From 7328b3a807d88d6d03c230ad1f9a6196332cc9d1 Mon Sep 17 00:00:00 2001
From: LOUKASSS <lucas.debure@pm.me>
Date: Fri, 30 Jun 2023 11:06:43 +0200
Subject: [PATCH] add kubeconfig to github secrets

---
 .terraform.lock.hcl      | 22 ++++++++++++++++++++++
 main.tf                  |  1 +
 modules/eks/main.tf      | 37 +++++++++++++++++++++++++++++++++++++
 modules/eks/providers.tf |  4 ++++
 modules/eks/variables.tf |  4 ++++
 providers.tf             |  8 ++++++++
 variables.tf             |  4 ++++
 7 files changed, 80 insertions(+)

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index eb4d8eb..0228d54 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -95,6 +95,28 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
   ]
 }
 
+provider "registry.terraform.io/integrations/github" {
+  version     = "5.29.0"
+  constraints = "~> 5.0"
+  hashes = [
+    "h1:5Q4c+ippTE5ar7d0lu5s7ta1ygzyx8A6fd5XQnRyLrA=",
+    "zh:267e0e4b8b7f4f2b64ee87bf9e1c51b2267a8e6f29dc9255bc08ab17d7fe3fe8",
+    "zh:594f2e05261fc4d7a855a1ad6c17474e7d7215942f2840401902eeb3cff51c62",
+    "zh:697df8f808726d98c021dab0f4173c6ff2be033a48a8f07ddbdb4c529eecc2f6",
+    "zh:6ede9e689af81c847bdcdf3b3aeabb781689788dd1ee73778d831e4392c175c5",
+    "zh:7f2e5b45f62a59591f15f4f1c13611ec3aa133920410cc2431cd66a39d562f00",
+    "zh:9d4cd94c40486c72a3417a794241f274b374d0dcbde565450f12c7a31204e3c0",
+    "zh:a655233fe967922992b9abb0d34ff558d2817ae9b650e3833a8072fa72f856a5",
+    "zh:a8558ca9b3a8d2abbb9da8c51e61e530250d2dbd474e9e8c7a9247a335cf0fa2",
+    "zh:a96975b68982eae5d2a3ed0f335eea348b5283c6d7f9d5e40bd77c8424325287",
+    "zh:ab121b6afa31524a8c6718bc7f691c6f202c61879e4049b52cf56447b3408ae7",
+    "zh:c1c8298698df5be1270920acfe0494c7d125f8c14665abe7b6de7374a20db8d9",
+    "zh:d6e740fe0056d2eaeb22c5edc8f2aefe437f2817314b559f29248aae43524e3a",
+    "zh:d8b191c630ddda8016edeb88fb01df530c6701627e229af7a0aa3c1bf9f16a56",
+    "zh:eb5dca383cfe1257e60b2962ce1bef8a7b1704ad89a97791b1fb58badbe27eb4",
+  ]
+}
+
 provider "registry.terraform.io/scaleway/scaleway" {
   version     = "2.18.0"
   constraints = "2.18.0"
diff --git a/main.tf b/main.tf
index d04dd13..e9156fc 100644
--- a/main.tf
+++ b/main.tf
@@ -110,6 +110,7 @@ module "eks" {
   project_eks = var.project_eks
   vpc_cidr_eks = var.vpc_cidr_eks
   subnet_cidr_bits_eks = var.subnet_cidr_bits_eks
+  github_token = var.github_token
 }
 
 module "GuardDuty" {
diff --git a/modules/eks/main.tf b/modules/eks/main.tf
index d3399d6..615c81b 100644
--- a/modules/eks/main.tf
+++ b/modules/eks/main.tf
@@ -97,3 +97,40 @@ resource "cloudflare_record" "eks_cname" {
   ]
 }
 
+resource "github_actions_secret" "kubeconfig_secret" {
+  repository       = "TransExpress-website"
+  secret_name      = "KUBE_CONFIG"
+  plaintext_value  = base64encode(yamlencode({
+    apiVersion = "v1"
+    clusters = [{
+      cluster = {
+        server    = data.aws_eks_cluster.cluster.endpoint
+        certificate-authority-data = data.aws_eks_cluster.cluster.certificate_authority[0].data
+      }
+      name = "kubernetes"
+    }]
+    contexts = [{
+      context = {
+        cluster = "kubernetes"
+        user    = "aws"
+      }
+      name = "aws"
+    }]
+    current-context = "aws"
+    kind            = "Config"
+    preferences = {}
+    users = [{
+      name = "aws"
+      user = {
+        exec = {
+          apiVersion = "client.authentication.k8s.io/v1alpha1"
+          args       = ["eks", "get-token", "--cluster-name", aws_eks_cluster.eks-cluster.name]
+          command    = "aws"
+        }
+      }
+    }]
+  }))
+}
+
+
+
diff --git a/modules/eks/providers.tf b/modules/eks/providers.tf
index 6211d17..bca3037 100644
--- a/modules/eks/providers.tf
+++ b/modules/eks/providers.tf
@@ -16,6 +16,10 @@ terraform {
       source  = "cloudflare/cloudflare"
       version = "~> 2.0"
     }
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.0"
+    }
   }
 }
 
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
index 143a7b4..2063788 100644
--- a/modules/eks/variables.tf
+++ b/modules/eks/variables.tf
@@ -68,3 +68,7 @@ variable "cloudflare_api_token" {
   description = "API token for Cloudflare"
   type        = string
 }
+variable "github_token" {
+  description = "token identification github"
+  type        = string
+}
diff --git a/providers.tf b/providers.tf
index f17b062..95a7f75 100644
--- a/providers.tf
+++ b/providers.tf
@@ -21,6 +21,10 @@ terraform {
       source  = "hashicorp/helm"
       version = "~> 2.10.1"
     }
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.0"
+    }
   }
 }
 
@@ -42,4 +46,8 @@ provider "scaleway" {
 
 provider "cloudflare" {
   api_token = var.cloudflare_api_token
+}
+
+provider "github" {
+  token = var.github_token # or `GITHUB_TOKEN`
 }
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index db9d600..55269a8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -357,4 +357,8 @@ variable "subnet_cidr_bits_eks" {
   description = "The number of subnet bits for the CIDR. For example, specifying a value 8 for this parameter will create a CIDR with a mask of /24."
   type        = number
   default     = 8
+}
+variable "github_token" {
+  description = "token identification github"
+  type        = string
 }
\ No newline at end of file