Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Custom Resource #215

Open
timthesinner opened this Issue Nov 14, 2018 · 6 comments

Comments

Projects
None yet
7 participants
@timthesinner
Copy link

commented Nov 14, 2018

Enabling the K8S provider to apply and manage the lifecycle for custom resources has a number of advantages:

  • Allow terraform to bring an entire K8S cluster under management, without waiting for formal resource models.
  • Allow terraform to manage resources for custom APIs.

Terraform Configuration Files

Inline Configuration

resource "kubernetes_custom" "cluster-issuer" {
  apiVersion = "certmanager.k8s.io/v1alpha1"
  kind       = "ClusterIssuer"

  metadata {
    name = "lets-encrypt-prod-issuer"
  }

  set {
    name = "spec"

    value = {
      acme = {
        email  = "admin@example.com"
        server = "https://acme-v02.api.letsencrypt.org/directory"

        privateKeySecretRef {
          name = "lets-encrypt"
        }

        http01 {}
      }
    }
  }
}

Inline configuration

locals {
  wildcard-cert = <<WILDCARD_CERT
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
spec:
 secretName: ingress-wildcard-tls
 issuerRef:
   name: '${kubernetes_custom.cluster-issuer.metadata.name}'
   kind: ClusterIssuer
 dnsNames:
   - '*.example.com'
 acme:
   config:
     - http01:
       domains:
         - '*.example.com'
WILDCARD_CERT
}

resource "kubernetes_custom" "wildcard-ingress-certificate" {
  metadata {
    name      = "ingress-tls-wildcard"
    namespace = "kube-system"
  }

  values = "${local.wildcard-cert}"
}

File based configuration

resource "kubernetes_custom" "default-ingress-certificate" {
  metadata {
    name      = "default-ingress-tls-wildcard"
    namespace = "kube-system"
  }

  values = [
    "${file("default-certificate.yaml")}",
  ]
}

Expected Behavior

Define and manage the lifecycle of any K8S resources using the kubernetes provider.

Actual Behavior

This resource type is not supported

References

Open feature requests for formal models

@alexsomesan

This comment has been minimized.

Copy link
Contributor

commented Nov 14, 2018

Thanks for documenting this request.

We do want to support custom resources (and generic resources in general). We've been discussing various ways to approach this for a while. The main challenge with the current state of things in Terraform is achieving a diff-ing behaviour that is consistent with current Terraform resource diffs. The plan is to wait for Terraform 0.12 to land first and try to make use of some of its upcoming enhancements in implementing such a resource.

@timthesinner

This comment has been minimized.

Copy link
Author

commented Nov 14, 2018

Sounds great, thanks for the quick response.

@bryanlarsen

This comment has been minimized.

Copy link

commented Dec 14, 2018

The most obvious workaround is https://github.com/ericchiang/terraform-provider-k8s

But what I'm doing is creating a simple helm chart with my custom resources and using the helm provider, providing a local path as the chart name. That makes sense for us because we're using the helm provider to install a bunch of other stuff too.

@nfisher

This comment has been minimized.

Copy link

commented Jan 16, 2019

Hi @alexsomesan given HCL is JSON compatible what are the big obstacles you see to adopting it prior to 0.12 landing? Or is it more a matter of prioritisation and bandwidth?

@pdecat

This comment has been minimized.

Copy link
Contributor

commented Jan 16, 2019

This was also discussed in #195

@bcornils bcornils added this to the Research milestone Feb 7, 2019

timthesinner added a commit to timthesinner/terraform-provider-kubernetes that referenced this issue Feb 18, 2019

Support custom resources (terraform-providers#215)
Notes:
 - Created an ExtendedClientset allowing generic access to K8S REST client
 - Refactored all usage of the provider to the K8S interfaces
 - Added a dependency on "github.com/ghodss/yaml"
 - Handle create, update, delete for custom resources
 - Custom resource update state delta between K8S, TF, and Desired is handled through transient fields
@benishak

This comment has been minimized.

Copy link

commented Mar 15, 2019

we at mobfox a year ago wrote a provider that allows the user to create Custom Resources and even despites the needs to create Custom Provider.

Now we are open sourcing it so Check it out here:
https://github.com/mobfox/terraform-provider-multiverse

you can even use AWS Lambda or execute a function locally in any language you like to manage your resources, it also keep state of your resource, so you can delete, read, update them too. It creates a resource, so it is not like External Data and behaves exactly like Custom Resources in AWS CloudFormation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.