diff --git a/README.md b/README.md
index a138409..058c491 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
+
+
# terraform-kubernetes-tfc-cloud-agent
[](https://github.com/cloudposse/terraform-kubernetes-tfc-cloud-agent/releases/latest) [](https://slack.cloudposse.com) [](https://ask.sweetops.com/)
+
[![README Header][readme_header_img]][readme_header_link]
@@ -31,7 +34,6 @@ This project installs the Terraform Cloud Agent on an existing Kubernetes cluste
NOTE: Requires [Terraform Cloud Business or Terraform Enterprise](https://www.hashicorp.com/products/terraform/pricing) subscription.
-
---
This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
@@ -62,12 +64,37 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
+## Security & Compliance [
](https://bridgecrew.io/)
+
+Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.
+
+| Benchmark | Description |
+|--------|---------------|
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=SOC2)| Service Organization Control 2 Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance |
+| [](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-kubernetes-tfc-cloud-agent&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance |
+
+
## Usage
-**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
-Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-kubernetes-tfc-cloud-agent/releases).
+**IMPORTANT:** We do not pin modules to versions in our examples because of the
+difficulty of keeping the versions in the documentation in sync with the latest released versions.
+We highly recommend that in your code you pin the version to the exact version you are
+using so that your infrastructure remains stable, and update versions in a
+systematic way so that they do not catch you by surprise.
+
+Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)),
+the registry shows many of our inputs as required when in fact they are optional.
+The table below correctly indicates which inputs are required.
@@ -120,59 +147,73 @@ Available targets:
| Name | Version |
|------|---------|
-| terraform | >= 0.12.0, < 0.14.0 |
-| kubernetes | >= 1.12.0 |
+| [terraform](#requirement\_terraform) | >= 0.12.0, < 0.14.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 1.12.0 |
## Providers
| Name | Version |
|------|---------|
-| kubernetes | >= 1.12.0 |
+| [kubernetes](#provider\_kubernetes) | >= 1.12.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [this](#module\_this) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.19.2 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_deployment.tfc_cloud_agent](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service_account.service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| agent\_cli\_args | Extra command line arguments to pass to tfc-agent | `list` | `[]` | no |
-| agent\_envs | A map of any extra environment variables to pass to the TFC agent | `map` | `{}` | no |
-| agent\_image | Name and tag of Terraform Cloud Agent docker image | `string` | `"hashicorp/tfc-agent:latest"` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| deployment\_annotations | Annotations to add to the Kubernetes deployment | `map` | `{}` | no |
-| deployment\_name | Override the deployment name in Kubernetes | `string` | `null` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| kubernetes\_namespace | Kubernetes namespace override | `string` | `null` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| namespace\_creation\_enabled | Enable this if the Kubernetes namespace does not already exist | `bool` | `false` | no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| replicas | Number of replicas in the Kubernetes deployment | `number` | `1` | no |
-| resource\_limits\_cpu | Kubernetes deployment resource hard CPU limit | `string` | `"1"` | no |
-| resource\_limits\_memory | Kubernetes deployment resource hard memory limit | `string` | `"512Mi"` | no |
-| resource\_requests\_cpu | Kubernetes deployment resource CPU requests | `string` | `"250m"` | no |
-| resource\_requests\_memory | Kubernetes deployment resource memory requests | `string` | `"50Mi"` | no |
-| service\_account\_annotations | Annotations to add to the Kubernetes service account | `map` | `{}` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| tfc\_address | The HTTP or HTTPS address of the Terraform Cloud API. | `string` | `"https://app.terraform.io"` | no |
-| tfc\_agent\_data\_dir | The path to a directory to store all agent-related data, including
Terraform configurations, cached Terraform release archives, etc. It is
important to ensure that the given directory is backed by plentiful
storage. | `string` | `"~/.tfc-agent"` | no |
-| tfc\_agent\_disable\_update | Disable automatic core updates. | `bool` | `false` | no |
-| tfc\_agent\_log\_level | The log verbosity expressed as a level string. Level options include
"trace", "debug", "info", "warn", and "error" | `string` | `"info"` | no |
-| tfc\_agent\_single | Enable single mode. This causes the agent to handle at most one job and
immediately exit thereafter. Useful for running agents as ephemeral
containers, VMs, or other isolated contexts with a higher-level scheduler
or process supervisor. | `bool` | `false` | no |
-| tfc\_agent\_token | The agent token to use when making requests to the Terraform Cloud API.
This token must be obtained from the API or UI. It is recommended to use
the environment variable whenever possible for configuring this setting due
to the sensitive nature of API tokens. | `string` | `""` | no |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [agent\_cli\_args](#input\_agent\_cli\_args) | Extra command line arguments to pass to tfc-agent | `list` | `[]` | no |
+| [agent\_envs](#input\_agent\_envs) | A map of any extra environment variables to pass to the TFC agent | `map` | `{}` | no |
+| [agent\_image](#input\_agent\_image) | Name and tag of Terraform Cloud Agent docker image | `string` | `"hashicorp/tfc-agent:latest"` | no |
+| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [deployment\_annotations](#input\_deployment\_annotations) | Annotations to add to the Kubernetes deployment | `map` | `{}` | no |
+| [deployment\_name](#input\_deployment\_name) | Override the deployment name in Kubernetes | `string` | `null` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [kubernetes\_namespace](#input\_kubernetes\_namespace) | Kubernetes namespace override | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| [namespace\_creation\_enabled](#input\_namespace\_creation\_enabled) | Enable this if the Kubernetes namespace does not already exist | `bool` | `false` | no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [replicas](#input\_replicas) | Number of replicas in the Kubernetes deployment | `number` | `1` | no |
+| [resource\_limits\_cpu](#input\_resource\_limits\_cpu) | Kubernetes deployment resource hard CPU limit | `string` | `"1"` | no |
+| [resource\_limits\_memory](#input\_resource\_limits\_memory) | Kubernetes deployment resource hard memory limit | `string` | `"512Mi"` | no |
+| [resource\_requests\_cpu](#input\_resource\_requests\_cpu) | Kubernetes deployment resource CPU requests | `string` | `"250m"` | no |
+| [resource\_requests\_memory](#input\_resource\_requests\_memory) | Kubernetes deployment resource memory requests | `string` | `"50Mi"` | no |
+| [service\_account\_annotations](#input\_service\_account\_annotations) | Annotations to add to the Kubernetes service account | `map` | `{}` | no |
+| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| [tfc\_address](#input\_tfc\_address) | The HTTP or HTTPS address of the Terraform Cloud API. | `string` | `"https://app.terraform.io"` | no |
+| [tfc\_agent\_data\_dir](#input\_tfc\_agent\_data\_dir) | The path to a directory to store all agent-related data, including
Terraform configurations, cached Terraform release archives, etc. It is
important to ensure that the given directory is backed by plentiful
storage. | `string` | `null` | no |
+| [tfc\_agent\_disable\_update](#input\_tfc\_agent\_disable\_update) | Disable automatic core updates. | `bool` | `false` | no |
+| [tfc\_agent\_log\_level](#input\_tfc\_agent\_log\_level) | The log verbosity expressed as a level string. Level options include
"trace", "debug", "info", "warn", and "error" | `string` | `"info"` | no |
+| [tfc\_agent\_single](#input\_tfc\_agent\_single) | Enable single mode. This causes the agent to handle at most one job and
immediately exit thereafter. Useful for running agents as ephemeral
containers, VMs, or other isolated contexts with a higher-level scheduler
or process supervisor. | `bool` | `false` | no |
+| [tfc\_agent\_token](#input\_tfc\_agent\_token) | The agent token to use when making requests to the Terraform Cloud API.
This token must be obtained from the API or UI. It is recommended to use
the environment variable whenever possible for configuring this setting due
to the sensitive nature of API tokens. | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
-| namespace | Name of the Kubernetes namespace |
-| service\_account\_name | Name of the Kubernetes service account |
-
+| [namespace](#output\_namespace) | Name of the Kubernetes namespace |
+| [service\_account\_name](#output\_service\_account\_name) | Name of the Kubernetes service account |
@@ -184,6 +225,7 @@ Like this project? Please give it a ★ on [our GitHub](https://github.com/cloud
Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
+
## Related Projects
Check out these related projects.
@@ -191,8 +233,6 @@ Check out these related projects.
- [terraform-null-label](https://github.com/cloudposse/terraform-null-label) - Terraform module designed to generate consistent names and tags for resources. Use terraform-null-label to implement a strict naming convention.
-
-
## References
For additional context, refer to some of these links.
@@ -277,7 +317,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
## Copyrights
-Copyright © 2020-2020 [Cloud Posse, LLC](https://cloudposse.com)
+Copyright © 2020-2021 [Cloud Posse, LLC](https://cloudposse.com)
@@ -336,8 +376,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
### Contributors
+
| [![Dan Meyers][danjbh_avatar]][danjbh_homepage]
[Dan Meyers][danjbh_homepage] |
|---|
+
[danjbh_homepage]: https://github.com/danjbh
[danjbh_avatar]: https://img.cloudposse.com/150x150/https://github.com/danjbh.png
diff --git a/docs/terraform.md b/docs/terraform.md
index ba3cb14..4a9afea 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -3,57 +3,71 @@
| Name | Version |
|------|---------|
-| terraform | >= 0.12.0, < 0.14.0 |
-| kubernetes | >= 1.12.0 |
+| [terraform](#requirement\_terraform) | >= 0.12.0, < 0.14.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 1.12.0 |
## Providers
| Name | Version |
|------|---------|
-| kubernetes | >= 1.12.0 |
+| [kubernetes](#provider\_kubernetes) | >= 1.12.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [this](#module\_this) | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.19.2 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [kubernetes_deployment.tfc_cloud_agent](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment) | resource |
+| [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_secret.secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource |
+| [kubernetes_service_account.service_account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
-| agent\_cli\_args | Extra command line arguments to pass to tfc-agent | `list` | `[]` | no |
-| agent\_envs | A map of any extra environment variables to pass to the TFC agent | `map` | `{}` | no |
-| agent\_image | Name and tag of Terraform Cloud Agent docker image | `string` | `"hashicorp/tfc-agent:latest"` | no |
-| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
-| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
-| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
-| deployment\_annotations | Annotations to add to the Kubernetes deployment | `map` | `{}` | no |
-| deployment\_name | Override the deployment name in Kubernetes | `string` | `null` | no |
-| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
-| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| id\_length\_limit | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| kubernetes\_namespace | Kubernetes namespace override | `string` | `null` | no |
-| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
-| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
-| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
-| namespace\_creation\_enabled | Enable this if the Kubernetes namespace does not already exist | `bool` | `false` | no |
-| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
-| replicas | Number of replicas in the Kubernetes deployment | `number` | `1` | no |
-| resource\_limits\_cpu | Kubernetes deployment resource hard CPU limit | `string` | `"1"` | no |
-| resource\_limits\_memory | Kubernetes deployment resource hard memory limit | `string` | `"512Mi"` | no |
-| resource\_requests\_cpu | Kubernetes deployment resource CPU requests | `string` | `"250m"` | no |
-| resource\_requests\_memory | Kubernetes deployment resource memory requests | `string` | `"50Mi"` | no |
-| service\_account\_annotations | Annotations to add to the Kubernetes service account | `map` | `{}` | no |
-| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
-| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
-| tfc\_address | The HTTP or HTTPS address of the Terraform Cloud API. | `string` | `"https://app.terraform.io"` | no |
-| tfc\_agent\_data\_dir | The path to a directory to store all agent-related data, including
Terraform configurations, cached Terraform release archives, etc. It is
important to ensure that the given directory is backed by plentiful
storage. | `string` | `"~/.tfc-agent"` | no |
-| tfc\_agent\_disable\_update | Disable automatic core updates. | `bool` | `false` | no |
-| tfc\_agent\_log\_level | The log verbosity expressed as a level string. Level options include
"trace", "debug", "info", "warn", and "error" | `string` | `"info"` | no |
-| tfc\_agent\_single | Enable single mode. This causes the agent to handle at most one job and
immediately exit thereafter. Useful for running agents as ephemeral
containers, VMs, or other isolated contexts with a higher-level scheduler
or process supervisor. | `bool` | `false` | no |
-| tfc\_agent\_token | The agent token to use when making requests to the Terraform Cloud API.
This token must be obtained from the API or UI. It is recommended to use
the environment variable whenever possible for configuring this setting due
to the sensitive nature of API tokens. | `string` | `""` | no |
+| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no |
+| [agent\_cli\_args](#input\_agent\_cli\_args) | Extra command line arguments to pass to tfc-agent | `list` | `[]` | no |
+| [agent\_envs](#input\_agent\_envs) | A map of any extra environment variables to pass to the TFC agent | `map` | `{}` | no |
+| [agent\_image](#input\_agent\_image) | Name and tag of Terraform Cloud Agent docker image | `string` | `"hashicorp/tfc-agent:latest"` | no |
+| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no |
+| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
}) | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_order": [],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {}
} | no |
+| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
+| [deployment\_annotations](#input\_deployment\_annotations) | Annotations to add to the Kubernetes deployment | `map` | `{}` | no |
+| [deployment\_name](#input\_deployment\_name) | Override the deployment name in Kubernetes | `string` | `null` | no |
+| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
+| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
+| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no |
+| [kubernetes\_namespace](#input\_kubernetes\_namespace) | Kubernetes namespace override | `string` | `null` | no |
+| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no |
+| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no |
+| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no |
+| [namespace\_creation\_enabled](#input\_namespace\_creation\_enabled) | Enable this if the Kubernetes namespace does not already exist | `bool` | `false` | no |
+| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
+| [replicas](#input\_replicas) | Number of replicas in the Kubernetes deployment | `number` | `1` | no |
+| [resource\_limits\_cpu](#input\_resource\_limits\_cpu) | Kubernetes deployment resource hard CPU limit | `string` | `"1"` | no |
+| [resource\_limits\_memory](#input\_resource\_limits\_memory) | Kubernetes deployment resource hard memory limit | `string` | `"512Mi"` | no |
+| [resource\_requests\_cpu](#input\_resource\_requests\_cpu) | Kubernetes deployment resource CPU requests | `string` | `"250m"` | no |
+| [resource\_requests\_memory](#input\_resource\_requests\_memory) | Kubernetes deployment resource memory requests | `string` | `"50Mi"` | no |
+| [service\_account\_annotations](#input\_service\_account\_annotations) | Annotations to add to the Kubernetes service account | `map` | `{}` | no |
+| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
+| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no |
+| [tfc\_address](#input\_tfc\_address) | The HTTP or HTTPS address of the Terraform Cloud API. | `string` | `"https://app.terraform.io"` | no |
+| [tfc\_agent\_data\_dir](#input\_tfc\_agent\_data\_dir) | The path to a directory to store all agent-related data, including
Terraform configurations, cached Terraform release archives, etc. It is
important to ensure that the given directory is backed by plentiful
storage. | `string` | `null` | no |
+| [tfc\_agent\_disable\_update](#input\_tfc\_agent\_disable\_update) | Disable automatic core updates. | `bool` | `false` | no |
+| [tfc\_agent\_log\_level](#input\_tfc\_agent\_log\_level) | The log verbosity expressed as a level string. Level options include
"trace", "debug", "info", "warn", and "error" | `string` | `"info"` | no |
+| [tfc\_agent\_single](#input\_tfc\_agent\_single) | Enable single mode. This causes the agent to handle at most one job and
immediately exit thereafter. Useful for running agents as ephemeral
containers, VMs, or other isolated contexts with a higher-level scheduler
or process supervisor. | `bool` | `false` | no |
+| [tfc\_agent\_token](#input\_tfc\_agent\_token) | The agent token to use when making requests to the Terraform Cloud API.
This token must be obtained from the API or UI. It is recommended to use
the environment variable whenever possible for configuring this setting due
to the sensitive nature of API tokens. | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
-| namespace | Name of the Kubernetes namespace |
-| service\_account\_name | Name of the Kubernetes service account |
-
+| [namespace](#output\_namespace) | Name of the Kubernetes namespace |
+| [service\_account\_name](#output\_service\_account\_name) | Name of the Kubernetes service account |
diff --git a/main.tf b/main.tf
index dd4b4a7..c33cafd 100644
--- a/main.tf
+++ b/main.tf
@@ -77,10 +77,6 @@ resource "kubernetes_deployment" "tfc_cloud_agent" {
name = "TFC_AGENT_LOG_LEVEL"
value = var.tfc_agent_log_level
}
- env {
- name = "TFC_AGENT_DATA_DIR"
- value = var.tfc_agent_data_dir
- }
env {
name = "TFC_AGENT_SINGLE"
value = var.tfc_agent_single
@@ -93,6 +89,13 @@ resource "kubernetes_deployment" "tfc_cloud_agent" {
name = "TFC_ADDRESS"
value = var.tfc_address
}
+ dynamic "env" {
+ for_each = var.tfc_agent_data_dir == null ? [] : [1]
+ content {
+ name = "TFC_AGENT_DATA_DIR"
+ value = var.tfc_agent_data_dir
+ }
+ }
dynamic "env" {
for_each = var.agent_envs
content {
diff --git a/variables.tf b/variables.tf
index 0912b49..9940666 100644
--- a/variables.tf
+++ b/variables.tf
@@ -74,7 +74,7 @@ variable "tfc_agent_log_level" {
variable "tfc_agent_data_dir" {
type = string
- default = "~/.tfc-agent"
+ default = null
description = <<-EOF
The path to a directory to store all agent-related data, including
Terraform configurations, cached Terraform release archives, etc. It is