feat: kubernetes deployment with terraform

@ -47,5 +47,10 @@ clean:
cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem
docker: docker-build docker-push
docker build -t docker.registry:5000/weather .
docker push docker.registry:5000/weather

# Local .terraform directories
# .tfstate files
# Crash log files
# Exclude all .tfvars files, which are likely to contain sentitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.0.2"
constraints = ">= 2.0.0"
hashes = [

resource "kubernetes_deployment" "application" {
metadata {
name = "poller-application"
labels = {
app = local.service_match_label
env = local.environment
namespace = kubernetes_namespace.application_namespace.id
spec {
replicas = 1
revision_history_limit = 0
selector {
match_labels = {
app = local.deployment_match_label
template {
metadata {
labels = {
app = local.deployment_match_label
env = local.environment
spec {
volume {
name = local.config_volume_name
config_map {
name = kubernetes_config_map.weather_config.metadata.0.name
volume {
name = local.log_volume_name
persistent_volume_claim {
claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name
container {
image = format("%s:%s", var.application_image_tag, var.application_version)
name = "poller-application"
args = ["-filename", "/conf/config.hcl", "-logLevel", "info", "-logOutput", "/logs/weather.log"]
volume_mount {
mount_path = "/conf"
name = local.config_volume_name
volume_mount {
mount_path = "/logs"
name = local.log_volume_name
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
requests = {
cpu = "250m"
memory = "50Mi"
timeouts {
create = "5m"
delete = "5m"
update = "5m"
resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
metadata {
namespace = kubernetes_namespace.application_namespace.id
name = "log-weather-pvc"
spec {
storage_class_name = "dx30-nfs"
access_modes = ["ReadWriteMany"]
resources {
requests = {
storage = "2Gi"

resource "kubernetes_namespace" "application_namespace" {
metadata {
name = "application"
resource "kubernetes_config_map" "weather_config" {
metadata {
name = "weather-hcl"
namespace = kubernetes_namespace.application_namespace.id
data = {
"config.hcl" = <<EOF
openweather_secret = "${var.openweather_secret}"
s3 {
endpoint_url = "${var.S3_endpoint}"
region = "${var.S3_region}"
aws_access_key_id = "${var.S3_key_id}"
aws_secret_access_key = "${var.S3_key_secret}"

terraform {
required_version = ">= 0.12"
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.0"
backend "etcdv3" {
endpoints = ["https://dx30.localdomain:2379"]
lock = true
prefix = "/terraform-state/weather/"
cacert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/ca.pem"
cert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes.pem"
key_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes-key.pem"
provider "kubernetes" {
config_path = "~/.kube/config.kubeconfig"
config_context = "my-context"
config_context_cluster = "cluster-1"
config_context_auth_info = "admin"

variable "openweather_secret" {
description = "open weather api secret"
variable "S3_key_secret" {
description = "S3 backend key secret"
variable "S3_endpoint" {
default = "s3.localdomain"
description = "S3 backend endpoint"
variable "S3_region" {
default = "FR"
description = "S3 backend region"
variable "S3_key_id" {
default = "antoine"
description = "S3 backend key id"
variable "application_image_tag" {
default = "docker.registry/weather"
description = "container tag deployed"
variable "application_version" {
default = "latest"
description = "container tag version deployed"
locals {
service_match_label = "weather-service"
deployment_match_label = "poller-deployment"
environment = "prod"
config_volume_name = "config-weather-volume"
log_volume_name ="log-weather-volume"