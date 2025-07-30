Reference for the teleportmwi_kubernetes Terraform ephemeral resource
This page describes the supported values of the teleportmwi_kubernetes ephemeral resource of the Teleport MWI Terraform provider.
The Kubernetes Ephemeral Resource provides credentials to allow other providers to access Kubernetes cluster through Teleport Machine & Workload Identity.
Example Usage
// Warning: The teleportmwi_kubernetes ephemeral resource will not function
// correctly when the Teleport cluster is fronted by a L7 load balancer that
// terminates TLS.
ephemeral "teleportmwi_kubernetes" "my_cluster" {
selector = {
name = "my-k8s-cluster"
}
credential_ttl = "1h"
}
// https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs
provider "kubernetes" {
host = ephemeral.teleportmwi_kubernetes.my_cluster.output.host
tls_server_name = ephemeral.teleportmwi_kubernetes.my_cluster.output.tls_server_name
client_certificate = ephemeral.teleportmwi_kubernetes.my_cluster.output.client_certificate
client_key = ephemeral.teleportmwi_kubernetes.my_cluster.output.client_key
cluster_ca_certificate = ephemeral.teleportmwi_kubernetes.my_cluster.output.cluster_ca_certificate
}
Schema
Required
selector(Attributes) Selects the Kubernetes cluster to connect to. (see below for nested schema)
Optional
credential_ttl(String) How long the issued credentials should be valid for. Defaults to 30 minutes.
Read-Only
output(Attributes) (see below for nested schema)
Nested Schema for
selector
Required:
name(String) The name of the Kubernetes cluster to connect to.
Nested Schema for
output
Read-Only:
client_certificate(String) Compatible with the
client_certificateargument of the
kubernetesprovider.
client_key(String, Sensitive) Compatible with the
client_keyargument of the
kubernetesprovider.
cluster_ca_certificate(String) Compatible with the
cluster_ca_certificateargument of the
kubernetesprovider.
host(String) Compatible with the
hostargument of the
kubernetesprovider.
tls_server_name(String) Compatible with the
tls_server_nameargument of the
kubernetesprovider.