The Terraform Operator provides support to run Terraform modules in Kubernetes in a declarative way as a Kubernetes manifest.
This project makes running a Terraform module, Kubernetes native through a single Kubernetes CRD. You can run the manifest with kubectl, Terraform, GitOps tools, etc...
Warning
The Terraform Operator is an experimental project at this stage
Disclaimer
This project is not a YAML to HCL converter. It just provides a way to run Terraform commands through a Kubernetes CRD. To see how this controller works, have a look at the design doc
Helm
helm repo add kuptan https://kuptan.github.io/helm-charts
helm install terraform-operator kuptan/terraform-operatorChart can be found here
Kubectl
kubectl apply -k https://github.com/kuptan/terraform-operator/config/crd
kubectl apply -k https://github.com/kuptan/terraform-operator/config/manifestCheck the Terraform Operator docs for more details and examples
- Point to any Terraform module (including Git)
- Private Git repos authentication
- Define Terraform variables and variable files
- Target specific Terraform workspace
- Custom backend & providers configuration
- Terraform module outputs written to a Kubernetes Secret
- Dependency on other workflows
- Terraform variables from the output of a dependency workflow
- Specify retry limits
For more examples on how to use this CRD, check the samples
apiVersion: run.terraform-operator.io/v1alpha1
kind: Terraform
metadata:
name: first-module
spec:
terraformVersion: 1.0.2
module:
source: IbraheemAlSaady/test/module
## optional module version
version:
## a terraform workspace to select
workspace:
## a custom terraform backend
## if not provided, Kubernetes backend will be used as a default
backend: |
backend "local" {
path = "/tmp/tfmodule/mytfstate.tfstate"
}
## a custom providers config
providersConfig:
## a list of terraform variables to be provided
variables:
- key: length
value: "16"
- key: something
## only works if the dependency is in the same namespace
dependencyRef:
name: my-dependency-name
key: the output secret key
- key: AWS_ACCESS_KEY
valueFrom:
## can be configMapKeyRef as well
secretKeyRef:
name: aws-credentials
key: AWS_ACCESS_KEY
environmentVariable: true
## files with ext '.tfvars' or '.tf' that will be mounted into the terraform runner job
## to be passed to terraform as '-var-file'
variableFiles:
- key: terraform-env-config
valueFrom:
## can also be 'secret'
configMap:
name: "terraform-env-config"
# secret:
# secretName: mysecret
dependsOn:
- name: run-base
## if its in another namespace
namespace:
## ssh key from a secret to allow pull modules from private git repos
gitSSHKey:
valueFrom:
secret:
## secret key must be id_rsa
secretName: git-ssh-key
defaultMode: 0600
## outputs defined will be stored in a Kubernetes secret
outputs:
## The Kubernetes Secret key
- key: my_new_output_name
## the output name from the module
moduleOutputName: result
## a flag to run a terraform destroy
destroy: false
## a flag to delete the job after the job is completed
deleteCompletedJobs: false
## number of retries in case of run failure
retryLimit: 2Check the Terraform Operator Project to see what's on the roadmap
If you find this project useful, help us:
- Support the development of this project and star this repo! ⭐
- Help new users with issues they may encounter 💪
- Send a pull request with your new features and bug fixes 🚀
For instructions about setting up your environment to develop and extend the operator, please see contributing.md