sl1pm4t / terraform-provider-kubernetes

Terraform Kubernetes Provider
Mozilla Public License 2.0
141 stars 46 forks source link

Help : Support for APIService resource ? #90

Open kaukiran opened 6 years ago

kaukiran commented 6 years ago

Hi

Im trying to deploy metrics-server addon. Is APIService resource supported ? If not is there any work around to do this ?

metrics-server APIService resource

apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
  name: v1beta1.metrics.k8s.io
spec:
  service:
    name: metrics-server
    namespace: kube-system
  group: metrics.k8s.io
  version: v1beta1
  insecureSkipTLSVerify: true
  groupPriorityMinimum: 100
  versionPriority: 100

Reference -

  1. https://github.com/kubernetes-incubator/metrics-server
  2. https://github.com/kubernetes-incubator/metrics-server/blob/master/deploy/1.8%2B/metrics-apiservice.yaml

Thank you for the support.

TheMacStack commented 5 years ago

From my experience I have had to make use the of the Terraform Helm Provider in combination with this Kubernetes Provider fork as there is no nice way to do custom (or any other non supported by this provider) resource at this time. With the helm provider you can apply a helm chart that contains all and any custom resources or edit for example the helm chart you are using here to include the CR's.

Alternatively a hacky way of doing it is using a null_resource and kubectl apply which does work but is not a very good approach as it doesnt properly maintain the sate etc

here is an example that first authenticates to an AKS cluster with the Az powershell tools then applys some CR's for Cert-Manager

 resource "null_resource" "kubernetes_certmanager_clusterIssuer" {
  triggers {
    content = "${file("${path.module}/templates/clusterIssuer.yaml")}"
  }

  provisioner "local-exec" {
    interpreter = ["pwsh", "-c"]

    command = <<EOF
  Clear-AzContext -Scope CurrentUser -Force
  Connect-AzAccount -ServicePrincipal -Credential (new-object Management.Automation.PSCredential $env:ARM_CLIENT_ID, ($env:ARM_CLIENT_SECRET | ConvertTo-SecureString -AsPlainText -Force)) -TenantId $env:ARM_TENANT_ID | Out-Null 
  Import-AzAksCredential -ResourceGroupName ${var.resource_group} -Name "${var.name_prefix}-${var.gitlab_project_id}-aks" -admin -force | Out-Null
  kubectl apply -f ${path.module}/templates/clusterIssuer.yaml
  EOF
  }

  provisioner "local-exec" {
    interpreter = ["pwsh", "-c"]
    when        = "destroy"
    on_failure  = "continue"

    command = <<EOF
Clear-AzContext -Scope CurrentUser -Force
Connect-AzAccount -ServicePrincipal -Credential (new-object Management.Automation.PSCredential $env:ARM_CLIENT_ID, ($env:ARM_CLIENT_SECRET | ConvertTo-SecureString -AsPlainText -Force)) -TenantId $env:ARM_TENANT_ID | Out-Null 
Import-AzAksCredential -ResourceGroupName ${var.resource_group} -Name "${var.name_prefix}-${var.gitlab_project_id}-aks" -admin -force | Out-Null
kubectl delete -f ${path.module}/templates/clusterIssuer.yaml
EOF
  }

  depends_on = ["helm_release.cert-manager"]
}
TheMacStack commented 5 years ago

Maybe once TF 12 drops the official K8s provider might get some love to make it a bit more usable