add kubernetes api example to docs

rasschaert · Oct 31, 2024 · 69bcd2e · 69bcd2e
1 parent a40f22d
commit 69bcd2e
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/docs/resources/route.md b/docs/resources/route.md
@@ -47,6 +47,20 @@ resource "pomeriumzero_route" "foobar_tooling" {
     pomeriumzero_policy.allow_foobar_group_members.id
   ]
 }
+
+resource "pomeriumzero_route" "kubernetes_api" {
+  name = "Kubernetes API"
+  from = "https://k8s-api.${pomeriumzero_cluster.default.fqdn}"
+  to = ["https://kubernetes.default.svc.cluster.local/"]
+  namespace_id = data.pomeriumzero_cluster.default.namespace_id
+  allow_websockets = false
+  preserve_host_header = false
+  policy_ids = [
+    pomeriumzero_policy.allow_kubernetes_admins.id
+  ]
+  pass_identity_headers = true
+  kubernetes_service_account_token = data.kubernetes_secret.k8s_api_service_account_token.data["token"]
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -64,6 +78,7 @@ resource "pomeriumzero_route" "foobar_tooling" {
 - `allow_spdy` (Boolean) If set to `true`, allows the use of the SPDY protocol for this route.
 - `allow_websockets` (Boolean) If set to `true`, allows WebSocket connections for this route.
 - `enable_google_cloud_serverless_authentication` (Boolean) If set to `true`, enables Google Cloud Serverless Authentication for this route.
+- `kubernetes_service_account_token` (String, Sensitive) The Kubernetes service account token to use for authentication.
 - `pass_identity_headers` (Boolean) If set to `true`, passes identity headers to the upstream service.
 - `policy_ids` (List of String) A list of policy IDs to associate with this route. These policies will be applied to requests matching this route.
 - `prefix` (String) The URL prefix for the route. If specified, only requests with this prefix will be matched.
@@ -72,7 +87,6 @@ resource "pomeriumzero_route" "foobar_tooling" {
 - `show_error_details` (Boolean) If set to `true`, shows detailed error messages when errors occur.
 - `tls_skip_verify` (Boolean) If set to `true`, skips TLS verification for upstream connections. Use with caution.
 - `tls_upstream_allow_renegotiation` (Boolean) If set to `true`, allows TLS renegotiation for upstream connections.
-- `kubernetes_service_account_token` (String) Kubernetes service account token used for accessing kubernetes api via pomerium.
 
 ### Read-Only