AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    arrow_forward
    Stash

    Backup and Recovery Solution for Kubernetes

    arrow_forward
    KubeVault

    Tools for running HashiCorp Vault on Kubernetes

    arrow_forward
    Voyager

    Secure HAProxy Ingress Controller for Kubernetes

    arrow_forward
    Kubeform

    Provision cloud resources using Kubernetes CRDs & Terraform

    arrow_forward
    KubeDB

    KubeDB simplifies Provision, Upgrade, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • task_altLower administrative burden
    • task_altNative Kubernetes Support
    • task_altPerformance
    • task_altAvailability and durability
    • task_altManageability
    • task_altCost-effectiveness
    • task_altSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • task_altDeclarative API
    • task_altBackup Kubernetes Volumes
    • task_altBackup Database
    • task_altMultiple Storage Support
    • task_altDeduplication
    • task_altData Encryption
    • task_altVolume Snapshot
    • task_altPolicy Based Backup
    KubeVault

    Tools for running HashiCorp Vault on Kubernetes

    • task_altAutomatic Initialization & Unsealing
    • task_altManage Vault Policy
    • task_altAWS Secret Engine
    • task_altAzure Secret Engine
    • task_altGCP Secret Engine
    • task_altDatabase Secret Engine
    Voyager

    Secure HAProxy Ingress Controller for Kubernetes

    • task_altHTTP & TCP
    • task_altSSL
    • task_altPlatform support
    • task_altHAProxy
    • task_altPrometheus
    • task_altLet's Encrypt
    Kubeform

    Provision cloud resources
    using Kubernetes CRDs
    & Terraform

    • task_altNative Kubernetes Support
    • task_altBuilt on Terrafrom
    • task_altInfrastructure as Code
    • task_altSupports Multiple Cloud Platform
    • task_altUnleash Developer Velocity
  • Guard

    Kubernetes Authentication WebHook Server

    • task_altIdentity Providers
    • task_altCLI
    • task_altRBAC
    Kubed

    Kubernetes cluster manager daemon

    • task_altDisaster Recovery
    • task_altEvent Forwarder
    • task_altConfiguration Syncer
    • task_altRecycle Bin
    • task_altEvent Notifiers
    • task_altJanitor
    Pharmer

    Kubernetes Cluster Manager using Kubeadm & Cluster API

    • task_altKubeadm
    • task_altPlatform Support
    • task_altKubernetes Certification
    Swift

    Ajax friendly Helm Tiller Proxy

    • task_altAPI Support
    • task_altgRPC Gateway
    • task_altJS Client
    Searchlight

    Alerts for Kubernetes

    • task_altMonitor Kubernetes
    • task_altIcinga 2
    • task_altNotifier Support
  • Webinar New
Kubeform
github-icon twitter-icon slack-icon
TRY NOW FREE
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

AWS

This guide will show you how to provision (Create, Update, Delete) an AWS S3 Bucket using Kubeform.

Examples used in this guide can be found here.

At first, let’s look at the Terraform configuration for an AWS S3 Bucket below:

provider "aws" {
    access_key = "ACCESS_KEY"

    region = "REGION_NAME"

    secret_key = "SECRET_KEY"
}

resource "aws_s3_bucket" "test1" {
    bucket = "s3-bucket-test1"
}

Now, if we apply terraform apply this config will create an AWS S3 Bucket. We’ll create the exact configuration using kubeform. The steps are given below:

1. Create CRD:

At first, create the CRD of AWS S3 Bucket using the following kubectl command:

$ kubectl apply -f https://raw.githubusercontent.com/kubeform/provider-aws-api/master/crds/s3.aws.kubeform.com_buckets.yaml

2. Create AWS Provider Secret

Then create the secret which is necessary for provisioning the S3 Bucket in AWS.

apiVersion: v1
kind: Secret
metadata:
  name: aws-provider-secret
stringData:
  provider: |
    {
        "region": "<REGION_NAME>",
        "access_key": "<ACCESS_KEY>",
        "secret_key": "<SECRET_KEY>"
    }

Here we can see that, the provider field of the stringData of the secret is same as the field of the provider part in the terraform config file. The provider secret needs to be provided in json format, under the provider key. Save it in a file (eg. provider-secret.yaml) then apply it using kubectl.

