From fc5b9edb354d8b7d7ee01c300911b65f9f07d058 Mon Sep 17 00:00:00 2001 From: Alex Somesan Date: Tue, 13 Feb 2024 17:52:47 +0100 Subject: [PATCH] Add warning about mixing provider credentials with exec blocks (#2422) --- website/docs/index.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 540cf39f47..9a3f0fdade 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -116,7 +116,9 @@ Find more comprehensive `in-cluster` config example [here](https://github.com/ha ## Exec plugins -Some cloud providers have short-lived authentication tokens that can expire relatively quickly. To ensure the Kubernetes provider is receiving valid credentials, an exec-based plugin can be used to fetch a new token before initializing the provider. For example, on EKS, the command `eks get-token` can be used: +Some cloud providers have short-lived authentication tokens that can expire relatively quickly. To ensure the Kubernetes provider is receiving valid credentials, an exec-based plugin can be used to fetch a new token before each Terraform operation. For example, on EKS, the command `eks get-token` can be used: + +~> IMPORTANT: DO NOT mix `exec` blocks with other credential attributes such as `token` or `client_certificate` in the provider configuration. This leads to undefined behaviour and there is no guarantee about which credential will actually be used. ```hcl provider "kubernetes" {