Added variables for image, version, resource limits, custom RBAC, and…

… replicas (#3) Authored-by: Marwin Baumann <[email protected]>
redeux · Apr 30, 2021 · 62d08bb · 62d08bb
1 parent 16ab911
commit 62d08bb
Show file tree

Hide file tree

Showing 8 changed files with 105 additions and 46 deletions.
diff --git a/README.md b/README.md
@@ -11,8 +11,8 @@ module "terraform-cloud-agent-kubernetes" {
 
   namespace          = "terraform-cloud-agent"
   create_namespace   = true
-  agent_token_name   = "example-agent"
-  agent_token_secret = "myagent.atlasv1.secrettoken"
+  agent_name   = "example-agent"
+  agent_token        = "myagent.atlasv1.secrettoken"
   cluster_access     = true
 }
 ```

diff --git a/kubernetes_cluster_role.tf b/kubernetes_cluster_role.tf
@@ -12,8 +12,8 @@ resource "kubernetes_cluster_role" "tfc_agent_role" {
   }
 
   rule {
-    api_groups = ["", "apps", "autoscaling", "batch", "extensions", "policy", "rbac.authorization.k8s.io"]
-    resources  = ["componentstatuses", "configmaps", "daemonsets", "deployments", "events", "endpoints", "horizontalpodautoscalers", "ingress", "jobs", "limitranges", "namespaces", "nodes", "pods", "persistentvolumes", "persistentvolumeclaims", "resourcequotas", "replicasets", "replicationcontrollers", "serviceaccounts", "services"]
+    api_groups = concat(["", "apps", "autoscaling", "batch", "extensions", "policy", "rbac.authorization.k8s.io"], var.cluster_access_rbac_api_groups)
+    resources  = concat(["componentstatuses", "configmaps", "daemonsets", "deployments", "events", "endpoints", "horizontalpodautoscalers", "ingress", "jobs", "limitranges", "namespaces", "nodes", "pods", "persistentvolumes", "persistentvolumeclaims", "resourcequotas", "replicasets", "replicationcontrollers", "serviceaccounts", "services"], var.cluster_access_rbac_resources)
     verbs      = ["*"]
   }
-}
+}
diff --git a/kubernetes_config_map.tf b/kubernetes_config_map.tf
@@ -11,7 +11,7 @@ resource "kubernetes_config_map" "tfc_agent_configuration" {
   }
 
   data = {
-    name           = var.agent_token_name
+    name           = var.agent_name
     url            = var.tfc_url
     log-level      = var.agent_log_level
     disable-update = tostring(var.agent_disable_update)

diff --git a/kubernetes_deployment.tf b/kubernetes_deployment.tf
@@ -11,7 +11,7 @@ resource "kubernetes_deployment" "tfc_agent" {
   }
 
   spec {
-    replicas = 1
+    replicas = var.agent_replicas
 
     selector {
       match_labels = {
@@ -24,28 +24,16 @@ resource "kubernetes_deployment" "tfc_agent" {
       metadata {
         labels = {
           "app.kubernetes.io/name"           = "terraform-cloud-agent"
-          "app.kubernetes.io/version"        = local.version
+          "app.kubernetes.io/version"        = var.agent_version
           "app.kubernetes.io/module-version" = local.module-version
           "app.kubernetes.io/managed-by"     = "terraform"
         }
       }
 
       spec {
         container {
-          image = "hashicorp/tfc-agent:${local.version}"
+          image = "${var.agent_image}:${var.agent_version}"
           name  = "terraform-cloud-agent"
-
-          #   resources {
-          #     requests {
-          #       cpu    = "2000m"
-          #       memory = "2Gi"
-          #     }
-          #     limits {
-          #       cpu    = "8000m"
-          #       memory = "8Gi"
-          #     }
-          #   }
-
           env {
             name = "TFC_AGENT_TOKEN"
             value_from {
@@ -95,6 +83,16 @@ resource "kubernetes_deployment" "tfc_agent" {
               }
             }
           }
+          resources {
+            requests = {
+              cpu    = var.requests_cpu
+              memory = var.requests_memory
+            }
+            limits = {
+              cpu    = var.limits_cpu
+              memory = var.limits_memory
+            }
+          }
         }
 
         automount_service_account_token = true

