Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/a0s/terraform-provider-kubernetes-awaiter
Waits for Kubernetes API resource
https://github.com/a0s/terraform-provider-kubernetes-awaiter
crd go golang kubernetes terraform terraform-provider
Last synced: 7 days ago
JSON representation
Waits for Kubernetes API resource
- Host: GitHub
- URL: https://github.com/a0s/terraform-provider-kubernetes-awaiter
- Owner: a0s
- Created: 2021-02-09T15:08:56.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2023-07-28T12:47:23.000Z (over 1 year ago)
- Last Synced: 2024-06-21T12:51:15.188Z (5 months ago)
- Topics: crd, go, golang, kubernetes, terraform, terraform-provider
- Language: Go
- Homepage:
- Size: 64.5 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
terraform-provider-kubernetes-awaiter
=====================================
Waits until resource appearing in the K8S cluster. Resource should be described with URI.
Provider
--------
https://registry.terraform.io/providers/a0s/kubernetes-awaiter
```hcl
terraform {
required_providers {
kubernetes-awaiter = {
version = "~> v0.1.0"
source = "a0s/kubernetes-awaiter"
}
}
}
provider "kubernetes-awaiter" {}
resource "kubernetes_resource_awaiter" "waiter" {
provider = kubernetes-awaiter
cacert = "CACERT"
token = "TOKEN"
timeout = "5m"
poll = "1s"
uri = "RESOURCE_URI"
}
```
Usage
-----
Input data:
```hcl
locals {
// Path to the kube config file
kube_config_path = "../kube-conig.yml"
// URI path to the Kubernetes API resource which we want to wait
kubeapi_resource_path = "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/issuers.cert-manager.io"
}
```
Create service account (with token) which able to check resource existing:
```hcl
resource "kubernetes_service_account" "resource_checker" {
metadata {
name = "terraform-resource-checker"
}
}
data "kubernetes_secret" "resource_checker" {
metadata {
name = kubernetes_service_account.resource_checker.default_secret_name
}
}
resource "kubernetes_cluster_role" "resource_checker" {
metadata {
name = "terraform-resource-checker"
}
rule {
api_groups = ["apiextensions.k8s.io"]
resources = ["customresourcedefinitions"]
verbs = ["get"]
}
}
resource "kubernetes_cluster_role_binding" "resource_checker" {
metadata {
name = "terraform-resource-checker"
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.resource_checker.metadata[0].name
api_group = ""
}
role_ref {
kind = "ClusterRole"
name = kubernetes_cluster_role.resource_checker.metadata[0].name
api_group = "rbac.authorization.k8s.io"
}
}
```
Waiting to appear of Issuer custom resource definition from `helm_release`:
```hcl
locals {
server = yamldecode(file(local.kube_config_path)).clusters[0].cluster.server
cacert = base64decode(yamldecode(file(local.kube_config_path)).clusters[0].cluster["certificate-authority-data"])
token = lookup(data.kubernetes_secret.resource_checker.data, "token")
}
resource "helm_release" "cert_manager" {
chart = "cert-manager"
name = "cert-manager"
repository = "https://charts.jetstack.io"
namespace = "cert-manager"
create_namespace = true
set {
name = "installCRDs"
value = true
}
}
resource "kubernetes_resource_awaiter" "wait_cert_manager" {
provider = kubernetes-awaiter
depends_on = [helm_release.cert_manager]
cacert = local.cacert
token = local.token
timeout = "5m"
poll = "1s"
uri = "${local.server}${local.kubeapi_resource_path}"
}
```
Known issues
------------
- ~~`kubernetes_manifest` from [terraform-provider-kubernetes-alpha](https://github.com/hashicorp/terraform-provider-kubernetes-alpha) try to access CRD at the _planning_ phase, so `kubernetes-awaiter` can't helps here.~~ fixed in [v0.3.2](https://github.com/hashicorp/terraform-provider-kubernetes-alpha/releases/tag/v0.3.2)
TODO
----
- [ ] add ValidateDiagFunc
- [ ] add tests