mirror of
https://github.com/tektoncd/catalog.git
synced 2024-12-23 08:52:54 +00:00
Terraform cli task creation
Adjusting for yamllint compliance Squashing Commits Adjusting workingdir to workingDir Adjusting workingdir to workingDir Adding the dockerfile to the repo Squashing the commits after adding the dockerfile Adjusting the Dockerfile for smaller size Adjusting Dockerfile for smaller size and improved writing
This commit is contained in:
parent
c9bd921943
commit
a25579314f
18
terraform-cli/Dockerfile
Normal file
18
terraform-cli/Dockerfile
Normal file
@ -0,0 +1,18 @@
|
||||
FROM registry.access.redhat.com/ubi8/ubi
|
||||
|
||||
RUN yum update -y && \
|
||||
yum install zip -y && \
|
||||
curl -O https://releases.hashicorp.com/terraform/0.12.13/terraform_0.12.13_linux_amd64.zip && \
|
||||
unzip terraform_0.12.13_linux_amd64.zip -d /usr/local/bin && \
|
||||
yum clean all && \
|
||||
rm -rf /var/cache/yum
|
||||
|
||||
|
||||
USER 1001
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/terraform"]
|
||||
|
||||
|
||||
|
||||
|
||||
|
8
terraform-cli/OWNERS
Normal file
8
terraform-cli/OWNERS
Normal file
@ -0,0 +1,8 @@
|
||||
approvers:
|
||||
- chmouel
|
||||
- vdemeester
|
||||
- raffamendes
|
||||
reviewers:
|
||||
- chmouel
|
||||
- vdemeester
|
||||
- raffamendes
|
97
terraform-cli/README.md
Normal file
97
terraform-cli/README.md
Normal file
@ -0,0 +1,97 @@
|
||||
|
||||
|
||||
## Terraform CLI Task
|
||||
|
||||
[Terraform](https://www.terraform.io/) is an open-source infrastructure as codesoftware tool created by [HashiCorp](https://en.wikipedia.org/wiki/HashiCorp "HashiCorp"). It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language (HCL), or optionally JSON
|
||||
|
||||
## Install the Task
|
||||
|
||||
|
||||
|
||||
Install `terraform-cli` task for kubernetes 1.6+:
|
||||
```
|
||||
kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/terraform-cli/terraform-cli-task-kube1.6.yaml
|
||||
```
|
||||
This task currently works only on kubernetes 1.6+ support for a task that works on older versions of kubernetes will be added soon.
|
||||
|
||||
## Inputs `terraform-cli`
|
||||
|
||||
### Parameters
|
||||
|
||||
* **ARGS:** args to execute which are appended to `terraform` e.g. `init` (_default_: `--help`)
|
||||
* **terraform-secret:** the name of the secret containing the authentication information for the chosen provider (_default_: `terraform-creds`)
|
||||
|
||||
### Resources
|
||||
|
||||
* **source:** A `git`-type `PipelineResource` specifying the location of the terraform HCL or JSON files
|
||||
|
||||
## Terraform-Secret
|
||||
|
||||
This is a [secret]([https://kubernetes.io/docs/concepts/configuration/secret/](https://kubernetes.io/docs/concepts/configuration/secret/)) example with Credentials information [for the openstack provider](https://www.terraform.io/docs/providers/openstack/index.html) for information on how to configure authentication on different providers please refer to this [documentation](https://www.terraform.io/docs/providers/index.html) all providers have exclusive names for the environment variables for authentication, you can create a secret that will be mounted as environment variables for the provider, or you can provide that on your provider.tf file.