diff --git a/kubernetes_secret.tf b/kubernetes_secret.tf
@@ -11,6 +11,6 @@ resource "kubernetes_secret" "tfc_agent_token" {
   }
 
   data = {
-    "token" = var.agent_token_secret
+    "token" = var.agent_token
   }
 }
diff --git a/main.tf b/main.tf
@@ -1,8 +1,3 @@
 locals {
-  version        = "0.1.4"
-  module-version = "0.0.3"
+  module-version = "0.1.0"
 }
-
-terraform {
-  required_version = ">= 0.12"
-}
diff --git a/variables.tf b/variables.tf
@@ -1,17 +1,13 @@
-variable "agent_token_name" {
-  type        = string
-  description = "The TFC agent token description defined in TFC at app/<org>/settings/agents."
-}
-
-variable "agent_token_secret" {
-  type        = string
-  description = "The TFC agent token secret generated when the agent was created."
+variable "agent_disable_update" {
+  type        = bool
+  default     = true
+  description = "Agents will self-update if set to false."
 }
 
-variable "tfc_url" {
+variable "agent_image" {
   type        = string
-  default     = "https://app.terraform.io"
-  description = "The Terraform Cloud endpoint.  Must be changed if using Terraform Enterprise."
+  default     = "hashicorp/tfc-agent"
+  description = "Name of the Terraform Cloud Agent docker image."
 }
 
 variable "agent_log_level" {
@@ -20,15 +16,27 @@ variable "agent_log_level" {
   description = "Available log levels are info, error, warn, debug, and trace."
 }
 
-variable "agent_disable_update" {
-  type        = bool
-  default     = true
-  description = "Agents will self-update if set to false."
+variable "agent_name" {
+  type        = string
+  description = "The TFC agent token description defined in TFC at app/<org>/settings/agents."
 }
 
-variable "namespace" {
+variable "agent_replicas" {
+  type        = number
+  default     = 1
+  description = "Replicacount of the terraform cloud agent deployment."
+}
+
+variable "agent_token" {
   type        = string
-  description = "The namespace to deploy the agent into.  Unless create_namespace is true, the namespace must already exist."
+  description = "The TFC agent token generated when the agent was created."
+  sensitive   = true
+}
+
+variable "agent_version" {
+  type        = string
+  default     = "latest"
+  description = "Version of the Terraform Cloud Agent docker image."
 }
 
 variable "cluster_access" {
@@ -37,8 +45,56 @@ variable "cluster_access" {
   description = "When true, provides the agent access to the cluster to manage Kubernetes resources."
 }
 
+variable "cluster_access_rbac_api_groups" {
+  type        = list(string)
+  default     = []
+  description = "Additional rbac api groups for the rbac role"
+}
+
+variable "cluster_access_rbac_resources" {
+  type        = list(string)
+  default     = []
+  description = "Additional rbac resources for the rbac role"
+}
+
 variable "create_namespace" {
   type        = bool
   default     = false
   description = "When true, creates the namespace for the Terraform Cloud Agent."
-}
+}
+
+variable "limits_cpu" {
+  type        = string
+  default     = "2"
+  description = "CPU hard limits."
+}
+
+variable "limits_memory" {
+  type        = string
+  default     = "2Gi"
+  description = "Memory hard limits."
+}
+
+variable "namespace" {
+  type        = string
+  description = "The namespace to deploy the agent into.  Unless create_namespace is true, the namespace must already exist."
+}
+
+variable "requests_cpu" {
+  type        = string
+  default     = "500m"
+  description = "CPU requests."
+}
+
+variable "requests_memory" {
+  type        = string
+  default     = "250Mi"
+  description = "Memory requests."
+}
+
+variable "tfc_url" {
+  type        = string
+  default     = "https://app.terraform.io"
+  description = "The Terraform Cloud endpoint.  Must be changed if using Terraform Enterprise."
+}
+
diff --git a/versions.tf b/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+  }
+
+  required_version = ">= 0.14"
+}