Skip to content

Commit

Permalink
Added support for volumes and volume_mounts from capabilities.
Browse files Browse the repository at this point in the history
Fixed secret manager replication

Fix syntax
  • Loading branch information
BSick7 committed Mar 22, 2024
1 parent 8bb2db9 commit 5ef760a
Show file tree
Hide file tree
Showing 5 changed files with 85 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# 0.6.6 (Mar 22, 2024)
* Added support for `volumes` and `volume_mounts` from capabilities.
* Upgraded `google` TF provider.

# 0.6.5 (Mar 20, 2024)
* Aligning `service_port` for capabilities to port 80.

Expand Down
21 changes: 21 additions & 0 deletions capabilities.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,27 @@ locals {
}
]

volumes = [
{
name = ""
empty_dir = jsonencode({})
persistent_volume_claim = jsonencode({
claim_name = "" // Required
read_only = false // Optional
})
}
]

volume_mounts = [
{
name = "" // Required
mount_path = "" // Required
sub_path = null // Path within the volume from which the container's volume should be mounted
mount_propagation = null
read_only = null // Defaults to false
}
]

// private_urls follows a wonky syntax so that we can send all capability outputs into the merge module
// Terraform requires that all members be of type list(map(any))
// They will be flattened into list(string) when we output from this module
Expand Down
35 changes: 35 additions & 0 deletions deployment.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,29 @@ resource "kubernetes_deployment_v1" "this" {
restart_policy = "Always"
service_account_name = kubernetes_service_account_v1.app.metadata[0].name

dynamic "volume" {
for_each = local.volumes

content {
name = volume.key

dynamic "empty_dir" {
for_each = volume.value.empty_dir == null ? [] : [1]
content {}
}

dynamic "persistent_volume_claim" {
for_each = volume.value.persistent_volume_claim == null ? [] : [1]
iterator = pvc

content {
claim_name = volume.value.persistent_volume_claim.claim_name
read_only = lookup(volume.value.persistent_volume_claim, "read_only", null)
}
}
}
}

container {
name = local.main_container_name
image = "${local.service_image}:${local.app_version}"
Expand Down Expand Up @@ -112,6 +135,18 @@ resource "kubernetes_deployment_v1" "this" {
}
}
}

dynamic "volume_mount" {
for_each = local.volume_mounts

content {
name = volume_mount.key
mount_path = volume_mount.value.mount_path
sub_path = volume_mount.value.sub_path
mount_propagation = volume_mount.value.mount_propagation
read_only = volume_mount.value.read_only
}
}
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion secrets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ resource "google_secret_manager_secret" "app_secret" {
labels = local.tags

replication {
automatic = true
auto {}
}
}

Expand Down
24 changes: 24 additions & 0 deletions volumes.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
locals {
cap_volumes = lookup(local.capabilities, "volumes", [])
cap_volume_mounts = lookup(local.capabilities, "volume_mounts", [])

volume_mounts = {
for vm in local.cap_volume_mounts : vm.name =>
{
name = vm.name
mount_path = vm.mount_path
mount_propagation = lookup(vm, "mount_propagation", null)
sub_path = lookup(vm, "sub_path", null)
read_only = tobool(lookup(vm, "read_only", null))
}
}

volumes = {
for v in local.cap_volumes : v.name =>
{
name = v.name
persistent_volume_claim = jsondecode(lookup(v, "persistent_volume_claim", "null"))
empty_dir = jsondecode(lookup(v, "empty_dir", "null"))
}
}
}

0 comments on commit 5ef760a

Please sign in to comment.