|
||||
|
||||
```yaml
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: terraform-secret
|
||||
namespace: terraform-cli-test
|
||||
selfLink: /api/v1/namespaces/terraform-cli-test/secrets/terraform-secret
|
||||
uid: a015225d-0f8a-11ea-8536-52fdfc072182
|
||||
resourceVersion: '626903'
|
||||
creationTimestamp: '2019-11-25T13:51:05Z'
|
||||
data:
|
||||
OS_AUTH_URL: aHR0cDovL3lvdXItY2xvdWQtcHJvZGl2ZGVyLmNvbQ==
|
||||
OS_INSECURE: dHJ1ZQ==
|
||||
OS_PASSWORD: c2VjcmV0
|
||||
OS_TENANT_NAME: bXlfdGVuYW50X25hbWU=
|
||||
OS_USERNAME: bXlfdXNlcl9uYW1l
|
||||
type: Opaque
|
||||
```
|
||||
|
||||
|
||||
To create a secret you can use the following command
|
||||
|
||||
```
|
||||
kubectl create secret generic terraform-secret --from-literal=OS_USERNAME=my-username --from-literal=OS_AUTH_URL=https://my_auth_url --from-literal=OS_TENANT_NAME=my_tenant --from-literal=OS_PASSWORD=my_password --from-literal=OS_INSECURE=true
|
||||
|
||||
```
|
||||
|
||||
## ServiceAccount
|
||||
|
||||
If you don't specify a service account to be used for running the `TaskRun` or `PipelineRun`, the `default` [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server). OpenShift by default does not allow the default service account to modify objects in the namespace. Therefore you should either explicitly grant permission to the default service account (by creating rolebindings) or [create a new service account with sufficient privileges](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#service-account-permissions) and specify it on the [`TaskRun`](https://github.com/tektoncd/pipeline/blob/master/docs/taskruns.md#service-account) or [`PipelineRun`](https://github.com/tektoncd/pipeline/blob/master/docs/pipelineruns.md#service-account).
|
||||
|
||||
You can do the former via `oc` and running the following command, replacing `<namespace>` with your target namespace:
|
||||
```
|
||||
oc policy add-role-to-user edit -z default -n <namespace>
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
This is a pipeline example passing the required credentials, and a list of arguments to the ARGS array variable.
|
||||
|
||||
```yaml
|
||||
apiVersion: tekton.dev/v1alpha1
|
||||
kind: Pipeline
|
||||
metadata:
|
||||
name: terraform-cli-example
|
||||
spec:
|
||||
resources:
|
||||
- name: terraform-file
|
||||
type: git
|
||||
tasks:
|
||||
- name: terraform
|
||||
taskRef:
|
||||
name: terraform-cli
|
||||
params:
|
||||
- name: terraform-secret
|
||||
value: "terraform-secret"
|
||||
- name: ARGS
|
||||
value:
|
||||
- apply
|
||||
- "-auto-approve"
|
||||
resources:
|
||||
inputs:
|
||||
- name: source
|
||||
resource: terraform-file
|
||||
```
|
||||
|
36
terraform-cli/terraform-cli-task.yaml
Normal file
36
terraform-cli/terraform-cli-task.yaml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: tekton.dev/v1alpha1
|
||||
kind: Task
|
||||
metadata:
|
||||
name: terraform-cli
|
||||
spec:
|
||||
inputs:
|
||||
resources:
|
||||
- name: source
|
||||
type: git
|
||||
params:
|
||||
- name: ARGS
|
||||
description: The terraform cli commands to tun
|
||||
type: array
|
||||
default:
|
||||
- "--help"
|
||||
- name: terraform-secret
|
||||
description: The terraform secret with credentials
|
||||
type: string
|
||||
default: "terraform-creds"
|
||||
steps:
|
||||
- name: init
|
||||
image: quay.io/rcmendes/terraform-cli:latest
|
||||
workingDir: /workspace/source
|
||||
command: ["/usr/local/bin/terraform"]
|
||||
args:
|
||||
- "init"
|
||||
- name: terraform-cli
|
||||
image: quay.io/rcmendes/terraform-cli:latest
|
||||
workingDir: /workspace/source
|
||||
command: ["/usr/local/bin/terraform"]
|
||||
args:
|
||||
- "$(inputs.params.ARGS)"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: $(inputs.params.terraform-secret)
|
Loading…
Reference in New Issue
Block a user