Add ephemeral volumes to Pod Spec (#2183)

* Working implementation of ephemeral volumes

* Add acceptance test for ephemeral volume

* add changelog

* Rename 2145.txt to 2185.txt

* Rename 2185.txt to 2183.txt

* add docs

* make tests-lint-fix

* revert metadataFields()

---------

Co-authored-by: jheil <[email protected]>
Co-authored-by: JHeil <[email protected]>

Author: BBBmau

.changelog/2183.txt

@@ -0,0 +1,3 @@
+```release-note:feature
+`kubernetes/resource_kubernetes_pod.go`: add `ephemeral` volume type to pod specification [GH-2032]
+```

kubernetes/resource_kubernetes_persistent_volume_claim_test.go

@@ -572,6 +572,43 @@ func testAccCheckKubernetesPersistentVolumeClaimExists(n string, obj *api.Persis
 	}
 }
 
+func testAccCheckKubernetesPersistentVolumeClaimCreated(namespace, name string, obj *api.PersistentVolumeClaim) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
+		if err != nil {
+			return err
+		}
+		ctx := context.TODO()
+		out, err := conn.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, name, metav1.GetOptions{})
+		if err != nil {
+			return err
+		}
+
+		*obj = *out
+		return nil
+	}
+}
+
+func testAccCheckKubernetesPersistentVolumeClaimIsDestroyed(obj *api.PersistentVolumeClaim) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		meta := obj.GetObjectMeta()
+		conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
+		if err != nil {
+			return err
+		}
+		ctx := context.TODO()
+		out, err := conn.CoreV1().PersistentVolumeClaims(meta.GetNamespace()).Get(ctx, meta.GetName(), metav1.GetOptions{})
+		if err != nil {
+			if errors.IsNotFound(err) {
+				return nil
+			}
+			return err
+		}
+
+		return fmt.Errorf("Expected no PVC but still found %q", out.GetObjectMeta().GetName())
+	}
+}
+
 func testAccCheckClaimRef(pv *api.PersistentVolume, expected *ObjectRefStatic) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		or := pv.Spec.ClaimRef

kubernetes/resource_kubernetes_pod_test.go

@@ -1495,6 +1495,36 @@ func TestAccKubernetesPod_runtimeClassName(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesPod_with_ephemeral_storage(t *testing.T) {
+	var pod api.Pod
+	var pvc api.PersistentVolumeClaim
+
+	testName := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	imageName := nginxImageVersion
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesPodDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesPodEphemeralStorage(testName, imageName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesPodExists("kubernetes_pod_v1.test", &pod),
+					testAccCheckKubernetesPersistentVolumeClaimCreated("default", testName+"-ephemeral", &pvc),
+					resource.TestCheckResourceAttr("kubernetes_pod_v1.test", "spec.0.volume.0.name", "ephemeral"),
+					resource.TestCheckResourceAttr("kubernetes_pod_v1.test", "spec.0.volume.0.ephemeral.0.spec.0.storage_class_name", testName),
+				),
+			},
+			// Do a second test with only the storage class and check that the PVC has been deleted by the ephemeral volume
+			{
+				Config: testAccKubernetesPodEphemeralStorageWithoutPod(testName),
+				Check:  testAccCheckKubernetesPersistentVolumeClaimIsDestroyed(&pvc),
+			},
+		},
+	})
+}
+
 func createRuncRuntimeClass(rn string) error {
 	conn, err := testAccProvider.Meta().(KubeClientsets).MainClientset()
 	if err != nil {
@@ -3292,3 +3322,78 @@ resource "kubernetes_pod_v1" "scheduler" {
 }
 `, name)
 }
+
+func testAccKubernetesPodEphemeralStorage(name, imageName string) string {
+	return fmt.Sprintf(`resource "kubernetes_storage_class" "test" {
+  metadata {
+    name = %[1]q
+  }
+  storage_provisioner = "pd.csi.storage.gke.io"
+  reclaim_policy      = "Delete"
+  volume_binding_mode = "WaitForFirstConsumer"
+
+  parameters = {
+    type = "pd-standard"
+  }
+}
+
+resource "kubernetes_pod_v1" "test" {
+  metadata {
+    name = %[1]q
+    labels = {
+      Test = "TfAcceptanceTest"
+    }
+  }
+  spec {
+    priority_class_name = "default"
+    container {
+      name  = "containername"
+      image = %[2]q
+
+      volume_mount {
+        mount_path = "/ephemeral"
+        name       = "ephemeral"
+      }
+    }
+
+    volume {
+      name = "ephemeral"
+
+      ephemeral {
+        metadata {
+          labels = {
+            Test = "TfAcceptanceTest"
+          }
+        }
+        spec {
+          access_modes       = ["ReadWriteOnce"]
+          storage_class_name = %[1]q
+
+          resources {
+            requests = {
+              storage = "5Gi"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+`, name, imageName)
+}
+
+func testAccKubernetesPodEphemeralStorageWithoutPod(name string) string {
+	return fmt.Sprintf(`resource "kubernetes_storage_class" "test" {
+  metadata {
+    name = %[1]q
+  }
+  storage_provisioner = "pd.csi.storage.gke.io"
+  reclaim_policy      = "Delete"
+  volume_binding_mode = "WaitForFirstConsumer"
+
+  parameters = {
+    type = "pd-standard"
+  }
+}
+`, name)
+}

