 0
  content = local.kubeconfig
  filename = substr(var.config_output_path, -1, 1) == "/" ? "${var.config_output_path}kubeconfig_${var.cluster_name}" : var.config_output_path
- file_permission = "0600"
+ file_permission = var.config_output_file_permission
  directory_permission = "0755"
 }
diff --git a/variables.tf b/variables.tf
@@ -38,6 +38,12 @@ variable "config_output_path" {
  default = "./"
 }
 
+variable "config_output_file_permission" {
+ description = "File permission of the Kubectl config file containing cluster configuration saved to `config_output_path.`"
+ type = string
+ default = "0600"
+}
+
 variable "write_kubeconfig" {
  description = "Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`."
  type = bool