$ kubectl apply -f provider-secret.yaml

Note: Here, key of the provider field of the stringData (eg. "access_key", "secret_key" ) must be in snake case format (same as the tf configuration file)

3. Create S3 Bucket

Now, we’ll create the S3 Bucket CRD. The yaml is given below:

apiVersion: s3.aws.kubeform.com/v1alpha1
kind: Bucket
metadata:
  name: test1
spec:
  resource:
    bucket: s3-bucket-test1
  providerRef:
    name: aws-provider-secret
  terminationPolicy: DoNotTerminate

Here, the resource field contains the AWS S3 Bucket resource spec. Also, we can see that the provider secret is referenced using a field called providerRef.

We can see a field named terminationPolicy, this is a feature of kubeform. This field can have two values, Delete or DoNotTerminate. When the value of this field is set to DoNotTerminate then the resource won’t get deleted even though we apply kubectl delete operation, this field needs to be set to Delete to delete the resource. It helps to avoid accidental deletion of the resource. We will see the use of this field in Delete S3 Bucket part later on this guide.

Save it in a file (eg. aws-s3-bucket.yaml) then apply it using kubectl.

$ kubectl apply -f aws-s3-bucket.yaml

After applying this command, the resource will be in InProgress phase until the cloud creates the resource. Once the cloud resource get created, the resource will be in Current phase which means we have successfully created the resource.

After successful creation of the resource, the resource state is available under spec.state section. This spec.state field maps the real world resource to the kubeform resource. This field doesn’t contain any sensitive field. Sensitive fields are stored in the secret specified in the spec.secretRef section. If no secretRef is specified, kubeform will create one.

4. Update S3 Bucket

Now, we’ll update the S3 Bucket CRD. For updating the Bucket, we will modify the existing aws-s3-bucket.yaml, we will use a different bucket (s3-bucket-test1-update) field. The modified yaml is given below:

apiVersion: s3.aws.kubeform.com/v1alpha1
kind: Bucket
metadata:
    name: test1
spec:
    resource:
        bucket: s3-bucket-test1-update
    providerRef:
        name: aws-provider-secret
    terminationPolicy: DoNotTerminate

Now, apply it using kubectl command.

$ kubectl apply -f aws-s3-bucket.yaml

After that, existing AWS S3 Bucket will be updated!

Note: Here, we have changed the bucket field which is Immutable, means if we change an immutable field then the resource will first get deleted and then created. But, there are some fields which are mutable, means changing those fields, resource will be only updated/changed. So, be careful!

5. Delete S3 Bucket

To delete the S3 Bucket just run:

$ kubectl delete -f aws-s3-bucket.yaml

After applying this command we will get below error message, as we have set terminationPolicy: DoNotTerminate:

Error from server (bucket "default/test1" can't be terminated. To delete, change spec.terminationPolicy to Delete): error when deleting "aws-s3-bucket.yaml": admission webhook "bucket.s3.aws.kubeform.com" denied the request: bucket "default/test1" can't be terminated. To delete, change spec.terminationPolicy to Delete

Let’s change the terminationPolicy to Delete by using kubectl patch command.

$ kubectl patch -n default bucket test1 -p '{"spec":{"terminationPolicy":"Delete"}}' --type="merge"

Now, we can delete the Bucket.

$ kubectl delete -f aws-s3-bucket.yaml

After applying this command the resource will be in Terminating phase until the cloud resource get destroyed. Once the cloud resource get destroyed, the resource will get deleted successfully.

What's on this Page

Search
Improve This Page