From 62d08bbcc78fe8607488d2f1fb0339a03481fb18 Mon Sep 17 00:00:00 2001 From: Martijn van der Ploeg <73637849+martijnvdp@users.noreply.github.com> Date: Fri, 30 Apr 2021 16:59:59 +0200 Subject: [PATCH] Added variables for image, version, resource limits, custom RBAC, and replicas (#3) Authored-by: Marwin Baumann --- README.md | 4 +- kubernetes_cluster_role.tf | 6 +-- kubernetes_config_map.tf | 2 +- kubernetes_deployment.tf | 28 ++++++------ kubernetes_secret.tf | 2 +- main.tf | 7 +-- variables.tf | 92 ++++++++++++++++++++++++++++++-------- versions.tf | 10 +++++ 8 files changed, 105 insertions(+), 46 deletions(-) create mode 100644 versions.tf diff --git a/README.md b/README.md index b8c37a6..fccefb8 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,8 @@ module "terraform-cloud-agent-kubernetes" { namespace = "terraform-cloud-agent" create_namespace = true - agent_token_name = "example-agent" - agent_token_secret = "myagent.atlasv1.secrettoken" + agent_name = "example-agent" + agent_token = "myagent.atlasv1.secrettoken" cluster_access = true } ``` diff --git a/kubernetes_cluster_role.tf b/kubernetes_cluster_role.tf index 6deb6d1..9aa5bb9 100644 --- a/kubernetes_cluster_role.tf +++ b/kubernetes_cluster_role.tf @@ -12,8 +12,8 @@ resource "kubernetes_cluster_role" "tfc_agent_role" { } rule { - api_groups = ["", "apps", "autoscaling", "batch", "extensions", "policy", "rbac.authorization.k8s.io"] - resources = ["componentstatuses", "configmaps", "daemonsets", "deployments", "events", "endpoints", "horizontalpodautoscalers", "ingress", "jobs", "limitranges", "namespaces", "nodes", "pods", "persistentvolumes", "persistentvolumeclaims", "resourcequotas", "replicasets", "replicationcontrollers", "serviceaccounts", "services"] + api_groups = concat(["", "apps", "autoscaling", "batch", "extensions", "policy", "rbac.authorization.k8s.io"], var.cluster_access_rbac_api_groups) + resources = concat(["componentstatuses", "configmaps", "daemonsets", "deployments", "events", "endpoints", "horizontalpodautoscalers", "ingress", "jobs", "limitranges", "namespaces", "nodes", "pods", "persistentvolumes", "persistentvolumeclaims", "resourcequotas", "replicasets", "replicationcontrollers", "serviceaccounts", "services"], var.cluster_access_rbac_resources) verbs = ["*"] } -} \ No newline at end of file +} diff --git a/kubernetes_config_map.tf b/kubernetes_config_map.tf index 080bd17..5df5d54 100644 --- a/kubernetes_config_map.tf +++ b/kubernetes_config_map.tf @@ -11,7 +11,7 @@ resource "kubernetes_config_map" "tfc_agent_configuration" { } data = { - name = var.agent_token_name + name = var.agent_name url = var.tfc_url log-level = var.agent_log_level disable-update = tostring(var.agent_disable_update) diff --git a/kubernetes_deployment.tf b/kubernetes_deployment.tf index 0378cad..dc7de1b 100644 --- a/kubernetes_deployment.tf +++ b/kubernetes_deployment.tf @@ -11,7 +11,7 @@ resource "kubernetes_deployment" "tfc_agent" { } spec { - replicas = 1 + replicas = var.agent_replicas selector { match_labels = { @@ -24,7 +24,7 @@ resource "kubernetes_deployment" "tfc_agent" { metadata { labels = { "app.kubernetes.io/name" = "terraform-cloud-agent" - "app.kubernetes.io/version" = local.version + "app.kubernetes.io/version" = var.agent_version "app.kubernetes.io/module-version" = local.module-version "app.kubernetes.io/managed-by" = "terraform" } @@ -32,20 +32,8 @@ resource "kubernetes_deployment" "tfc_agent" { spec { container { - image = "hashicorp/tfc-agent:${local.version}" + image = "${var.agent_image}:${var.agent_version}" name = "terraform-cloud-agent" - - # resources { - # requests { - # cpu = "2000m" - # memory = "2Gi" - # } - # limits { - # cpu = "8000m" - # memory = "8Gi" - # } - # } - env { name = "TFC_AGENT_TOKEN" value_from { @@ -95,6 +83,16 @@ resource "kubernetes_deployment" "tfc_agent" { } } } + resources { + requests = { + cpu = var.requests_cpu + memory = var.requests_memory + } + limits = { + cpu = var.limits_cpu + memory = var.limits_memory + } + } } automount_service_account_token = true diff --git a/kubernetes_secret.tf b/kubernetes_secret.tf index 1a9ef2d..63ddb21 100644 --- a/kubernetes_secret.tf +++ b/kubernetes_secret.tf @@ -11,6 +11,6 @@ resource "kubernetes_secret" "tfc_agent_token" { } data = { - "token" = var.agent_token_secret + "token" = var.agent_token } } \ No newline at end of file diff --git a/main.tf b/main.tf index c044e49..2adba49 100644 --- a/main.tf +++ b/main.tf @@ -1,8 +1,3 @@ locals { - version = "0.1.4" - module-version = "0.0.3" + module-version = "0.1.0" } - -terraform { - required_version = ">= 0.12" -} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 9388520..105c3d8 100644 --- a/variables.tf +++ b/variables.tf @@ -1,17 +1,13 @@ -variable "agent_token_name" { - type = string - description = "The TFC agent token description defined in TFC at app//settings/agents." -} - -variable "agent_token_secret" { - type = string - description = "The TFC agent token secret generated when the agent was created." +variable "agent_disable_update" { + type = bool + default = true + description = "Agents will self-update if set to false." } -variable "tfc_url" { +variable "agent_image" { type = string - default = "https://app.terraform.io" - description = "The Terraform Cloud endpoint. Must be changed if using Terraform Enterprise." + default = "hashicorp/tfc-agent" + description = "Name of the Terraform Cloud Agent docker image." } variable "agent_log_level" { @@ -20,15 +16,27 @@ variable "agent_log_level" { description = "Available log levels are info, error, warn, debug, and trace." } -variable "agent_disable_update" { - type = bool - default = true - description = "Agents will self-update if set to false." +variable "agent_name" { + type = string + description = "The TFC agent token description defined in TFC at app//settings/agents." } -variable "namespace" { +variable "agent_replicas" { + type = number + default = 1 + description = "Replicacount of the terraform cloud agent deployment." +} + +variable "agent_token" { type = string - description = "The namespace to deploy the agent into. Unless create_namespace is true, the namespace must already exist." + description = "The TFC agent token generated when the agent was created." + sensitive = true +} + +variable "agent_version" { + type = string + default = "latest" + description = "Version of the Terraform Cloud Agent docker image." } variable "cluster_access" { @@ -37,8 +45,56 @@ variable "cluster_access" { description = "When true, provides the agent access to the cluster to manage Kubernetes resources." } +variable "cluster_access_rbac_api_groups" { + type = list(string) + default = [] + description = "Additional rbac api groups for the rbac role" +} + +variable "cluster_access_rbac_resources" { + type = list(string) + default = [] + description = "Additional rbac resources for the rbac role" +} + variable "create_namespace" { type = bool default = false description = "When true, creates the namespace for the Terraform Cloud Agent." -} \ No newline at end of file +} + +variable "limits_cpu" { + type = string + default = "2" + description = "CPU hard limits." +} + +variable "limits_memory" { + type = string + default = "2Gi" + description = "Memory hard limits." +} + +variable "namespace" { + type = string + description = "The namespace to deploy the agent into. Unless create_namespace is true, the namespace must already exist." +} + +variable "requests_cpu" { + type = string + default = "500m" + description = "CPU requests." +} + +variable "requests_memory" { + type = string + default = "250Mi" + description = "Memory requests." +} + +variable "tfc_url" { + type = string + default = "https://app.terraform.io" + description = "The Terraform Cloud endpoint. Must be changed if using Terraform Enterprise." +} + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..3f77cd6 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.0.0" + } + } + + required_version = ">= 0.14" +}