ce45e69e38
terragrunt.hcl injects -var kube_config_path=${repo_root}/config for
every terraform invocation, but the pipeline never created that file.
Every commit that touched a TF stack since #545 (2026-05-08) failed
with 'config_path refers to an invalid path: \"../../config\": no such
file or directory' followed by the kubernetes provider falling back
to localhost:80.
Add a step that writes a kubeconfig at <repo>/config using the
projected SA token + cluster CA. The woodpecker namespace's default
SA is already cluster-admin (woodpecker-default ClusterRoleBinding),
so the projected token is sufficient for any stack apply. Using
tokenFile (not an inline token) lets the provider re-read it if
kubelet rotates the projected token mid-pipeline.
#545 was the last green run because that commit only changed the
build-cli pipeline — 0 stacks applied so the missing kubeconfig
never mattered.
|
||
|---|---|---|
| .. | ||
| build-ci-image.yml | ||
| build-cli.yml | ||
| default.yml | ||
| drift-detection.yml | ||
| issue-automation.yml | ||
| k8s-portal.yml | ||
| postmortem-todos.yml | ||
| provision-user.yml | ||
| pve-nfs-exports-sync.yml | ||
| registry-config-sync.yml | ||
| renew-tls.yml | ||