terraform - 为 Kubernetes 命名空间标签使用动态值

Question

我正在使用 Terraform 管理我的本地 Kubernetes 集群命名空间，并希望在它们上包含一些自定义标签/注释。这是为了使审计更容易，而且我们有依赖标签/注释的变异 webhook。

我正在尝试做这样的事情（伪代码）

resource "kubernetes_namespace" "namespaces" {
  for_each = {for k, v in var.namespaces: k => v}
  metadata {
    name     = each.value.name
    annotations = {
    "linkerd.io/inject"              = each.value.linkerd
    {{loop over each.value.custom_annotations}}
    }
    labels = {
      "apps.kubernetes.io/app"       = each.value.app
      "k8s.domain.co/managed-by"   = each.value.managed
      "k8s.domain.co/owner"        = each.value.owner
      {{loop over each.value.custom.labels}}
    }
  }
}

我的 var.namespaces 变量构造如下

  description = "List of namespaces controlled by Terraform"
  type        = list(object({
    name = string
    linkerd = string
    app = string
    owner = string
    managed = string
    custom_annotations = list(object({
      label = string
      value = string
    }))
    custom_labels = list(object({
      label = string
      value = string
    }))
  }))

我试图结束

namespaces = [
{
  name = foo
  ...
  custom_annotations = {
    label = "myannotation"
    value = "myvalue"
  custom_labels = {
    label = "mylabel"
    value = "myvalue"
}]


resource "kubernetes_namespace" "namespaces" {
  for_each = {for k, v in var.namespaces: k => v}
  metadata {
    name     = each.value.name
    annotations = {
    "linkerd.io/inject"              = each.value.linkerd
    myannotation = myvalue
    }
    labels = {
      "apps.kubernetes.io/app"       = each.value.app
      "k8s.domain.co/managed-by"   = each.value.managed
      "k8s.domain.co/owner"        = each.value.owner
      mylabel = myvalue
    }
  }
}

我觉得一些本地人和动态块的混合将是解决方案，但我似乎无法以一种有效的方式将它们固定在一起

请问有什么建议吗？

score 0 · Accepted Answer

我设法在不使用本地人或动态块的情况下让这几乎为自己工作。但是我不能包含默认标签和注释

resource "kubernetes_namespace" "namespaces" {
  for_each = { for k, v in var.namespaces: k => v} //loop over the namespaces
  metadata {
    name = each.value.name
    annotations = {
      for annotation in each.value.custom_annotations: annotation.label => annotation.value
    }
    labels = {
      for label in each.value.custom_labels: label.label => label.value
    }
  }
}

有了这个输入

namespaces = [ 
  {
    name = "metallb-system"
    linkerd = "enabled"
    app = "metallb"
    owner = "KPE"
    managed = "Terraform"
    custom_annotations = []
    custom_labels = [{label="foo.io/bar", value="foobar"}, {label="bar.io/foo", value="barfoo"}]
  },
  { name = "test-ns"
    linkerd = "enabled"
    app = "myapp"
    owner = "Me"
    managed = "Terraform"
    custom_annotations = [{label="foo.io/annotation", value="test"}]
    custom_labels = [{label="app.io/label", value="value"}] 
  }
]

它给了我这个输出

Changes to Outputs:
  + namespaces = {
      + 0 = {
          + id       = "metallb-system"
          + metadata = [
              + {
                  + annotations      = {}
                  + generate_name    = ""
                  + generation       = 0
                  + labels           = {
                      + "bar.io/foo" = "barfoo"
                      + "foo.io/bar" = "foobar"
                    }
                  + name             = "metallb-system"
                  + resource_version = "410142"
                  + uid              = "02d6b1e1-707a-49cf-9a2d-3f28c9ce1e5a"
                },
            ]
          + timeouts = null
        }
      + 1 = {
          + id       = (known after apply)
          + metadata = [
              + {
                  + annotations      = {
                      + "foo.io/annotation" = "test"
                    }
                  + generate_name    = null
                  + generation       = (known after apply)
                  + labels           = {
                      + "app.io/label" = "value"
                    }
                  + name             = "test-ns"
                  + resource_version = (known after apply)
                  + uid              = (known after apply)
                },
            ]
          + timeouts = null
        }
    }

score 0 · Accepted Answer

我找到了一种使用setunion添加默认标签和注释的方法

locals {
  default_annotations = [{label = "foo", value = "bar"}]
  default_labels = [{label = "terraform", value = true}]
}

resource "kubernetes_namespace" "namespaces" {
  for_each = { for k, v in var.namespaces: k => v} //loop over the namespaces
  metadata {
    name = each.value.name
    annotations = {
      for annotation in setunion(each.value.custom_annotations, local.default_annotations) : annotation.label => annotation.value
    }
    labels = {
      for label in setunion(each.value.custom_labels, local.default_labels) : label.label => label.value
    }
  }
}

我知道这并不能完全解决您的用例，因为您想从命名空间列表中读取值，但是我确实认为它更近了一步！

terraform - 为 Kubernetes 命名空间标签使用动态值

2 回答 2

Related

Reference