Add support for host connection with client certificate and key

[Matroxt]

It seems like kubeconfig is currently the only supported way to connect to a cluster according to the doc.
The addition of client certificate/key would be really useful for many I think.

Helm does it this way:

provider "helm" {
  kubernetes {
    host = "https://${var.k8s_host}"
    insecure = false

    client_certificate     = base64decode(var.client_certificate)
    client_key             = base64decode(var.client_key)
    cluster_ca_certificate = base64decode(var.cluster_ca_certificate)
  }
}

And the official Kubernetes provider does it similarly, where you can even use basic auth if that's your thing.

Just having this flexibility would make this provider work for workflow where you create a cluster via Terraform on your Cloud platform, an then use the output to feed the provider that manages k8s itself (k8s/helm/kustomize...)

[pst]

You can already do that by templating your own kubeconfig and passing it into kubeconfig_raw. I believe simply supporting anything you can do in a kubeconfig is a better approach than me playing catch up supporting various attributes on the provider directly.

Example: https://github.com/kbst/terraform-kubestack/blob/v0.12.2-beta.0/common/cluster_services/main.tf

[Matroxt]

Gotcha, I understand the reasoning. I'll do it via templating then.
Nonetheless, I find it more user friendly to do it without templating, but I guess it probably isn't a top priority atm.
Thanks!

[pst]

Yamlencode as used here is also an option.

[soleares]

@pst That is a working solution but that's a lot of config. If we require this provider in a shared terraform module, expecting our users to add that terraform config every time they use the module isn't great. The 3 simple attributes required by the other main terraform providers (kubernetes, helm, kubectl) is much easier.