feat: expose priority_class_name argument (#50)

Signed-off-by: Darren Murray <darren.murray@lacework.net>

README.md

@@ -53,6 +53,7 @@ The `main.tf` file will configure a Kubernetes Secret and DaemonSet which will t
 | <a name="input_pod_mem_limit"></a> [pod\_mem\_limit](#input\_pod\_mem\_limit) | The limit of Memory for the Lacework datacollector pod | `string` | `"1450Mi"` | no |
 | <a name="input_pod_mem_request"></a> [pod\_mem\_request](#input\_pod\_mem\_request) | The amount of Memory to request for the Lacework datacollector pod | `string` | `"512Mi"` | no |
 | <a name="input_pod_service_account"></a> [pod\_service\_account](#input\_pod\_service\_account) | The Kubernetes ServiceAccount to use in the pod template | `string` | `""` | no |
+| <a name="input_priority_class_name"></a> [priority\_class\_name](#input\_priority\_class\_name) | Indicates the pod's priority. Requires an existing priority class name resource if not 'system-node-critical' and 'system-cluster-critical' | `string` | `""` | no |
 | <a name="input_revision_history_limit"></a> [revision\_history\_limit](#input\_revision\_history\_limit) | The number of revision hitory to keep. | `number` | `10` | no |
 | <a name="input_tolerations"></a> [tolerations](#input\_tolerations) | A list of Kubernetes Tolerations to apply to the DaemonSet definition | `list(map(string))` | <pre>[<br>  {<br>    "effect": "NoSchedule",<br>    "key": "node-role.kubernetes.io/master"<br>  }<br>]</pre> | no |
 

examples/priority-class-name/README.md

@@ -0,0 +1,25 @@
+# Kubernetes Deployment w/ Priority Class Name
+
+This example shows how to set the priority class name.
+
+```hcl
+provider "kubernetes" {}
+
+resource "kubernetes_priority_class" "example" {
+  metadata {
+    name = "terraform-example"
+  }
+
+  value = 100
+}
+
+module "lacework_k8s_datacollector" {
+  source  = "lacework/agent/kubernetes"
+  version = "~> 1.0"
+
+  lacework_access_token = "0123456789ABCDEF0123456789ABCDEF"
+  lacework_proxy_url    = "https://proxy.address.here:8080"
+  priority_class_name   = kubernetes_priority_class.example.metadata[0].name
+
+}
+```

examples/priority-class-name/main.tf

@@ -0,0 +1,24 @@
+provider "kubernetes" {}
+
+provider "lacework" {}
+
+resource "kubernetes_priority_class" "example" {
+  metadata {
+    name = "terraform-example"
+  }
+
+  value = 100
+}
+
+
+resource "lacework_agent_access_token" "k8s" {
+  name        = "prod"
+  description = "k8s deployment for production env"
+}
+
+module "lacework_k8s_datacollector" {
+  source = "../../"
+
+  lacework_access_token = lacework_agent_access_token.k8s.token
+  priority_class_name   = kubernetes_priority_class.example.metadata[0].name
+}

examples/priority-class-name/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 0.12.31"
+
+  required_providers {
+    kubernetes = "~> 2.2"
+    lacework = {
+      source  = "lacework/lacework"
+      version = "~> 0.4"
+    }
+  }
+}

main.tf

@@ -41,7 +41,6 @@ resource "kubernetes_daemonset" "lacework_datacollector" {
 
   spec {
     revision_history_limit = var.revision_history_limit
-
     selector {
       match_labels = {
         name = "lacework"
@@ -61,7 +60,7 @@ resource "kubernetes_daemonset" "lacework_datacollector" {
       }
 
       spec {
-
+        priority_class_name = var.priority_class_name
         dynamic "toleration" {
           for_each = var.tolerations
           content {

scripts/ci_tests.sh

@@ -15,6 +15,7 @@ TEST_CASES=(
   examples/custom-server-url
   examples/custom-tolerations
   examples/custom-upgrade-behavior
+  examples/priority-class-name
   examples/default
 )
 

variables.tf

@@ -104,3 +104,9 @@ variable "tolerations" {
   default     = [{ key = "node-role.kubernetes.io/master", effect = "NoSchedule" }]
   description = "A list of Kubernetes Tolerations to apply to the DaemonSet definition"
 }
+
+variable "priority_class_name" {
+  type        = string
+  description = "Indicates the pod's priority. Requires an existing priority class name resource if not 'system-node-critical' and 'system-cluster-critical'"
+  default     = ""
+}