help with programmatic usage
cludden opened this issue · comments
First of all, great work on this! I was super happy to find this after ksonnet, so thank you! Anyways..
I often find myself using hacky terraform (either splitting k8s config between terraform and yaml or suing null_resource
+local-exec
to coordinate kubecfg
executions with related infra changes) and was contemplating mocking up a terraform-provider-kubecfg
. I'm wondering if it is possible to use kubecfg
programmatically today, or if this is considered an anti pattern?
An example of this use case is associating an AWS IAM role with a Kubernetes service account or provisioning Kubernetes configmaps/secrets with terraform attributes. In my head, I'm envisioning something along the lines of:
// in manifest.jsonnet
local kube = import 'https://raw.githubusercontent.com/bitnami-labs/kube-libsonnet/master/kube.libsonnet';
function(
labels={},
name='foo',
namespace='default',
role_arn=null,
) {
// provision service account
service_account: kube.ServiceAccount('%s-serviceaccount' % name) {
metadata+: {
annotations+: {
'eks.amazonaws.com/role-arn': role_arn,
},
labels+: labels,
namespace: namespace,
},
},
// ...
}
# in main.tf
provider "aws" {
region = var.region
}
provider "kubecfg" {
// similiar config to kubernetes provider
}
resource "aws_iam_role" "example" {
name = var.name
description = "iam role for k8s service account"
}
resource "kubecfg_manifest" "example" {
manifest = "${path.module}/manifest.jsonnet"
args {
labels = local.tags
name = var.name
namespace = var.namespace
role_arn = aws_iam_role.example.arn
}
}
I'd really appreciate any general feedback on the idea in general and thoughts on feasibility