Terraform module for Kubernetes Deployment

Terraform module used to easily create a deployment with singe container. With simple syntax.

Usage

module "deploy" {
  source        = "../"
  name          = "jenkins"
  namespace     = "ci-cd"
  image         = "jenkins/jenkins:latest"
  internal_port = [
    {
      name          = "web-access"
      internal_port = "8080"
      host_port     = "80"
    },
    {
      name          = "another"
      internal_port = "8090"
    }
  ]

  readiness_probe = {
    http_get = {
      path   = "/health"
      port   = 8080
      scheme = "HTTP"
    }
    success_threshold     = 1
    failure_threshold     = 3
    initial_delay_seconds = 10
    period_seconds        = 30
    timeout_seconds       = 3
  }
}

Terraform Requirements

Name	Version
terraform	>= 0.14.8
kubernetes	>= 2.1.0

Inputs

Name	Description	Type	Default	Example	Required
name	Name of the deployment	string	n/a	application	yes
namespace	Namespace in which create the deployment	string	default	default	no
custom_labels	Add custom label to pods	object	{ app = var.name }	{ mylabel = "apps" }	no
image	Docker image name	string	n/a	ubuntu:18.04	yes
image_pull_policy	One of Always, Never, IfNotPresent	string	IfNotPresent	Always	no
args	Arguments to the entrypoint	list(string)	n/a	["--dev", "--nodaemon"]	no
command	Change entrypoint array	list(string)	n/a	["/bin/bash", "-c", "pwd"]	no
min_ready_seconds	Field that specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available	number	null	2	no
replicas	Count of pods	number	1	5	no
strategy_update	Type of deployment. Can be 'Recreate' or 'RollingUpdate'	string	RollingUpdate	Recreate	no
rolling_update	Rolling update config params. Present only if strategy_update = RollingUpdate	object({ max_surge = string, max_unavailable = string })	n/a	{ max_surge = "25%" max_unavailable = "25%" }	no
service_account_name	Is the name of the ServiceAccount to use to run this pod	string	null	application-sa	no
service_accoun_token	Indicates whether a service account token should be automatically mounted	bool	null	true	no
restart_policy	Restart policy for all containers within the pod. One of Always, OnFailure, Never	string	Always	OnFailure	no
image_pull_secrets	Specify image pull secrets	map(string)	null	{ "some-key" = "my-secret" }	no
node_selector	Specify node selector for pod	map(string)	null	{ "some-key" = "true" }	no
env	Name and value pairs to set in the container's environment	map(string)	n/a	{ PORT = "80" ADDRESS = "0.0.0.0" }	no
env_field	Get field from k8s and add as environment variables to pods	map(string)	n/a	{ NodeName = "spec.nodeName" }	no
env_secret	Get secret keys from k8s and add as environment variables to pods	map(string)	n/a	{ # Search key in secret as environment name admin_pass = kubernetes.secret.my.id # Pass secret-name & secret key manually DbPass = { name = "kubernetes-secret-name" key = "secret-key" } }	no
resources	Compute Resources required by this container. CPU/RAM requests/limits	object({ request_cpu = string - (Optional) request_memory = string - (Optional) limit_cpu = string - (Optional) limit_memory = string - (Optional) })	n/a	{ request_cpu = "100m" request_memory = "800Mi" limit_cpu = "120m" limit_memory = "900Mi" }	no
toleration	Pod node tolerations	list(object({ effect = string // (Optional) key = string // (Optional) operator = string // (Optional) toleration_seconds = number // (Optional) value = string // (Optional) }))	n/a	[ { effect = "NoSchedule" key = "gpu" operator = "Equal" value = "true" } ]	no
hosts	Add /etc/hosts records to pods	list(object({ hostname = string ip = string }))	n/a	[ { hostname = "mysite.com" ip = "10.10.1.20" } ]	no
volume_mount	Mount path from pods to volume	list(object({ mount_path = string volume_name = string sub_path = string - (Optional) read_only = bool - (Optional) }))	n/a	[ { mount_path = "/mnt" volume_name = "node" sub_path = "app" read_only = false } ]	no
volume_nfs	Represents an NFS mounts on the host	list(object({ path_on_nfs = string nfs_endpoint = string volume_name = string }))	n/a	[ { path_on_nfs = "/" nfs_endpoint = "10.10.0.100" volume_name = "share" } ]	no
volume_host_path	Represents a directory from node on the host	list(object({ path_on_node = string type = string - (Optional) volume_name = string }))	n/a	[ { path_on_node = "/home/ubuntu" type = "Directory" volume_name = "node" } ]	no
volume_config_map	The data stored in a ConfigMap object can be referenced in a volume of type configMap and then consumed by containerized applications running in a Pod	list(object({ mode = string name = string volume_name = string }))	n/a	[ { mode = "0777" name = "config-map" volume_name = "config-volume" } ]	no
volume_aws_disk	Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_id = string fs_type = string - (Optional) partition = string - (Optional) read_only = string - (Optional) volume_name = string }))	n/a	[ { volume_id = "vol-123124123" volume_name = "disk" } ]	no
volume_gce_disk	Represents an GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_name = string fs_type = string - (Optional) partition = string - (Optional) read_only = string - (Optional) gce_disk = string }))	n/a	[ { volume_name = "google-disk-my" gce_disk = "disk" } ]	no
volume_empty_dir	EmptyDir represents a temporary directory that shares a pod's lifetime	list(object({ volume_name = string }))	n/a	[ { volume_name = "empty-dir" } ]	no
volume_claim	Represents an Persistent volume Claim resource that is attached to a kubelet's host machine and then exposed to the pod	list(object({ volume_name = string claim_name = string - (Optional) read_only = string - (Optional) }))	n/a	[ { volume_name = "data-disk" claim_name = "claim-name-disk" } ]	no
readiness_probe	Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails.	object({ success_threshold = number failure_threshold = number initial_delay_seconds = number period_seconds = number timeout_seconds = number http_get = { http_header = list(object( // (Optional) { name = string value = string } ) path = string port = number scheme = string } exec = { // (Optional) command =list(string) } tcp_socket = { // (Optional) port = number } })	n/a	{ success_threshold = 1 failure_threshold = 3 initial_delay_seconds = 10 period_seconds = 30 timeout_seconds = 10 http_get = { http_header = [ { name = "some-header" value = "some-value" } ] path = "/" port = 80 scheme = "HTTP" } exec = { command = ["/bin/bash", "command"] } tcp_socket = { port = 5433 } })	no
liveness_probe	Periodic probe of container liveness. Container will be restarted if the probe fails	same as on readiness_probe	n/a	same as on readiness_probe	no
lifecycle_events	Actions that the management system should take in response to container lifecycle events	object({ pre_stop = { // (Optional) same as on readiness_probe } post_start = { // (Optional) same as on readiness_probe } })	n/a	{ pre_stop = { // (Optional) same as on readiness_probe } post_start = { // (Optional) same as on readiness_probe } }	no