kubernetes/schema_pod_spec.go

@@ -687,6 +687,50 @@ func volumeSchema(isUpdatable bool) *schema.Resource {
 		},
 	}
 
+	v["ephemeral"] = &schema.Schema{
+		Type:        schema.TypeList,
+		Description: "Represents an ephemeral volume that is handled by a normal storage driver. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes",
+		Optional:    true,
+		MaxItems:    1,
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"metadata": {
+					Type:        schema.TypeList,
+					Description: "May contain labels and annotations that will be copied into the PVC when creating it.",
+					Required:    true,
+					MaxItems:    1,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"annotations": {
+								Type:         schema.TypeMap,
+								Description:  "An unstructured key value map stored with the persistent volume claim that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations",
+								Optional:     true,
+								Elem:         &schema.Schema{Type: schema.TypeString},
+								ValidateFunc: validateAnnotations,
+							},
+							"labels": {
+								Type:         schema.TypeMap,
+								Description:  "Map of string keys and values that can be used to organize and categorize (scope and select) the persistent volume claim. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels",
+								Optional:     true,
+								Elem:         &schema.Schema{Type: schema.TypeString},
+								ValidateFunc: validateLabels,
+							},
+						},
+					},
+				},
+				"spec": {
+					Type:        schema.TypeList,
+					Description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.",
+					Required:    true,
+					MaxItems:    1,
+					Elem: &schema.Resource{
+						Schema: persistentVolumeClaimSpecFields(),
+					},
+				},
+			},
+		},
+	}
+
 	v["persistent_volume_claim"] = &schema.Schema{
 		Type:        schema.TypeList,
 		Description: "The specification of a persistent volume.",
@@ -789,7 +833,7 @@ func volumeSchema(isUpdatable bool) *schema.Resource {
 					Elem: &schema.Resource{
 						Schema: map[string]*schema.Schema{
 							// identical to SecretVolumeSource but without the default mode and uses a local object reference as name instead of a secret name.
-							"secret": &schema.Schema{
+							"secret": {
 								Type:        schema.TypeList,
 								Description: "Secret represents a secret that should populate this volume. More info: http://kubernetes.io/docs/user-guide/volumes#secrets",
 								Optional:    true,
@@ -835,7 +879,7 @@ func volumeSchema(isUpdatable bool) *schema.Resource {
 								},
 							},
 							// identical to ConfigMapVolumeSource but without the default mode and uses a local object reference as name instead of a secret name.
-							"config_map": &schema.Schema{
+							"config_map": {
 								Type:        schema.TypeList,
 								Description: "ConfigMap represents a configMap that should populate this volume",
 								Optional:    true,
@@ -881,7 +925,7 @@ func volumeSchema(isUpdatable bool) *schema.Resource {
 								},
 							},
 							// identical to DownwardAPIVolumeSource but without the default mode.
-							"downward_api": &schema.Schema{
+							"downward_api": {
 								Type:        schema.TypeList,
 								Description: "DownwardAPI represents downward API about the pod that should populate this volume",
 								Optional:    true,
@@ -959,7 +1003,7 @@ func volumeSchema(isUpdatable bool) *schema.Resource {
 									},
 								},
 							},
-							"service_account_token": &schema.Schema{
+							"service_account_token": {
 								Type:        schema.TypeList,
 								Description: "A projected service account token volume",
 								Optional:    true,

kubernetes/structure_persistent_volume_spec.go

@@ -545,6 +545,18 @@ func flattenVsphereVirtualDiskVolumeSource(in *v1.VsphereVirtualDiskVolumeSource
 	return []interface{}{att}
 }
 
