Skip to content

Instantly share code, notes, and snippets.

@abelaska

abelaska/terraform local exec kubectl

Created March 13, 2020 12:41
Show Gist options
  • Save abelaska/1ed2c290d97186d1d2c5ed05d187e280 to your computer and use it in GitHub Desktop.
Save abelaska/1ed2c290d97186d1d2c5ed05d187e280 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
terraform local exec kubectl
//resource "null_resource" "apply_kubernetes_update" {
// depends_on = [
// module.eks_cluster
// ]
//
// triggers = {
// tf_sha1 = sha1(file("${path.module}/kubernetes.tf"))
// }
//
// provisioner "local-exec" {
// interpreter = [
// "/bin/bash",
// "-c"]
//
// command = <<EOT
// set -e
//
// echo "Connecting kubectl to AWS EKS cluster ${module.eks_cluster.eks_cluster_id}..."
// kubectl config set clusters.${local.cluster_id}.certificate-authority-data ${local.cluster_ca_certificate_base64} --set-raw-bytes=false
// kubectl config set-cluster ${local.cluster_id} --server=${local.host}
// until kubectl version ${local.kubectl_params} >/dev/null; do sleep 3; done
// kubectl version ${local.kubectl_params}
//
// mkdir -p ${local.metrics_server_path}
// curl -sSL https://github.com/kubernetes-sigs/metrics-server/archive/v${local.metrics_server_version}.tar.gz | \
// tar xfz - -C "${local.metrics_server_path}" --strip 1 > /dev/null
//
// echo 'Applying Metrics server with kubectl...'
// kubectl apply ${local.kubectl_params} -f ${local.metrics_server_path}/deploy/1.8+/
// echo 'Applied Metrics server with kubectl'
//
// echo 'Applying Dashboard with kubectl...'
// kubectl apply ${local.kubectl_params} -f https://raw.githubusercontent.com/kubernetes/dashboard/v${local.dashboard_version}/aio/deploy/recommended.yaml
// echo 'Applied Dashboard with kubectl'
// EOT
// }
//}
//
//kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
//kubectl delete -f deploy/1.8+/
@abelaska
Copy link
Author 

module "kubernetes_istio_setup" {
  // Is used instead of null_resource because other modules can depen on this ones output and enfoce modules depends_on
  // like functionality that terraform still do not support natively.
  // This module runs once when the resource is created and if command is changed.
  source = "git::https://github.com/matti/terraform-shell-resource.git?ref=tags/v1.0.7"

  depends = [
    module.eks_cluster.eks_cluster_id,
    module.eks_node_group.eks_node_group_id
  ]

  environment = {
    DATABASE_PASSWORD = module.database_password.result
  }

  command = <<-EOT
    set -e
    set -x

    KUBECTL="kubectl --context=${module.eks_cluster.eks_cluster_arn}"

    $KUBECTL apply -k ${path.module}/../kustomize/bases/services/istio-operator
    $KUBECTL apply -k ${path.module}/../kustomize/bases/services/istio

    # Change RDS master password and store as Kubernetes secret
    if [ "${var.database_password}" == "" ]; then

      # Storing new AWS RDS master password to Kubernetes as '${local.flyway_secret_ref}' secret...
      $KUBECTL delete secret --ignore-not-found=true ${local.flyway_secret_ref} -n ${kubernetes_namespace.default.metadata.0.name}
      $KUBECTL create secret generic ${local.flyway_secret_ref} -n ${kubernetes_namespace.default.metadata.0.name} --from-literal=FLYWAY_PASSWORD=$$DATABASE_PASSWORD

      # Changing AWS RDS master password...
      aws --profile ${var.profile} rds modify-db-instance --db-instance-identifier ${module.rds_instance.instance_id} --master-user-password $$DATABASE_PASSWORD --apply-immediately
    fi
  EOT
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment