Terraform module for Kubernetes Deployment

Terraform module used to easily create a deployment with single container. With simple syntax.

Usage

module "deploy" {
  source        = "../"
  name          = "jenkins"
  namespace     = "ci-cd"
  image         = "jenkins/jenkins:latest"
  internal_port = [
    {
      name          = "web-access"
      internal_port = "8080"
      host_port     = "80"
    },
    {
      name          = "another"
      internal_port = "8090"
    }
  ]

  readiness_probe = {
    http_get = {
      path   = "/health"
      port   = 8080
      scheme = "HTTP"
    }
    success_threshold     = 1
    failure_threshold     = 3
    initial_delay_seconds = 10
    period_seconds        = 30
    timeout_seconds       = 3
  }
}

Terraform Requirements

Name	Version
terraform	>= 0.14.8
kubernetes	>= 2.1.0

Inputs

Name	Description	Type	Default	Example	Required
name	Name of the deployment	string	n/a	application	yes
namespace	Namespace in which create the deployment	string	default	default	no
custom_labels	Add custom label to pods	object	{ app = var.name }	{ mylabel = "apps" }	no
image	Docker image name	string	n/a	ubuntu:18.04	yes
image_pull_policy	One of Always, Never, IfNotPresent	string	IfNotPresent	Always	no
args	Arguments to the entrypoint	list(string)	n/a	["--dev", "--nodaemon"]	no
command	Change entrypoint array	list(string)	n/a	["/bin/bash", "-c", "pwd"]	no
min_ready_seconds	Field that specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available	number	null	2	no
replicas	Count of pods	number	1	5	no
strategy_update	Type of deployment. Can be 'Recreate' or 'RollingUpdate'	string	RollingUpdate	Recreate	no
rolling_update	Rolling update config params. Present only if strategy_update = RollingUpdate	object({ max_surge = string, max_unavailable = string })	n/a	{ max_surge = "25%" max_unavailable = "25%" }	no
service_account_name	Is the name of the ServiceAccount to use to run this pod	string	null	application-sa	no
service_accoun_token	Indicates whether a service account token should be automatically mounted	bool	null	true	no
restart_policy	Restart policy for all containers within the pod. One of Always, OnFailure, Never	string	Always	OnFailure	no
image_pull_secrets	Specify image pull secrets	map(string)	null	{ "some-key" = "my-secret" }	no
node_selector	Specify node selector for pod	map(string)	null	{ "some-key" = "true" }	no
env	Name and value pairs to set in the container's environment	map(string)	n/a	{ PORT = "80" ADDRESS = "0.0.0.0" }	no
env_field	Get field from k8s and add as environment variables to pods	map(string)	n/a	{ NodeName = "spec.nodeName" }	no
env_from	Get environment variables from ConfigMap or Secret and add as environment variables to pods	list(object({ config_map_ref = optional(object({ name = string })) secret_ref = optional(object({ name = string })) }))	[]	[ { config_map_ref = { name = "example-config-map" } }, { secret_ref = { name = "example-secret" } } ]	no
env_secret	Get secret keys from k8s and add as environment variables to pods	map(string)	n/a	{ # Match env name, with the same key in secret. admin_pass = kubernetes.secret.my.metadata[0].name # Specify secret name & secret key for env name DbPass = { name = "kubernetes-secret-name" key = "secret-key" } }	no
resources	Compute Resources required by this container. CPU/RAM requests/limits	object({ request_cpu = string - (Optional) request_memory = string - (Optional) limit_cpu = string - (Optional) limit_memory = string - (Optional) })	n/a	{ request_cpu = "100m" request_memory = "800Mi" limit_cpu = "120m" limit_memory = "900Mi" }	no
toleration	Pod node tolerations	list(object({ effect = string // (Optional) key = string // (Optional) operator = string // (Optional) toleration_seconds = number // (Optional) value = string // (Optional) }))	n/a	[ { effect = "NoSchedule" key = "gpu" operator = "Equal" value = "true" } ]	no
hosts	Add /etc/hosts records to pods	list(object({ hostname = string ip = string }))	n/a	[ { hostname = "mysite.com" ip = "10.10.1.20" } ]	no
volume_mount	Mount path from pods to volume	list(object({ mount_path = string volume_name = string sub_path = string - (Optional) read_only = bool - (Optional) }))	n/a	[ { mount_path = "/mnt" volume_name = "node" sub_path = "app" read_only = false } ]	no
volume_nfs	Represents an NFS mounts on the host	list(object({ path_on_nfs = string nfs_endpoint = string volume_name = string }))	n/a	[ { path_on_nfs = "/" nfs_endpoint = "10.10.0.100" volume_name = "share" } ]	no
volume_host_path	Represents a directory from node on the host	list(object({ path_on_node = string type = string - (Optional) volume_name = string }))	n/a	[ { path_on_node = "/home/ubuntu" type = "Directory" volume_name = "node" } ]	no
volume_config_map	The data stored in a ConfigMap object can be referenced in a volume of type configMap and then consumed by containerized applications running in a Pod	list(object({ mode = string name = string volume_name = string }))	n/a	[ { mode = "0777" name = "config-map" volume_name = "config-volume" } ]	no
volume_aws_disk	Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_id = string fs_type = string - (Optional) partition = string - (Optional) read_only = string - (Optional) volume_name = string }))	n/a	[ { volume_id = "vol-123124123" volume_name = "disk" } ]	no
volume_gce_disk	Represents an GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_name = string fs_type = string - (Optional) partition = string - (Optional) read_only = string - (Optional) gce_disk = string }))	n/a	[ { volume_name = "google-disk-my" gce_disk = "disk" } ]	no
volume_empty_dir	EmptyDir represents a temporary directory that shares a pod's lifetime	list(object({ volume_name = string medium = string (Optional) size_limit = string (Optional) }))	n/a	[ { volume_name = "empty-dir" medium = "Memory" size_limit = "128Mi" } ]	no
volume_claim	Represents an Persistent volume Claim resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_name = string claim_name = string - (Optional) read_only = string - (Optional) }))	n/a	[ { volume_name = "data-disk" claim_name = "claim-name-disk" } ]	no
readiness_probe	Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails.	object({ success_threshold = number failure_threshold = number initial_delay_seconds = number period_seconds = number timeout_seconds = number http_get = { http_header = list(object( // (Optional) { name = string value = string } ) path = string port = number scheme = string } exec = { // (Optional) command =list(string) } tcp_socket = { // (Optional) port = number } })	n/a	{ success_threshold = 1 failure_threshold = 3 initial_delay_seconds = 10 period_seconds = 30 timeout_seconds = 10 http_get = { http_header = [ { name = "some-header" value = "some-value" } ] path = "/" port = 80 scheme = "HTTP" } exec = { command = ["/bin/bash", "command"] } tcp_socket = { port = 5433 } })	no
liveness_probe	Periodic probe of container liveness. Container will be restarted if the probe fails	same as on readiness_probe	n/a	same as on readiness_probe	no
lifecycle_events	Actions that the management system should take in response to container lifecycle events	object({ pre_stop = { // (Optional) same as on readiness_probe } post_start = { // (Optional) same as on readiness_probe } })	n/a	{ pre_stop = { // (Optional) same as on readiness_probe } post_start = { // (Optional) same as on readiness_probe } }	no

Outputs

Name	Description
name	Name of the deployment
namespace	Namespace in which created the deployment