Skip to content

a0s/terraform-provider-kubernetes-awaiter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.github
.github
 
 
provider
provider
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
make_dev_link.sh
make_dev_link.sh
 
 

Repository files navigation

terraform-provider-kubernetes-awaiter

Waits until resource appearing in the K8S cluster. Resource should be described with URI.

8006789bb0cc3734ca56a33a79d2660023d66fd71ea1755948161b32292801bf

Provider

https://registry.terraform.io/providers/a0s/kubernetes-awaiter

terraform {
  required_providers {
    kubernetes-awaiter = {
      version = "~> v0.1.0"
      source = "a0s/kubernetes-awaiter"
    }
  }
}

provider "kubernetes-awaiter" {}

resource "kubernetes_resource_awaiter" "waiter" {
  provider = kubernetes-awaiter
  
  cacert = "CACERT"
  token = "TOKEN"
  timeout = "5m"
  poll = "1s"

  uri = "RESOURCE_URI"
}

Usage

Input data:

locals {
  // Path to the kube config file
  kube_config_path = "../kube-conig.yml"
  
  // URI path to the Kubernetes API resource which we want to wait
  kubeapi_resource_path = "/apis/apiextensions.k8s.io/v1/customresourcedefinitions/issuers.cert-manager.io"
}

Create service account (with token) which able to check resource existing:

resource "kubernetes_service_account" "resource_checker" {
  metadata {
    name = "terraform-resource-checker"
  }
}

data "kubernetes_secret" "resource_checker" {
  metadata {
    name = kubernetes_service_account.resource_checker.default_secret_name
  }
}

resource "kubernetes_cluster_role" "resource_checker" {
  metadata {
    name = "terraform-resource-checker"
  }
  rule {
    api_groups = ["apiextensions.k8s.io"]
    resources = ["customresourcedefinitions"]
    verbs = ["get"]
  }
}

resource "kubernetes_cluster_role_binding" "resource_checker" {
  metadata {
    name = "terraform-resource-checker"
  }
  subject {
    kind = "ServiceAccount"
    name = kubernetes_service_account.resource_checker.metadata[0].name
    api_group = ""
  }
  role_ref {
    kind = "ClusterRole"
    name = kubernetes_cluster_role.resource_checker.metadata[0].name
    api_group = "rbac.authorization.k8s.io"
  }
}

Waiting to appear of Issuer custom resource definition from helm_release:

locals {
  server = yamldecode(file(local.kube_config_path)).clusters[0].cluster.server
  cacert = base64decode(yamldecode(file(local.kube_config_path)).clusters[0].cluster["certificate-authority-data"])
  token = lookup(data.kubernetes_secret.resource_checker.data, "token")
}

resource "helm_release" "cert_manager" {
  chart = "cert-manager"
  name = "cert-manager"
  repository = "https://charts.jetstack.io"
  namespace = "cert-manager"
  create_namespace = true

  set {
    name = "installCRDs"
    value = true
  }
}

resource "kubernetes_resource_awaiter" "wait_cert_manager" {
  provider = kubernetes-awaiter
  depends_on = [helm_release.cert_manager]

  cacert = local.cacert
  token = local.token
  timeout = "5m"
  poll = "1s"

  uri = "${local.server}${local.kubeapi_resource_path}"
}

Known issues

TODO

  • add ValidateDiagFunc
  • add tests

About

Waits for Kubernetes API resource

Topics

go kubernetes golang terraform terraform-provider crd

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 2

v0.2.1 Latest
Jul 28, 2023
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages