Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Terraform Runner #59

Closed
16 tasks done
chanwit opened this issue Jan 24, 2022 · 6 comments
Closed
16 tasks done

Implement Terraform Runner #59

chanwit opened this issue Jan 24, 2022 · 6 comments
Assignees
@chanwit @phoban01
Labels
area/multi-tenancy
Milestone
Q1-2022

Comments

@chanwit
Copy link
Collaborator

chanwit commented Jan 24, 2022
edited
Loading

Terraform Runner is a sub system of TF-controller.
It is responsible for running Terraform commands at the different stages.
Terraform Runner is a part of supporting multi-tenancy #43

Requirements

High Level Diagram

TF-controller SA
@chanwit chanwit self-assigned this Jan 24, 2022
@phoban01
Copy link
Contributor

Couple of additional thoughts on this:

  • Will we aim to support persistence for the Terraform Runner Pod? This would be required for caching providers etc... Introduces a little complexity as may require a TerraformStatefulRunner in addition to an (ephemeral/one-shot) TerraformRunner.
  • Is it our intention to handle TLS generation/rotation within the controller code a la Gatekeeper or can we offload this to cert-manager? It may reduce the initial effort if cert-manager can handle it.
  • How is reconcile state distributed between controller & runner, i.e. what does .status.conditions look like for the runner? This has knock on implications for how we handle communication and trigger the reconcile loop in tf-controller. I think communicating via status conditions should be the preferred route but it might also be possible to do something similar to flux/notification controller using a gRPC call.

@chanwit
Copy link
Collaborator Author

chanwit commented Jan 25, 2022

Will we aim to support persistence for the Terraform Runner Pod? This would be required for caching providers etc... Introduces a little complexity as may require a TerraformStatefulRunner in addition to an (ephemeral/one-shot) TerraformRunner.

This is a good question. I'm thinking of it as a stateless system. Runner Pod is a gRPC server which allows to crash.

Is it our intention to handle TLS generation/rotation

We'll do our own TLS generation, yes. A goal is to make the controller self-contained

How is reconcile state distributed between controller & runner

Reconciliation process happens only inside the controller using the current set of logics.
Runner Pod will be issued a command, and send output back to the Controller, via gRPC, just like we run that command locally.

@chanwit
Copy link
Collaborator Author

chanwit commented Jan 25, 2022
edited
Loading

I'll get the first version of POC out. We can then discuss and move it forward.

This was referenced Jan 28, 2022
Merged
Closed
@chanwit chanwit pinned this issue Jan 30, 2022
@chanwit
Copy link
Collaborator Author

chanwit commented Jan 31, 2022

@phoban01 would you like to further split this epic into other issues?

@phoban01
Copy link
Contributor

@chanwit Looks alright to me.

@chanwit chanwit added this to the Q1 milestone Feb 10, 2022
@chanwit
Copy link
Collaborator Author

chanwit commented Feb 17, 2022

Work done enough to close this issue. We'll fix other related issues along the way.

@chanwit chanwit closed this as completed Feb 17, 2022
@chanwit chanwit unpinned this issue Feb 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chanwit chanwit

@phoban01 phoban01

Labels
area/multi-tenancy
Projects
None yet
Milestone
Q1-2022
Development

No branches or pull requests
2 participants
@chanwit @phoban01