Browse Source

deployment to kubernetes example

master
Vladimir Smagin 1 month ago
parent
commit
cfebcdc22c
3 changed files with 280 additions and 0 deletions
  1. +39
    -0
      deploy-operator-to-kubernetes/assets/cron-operator-crd.yaml
  2. +11
    -0
      deploy-operator-to-kubernetes/kubernetes.tf
  3. +230
    -0
      deploy-operator-to-kubernetes/sys-cron-operator.tf

+ 39
- 0
deploy-operator-to-kubernetes/assets/cron-operator-crd.yaml View File

@ -0,0 +1,39 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: cronops.blindage.org
spec:
group: blindage.org
names:
kind: CronOp
listKind: CronOpList
plural: cronops
singular: cronop
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
status:
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

+ 11
- 0
deploy-operator-to-kubernetes/kubernetes.tf View File

@ -0,0 +1,11 @@
provider "kubernetes" {
config_context = "microk8s"
}
# Manage namespaces
resource "kubernetes_namespace" "namespace-operators" {
metadata {
name = "operators"
}
}

+ 230
- 0
deploy-operator-to-kubernetes/sys-cron-operator.tf View File

@ -0,0 +1,230 @@
# Deploy operator
resource "kubernetes_deployment" "cron-operator" {
depends_on = [
kubernetes_cluster_role.cron-operator,
kubernetes_service_account.cron-operator,
kubernetes_secret.cron-operator,
kubernetes_cluster_role_binding.cron-operator,
kubernetes_job.cron-operator-crd-install
]
metadata {
name = "cron-operator"
namespace = "operators"
labels = {
kind = "operators"
app = "cron-operator"
}
}
spec {
replicas = 1
selector {
match_labels = {
name = "cron-operator"
}
}
template {
metadata {
labels = {
name = "cron-operator"
}
}
spec {
service_account_name = "cron-operator"
automount_service_account_token = true
container {
image = "iam21h/cron-operator:0.0.7"
name = "cron-operator"
command = ["cron-operator"]
resources {
limits {
cpu = "0.5"
memory = "256Mi"
}
requests {
cpu = "0.1"
memory = "64Mi"
}
}
image_pull_policy = "Always"
env {
name = "WATCH_NAMESPACE"
value = ""
}
env {
name = "NAMESPACE_NAME"
value_from {
field_ref {
field_path = "metadata.namespace"
}
}
}
env {
name = "POD_NAME"
value_from {
field_ref {
field_path = "metadata.name"
}
}
}
}
}
}
}
}
# RBAC
resource "kubernetes_cluster_role" "cron-operator" {
metadata {
name = "cron-operator"
}
rule {
api_groups = [""]
resources = ["events", "pods", "services", "services/finalizers", "endpoints", "configmaps", "secrets"]
verbs = ["*"]
}
rule {
api_groups = ["apps"]
resources = ["deployments", "repolicasets"]
verbs = ["*"]
}
rule {
api_groups = ["batch"]
resources = ["jobs", "cronjobs"]
verbs = ["*"]
}
rule {
api_groups = ["monitoring.coreos.com"]
resources = ["servicemonitors"]
verbs = ["get", "create"]
}
rule {
api_groups = ["blindage.org"]
resources = ["*"]
verbs = ["*"]
}
rule {
api_groups = ["apiextensions.k8s.io"]
resources = ["customresourcedefinitions"]
verbs = ["*"]
}
}
resource "kubernetes_service_account" "cron-operator" {
metadata {
name = "cron-operator"
namespace = "operators"
}
secret {
name = kubernetes_secret.cron-operator.metadata.0.name
}
}
resource "kubernetes_secret" "cron-operator" {
metadata {
name = "cron-operator"
namespace = "operators"
}
}
resource "kubernetes_cluster_role_binding" "cron-operator" {
metadata {
name = "cron-operator"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cron-operator"
}
subject {
kind = "ServiceAccount"
name = "cron-operator"
namespace = "operators"
}
}
# Install CRD
resource "kubernetes_config_map" "cron-operator-crd" {
metadata {
name = "cron-operator-crd"
namespace = "operators"
}
data = {
"cron-operator-crd.yaml" = file("assets/cron-operator-crd.yaml")
}
}
resource "kubernetes_job" "cron-operator-crd-install" {
depends_on = [
kubernetes_cluster_role.cron-operator,
kubernetes_service_account.cron-operator,
kubernetes_secret.cron-operator,
kubernetes_cluster_role_binding.cron-operator,
kubernetes_config_map.cron-operator-crd,
]
wait_for_completion = true
timeouts {
create = "5m"
}
metadata {
name = "cron-operator-crd-install"
namespace = "operators"
labels = {
kind = "operators"
app = "cron-operator"
component = "crd-install"
}
}
spec {
template {
metadata {}
spec {
service_account_name = "cron-operator"
automount_service_account_token = true
container {
name = "install"
image = "bitnami/kubectl:latest"
command = ["kubectl", "apply", "-f", "/manifest/cron-operator-crd.yaml"]
volume_mount {
mount_path = "/manifest"
name = "crd"
}
}
volume {
name = "crd"
config_map {
name = "cron-operator-crd"
}
}
restart_policy = "Never"
}
}
backoff_limit = 5
}
}

Loading…
Cancel
Save