Last active
August 27, 2019 13:52
-
-
Save yanndegat/609a7ee38e27f50e448819917716f9f4 to your computer and use it in GitHub Desktop.
k8s local storage provisioner in terraform instead of helm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "kubernetes_service_account" "localvol" { | |
| metadata { | |
| name = "${var.storage_class_name}-admin" | |
| namespace = var.namespace | |
| } | |
| } | |
| resource "kubernetes_storage_class" "localvol" { | |
| metadata { | |
| name = var.storage_class_name | |
| } | |
| storage_provisioner = "kubernetes.io/no-provisioner" | |
| volume_binding_mode = "WaitForFirstConsumer" | |
| reclaim_policy = "Delete" | |
| } | |
| resource "kubernetes_cluster_role" "localvol" { | |
| metadata { | |
| name = "${var.storage_class_name}-provisioner-node-clusterrole" | |
| } | |
| rule { | |
| verbs = ["get"] | |
| api_groups = [""] | |
| resources = ["nodes"] | |
| } [78/181] | |
| } | |
| resource "kubernetes_cluster_role_binding" "localvolpv" { | |
| metadata { | |
| name = "${var.storage_class_name}-provisioner-pv-binding" | |
| } | |
| subject { | |
| kind = "ServiceAccount" | |
| name = kubernetes_service_account.localvol.metadata.0.name | |
| namespace = kubernetes_service_account.localvol.metadata.0.namespace | |
| } | |
| role_ref { | |
| api_group = "rbac.authorization.k8s.io" | |
| kind = "ClusterRole" | |
| name = "system:persistent-volume-provisioner" | |
| } | |
| } | |
| resource "kubernetes_cluster_role_binding" "localvolnodebinding" { | |
| metadata { | |
| name = "${var.storage_class_name}-provisioner-node-binding" | |
| } | |
| subject { | |
| kind = "ServiceAccount" | |
| name = kubernetes_service_account.localvol.metadata.0.name | |
| namespace = kubernetes_service_account.localvol.metadata.0.namespace | |
| } | |
| role_ref { | |
| api_group = "rbac.authorization.k8s.io" | |
| kind = "ClusterRole" | |
| name = kubernetes_cluster_role.localvol.metadata.0.name | |
| } | |
| } | |
| resource "kubernetes_config_map" "provisioner" { | |
| metadata { | |
| name = "${var.storage_class_name}-config" | |
| namespace = var.namespace | |
| } | |
| data = { | |
| useNodeNameOnly = "true" | |
| storageClassMap = <<EOF | |
| local-volume: | |
| hostDir: ${var.host_path} | |
| mountDir: ${var.host_path} | |
| EOF | |
| } | |
| } | |
| resource "kubernetes_daemonset" "localvol_provisioner" { | |
| metadata { | |
| name = "${var.storage_class_name}-provisioner" | |
| namespace = var.namespace | |
| labels = { | |
| app = "${var.storage_class_name}-provisioner" | |
| } | |
| } | |
| spec { | |
| selector { | |
| match_labels = { | |
| app = "${var.storage_class_name}-provisioner" | |
| } | |
| } | |
| template { | |
| metadata { | |
| labels = { | |
| app = "${var.storage_class_name}-provisioner" | |
| } | |
| } | |
| spec { | |
| service_account_name = kubernetes_service_account.localvol.metadata.0.name | |
| automount_service_account_token = true | |
| node_selector = var.node_selector | |
| container { | |
| image = var.provisioner_image | |
| name = "provisioner" | |
| security_context { | |
| privileged = true | |
| } | |
| resources { | |
| limits { | |
| cpu = "0.5" | |
| memory = "512Mi" | |
| } | |
| requests { | |
| cpu = "250m" | |
| memory = "50Mi" | |
| } | |
| } | |
| env { | |
| name = "MY_NODE_NAME" | |
| value_from { | |
| field_ref { | |
| field_path = "spec.nodeName" | |
| } | |
| } | |
| } | |
| env { | |
| name = "MY_NAMESPACE" | |
| value_from { | |
| field_ref { | |
| field_path = "metadata.namespace" | |
| } | |
| } | |
| } | |
| env { | |
| name = "JOB_CONTAINER_IMAGE" | |
| value = var.provisioner_image | |
| } | |
| volume_mount { | |
| name = "local-volume" | |
| mount_path = var.host_path | |
| } | |
| volume_mount { | |
| name = "provisioner-dev" | |
| mount_path = "/dev" | |
| # mount_propagation = "HostToContainer" | |
| } | |
| volume_mount { | |
| name = "provisioner-config" | |
| mount_path = "/etc/provisioner/config" | |
| read_only = true | |
| } | |
| } | |
| volume { | |
| name = "local-volume" | |
| host_path { | |
| path = var.host_path | |
| } | |
| } | |
| volume { | |
| name = "provisioner-dev" | |
| host_path { | |
| path = "/dev" | |
| } | |
| } | |
| volume { | |
| name = "provisioner-config" | |
| config_map { | |
| name = kubernetes_config_map.provisioner.metadata.0.name | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable storage_class_name { | |
| description = "namespace of the kubernetes resources" | |
| default = "local-volume" | |
| } | |
| variable namespace { | |
| description = "namespace of the kubernetes resources" | |
| default = "default" | |
| } | |
| variable host_path { | |
| description = "host path where the local persistent volumes will be created" | |
| default = "/mnt/volumes" | |
| } | |
| variable node_selector { | |
| description = "kubernetes node selector for local volumes" | |
| type = map | |
| default = {} | |
| } | |
| variable provisioner_image { | |
| description = "docker image of the local volume provisioner" | |
| default = "quay.io/external_storage/local-volume-provisioner:v2.3.2" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment