This is a tutorial about Using Terraform with Kubernetes for beginners. Kubestack has managed services like AKS, EKS, and GKE for Terraform with kubernetes deployment. They help in integrating cluster services from different bases in to GitOps workflow.
You can also check this tutorial in the following video:
1. Overview
Terraform was created on May 21st, 2014 by Mitchell Hashimoto. Hashimoto was Hashicorp’s founder. Terraform is used for building code and handling infrastructure security. Terraform is a popular DevOps tool in the software world. Terraform has code resources and a plan to take the environment from one state to the other state.
2. Terraform with Kubernetes
2.1 Prerequisites
Terraform is necessary on the operating system in which you want to execute the code.
2.2 Download
You can download Terraform from this website.
2.3 Setup
2.3.1 Terraform Setup
You can set up the Terraform by using the command below on macOS:
Terraform Setup
brew tap hashicorp/tap brew install hashicorp/tap/terraform
You can run this command to check if it is working:
Terraform Execution
terraform -v
The output of the above command executed is shown below:
Terraform Execution Output
apples-MacBook-Air:~ bhagvan.kommadi$ terraform -v Terraform v1.1.5 on darwin_amd64 apples-MacBook-Air:~ bhagvan.kommadi$
The terraform execution command has other options which are shown below:
Terraform Execution Options
$ terraform Usage: terraform [-version] [-help] [args] ... help content omitted
2.4 Start a New Terraform Project
You can create a Terraform Project using resource definitions. Resource definitions are the files with the suffix .tf. You can use Terraform’s language for configuring the resources like EC2 instance, an Azure MariaDB, or a DNS entry. You can create a sample Terraform project with the commands shown below:
Terraform Project Creation Commands
$ cd $HOME
$ mkdir sample-terraform
$ cd sample-terraform
$ cat > main.tf <<EOF
provider "local" {
version = "~> 1.4"
}
resource "local_file" "sample" {
content = "sample, Terraform"
filename = "sample.txt"
}
EOF
The above main.tf file has resource and provider definitions. Local provider version 1.4 or other compatible version is used. sample of type local_file has the resource definition. You can run the terraform project by using the command below:
Terraform Project Execution
terraform init
The output of the above command when executed is shown below:
Terraform Project Execution Output
apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform init Initializing the backend... Initializing provider plugins... - Finding hashicorp/local versions matching "~> 1.4"... - Installing hashicorp/local v1.4.0... - Installed hashicorp/local v1.4.0 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. ╷ │ Warning: Version constraints inside provider configuration blocks are deprecated │ │ on main.tf line 2, in provider "local": │ 2: version = "~> 1.4" │ │ Terraform 0.13 and earlier allowed provider version constraints inside the │ provider configuration block, but that is now deprecated and will be removed │ in a future version of Terraform. To silence this warning, move the provider │ version constraint into the required_providers block. ╵ Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Above, terraform reads the project files and downloads the required providers from public registries. The next step is to execute the plan command as shown below:
Terraform Project Execution – Plan
terraform plan
The output of the above command when executed is shown below:
Terraform Project Execution – Plan Output
apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform plan
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# local_file.sample will be created
+ resource "local_file" "sample" {
+ content = "sample, Terraform"
+ directory_permission = "0777"
+ file_permission = "0777"
+ filename = "sample.txt"
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│
│ on main.tf line 2, in provider "local":
│ 2: version = "~> 1.4"
│
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵
───────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
apples-MacBook-Air:sample-terraform bhagvan.kommadi$
The above terraform plan command helps in verifying the actions for resource creation. Terraform assumes that default values will be used where ever you have not shared them in the resource definition. You can now execute the apply command for resource creation.
Terraform Project Execution – Apply
terraform apply
The output of the above command when executed is shown below:
Terraform Project Execution – Apply Output
apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform apply
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# local_file.sample will be created
+ resource "local_file" "sample" {
+ content = "sample, Terraform"
+ directory_permission = "0777"
+ file_permission = "0777"
+ filename = "sample.txt"
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
╷
│ Warning: Version constraints inside provider configuration blocks are deprecated
│
│ on main.tf line 2, in provider "local":
│ 2: version = "~> 1.4"
│
│ Terraform 0.13 and earlier allowed provider version constraints inside the
│ provider configuration block, but that is now deprecated and will be removed
│ in a future version of Terraform. To silence this warning, move the provider
│ version constraint into the required_providers block.
╵
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
local_file.sample: Creating...
local_file.sample: Creation complete after 0s [id=37d2f5fd67a0734d5d8d1626a47ae46f5b4dee17]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
apples-MacBook-Air:sample-terraform bhagvan.kommadi$
In the above command, the execution plan is generated. You can see the sample.txt. It will have the expected content Sample, Terraform.
Terraform Project Execution – Sample.txt
sample, Terraform
You can run the apply-auto-approve command next.
Terraform Project Execution – Apply Auto Approve
terraform apply -auto-approve
The output of the above command when executed is shown below:
Terraform Project Execution – Apply Auto Approve Output
apples-MacBook-Air:sample-terraform bhagvan.kommadi$ terraform apply -auto-approve local_file.sample: Refreshing state... [id=37d2f5fd67a0734d5d8d1626a47ae46f5b4dee17] No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ╷ │ Warning: Version constraints inside provider configuration blocks are deprecated │ │ on main.tf line 2, in provider "local": │ 2: version = "~> 1.4" │ │ Terraform 0.13 and earlier allowed provider version constraints inside the │ provider configuration block, but that is now deprecated and will be removed │ in a future version of Terraform. To silence this warning, move the provider │ version constraint into the required_providers block. ╵ Apply complete! Resources: 0 added, 0 changed, 0 destroyed
You can have modules in Terraform which can have resources defined across different projects.
2.5 Kubernetes Setup
You need an existing kubernetes cluster like kind. Let us install the kind software. You can also download the config.yaml and run kind executable to setup the kubernetes cluster.
Install Kubernetes Cluster
brew install kind curl https://raw.githubusercontent.com/hashicorp/learn-terraform-deploy-nginx-kubernetes-provider/main/kind-config.yaml --output kind-config.yaml kind create cluster --name terraform-hello --config kind-config.yaml
The output is shown below:
Kind setup output
kind create cluster --name terraform-hello --config kind-config.yaml Creating cluster "terraform-hello" ... ✓ Ensuring node image (kindest/node:v1.23.4) 🖼 ✓ Preparing nodes 📦 ✓ Writing configuration 📜 ✓ Starting control-plane 🕹️ ✓ Installing CNI 🔌 ✓ Installing StorageClass 💾 Set kubectl context to "kind-terraform-hello" You can now use your cluster with: kubectl cluster-info --context kind-terraform-hello Have a nice day!
2.6 Terraform with Kubernetes
Using terraform with kubernetes helps in providing unified workflow, full lifecycle management, and graph of relationships. Let us add NGINX deployment with two replicas on the kubernetes cluster internally exposing port 80 for HTTP.Now, create a new file named kubernetes.tf and add the following configuration to it. This serves as a base configuration for the provider.
Terraform Project Execution – Config
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
}
}
}
variable "host" {
type = string
}
variable "client_certificate" {
type = string
}
variable "client_key" {
type = string
}
variable "cluster_ca_certificate" {
type = string
}
provider "kubernetes" {
host = var.host
client_certificate = base64decode(var.client_certificate)
client_key = base64decode(var.client_key)
cluster_ca_certificate = base64decode(var.cluster_ca_certificate)
}
resource "kubernetes_deployment" "nginx" {
metadata {
name = "scalable-nginx-example"
labels = {
App = "ScalableNginxExample"
}
}
spec {
replicas = 2
selector {
match_labels = {
App = "ScalableNginxExample"
}
}
template {
metadata {
labels = {
App = "ScalableNginxExample"
}
}
spec {
container {
image = "nginx:1.7.8"
name = "example"
port {
container_port = 80
}
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests = {
cpu = "250m"
memory = "50Mi"
}
}
}
}
}
}
}
Let us check for kubernetes cluster to configure the terraform with the command kubectl config view and you can see the output as below.
Kind cluster check
apples-MacBook-Air:terraform-kubernetes bhagvan.kommadi$ kubectl config view --minify --flatten --context=kind-terraform-hello
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1ETXlPREU0TURrMU1Gb1hEVE15TURNeU5URTRNRGsxTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0ViCjZMNXZGY1ZNbjVFcXdhL01nZjZDM3N5Rit5RS9LZGIwb2dUaVN4c0V2eFlLR091VURYUmd6aHBXVTF6RVp6SncKNFRzb0xodW9Ta3NaTU03S2ZWd3ZXQ0NhOVFic3lOSjdZbzdOTmJ5VjBCOWQ2N1BpMERjUXFzSkpRQ0Q2cFI3dQovMWlpanJSMHhNKzh0SjRXdXE2UU1TQnllcUJZdVFGbzVKbDVIcmRyb1NuUElwWmh1TDJVYU9WVnZSWkhybjZGCkk3d3JIWVRiMTYvZjBndDVtYTQvOFd2TWNRYkhmR3k0SlhPYmdqWVk1R2l5cnVBa2V4aG9mUjRKQnN4dE5SYnUKNFNyVXhVU3Z5SVkzc3lmNjBabVY0amM3TU9KSDlFVFF2WSs4U0ZBenpua25GeFloSUZwRVU0WnFaSmpJZWEwUQpXOHJZU2Q2d2lLQkZKZTdJa3JzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBOHUzYjgwdC9rTjVxT0MxenNRSHdRaktTYlRNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTTZBM05yVExOMVR6ZER0N1RPcgpsS2RFdHAwSU50ZlV0UmVVVDhRcFVOdDlOUlozL2NzN25Yc1pGajBwV2kvYW1DYW0wLy9lVENnQkxYQWc1cTRxCjVtdUt3WHpsYnVmU3llcm9oNHg2ZjVEUEJIdTNSUW5iSXlENnRiYkUyUmZpN0djajFLZVB6N1U5Zlp5eGJaMzEKZDNqbFJHL09zeSszTXNUeXZPZzE0TDNvRXhKemJrMk1RWTc4ek4xS0hJbVM2YlBiTDNSUld1c2R2aStQZTFGTwpwYjRTYklmVEpqTUJ4bDBTMFUyZE11Qy9RQmVlK0pOT1FTMmJYeXVkM0h1ZWZlaHhhVHNXNkNEM21yenQrUHVsCk52YzVibXZianp6L2dYWG0yaVVqNTVUb0s5NGFEczNzbjNuOE9lNGxvak5GaXR3SGdrdXlzWUZzMU93aStSKysKR0RFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://127.0.0.1:50419
name: kind-terraform-hello
contexts:
- context:
cluster: kind-terraform-hello
user: kind-terraform-hello
name: kind-terraform-hello
current-context: kind-terraform-hello
kind: Config
preferences: {}
users:
- name: kind-terraform-hello
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJQ0EwamFObE1ES2N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBek1qZ3hPREE1TlRCYUZ3MHlNekF6TWpneE9EQTVOVGhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXduVG9hUzJTMHlVeVNXT2YKTSszYU42NTdjUGN4d1VZQzVLZ3JYQ3NrRUpCNXJUdzQvMThNNzNiTVBKRWtRS2txdHBQSnNpbGVRQnR6cXlrSAppRmJaRWtFVlBoR3hvNWhYdGlzRzQrT2QvZlIreFU0dDJ1dFBXNlVVbjlFL0tLaER0ZjRiNlBMY042MWFJNlNPCjV2bkNuWVlrNVQ2a2Z1eFR1OUxBL3RHMCtORzZsaFh4UkhLK0V4QXQ4eFF2aUJ6RjQ5Z3pCcXVCOTR6ZFpwd2kKT2htcWVsL3VEdmh6NDFUL05sMWEyaDc4SHBvZTJJVzlqNUxoMmJmcE9wSTJOUGpOS0ZqY2RIZER3cm5pUlQvWQpnRzYzd083Qk1sTlNHMWpvZ0hpUlVrRFk3NytPNG5ZR2RrQnhZSWlmWEpiNk5Xb0QrbnNJaVlNcnZkODFIdkZqCjFQeWtHd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRUEx0Mi9OTGY1RGVhamd0YzdFQjhFSXlrbQowekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUktMUVdCZzcvTTBRVzUyZ2djTmlGZDBmTlBPK3pSY1RnYldXCmkwTldvQVFiM0FuT0QxbkV3NEpKbmZud0g3VGpBdDlMMFJuWTA3bjJxQi8waFA2WVhmS0c4VHZDMXVVdllIMjcKVWJIdTNoSmVGVSt2cGI0cUt5MW9HbHNqN0ZBcms0OStRK3V1Tmdtd1oyc2RIejY4L3VxaHZZU0pscm5oWGQwYQpBWW9PdWk5bjBYaVZPSUFHbEdlQ1VrQ0RvbkVFZXN1by9QemltL0hUS2w3VnFlajk1NkNCR0RVTXRKQU1qQ21PCm5lSFkxenVQU0dTYmVmMTBHVDZmdEJmYWdFWmtDZVUxNzEzMGE4UVBVWWhaaFlVQ3NoVDlsdDh5ZEp4bmU4U3UKNTZJT2Nhcm5pSmFxeUcrZ0l0MmhlWFRsdDhMT25xN0w4MG1BU3R6S2tpbm1ncmVaNHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBd25Ub2FTMlMweVV5U1dPZk0rM2FONjU3Y1BjeHdVWUM1S2dyWENza0VKQjVyVHc0Ci8xOE03M2JNUEpFa1FLa3F0cFBKc2lsZVFCdHpxeWtIaUZiWkVrRVZQaEd4bzVoWHRpc0c0K09kL2ZSK3hVNHQKMnV0UFc2VVVuOUUvS0toRHRmNGI2UExjTjYxYUk2U081dm5DbllZazVUNmtmdXhUdTlMQS90RzArTkc2bGhYeApSSEsrRXhBdDh4UXZpQnpGNDlnekJxdUI5NHpkWnB3aU9obXFlbC91RHZoejQxVC9ObDFhMmg3OEhwb2UySVc5Cmo1TGgyYmZwT3BJMk5Qak5LRmpjZEhkRHdybmlSVC9ZZ0c2M3dPN0JNbE5TRzFqb2dIaVJVa0RZNzcrTzRuWUcKZGtCeFlJaWZYSmI2TldvRCtuc0lpWU1ydmQ4MUh2RmoxUHlrR3dJREFRQUJBb0lCQUY1QU5lbk15ZzZIUitGawpaT1RSazJSTHNNOG5NVG1CaXFOemsxaWdIR0hlOU9ydmRwem9ZQ2V0Qi84UFJtZ0Uxb3dhQTdmVDd6ZlpWbTRPCmUvVXNTeGhhN1VYaFk1MXNtSTdXT2dlNDZub055R2d2cFhBbmY1Wm01Q0UyVll1S1N3OXA4L01yeTJzOUhhU0sKL1N5Y3dDU0R3VnhQeVlFdllNSjN1MDJITFZVdjBQdmV5dzZhTUlhREpFN0ZWK2xlTmplRk92Z21jYUNOMDB6egpBTm15ZXE4aUNkSlltMC94V1FkaURrU29RM0ZRM3d2Q2FPcExXKzA0MTBrRUI4VnJ3dHUxMUNVZSs5d0lGVVdKCnpTVzlNdk9rbGtzZEtUU3hkQXU5MGhjQjVybHJhRFA1OUJvRENpUVVDMDRLenhQL0ZMelhjL3R5THJJZEhUNkIKMFdpWng2a0NnWUVBeVg3dXhzaFlidVZwZ2thR2J6Nm1VdFVrNkk4Y3dYNWpQQ2pmWEpwNW9haHlJdWhmUlFsVAphV2xxUmtCYWErbDVxUXVNMUpVYVcxdjE2cUU3dWlnYmlMTXJzdDZWSFdZY2RYUFRGMjBBVmhBN2NxTmRiblNqCjVmWkdueGhUUDN1YUMxMUw0RjYxVDBQRkRFUkl2N3ZBYmVyVlcybzIrS1dWREMxMWVvV0hOTzBDZ1lFQTl3NkkKRGRiWTRrQzJ0YmRybVU2WWJCaXdyUDdjSlYvU0pnaSs3T1g2cWp1RnhpYW12Y2JjUFRkWW9RYTFKVEZvc3lSZwo2STI3N0N0V29FQlNVK2RnYzl1bzF3RGdSOEE0QjYrNGdVaDVWQlp0V29scmtTQld5c2JaZjMweXZjZ3JxR3VMCkVXTmhHR1pzWlRKN0crcVlNbFJQVk9JUUNXRE95WHc5RHZlelpDY0NnWUVBamRwWXk0VWNET1poUXgvWFlOWGcKVGd4VU1ZMGZGM0djOXl0bkpGQjBOTVRicFl1bUZub2NTT2UzczhGMlp1WTFpamJoYkgrVDBLR0xIU1ZwWVFMLwpiMXVEOWljUkgyTlZ3YkpLK0FENjdadjczaGI0bmR4cnptZDFER2dabzJXbTZ6MUJQN0l0UHFKZFJPZUZ0OFc4CkVTWDBFcWxTRGZhMFdhQmZSbVJlN1hrQ2dZRUE1Z0tTYW9nSEhnWHYxUmh5UmFYbHhHWHNQdk44VkJOMDNGSXkKSnU0cVJFanNUOEgyWlNMNk1zZ1BiTU9JN0pxbWhub3MrdlhSNnB1aXA4bWFuR0VDN0hxcUk1bStOUzdoTzA2Kwo4U1pmUndrbVFDOUdoVFBkZWlaTm9pTVdsWmdDQldneWJqcmV6OCt6eFRlTlpEMHgrMUdCRmw3dFhUM1M1OFVTCk41Z25YT3NDZ1lFQXZsRUlDaVNic1g0NlF5SFg4anJjMVVsTHJYNG04ZjZUOUhrS0JKRWRhdktCbzVHeUZnaDkKVTZuM1V0MkUvaTFpZUN5STMzMGtOL2wwTkliWGNNT1RPN003a2Erb1hhR3FCSTFpcHVkVnhObFhBbWxWY1hTQwpDc1ZxR255Nk1WQTBqWllkeS9TZzcwQXdQc1pKRzRvNFB5RnA3Z2JvSFFFVitmWit2QVV3YkdBPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
Now let us define terraform.tfvars based on the above output as shown in the file below:
Terraform TF Vars
# terraform.tfvars host = "https://127.0.0.1:50419" client_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJQ0EwamFObE1ES2N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBek1qZ3hPREE1TlRCYUZ3MHlNekF6TWpneE9EQTVOVGhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXduVG9hUzJTMHlVeVNXT2YKTSszYU42NTdjUGN4d1VZQzVLZ3JYQ3NrRUpCNXJUdzQvMThNNzNiTVBKRWtRS2txdHBQSnNpbGVRQnR6cXlrSAppRmJaRWtFVlBoR3hvNWhYdGlzRzQrT2QvZlIreFU0dDJ1dFBXNlVVbjlFL0tLaER0ZjRiNlBMY042MWFJNlNPCjV2bkNuWVlrNVQ2a2Z1eFR1OUxBL3RHMCtORzZsaFh4UkhLK0V4QXQ4eFF2aUJ6RjQ5Z3pCcXVCOTR6ZFpwd2kKT2htcWVsL3VEdmh6NDFUL05sMWEyaDc4SHBvZTJJVzlqNUxoMmJmcE9wSTJOUGpOS0ZqY2RIZER3cm5pUlQvWQpnRzYzd083Qk1sTlNHMWpvZ0hpUlVrRFk3NytPNG5ZR2RrQnhZSWlmWEpiNk5Xb0QrbnNJaVlNcnZkODFIdkZqCjFQeWtHd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRUEx0Mi9OTGY1RGVhamd0YzdFQjhFSXlrbQowekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUktMUVdCZzcvTTBRVzUyZ2djTmlGZDBmTlBPK3pSY1RnYldXCmkwTldvQVFiM0FuT0QxbkV3NEpKbmZud0g3VGpBdDlMMFJuWTA3bjJxQi8waFA2WVhmS0c4VHZDMXVVdllIMjcKVWJIdTNoSmVGVSt2cGI0cUt5MW9HbHNqN0ZBcms0OStRK3V1Tmdtd1oyc2RIejY4L3VxaHZZU0pscm5oWGQwYQpBWW9PdWk5bjBYaVZPSUFHbEdlQ1VrQ0RvbkVFZXN1by9QemltL0hUS2w3VnFlajk1NkNCR0RVTXRKQU1qQ21PCm5lSFkxenVQU0dTYmVmMTBHVDZmdEJmYWdFWmtDZVUxNzEzMGE4UVBVWWhaaFlVQ3NoVDlsdDh5ZEp4bmU4U3UKNTZJT2Nhcm5pSmFxeUcrZ0l0MmhlWFRsdDhMT25xN0w4MG1BU3R6S2tpbm1ncmVaNHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" client_key = "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBd25Ub2FTMlMweVV5U1dPZk0rM2FONjU3Y1BjeHdVWUM1S2dyWENza0VKQjVyVHc0Ci8xOE03M2JNUEpFa1FLa3F0cFBKc2lsZVFCdHpxeWtIaUZiWkVrRVZQaEd4bzVoWHRpc0c0K09kL2ZSK3hVNHQKMnV0UFc2VVVuOUUvS0toRHRmNGI2UExjTjYxYUk2U081dm5DbllZazVUNmtmdXhUdTlMQS90RzArTkc2bGhYeApSSEsrRXhBdDh4UXZpQnpGNDlnekJxdUI5NHpkWnB3aU9obXFlbC91RHZoejQxVC9ObDFhMmg3OEhwb2UySVc5Cmo1TGgyYmZwT3BJMk5Qak5LRmpjZEhkRHdybmlSVC9ZZ0c2M3dPN0JNbE5TRzFqb2dIaVJVa0RZNzcrTzRuWUcKZGtCeFlJaWZYSmI2TldvRCtuc0lpWU1ydmQ4MUh2RmoxUHlrR3dJREFRQUJBb0lCQUY1QU5lbk15ZzZIUitGawpaT1RSazJSTHNNOG5NVG1CaXFOemsxaWdIR0hlOU9ydmRwem9ZQ2V0Qi84UFJtZ0Uxb3dhQTdmVDd6ZlpWbTRPCmUvVXNTeGhhN1VYaFk1MXNtSTdXT2dlNDZub055R2d2cFhBbmY1Wm01Q0UyVll1S1N3OXA4L01yeTJzOUhhU0sKL1N5Y3dDU0R3VnhQeVlFdllNSjN1MDJITFZVdjBQdmV5dzZhTUlhREpFN0ZWK2xlTmplRk92Z21jYUNOMDB6egpBTm15ZXE4aUNkSlltMC94V1FkaURrU29RM0ZRM3d2Q2FPcExXKzA0MTBrRUI4VnJ3dHUxMUNVZSs5d0lGVVdKCnpTVzlNdk9rbGtzZEtUU3hkQXU5MGhjQjVybHJhRFA1OUJvRENpUVVDMDRLenhQL0ZMelhjL3R5THJJZEhUNkIKMFdpWng2a0NnWUVBeVg3dXhzaFlidVZwZ2thR2J6Nm1VdFVrNkk4Y3dYNWpQQ2pmWEpwNW9haHlJdWhmUlFsVAphV2xxUmtCYWErbDVxUXVNMUpVYVcxdjE2cUU3dWlnYmlMTXJzdDZWSFdZY2RYUFRGMjBBVmhBN2NxTmRiblNqCjVmWkdueGhUUDN1YUMxMUw0RjYxVDBQRkRFUkl2N3ZBYmVyVlcybzIrS1dWREMxMWVvV0hOTzBDZ1lFQTl3NkkKRGRiWTRrQzJ0YmRybVU2WWJCaXdyUDdjSlYvU0pnaSs3T1g2cWp1RnhpYW12Y2JjUFRkWW9RYTFKVEZvc3lSZwo2STI3N0N0V29FQlNVK2RnYzl1bzF3RGdSOEE0QjYrNGdVaDVWQlp0V29scmtTQld5c2JaZjMweXZjZ3JxR3VMCkVXTmhHR1pzWlRKN0crcVlNbFJQVk9JUUNXRE95WHc5RHZlelpDY0NnWUVBamRwWXk0VWNET1poUXgvWFlOWGcKVGd4VU1ZMGZGM0djOXl0bkpGQjBOTVRicFl1bUZub2NTT2UzczhGMlp1WTFpamJoYkgrVDBLR0xIU1ZwWVFMLwpiMXVEOWljUkgyTlZ3YkpLK0FENjdadjczaGI0bmR4cnptZDFER2dabzJXbTZ6MUJQN0l0UHFKZFJPZUZ0OFc4CkVTWDBFcWxTRGZhMFdhQmZSbVJlN1hrQ2dZRUE1Z0tTYW9nSEhnWHYxUmh5UmFYbHhHWHNQdk44VkJOMDNGSXkKSnU0cVJFanNUOEgyWlNMNk1zZ1BiTU9JN0pxbWhub3MrdlhSNnB1aXA4bWFuR0VDN0hxcUk1bStOUzdoTzA2Kwo4U1pmUndrbVFDOUdoVFBkZWlaTm9pTVdsWmdDQldneWJqcmV6OCt6eFRlTlpEMHgrMUdCRmw3dFhUM1M1OFVTCk41Z25YT3NDZ1lFQXZsRUlDaVNic1g0NlF5SFg4anJjMVVsTHJYNG04ZjZUOUhrS0JKRWRhdktCbzVHeUZnaDkKVTZuM1V0MkUvaTFpZUN5STMzMGtOL2wwTkliWGNNT1RPN003a2Erb1hhR3FCSTFpcHVkVnhObFhBbWxWY1hTQwpDc1ZxR255Nk1WQTBqWllkeS9TZzcwQXdQc1pKRzRvNFB5RnA3Z2JvSFFFVitmWit2QVV3YkdBPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" cluster_ca_certificate = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1ETXlPREU0TURrMU1Gb1hEVE15TURNeU5URTRNRGsxTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0ViCjZMNXZGY1ZNbjVFcXdhL01nZjZDM3N5Rit5RS9LZGIwb2dUaVN4c0V2eFlLR091VURYUmd6aHBXVTF6RVp6SncKNFRzb0xodW9Ta3NaTU03S2ZWd3ZXQ0NhOVFic3lOSjdZbzdOTmJ5VjBCOWQ2N1BpMERjUXFzSkpRQ0Q2cFI3dQovMWlpanJSMHhNKzh0SjRXdXE2UU1TQnllcUJZdVFGbzVKbDVIcmRyb1NuUElwWmh1TDJVYU9WVnZSWkhybjZGCkk3d3JIWVRiMTYvZjBndDVtYTQvOFd2TWNRYkhmR3k0SlhPYmdqWVk1R2l5cnVBa2V4aG9mUjRKQnN4dE5SYnUKNFNyVXhVU3Z5SVkzc3lmNjBabVY0amM3TU9KSDlFVFF2WSs4U0ZBenpua25GeFloSUZwRVU0WnFaSmpJZWEwUQpXOHJZU2Q2d2lLQkZKZTdJa3JzQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBOHUzYjgwdC9rTjVxT0MxenNRSHdRaktTYlRNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTTZBM05yVExOMVR6ZER0N1RPcgpsS2RFdHAwSU50ZlV0UmVVVDhRcFVOdDlOUlozL2NzN25Yc1pGajBwV2kvYW1DYW0wLy9lVENnQkxYQWc1cTRxCjVtdUt3WHpsYnVmU3llcm9oNHg2ZjVEUEJIdTNSUW5iSXlENnRiYkUyUmZpN0djajFLZVB6N1U5Zlp5eGJaMzEKZDNqbFJHL09zeSszTXNUeXZPZzE0TDNvRXhKemJrMk1RWTc4ek4xS0hJbVM2YlBiTDNSUld1c2R2aStQZTFGTwpwYjRTYklmVEpqTUJ4bDBTMFUyZE11Qy9RQmVlK0pOT1FTMmJYeXVkM0h1ZWZlaHhhVHNXNkNEM21yenQrUHVsCk52YzVibXZianp6L2dYWG0yaVVqNTVUb0s5NGFEczNzbjNuOE9lNGxvak5GaXR3SGdrdXlzWUZzMU93aStSKysKR0RFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
You can now execute command terraform init and apply to see the output as below.
Terraform Project Execution – init and approve
apples-MacBook-Air:terraform-kubernetes bhagvan.kommadi$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/kubernetes...
- Installing hashicorp/kubernetes v2.9.0...
- Installed hashicorp/kubernetes v2.9.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
apples-MacBook-Air:terraform-kubernetes bhagvan.kommadi$ terraform apply
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# kubernetes_deployment.nginx will be created
+ resource "kubernetes_deployment" "nginx" {
+ id = (known after apply)
+ wait_for_rollout = true
+ metadata {
+ generation = (known after apply)
+ labels = {
+ "App" = "ScalableNginxExample"
}
+ name = "scalable-nginx-example"
+ namespace = "default"
+ resource_version = (known after apply)
+ uid = (known after apply)
}
+ spec {
+ min_ready_seconds = 0
+ paused = false
+ progress_deadline_seconds = 600
+ replicas = "2"
+ revision_history_limit = 10
+ selector {
+ match_labels = {
+ "App" = "ScalableNginxExample"
}
}
+ strategy {
+ type = (known after apply)
+ rolling_update {
+ max_surge = (known after apply)
+ max_unavailable = (known after apply)
}
}
+ template {
+ metadata {
+ generation = (known after apply)
+ labels = {
+ "App" = "ScalableNginxExample"
}
+ name = (known after apply)
+ resource_version = (known after apply)
+ uid = (known after apply)
}
+ spec {
+ automount_service_account_token = true
+ dns_policy = "ClusterFirst"
+ enable_service_links = true
+ host_ipc = false
+ host_network = false
+ host_pid = false
+ hostname = (known after apply)
+ node_name = (known after apply)
+ restart_policy = "Always"
+ service_account_name = (known after apply)
+ share_process_namespace = false
+ termination_grace_period_seconds = 30
+ container {
+ image = "nginx:1.7.8"
+ image_pull_policy = (known after apply)
+ name = "example"
+ stdin = false
+ stdin_once = false
+ termination_message_path = "/dev/termination-log"
+ termination_message_policy = (known after apply)
+ tty = false
+ port {
+ container_port = 80
+ protocol = "TCP"
}
+ resources {
+ limits = {
+ "cpu" = "0.5"
+ "memory" = "512Mi"
}
+ requests = {
+ "cpu" = "250m"
+ "memory" = "50Mi"
}
}
}
+ image_pull_secrets {
+ name = (known after apply)
}
+ readiness_gate {
+ condition_type = (known after apply)
}
+ volume {
+ name = (known after apply)
+ aws_elastic_block_store {
+ fs_type = (known after apply)
+ partition = (known after apply)
+ read_only = (known after apply)
+ volume_id = (known after apply)
}
+ azure_disk {
+ caching_mode = (known after apply)
+ data_disk_uri = (known after apply)
+ disk_name = (known after apply)
+ fs_type = (known after apply)
+ kind = (known after apply)
+ read_only = (known after apply)
}
+ azure_file {
+ read_only = (known after apply)
+ secret_name = (known after apply)
+ secret_namespace = (known after apply)
+ share_name = (known after apply)
}
+ ceph_fs {
+ monitors = (known after apply)
+ path = (known after apply)
+ read_only = (known after apply)
+ secret_file = (known after apply)
+ user = (known after apply)
+ secret_ref {
+ name = (known after apply)
+ namespace = (known after apply)
}
}
+ cinder {
+ fs_type = (known after apply)
+ read_only = (known after apply)
+ volume_id = (known after apply)
}
+ config_map {
+ default_mode = (known after apply)
+ name = (known after apply)
+ optional = (known after apply)
+ items {
+ key = (known after apply)
+ mode = (known after apply)
+ path = (known after apply)
}
}
+ csi {
+ driver = (known after apply)
+ fs_type = (known after apply)
+ read_only = (known after apply)
+ volume_attributes = (known after apply)
+ node_publish_secret_ref {
+ name = (known after apply)
}
}
+ downward_api {
+ default_mode = (known after apply)
+ items {
+ mode = (known after apply)
+ path = (known after apply)
+ field_ref {
+ api_version = (known after apply)
+ field_path = (known after apply)
}
+ resource_field_ref {
+ container_name = (known after apply)
+ divisor = (known after apply)
+ resource = (known after apply)
