This Terraform module uses the Kubernetes provider and beta Kubernetes manifest resource to install the Terraform Cloud Operator for Kubernetes.
By default, it creates a namespace and two secrets named terraformrc and workspacesecrets. The operator
is installed in the provided namespace.
Example Usage:
# main.tf
provider "kubernetes" {
config_path = "~/.kube/config"
experiments = {
manifest_resource = true
}
}
module "terraform-cloud-operator" {
source = "hashicorp/terraform-cloud-operator/kubernetes"
version = "0.0.1"
operator_namespace = "demo"
workspace_secrets = {
AWS_ACCESS_KEY_ID = var.aws_access_key_id
AWS_SECRET_ACCESS_KEY = var.aws.secret_access_key
}
}
This configuration uses the kubeconfig to configure the kubernetes provider, enables the manifest resource and provisions the 0.0.1 version of the Terraform Cloud Operator module into a workspace named demo. It also creates and populates two secret entries in workspacesecrets.
| Name | Version |
|---|---|
| kubernetes | >= 2.4.0 |
| Name | Version |
|---|---|
| kubernetes | >= 2.4.0 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_namespace | By default, the module will create a namespace in which to install the operator. | bool |
true |
no |
| create_secrets | By default, the module will create two secrets named terraformrc and workspacesecrets. | bool |
true |
no |
| image_k8s | The name (and tag) of the terraform-k8s Docker image that is used for functionality such as workspace sync. This can be overridden per component. | string |
"hashicorp/terraform-k8s:1.0.0" |
no |
| insecure | If true it disables certificate validation for all outbound HTTPS connection the operator has to do. It can be used when connecting to TFE instances with self-signed certificates. | bool |
false |
no |
| k8_watch_namespace | The Kubernetes namespace to watch for workspace changes and sync to Terraform Cloud. If this is not set then it will default to the release namespace. | string |
"null" |
no |
| log_level | WARNING: use only on terraform-k8s versions > 1.0.0. Configure optional flag to adjust log level verbosity. Can be one of 'debug', 'info', 'error'. Defaults to 'debug'. | string |
"null" |
no |
| operator_namespace | The namespace in which to install the operator and monitor for Workspaces. | string |
n/a | yes |
| terraform_credentials_path | Specify the relative path to the file that contains your Terraform Cloud Team API token. | string |
"credentials" |
no |
| terraform_version | Describes the version of Terraform to use for each workspace. If this is not set then it will default to the latest version of Terraform compiled with the operator. | string |
"latest" |
no |
| tfe_address | Denotes the address in the form of https://tfe.local for a Terraform Enterprise instance. If this is not set then it will default to Terraform Cloud (https://app.terraform.io). | string |
"https://app.terraform.io" |
no |
| workspace_secrets | Add sensitive variables, such as your cloud provider credentials, to the workspace. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| deployment_name | https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment#name |