diff --git a/k8s-bootstrap/index.ts b/k8s-bootstrap/index.ts index 49043d7..44b7467 100644 --- a/k8s-bootstrap/index.ts +++ b/k8s-bootstrap/index.ts @@ -3,11 +3,24 @@ import * as command from "@pulumi/command"; const config = new pulumi.Config(); +//fetch credentials from proxmox-infra +const infraRef = new pulumi.StackReference( + `${pulumi.getOrganization()}/proxmox-infra/dev`, +); + // Proxmox API credentials — same as proxmox-infra stack -const pve1Endpoint = config.requireSecret("pve1Endpoint"); -const pve1ApiToken = config.requireSecret("pve1ApiToken"); -const pve2Endpoint = config.requireSecret("pve2Endpoint"); -const pve2ApiToken = config.requireSecret("pve2ApiToken"); +const pve1Endpoint = infraRef.requireOutput( + "pve1Endpoint", +) as pulumi.Output; +const pve1ApiToken = infraRef.requireOutput( + "pve1ApiToken", +) as pulumi.Output; +const pve2Endpoint = infraRef.requireOutput( + "pve2Endpoint", +) as pulumi.Output; +const pve2ApiToken = infraRef.requireOutput( + "pve2ApiToken", +) as pulumi.Output; // Node IPs — static DHCP leases set in the router const master1Ip = config.require("master1Ip"); @@ -20,7 +33,6 @@ const worker2Ip = config.require("worker2Ip"); const k3sToken = config.requireSecret("k3sToken"); // VM IDs and CI runner SSH key — read from proxmox-infra stack outputs -const infraRef = new pulumi.StackReference(`${pulumi.getOrganization()}/proxmox-infra/dev`); const vmIdsOutput = infraRef.requireOutput("vmIds") as pulumi.Output>; const ciRunnerPrivateKey = infraRef.requireOutput("ciRunnerPrivateKey") as pulumi.Output; diff --git a/proxmox-infra/index.ts b/proxmox-infra/index.ts index be2e508..ed51045 100644 --- a/proxmox-infra/index.ts +++ b/proxmox-infra/index.ts @@ -8,15 +8,20 @@ const config = new pulumi.Config(); // Providers — one per standalone Proxmox machine // --------------------------------------------------------------------------- +const pve1Endpoint = config.requireSecret("pve1Endpoint"); +const pve1ApiToken = config.requireSecret("pve1ApiToken"); +const pve2Endpoint = config.requireSecret("pve2Endpoint"); +const pve2ApiToken = config.requireSecret("pve2ApiToken"); + const pveProvider = new proxmox.Provider("pve", { - endpoint: config.requireSecret("pve1Endpoint"), - apiToken: config.requireSecret("pve1ApiToken"), + endpoint: pve1Endpoint, + apiToken: pve1ApiToken, insecure: true, }); const pveBckpProvider = new proxmox.Provider("pve-bckp", { - endpoint: config.requireSecret("pve2Endpoint"), - apiToken: config.requireSecret("pve2ApiToken"), + endpoint: pve2Endpoint, + apiToken: pve2ApiToken, insecure: true, }); @@ -270,3 +275,6 @@ export const vmIds = { // CI runner SSH private key — consumed by k8s-bootstrap via StackReference. export const ciRunnerPrivateKey = pulumi.secret(ciRunnerKey.privateKeyOpenssh); + +// Proxmox API credentials — consumed by k8s-bootstrap via StackReference. +export { pve1Endpoint, pve1ApiToken, pve2Endpoint, pve2ApiToken };