Day10 - Terraform - terraform function, integration with kubernetes

Terraform - 6-02-2021
------------------------

Class note:-
Today's topic
1. Intergrate terraform with kubernetes
2. How to use terraform functions


1. Start your minikube for kubernetes
> minukube start

google: terraform functions

built-in function from terrraform.io

numeric, string, encoding, filesystem, date and time, hash and more finctions are available.

terraform provides live console

> terrafrom console

gives you terraform console where you can write terraform function

> max(5, 10, 20)
> element(["a","b","c"])

> lookup ({a="ay", b="bee"}, "a", "what?")

lookup function

> mkdir wp/function; cd wp/function


e
variable "region" {

 default = "ap-south-1"

}

# store ami-names based on region, since same ami can't be used on different region
variable "ami" {
  type = map     # map is a dictionary
  default = {
    "us-east-1" = "ami-1234"    # if you from us east 0 use one
    "us-webt-1" = "ami-234"
    "ap-south-1" = "ami-345"
    }
}

# print some output
# print ami based on the region
output "01" {

value = lookup(var.ami, var.region, "ami-456"

}


> tf apply

look at the output
01 ->

whats the use case?
you can use on ec2

google for - terraform ec2 resource


Code becomes more dynamic

resource "aws_instance" "web" {

 ami = lookup (var.ami, var.region, "ami-456" )
 instance_type = "t3.micro"

 tags = {
  Name = "HelloWorld"
}
}

output "01" {

value = lookup(var.ami, var.region, "ami-456"

}

> tf init



Kubernetes
----------

- a platform that manages containers

docker -> containers -> app

Images -> Containers

containers are known as POD in k8s.

> minikube start
> kubectl get pods

google:
terrafrom -> registry -> provider -> kubernetes -> documentation -> authentication

- example usage
read the doc


> mkdir kube; cd kube
> notepad k.tf
provider "kubernetes" {
  config_path = "~/.kube/confg"    # contains key, login info
  config_context = "my-context"
}

> kc get pods


to create instance, you have to create namespace on google, same way, k8s also same thing

look for context info when you start minikube



> notepad k.tf
provider "kubernetes" {
  config_path = "~/.kube/confg"    
  config_context = "my-context"
  config_context = "minikube"
}

> tf init
> tf apply    # nothing to apply at this time


look for example how to launch pod

kubernetes providers
- go to resources section


https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod



resource "kubernetes_pod" "test" {
  metadata {
    name = "my-kube"
  }

  spec {
    container {
      image = "nginx:1.7.9"
      name  = "example"

      env {
        name  = "environment"
        value = "test"
      }

      port {
        container_port = 8080
      }

      liveness_probe {
        http_get {
          path = "/nginx_status"
          port = 80

          http_header {
            name  = "X-Custom-Header"
            value = "Awesome"
          }
        }

        initial_delay_seconds = 3
        period_seconds        = 3
      }
    }

    dns_config {
      nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
      searches    = ["example.com"]

      option {
        name  = "ndots"
        value = 1
      }

      option {
        name = "use-vc"
      }
    }

    dns_policy = "None"
  }
}

modify


> tf apply
> kc get pod

> kc describe <pod>

> tf destroy



launch deployment
go to deployment -> set replication

https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment

This is how we can work with kubernetes



How loop works with Terraform (TF)

AWS - Security group ->
EC2 -> add security group/firewall

firewall comes from outside, checked the traffic and checks with the rule (in bound traffic)
port 80/tcp if rule is there, it will allow, if not, it will deny

> mkdir sg; cd sg
> notepad sg.tf

google
terraform security group

look for resource: aws_security_group


provider "aws" {
 region = "ap-south-1"
 profile = "default"
}

#variable "sgports" {
#  type = list
#  default = [80,81,8080,8081]
#}

resource "aws_securit_group" "allow_tls" {
  name ="mysg"

ingress {
  from_port = 80
  to_port = 80
  protocol = "tcp"
  cidr_blocks = ["0.0.0.0/0"] # allow traffic (port 80) from all over
}
}

# you will need VPC

# tf init

# it will create security group
# tf apply


===========================
using for loop



provider "aws" {
 region = "ap-south-1"
 profile = "default"
}

variable "sgports" {
  type = list
  default = [80,81,8080,8081]
}

resource "aws_securit_group" "allow_tls" {
  name ="mysg"

dynamic "ingress" {
  for_each = var.sgports
  content {
    from_port = ingress.value
    to_port = ingress.value
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"] #
    }
  }
}

> tf apply