fix: import credentials from proxmox-infra via Stackreference

k8s-bootstrap/index.ts

@@ -3,11 +3,24 @@ import * as command from "@pulumi/command";
 
 const config = new pulumi.Config();
 
+//fetch credentials from proxmox-infra
+const infraRef = new pulumi.StackReference(
+  `${pulumi.getOrganization()}/proxmox-infra/dev`,
+);
+
 // Proxmox API credentials — same as proxmox-infra stack
-const pve1Endpoint = config.requireSecret("pve1Endpoint");
+const pve1Endpoint = infraRef.requireOutput(
-const pve1ApiToken = config.requireSecret("pve1ApiToken");
+  "pve1Endpoint",
-const pve2Endpoint = config.requireSecret("pve2Endpoint");
+) as pulumi.Output<string>;
-const pve2ApiToken = config.requireSecret("pve2ApiToken");
+const pve1ApiToken = infraRef.requireOutput(
+  "pve1ApiToken",
+) as pulumi.Output<string>;
+const pve2Endpoint = infraRef.requireOutput(
+  "pve2Endpoint",
+) as pulumi.Output<string>;
+const pve2ApiToken = infraRef.requireOutput(
+  "pve2ApiToken",
+) as pulumi.Output<string>;
 
 // Node IPs — static DHCP leases set in the router
 const master1Ip = config.require("master1Ip");
@@ -20,7 +33,6 @@ const worker2Ip = config.require("worker2Ip");
 const k3sToken = config.requireSecret("k3sToken");
 
 // VM IDs and CI runner SSH key — read from proxmox-infra stack outputs
-const infraRef = new pulumi.StackReference(`${pulumi.getOrganization()}/proxmox-infra/dev`);
 const vmIdsOutput = infraRef.requireOutput("vmIds") as pulumi.Output<Record<string, number>>;
 const ciRunnerPrivateKey = infraRef.requireOutput("ciRunnerPrivateKey") as pulumi.Output<string>;
 

proxmox-infra/index.ts

@@ -8,15 +8,20 @@ const config = new pulumi.Config();
 // Providers — one per standalone Proxmox machine
 // ---------------------------------------------------------------------------
 
+const pve1Endpoint = config.requireSecret("pve1Endpoint");
+const pve1ApiToken = config.requireSecret("pve1ApiToken");
+const pve2Endpoint = config.requireSecret("pve2Endpoint");
+const pve2ApiToken = config.requireSecret("pve2ApiToken");
+
 const pveProvider = new proxmox.Provider("pve", {
-  endpoint: config.requireSecret("pve1Endpoint"),
+  endpoint: pve1Endpoint,
-  apiToken: config.requireSecret("pve1ApiToken"),
+  apiToken: pve1ApiToken,
   insecure: true,
 });
 
 const pveBckpProvider = new proxmox.Provider("pve-bckp", {
-  endpoint: config.requireSecret("pve2Endpoint"),
+  endpoint: pve2Endpoint,
-  apiToken: config.requireSecret("pve2ApiToken"),
+  apiToken: pve2ApiToken,
   insecure: true,
 });
 
@@ -270,3 +275,6 @@ export const vmIds = {
 
 // CI runner SSH private key — consumed by k8s-bootstrap via StackReference.
 export const ciRunnerPrivateKey = pulumi.secret(ciRunnerKey.privateKeyOpenssh);
+
+// Proxmox API credentials — consumed by k8s-bootstrap via StackReference.
+export { pve1Endpoint, pve1ApiToken, pve2Endpoint, pve2ApiToken };