github alekc/terraform-provider-kubectl v2.3.0
on GitHub

latest release: v2.3.1
4 hours ago

Whats new: read existing cluster objects from Terraform.

New: read existing cluster objects from Terraform. v2.3.0 introduces two ways to pull an object that already lives in the cluster. data "kubectl_manifest" returns the object as yaml / json strings, plus optional dot-path extraction into a results map.

ephemeral "kubectl_manifest" has the exact same shape but never persists the value into state (Terraform 1.10+, right for credentials and tokens that must not be written to disk).

The fields map gives you a quick scalar extract for top-level dot-paths. For anything more structural (arrays, maps, keys containing dots), pipe the yaml attribute through Terraform's built-in yamldecode and walk the result directly. Both share the SDK v2 fetch helper so authentication, CRD-cache invalidation, and namespace-vs-cluster scope detection behave identically across reads and writes.

Quick example combining both styles with a manifest resource: 

data "kubectl_manifest" "kube_dns" {
  api_version = "v1"
  kind        = "Service"
  name        = "kube-dns"
  namespace   = "kube-system"

  fields = {
    cluster_ip = "spec.clusterIP"
  }
}

resource "kubectl_manifest" "dns_aware_config" {
  yaml_body = <<-YAML
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: dns-config
      namespace: default
    data:
      # Scalar via the `fields` shortcut:
      DNS_SERVER: ${data.kubectl_manifest.kube_dns.results["cluster_ip"]}
      # Structured via yamldecode, needed here because array indexing
      # and keys containing dots aren't expressible in the dot-path syntax.
      DNS_PORT: "${yamldecode(data.kubectl_manifest.kube_dns.yaml).spec.ports[0].port}"
  YAML
}

Detailed Changelog

  • 5906aba fix(provider): surface clientcmd error instead of falling back to empty config
  • d89d617 fix: honor update/delete timeouts and close Get-then-Watch race on wait_for_rollout (#263)
  • 9b8194d fix: return after single apply when retry count is 0 + seed DaemonSet watch with ResourceVersion
  • 18811ba fix: don't wait forever for a DaemonSet whose nodeSelector matches no nodes
  • 6aa4355 Dependencies: Bump the gomod group across 1 directory with 6 updates
  • ebe2fd1 docs: refresh README and provider docs after data-source/ephemeral merge
  • c3f054c test: parallelise resource_kubectl_manifest acceptance tests
  • a8c4ee3 feat: add kubectl_manifest data source and ephemeral resource (#257)
  • c9ccaec test/ci: parallelize 19 safe tests, gate full matrix behind a smoke job (#258)
  • 0a9a8b1 ci: add CodeRabbit config with manual-only review trigger
  • a8eb216 Dependencies: Bump goreleaser/goreleaser-action
  • 165da1d Dependencies: Bump the gomod group across 1 directory with 3 updates
  • 382f717 Dependencies: Bump the github-actions group across 1 directory with 2 updates
  • 4941750 Dependencies: Bump the gomod group with 7 updates
  • d1c9c3f Dependencies: update go-crypto to v1.4.1 and bump other indirect dependencies
Check out latest releases or
releases around alekc/terraform-provider-kubectl v2.3.0

Don't miss a new terraform-provider-kubectl release

NewReleases is sending notifications on new releases.

Get notifications