Deploy Infrastructure with Terraform.
This task supports applying a Terraform configuration.
NOTICE: This is experimental and anything is subject to change or even removal.
The Terraform configuration is associated with a state file unique to the target-environment.
This task provides a terraform kubernetes backend (see https://developer.hashicorp.com/terraform/language/settings/backends/kubernetes). The secret_suffix used is component-target-environment.
In the future other backends shall be supported as needed where S3 support is an obvious candidate
This task runs the following terraform commands in sequence:
-
terraform initwith parameters to configure the backend and with env variable TF_PLUGIN_CACHE_DIR set to cache the provider plugins. -
terraform planif no changes are detected or parameterplan-onlyis true tno actual deployments happen. -
terraform applyto apply the changes to the target environment.
It is assumed that secrets needed to connected to the infrastructure managed by terraform are provided with environment variables. The task by default expects a kubernetes secret which is used to derived the needed environment variables from. This can be switched off by setting env-from-secret to "false" in case variables are already provided by other means (such as a podTemplate) or not needed.
This mechanism is the means to provide secret terraform input variables.
Based on the target environment, additional .tfvar files are added automatically via input option
to the invocation of the terraform plan/apply command if they are present in the terraform directory:
-
terraform.<ENV>.tfvar: a.tfvarfile named after the target environment. -
terraform.<ENV>.tfvar.json: a.tfvarfile in json format named after the target environment.
If the pipeline runs for a repository defining subrepos in its ods.y(a)ml
file, then any terraform configs in those subrepos are processed as well. Note that parameters definitions considered are only the ones defined in the repository for which the pipeline
runs. Therefore, if you use an umbrella repository to promote an
application consisting of multiple repositories, the umbrella repository
needs to define the environment specific values for the subcomponents.
The following artifacts are generated by the task and placed into .ods/artifacts/
-
deployments/-
[<hyphenated-terraform-dir>-]plan-<env>.txt -
<subrepo.name>-[<hyphenated-terraform-dir>-]plan-<env>.txt
-
where <hyphenated-terraform-dir> is only used if parameter terraform-dir is not the default (./terraform)
| Parameter | Default | Description |
|---|---|---|
terraform-dir |
./terraform |
Directory containing terraform files (in the Terraform language). These define the configuration to be applied. |
target-environment |
dev |
Terraform state file suffix (tfstate-default-{target-environment}) |
apply-extra-args |
Extra arguments to pass to terraform apply. |
|
plan-extra-args |
Extra arguments to pass to terraform plan. |
|
plan-only |
false |
If set to true, the task will do a terraform plan, and then stop. |
env-from-secret |
true |
Whether to derive env variables from the k8s secret terraform-var-{target-environment}. |
verbose |
false |
More verbose output. DEBUG also implies verbose |