Terraform - 6-02-2021
------------------------
Class note:-
Today's topic
1. Intergrate terraform with kubernetes
2. How to use terraform functions
1. Start your minikube for kubernetes
> minukube start
google: terraform functions
built-in function from terrraform.io
numeric, string, encoding, filesystem, date and time, hash and more finctions are available.
terraform provides live console
> terrafrom console
gives you terraform console where you can write terraform function
> max(5, 10, 20)
> element(["a","b","c"])
> lookup ({a="ay", b="bee"}, "a", "what?")
lookup function
> mkdir wp/function; cd wp/function
e
variable "region" {
default = "ap-south-1"
}
# store ami-names based on region, since same ami can't be used on different region
variable "ami" {
type = map # map is a dictionary
default = {
"us-east-1" = "ami-1234" # if you from us east 0 use one
"us-webt-1" = "ami-234"
"ap-south-1" = "ami-345"
}
}
# print some output
# print ami based on the region
output "01" {
value = lookup(var.ami, var.region, "ami-456"
}
> tf apply
look at the output
01 ->
whats the use case?
you can use on ec2
google for - terraform ec2 resource
Code becomes more dynamic
resource "aws_instance" "web" {
ami = lookup (var.ami, var.region, "ami-456" )
instance_type = "t3.micro"
tags = {
Name = "HelloWorld"
}
}
output "01" {
value = lookup(var.ami, var.region, "ami-456"
}
> tf init
Kubernetes
----------
- a platform that manages containers
docker -> containers -> app
Images -> Containers
containers are known as POD in k8s.
> minikube start
> kubectl get pods
google:
terrafrom -> registry -> provider -> kubernetes -> documentation -> authentication
- example usage
read the doc
> mkdir kube; cd kube
> notepad k.tf
provider "kubernetes" {
config_path = "~/.kube/confg" # contains key, login info
config_context = "my-context"
}
> kc get pods
to create instance, you have to create namespace on google, same way, k8s also same thing
look for context info when you start minikube
> notepad k.tf
provider "kubernetes" {
config_path = "~/.kube/confg"
config_context = "my-context"
config_context = "minikube"
}
> tf init
> tf apply # nothing to apply at this time
look for example how to launch pod
kubernetes providers
- go to resources section
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod
resource "kubernetes_pod" "test" {
metadata {
name = "my-kube"
}
spec {
container {
image = "nginx:1.7.9"
name = "example"
env {
name = "environment"
value = "test"
}
port {
container_port = 8080
}
liveness_probe {
http_get {
path = "/nginx_status"
port = 80
http_header {
name = "X-Custom-Header"
value = "Awesome"
}
}
initial_delay_seconds = 3
period_seconds = 3
}
}
dns_config {
nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
searches = ["example.com"]
option {
name = "ndots"
value = 1
}
option {
name = "use-vc"
}
}
dns_policy = "None"
}
}
modify
> tf apply
> kc get pod
> kc describe <pod>
> tf destroy
launch deployment
go to deployment -> set replication
https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment
This is how we can work with kubernetes
How loop works with Terraform (TF)
AWS - Security group ->
EC2 -> add security group/firewall
firewall comes from outside, checked the traffic and checks with the rule (in bound traffic)
port 80/tcp if rule is there, it will allow, if not, it will deny
> mkdir sg; cd sg
> notepad sg.tf
google
terraform security group
look for resource: aws_security_group
provider "aws" {
region = "ap-south-1"
profile = "default"
}
#variable "sgports" {
# type = list
# default = [80,81,8080,8081]
#}
resource "aws_securit_group" "allow_tls" {
name ="mysg"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # allow traffic (port 80) from all over
}
}
# you will need VPC
# tf init
# it will create security group
# tf apply
===========================
using for loop
provider "aws" {
region = "ap-south-1"
profile = "default"
}
variable "sgports" {
type = list
default = [80,81,8080,8081]
}
resource "aws_securit_group" "allow_tls" {
name ="mysg"
dynamic "ingress" {
for_each = var.sgports
content {
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] #
}
}
}
> tf apply
No comments:
Post a Comment