terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon sl1pm4t

Help : Support for APIService resource ?

Open kaukiran opened this issue 6 years ago • 2 comments

Hi

Im trying to deploy metrics-server addon. Is APIService resource supported ? If not is there any work around to do this ?

metrics-server APIService resource

apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
  name: v1beta1.metrics.k8s.io
spec:
  service:
    name: metrics-server
    namespace: kube-system
  group: metrics.k8s.io
  version: v1beta1
  insecureSkipTLSVerify: true
  groupPriorityMinimum: 100
  versionPriority: 100

Reference -

  1. https://github.com/kubernetes-incubator/metrics-server
  2. https://github.com/kubernetes-incubator/metrics-server/blob/master/deploy/1.8%2B/metrics-apiservice.yaml

Thank you for the support.

kaukiran avatar Nov 30 '18 11:11 kaukiran

From my experience I have had to make use the of the Terraform Helm Provider in combination with this Kubernetes Provider fork as there is no nice way to do custom (or any other non supported by this provider) resource at this time. With the helm provider you can apply a helm chart that contains all and any custom resources or edit for example the helm chart you are using here to include the CR's.

Alternatively a hacky way of doing it is using a null_resource and kubectl apply which does work but is not a very good approach as it doesnt properly maintain the sate etc

here is an example that first authenticates to an AKS cluster with the Az powershell tools then applys some CR's for Cert-Manager

 resource "null_resource" "kubernetes_certmanager_clusterIssuer" {
  triggers {
    content = "${file("${path.module}/templates/clusterIssuer.yaml")}"
  }

  provisioner "local-exec" {
    interpreter = ["pwsh", "-c"]

    command = <<EOF
  Clear-AzContext -Scope CurrentUser -Force
  Connect-AzAccount -ServicePrincipal -Credential (new-object Management.Automation.PSCredential $env:ARM_CLIENT_ID, ($env:ARM_CLIENT_SECRET | ConvertTo-SecureString -AsPlainText -Force)) -TenantId $env:ARM_TENANT_ID | Out-Null 
  Import-AzAksCredential -ResourceGroupName ${var.resource_group} -Name "${var.name_prefix}-${var.gitlab_project_id}-aks" -admin -force | Out-Null
  kubectl apply -f ${path.module}/templates/clusterIssuer.yaml
  EOF
  }

  provisioner "local-exec" {
    interpreter = ["pwsh", "-c"]
    when        = "destroy"
    on_failure  = "continue"

    command = <<EOF
Clear-AzContext -Scope CurrentUser -Force
Connect-AzAccount -ServicePrincipal -Credential (new-object Management.Automation.PSCredential $env:ARM_CLIENT_ID, ($env:ARM_CLIENT_SECRET | ConvertTo-SecureString -AsPlainText -Force)) -TenantId $env:ARM_TENANT_ID | Out-Null 
Import-AzAksCredential -ResourceGroupName ${var.resource_group} -Name "${var.name_prefix}-${var.gitlab_project_id}-aks" -admin -force | Out-Null
kubectl delete -f ${path.module}/templates/clusterIssuer.yaml
EOF
  }

  depends_on = ["helm_release.cert-manager"]
}

TheMacStack avatar Dec 07 '18 12:12 TheMacStack

Maybe once TF 12 drops the official K8s provider might get some love to make it a bit more usable

TheMacStack avatar Dec 07 '18 12:12 TheMacStack