1
0
mirror of https://github.com/tektoncd/catalog.git synced 2024-11-27 06:27:23 +00:00
catalog/terraform-cli
Scott f2ab700283 Update READMEs of tasks that use workspaces in place of pipeline resources
The tasks in this commit were updated at some point to use workspaces instead of
pipeline resources but their readmes still refer to the resources.

This commit updates the readmes to remove mention of pipeline resources and link
out to pipeline's workspaces doc.
2020-07-09 15:41:56 +01:00
..
Dockerfile Terraform cli task creation 2019-11-29 01:26:36 -06:00
OWNERS Terraform cli task creation 2019-11-29 01:26:36 -06:00
README.md Update READMEs of tasks that use workspaces in place of pipeline resources 2020-07-09 15:41:56 +01:00
terraform-cli-task.yaml terraform-cli: use workspace instead of GitResource 🐐 2020-03-11 07:43:48 -05:00

Terraform CLI Task

Terraform is an open-source infrastructure as codesoftware tool created by HashiCorp. It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language (HCL), or optionally JSON

Install the Task

Install terraform-cli task for kubernetes 1.6+:

kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/terraform-cli/terraform-cli-task-kube1.6.yaml

This task currently works only on kubernetes 1.6+ support for a task that works on older versions of kubernetes will be added soon.

Parameters

  • ARGS: args to execute which are appended to terraform e.g. init (default: --help)
  • terraform-secret: the name of the secret containing the authentication information for the chosen provider (default: terraform-creds)

Workspaces

  • source: A Workspace volume containing the terraform HCL or JSON files.

Terraform-Secret

This is a secret example with Credentials information for the openstack provider for information on how to configure authentication on different providers please refer to this documentation all providers have exclusive names for the environment variables for authentication, you can create a secret that will be mounted as environment variables for the provider, or you can provide that on your provider.tf file.

kind: Secret
apiVersion: v1
metadata:
  name: terraform-secret
  namespace: terraform-cli-test
  selfLink: /api/v1/namespaces/terraform-cli-test/secrets/terraform-secret
  uid: a015225d-0f8a-11ea-8536-52fdfc072182
  resourceVersion: '626903'
  creationTimestamp: '2019-11-25T13:51:05Z'
data:
  OS_AUTH_URL: aHR0cDovL3lvdXItY2xvdWQtcHJvZGl2ZGVyLmNvbQ==
  OS_INSECURE: dHJ1ZQ==
  OS_PASSWORD: c2VjcmV0
  OS_TENANT_NAME: bXlfdGVuYW50X25hbWU=
  OS_USERNAME: bXlfdXNlcl9uYW1l
type: Opaque

To create a secret you can use the following command

kubectl create secret generic terraform-secret --from-literal=OS_USERNAME=my-username --from-literal=OS_AUTH_URL=https://my_auth_url --from-literal=OS_TENANT_NAME=my_tenant --from-literal=OS_PASSWORD=my_password --from-literal=OS_INSECURE=true

ServiceAccount

If you don't specify a service account to be used for running the TaskRun or PipelineRun, the default service account. OpenShift by default does not allow the default service account to modify objects in the namespace. Therefore you should either explicitly grant permission to the default service account (by creating rolebindings) or create a new service account with sufficient privileges and specify it on the TaskRun or PipelineRun.

You can do the former via oc and running the following command, replacing <namespace> with your target namespace:

oc policy add-role-to-user edit -z default -n <namespace>

Usage

This is a pipeline example passing the required credentials, and a list of arguments to the ARGS array variable.

apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: terraform-cli-example
spec:
  workspaces:
  - name: source
  tasks:
  - name: terraform
    taskRef:
      name: terraform-cli
    workspaces:
    - name: source
      workspace: source
    params:
     - name: terraform-secret
       value: "terraform-secret"
     - name: ARGS
       value:
         - apply
         - "-auto-approve"