}
}
}
+ empty_dir {
+ medium = (known after apply)
+ size_limit = (known after apply)
}
+ fc {
+ fs_type = (known after apply)
+ lun = (known after apply)
+ read_only = (known after apply)
+ target_ww_ns = (known after apply)
}
+ flex_volume {
+ driver = (known after apply)
+ fs_type = (known after apply)
+ options = (known after apply)
+ read_only = (known after apply)
+ secret_ref {
+ name = (known after apply)
+ namespace = (known after apply)
}
}
+ flocker {
+ dataset_name = (known after apply)
+ dataset_uuid = (known after apply)
}
+ gce_persistent_disk {
+ fs_type = (known after apply)
+ partition = (known after apply)
+ pd_name = (known after apply)
+ read_only = (known after apply)
}
+ git_repo {
+ directory = (known after apply)
+ repository = (known after apply)
+ revision = (known after apply)
}
+ glusterfs {
+ endpoints_name = (known after apply)
+ path = (known after apply)
+ read_only = (known after apply)
}
+ host_path {
+ path = (known after apply)
+ type = (known after apply)
}
+ iscsi {
+ fs_type = (known after apply)
+ iqn = (known after apply)
+ iscsi_interface = (known after apply)
+ lun = (known after apply)
+ read_only = (known after apply)
+ target_portal = (known after apply)
}
+ local {
+ path = (known after apply)
}
+ nfs {
+ path = (known after apply)
+ read_only = (known after apply)
+ server = (known after apply)
}
+ persistent_volume_claim {
+ claim_name = (known after apply)
+ read_only = (known after apply)
}
+ photon_persistent_disk {
+ fs_type = (known after apply)
+ pd_id = (known after apply)
}
+ projected {
+ default_mode = (known after apply)
+ sources {
+ config_map {
+ name = (known after apply)
+ optional = (known after apply)
+ items {
+ key = (known after apply)
+ mode = (known after apply)
+ path = (known after apply)
}
}
+ downward_api {
+ items {
+ mode = (known after apply)
+ path = (known after apply)
+ field_ref {
+ api_version = (known after apply)
+ field_path = (known after apply)
}
+ resource_field_ref {
+ container_name = (known after apply)
+ divisor = (known after apply)
+ resource = (known after apply)
}
}
}
+ secret {
+ name = (known after apply)
+ optional = (known after apply)
+ items {
+ key = (known after apply)
+ mode = (known after apply)
+ path = (known after apply)
}
}
+ service_account_token {
+ audience = (known after apply)
+ expiration_seconds = (known after apply)
+ path = (known after apply)
}
}
}
+ quobyte {
+ group = (known after apply)
+ read_only = (known after apply)
+ registry = (known after apply)
+ user = (known after apply)
+ volume = (known after apply)
}
+ rbd {
+ ceph_monitors = (known after apply)
+ fs_type = (known after apply)
+ keyring = (known after apply)
+ rados_user = (known after apply)
+ rbd_image = (known after apply)
+ rbd_pool = (known after apply)
+ read_only = (known after apply)
+ secret_ref {
+ name = (known after apply)
+ namespace = (known after apply)
}
}
+ secret {
+ default_mode = (known after apply)
+ optional = (known after apply)
+ secret_name = (known after apply)
+ items {
+ key = (known after apply)
+ mode = (known after apply)
+ path = (known after apply)
}
}
+ vsphere_volume {
+ fs_type = (known after apply)
+ volume_path = (known after apply)
}
}
}
}
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
kubernetes_deployment.nginx: Creating...
kubernetes_deployment.nginx: Still creating... [10s elapsed]
kubernetes_deployment.nginx: Still creating... [20s elapsed]
kubernetes_deployment.nginx: Still creating... [30s elapsed]
kubernetes_deployment.nginx: Still creating... [40s elapsed]
kubernetes_deployment.nginx: Creation complete after 46s [id=default/scalable-nginx-example]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
apples-MacBook-Air:terraform-kubernetes bhagvan.kommadi$
3. Download the Source Code
Download
You can download the full source code of this example here: Using Terraform with Kubernetes
You can download the full source code of this example here: Using Terraform with Kubernetes