+func flattenEphemeralVolumeSource(in *v1.EphemeralVolumeSource) []interface{} {
+	att := make(map[string]interface{})
+
+	metadata := make(map[string]interface{})
+	metadata["labels"] = in.VolumeClaimTemplate.ObjectMeta.GetLabels()
+	metadata["annotations"] = in.VolumeClaimTemplate.ObjectMeta.GetAnnotations()
+
+	att["metadata"] = []interface{}{metadata}
+	att["spec"] = flattenPersistentVolumeClaimSpec(in.VolumeClaimTemplate.Spec)
+	return []interface{}{att}
+}
+
 // Expanders
 
 func expandAWSElasticBlockStoreVolumeSource(l []interface{}) *v1.AWSElasticBlockStoreVolumeSource {
@@ -1233,6 +1245,25 @@ func expandVsphereVirtualDiskVolumeSource(l []interface{}) *v1.VsphereVirtualDis
 	return obj
 }
 
+func expandEphemeralVolumeSource(l []interface{}) (*v1.EphemeralVolumeSource, error) {
+	if len(l) == 0 || l[0] == nil {
+		return &v1.EphemeralVolumeSource{}, nil
+	}
+	in := l[0].(map[string]interface{})
+	pvc_claim, err := expandPersistentVolumeClaimSpec(in["spec"].([]interface{}))
+	if err != nil {
+		return &v1.EphemeralVolumeSource{}, err
+	}
+
+	obj := &v1.EphemeralVolumeSource{
+		VolumeClaimTemplate: &v1.PersistentVolumeClaimTemplate{
+			ObjectMeta: expandMetadata(in["metadata"].([]interface{})),
+			Spec:       *pvc_claim,
+		},
+	}
+	return obj, nil
+}
+
 func patchPersistentVolumeSpec(pathPrefix, prefix string, d *schema.ResourceData) (PatchOperations, error) {
 	ops := make([]PatchOperation, 0)
 	prefix += ".0."

kubernetes/structures_pod.go

@@ -422,6 +422,9 @@ func flattenVolumes(volumes []v1.Volume) ([]interface{}, error) {
 		if v.PhotonPersistentDisk != nil {
 			obj["photon_persistent_disk"] = flattenPhotonPersistentDiskVolumeSource(v.PhotonPersistentDisk)
 		}
+		if v.Ephemeral != nil {
+			obj["ephemeral"] = flattenEphemeralVolumeSource(v.Ephemeral)
+		}
 		att[i] = obj
 	}
 	return att, nil
@@ -1514,6 +1517,13 @@ func expandVolumes(volumes []interface{}) ([]v1.Volume, error) {
 		if v, ok := m["photon_persistent_disk"].([]interface{}); ok && len(v) > 0 {
 			vl[i].PhotonPersistentDisk = expandPhotonPersistentDiskVolumeSource(v)
 		}
+		if v, ok := m["ephemeral"].([]interface{}); ok && len(v) > 0 {
+			ephemeral, err := expandEphemeralVolumeSource(v)
+			if err != nil {
+				return vl, err
+			}
+			vl[i].Ephemeral = ephemeral
+		}
 	}
 	return vl, nil
 }

website/docs/r/pod.html.markdown

@@ -907,6 +907,7 @@ The `items` block supports the following:
 * `csi` - (Optional) CSI represents storage that is handled by an external CSI driver. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/storage/volumes/#csi)
 * `downward_api` - (Optional) DownwardAPI represents downward API about the pod that should populate this volume
 * `empty_dir` - (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see [Kubernetes reference](http://kubernetes.io/docs/user-guide/volumes#emptydir)
+* `ephemeral` - (Optional) Represents an ephemeral volume that is handled by a normal storage driver. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes. 
 * `fc` - (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
 * `flex_volume` - (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.
 * `flocker` - (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running