Outputs

Name	Description
name	Name of the deployment
namespace	Namespace in which created the deployment

Requirements

Name	Version
terraform	>= 0.14.8
kubernetes	>= 2.1.0

Providers

Name	Version
kubernetes	2.11.0

Modules

No modules.

Resources

Name	Type
kubernetes_deployment.deploy_app	resource

Inputs

Name	Description	Type	Default	Required
args	(Optional) Arguments to the entrypoint	list(string)	[]	no
cluster_ca_certificate	The root certificates bundle for TLS authentication	string	""	no
cluster_endpoint	The hostname (in form of URI) of the Kubernetes API	string	""	no
cluster_token	Token of the cluster to authen	string	""	no
command	(Optional) Entrypoint array. Not executed within a shell	list(string)	[]	no
custom_labels	(Optional) Add custom label to pods	map(string)	null	no
deployment_annotations	Annotations for deployment	map(string)	null	no
env	(Optional) Name and value pairs to set in the container's environment	map(string)	{}	no
env_field	(Optional) Get field from k8s and add as environment variables to pods	map(string)	{}	no
env_secret	(Optional) Get secret keys from k8s and add as environment variables to pods	map	{}	no
exec_plugins	The Configuration block to use an exec-based credential plugin	map(any)	{}	no
hosts	(Optional) Add /etc/hosts records to pods	list(object({ hostname = list(string), ip = string }))	[]	no
image	(Required) Docker image name	string	n/a	yes
image_pull_policy	One of Always, Never, IfNotPresent	string	"IfNotPresent"	no
image_pull_secrets	(Optional) Specify list of pull secrets	map(string)	null	no
internal_port	(Optional) List of ports to expose from the container	list	[]	no
kubectl_config_context_name	The config context to use when authenticating to the Kubernetes cluster. If empty, defaults to the current context specified in the kubeconfig file.	string	""	no
kubectl_config_path	The path to the config file to use for kubectl. If empty, defaults to $HOME/.kube/config	string	""	no
lifecycle_events	(Optional) Actions that the management system should take in response to container lifecycle events	list	[]	no
liveness_probe	(Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated.	list	[]	no
min_ready_seconds	(Optional) Field that specifies the minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing, for it to be considered available	number	null	no
name	(Required) Name of the deployment	string	n/a	yes
namespace	(Optional) Namespace in which to create the deployment	string	"default"	no
node_selector	(Optional) Specify node selector for pod	map(string)	null	no
prevent_deploy_on_the_same_node	Pod pod_anti_affinity rule, which prevents deploy same pod on one node.	bool	false	no
readiness_probe	(Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated.	list	[]	no
replicas	(Optional) Count of pods	number	1	no
resources	(Optional) Compute Resources required by this container. CPU/RAM requests/limits	map	{}	no
restart_policy	Restart policy for all containers within the pod. One of Always, OnFailure, Never	string	"Always"	no
rolling_update	Rolling update config params. Present only if strategy_update = RollingUpdate	list	[]	no
security_context	(Optional) SecurityContext holds pod-level security attributes and common container settings	list	[]	no
security_context_capabilities	(Optional) Security context in pod. Only capabilities.	list	[]	no
security_context_container	(Optional) Security context in pod.	list	[]	no
service_account_name	(Optional) Is the name of the ServiceAccount to use to run this pod	string	null	no
service_account_token	Indicates whether a service account token should be automatically mounted	bool	null	no
strategy_update	(Optional) Type of deployment. Can be 'Recreate' or 'RollingUpdate'	string	"RollingUpdate"	no
template_annotations	Annotations for pod (template)	map(string)	null	no
termination_grace_period_seconds	Duration in seconds the pod needs to terminate gracefully	number	null	no
toleration	(Optional) Pod node tolerations	list	[]	no
tty	Whether this container should allocate a TTY for itself	bool	true	no
volume_aws_disk	(Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list	[]	no
volume_claim	(Optional) Represents an Persistent volume Claim resource that is attached to a kubelet's host machine and then exposed to the pod	list	[]	no
volume_config_map	(Optional) The data stored in a ConfigMap object can be referenced in a volume of type configMap and then consumed by containerized applications running in a Pod	list(object({ mode = string, name = string, volume_name = string }))	[]	no
volume_empty_dir	n/a	list(object({ volume_name = string }))	[]	no
volume_gce_disk	(Optional) Represents an GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod	list	[]	no
volume_host_path	(Optional) Represents a directory from node on the host	list	[]	no
volume_mount	(Optional) Mount path from pods to volume	list	[]	no
volume_nfs	(Optional) Represents an NFS mounts on the host	list(object({ path_on_nfs = string, nfs_endpoint = string, volume_name = string }))	[]	no
volume_secret	(Optional) Create volume from secret	list	[]	no
wait_for_rollout	n/a	bool	true	no

Outputs

Name	Description
name	n/a
namespace	n/a