This guide will show you how to provision (Create, Update, Delete) an Azure Storage Container using Kubeform.
Examples used in this guide can be found here.
At first, let’s look at the Terraform
configuration for an Azure Storage Container below:
provider "azurerm" {
subscription_id = "Subscription ID"
client_id = "Client ID"
client_secret = "Client Secret"
tenant_id = "Tenant ID"
features = {}
}
resource "azurerm_storage_container" "test1" {
name = "storage-container-test1"
storage_account_name = "<STORAGE_ACCOUNT_NAME>"
}
Now, if we apply terraform apply
this config will create an Azure Storage Container. We’ll create the exact configuration using kubeform
. The steps are given below:
At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using kind.
Now, install Kubeform Microsoft Azure provider operator in your cluster following the steps here. To get a FREE license, please visit here.
helm install kubeform-provider-azurerm appscode/kubeform-provider-azurerm \
--namespace kubeform --create-namespace \
--set-file kubeform-provider.license=/path/to/the/license.txt \
--set crds.storage=true
To keep things isolated, this tutorial uses a separate namespace called demo
throughout this tutorial.
$ kubectl create ns demo
namespace/demo created
Then create the secret which is necessary for provisioning the Storage Container in Azure.
apiVersion: v1
kind: Secret
metadata:
name: azure-provider-secret
namespace: demo
stringData:
provider: |
{
"subscription_id": "<AZURE_SUBSCRIPTION_ID>",
"client_id": "AZURE_CLIENT_ID",
"client_secret": "AZURE_CLIENT_SECRET",
"tenant_id": "AZURE_TENANT_ID",
"features": {}
}
Here we can see that, the provider
field of the stringData
of the secret is same as the field of the provider part in the terraform config file. The provider secret needs to be provided in json format, under the provider
key. Save it in a file (eg. provider-secret.yaml
) then apply it using kubectl.
kubectl apply -f provider-secret.yaml
Note: Here, key of the provider field of the stringData (eg.
"client_id"
,"tenant_id"
etc.) must be in snake case format (same as the tf configuration file)
Now, we’ll create the Azure Storage Container CRD. The yaml is given below:
apiVersion: storage.azurerm.kubeform.com/v1alpha1
kind: Container
metadata:
name: test1
namespace: demo
spec:
resource:
name: storage-container-test1
storageAccountName: <STORAGE_ACCOUNT_NAME>
providerRef:
name: azure-provider-secret
terminationPolicy: DoNotTerminate
Here, the resource
field contains the Azure Storage Container spec. Also, we can see that the provider secret is referenced using a field called providerRef
.
We can see a field named
terminationPolicy
, this is a feature of Kubeform. This field can have two values,Delete
orDoNotTerminate
. When the value of this field is set toDoNotTerminate
then the resource won’t get deleted even though we applykubectl delete
operation, this field needs to be set toDelete
to delete the resource. It helps to avoid accidental deletion of the resource. We will see the use of this field inDelete Azure Storage Container
part later on this guide.
Save it in a file (eg. azure-storage-container.yaml
) then apply it using kubectl.
kubectl apply -f azure-storage-container.yaml
After applying this command, the resource will be in InProgress
phase until the cloud creates the resource. Once the cloud resource get created, the resource will be in Current
phase which means we have successfully created the resource.
After successful creation of the resource, the resource state is available under spec.state
section. This spec.state
field maps the real world resource to the Kubeform resource. This field doesn’t contain any sensitive field. Sensitive fields are stored in the secret specified in the spec.secretRef
section. If no secretRef
is specified, Kubeform will create one.
Now, we’ll update the Storage Container CRD. For updating the Storage Container, we will modify the existing azure-storage-container.yaml
, we will use a different name
(storage-container-test1-update
). The modified yaml is given below:
apiVersion: storage.azurerm.kubeform.com/v1alpha1
kind: Container
metadata:
name: test1
namespace: demo
spec:
resource:
name: storage-container-test1-update
storageAccountName: <STORAGE_ACCOUNT_NAME>
providerRef:
name: azure-provider-secret
terminationPolicy: DoNotTerminate
Now, apply it using kubectl command.
kubectl apply -f azure-storage-container.yaml
After that, existing Azure Storage Container will be first deleted and then created because name
field is immutable. See below note!
Note: Here, we have changed the
name
field which is Immutable, means if we change an immutable field then the resource will first get deleted and then created. But, there are some fields which are mutable, means changing those fields, resource will be only updated/changed. So, be careful!
To delete the Azure Storage Container just run:
kubectl delete -f azure-storage-container.yaml
After applying this command we will get below error message, as we have set terminationPolicy: DoNotTerminate
:
Error from server (container "default/test1" can't be terminated. To delete, change spec.terminationPolicy to Delete): error when deleting "azure-storage-container.yaml": admission webhook "container.storage.azurerm.kubeform.com" denied the request: container "default/test1" can't be terminated. To delete, change spec.terminationPolicy to Delete
Let’s change the terminationPolicy
to Delete
by using kubectl patch command.
kubectl patch -n demo container test1 -p '{"spec":{"terminationPolicy":"Delete"}}' --type="merge"
Now, we can delete the Storage Container.
kubectl delete -f azure-storage-container.yaml
After applying this command the resource will be in Terminating
phase until the cloud resource get destroyed. Once the cloud resource get destroyed, the resource will get deleted successfully.