See Learn Guides for more information.
-
Set up Terraform Cloud credentials, as noted here.
-
Clone this repository
-
TF Helper - using fork because there is a missing colon in a bash script
-
Terraform 0.12
-
Azure & GCP Credentials
This is similar experience to running Terraform locally, via CLI.
-
cd azure
-
terraform init -backend-config=backend.conf
-
Go to Terraform Cloud. You should see the workspace in the console.
-
In General Settings, notice:
- The workspace has been created with default remote settings.
- Terraform version can be selected.
-
With remote, need to add variables to workspace.
-
For general variables, you can add them in the UI.
cat azure.tfvars
-
For secrets & credentials, you can use the API to push them up.
tfh pushvars -svar client_id=$TF_VAR_client_id \ -svar client_secret=$TF_VAR_client_secret \ -svar tenant_id=$TF_VAR_tenant_id \ -svar subscription_id=$TF_VAR_subscription_id
-
-
Run
terraform plan
. Notice that the variables auto-populate and the plan output shows the variables we updated on the workspace. -
Run
terraform apply
. If you go to the console, notice that the plan has stopped. It is queued for approval. When I approve on CLI, this triggers the approval. -
To destroy, we need to add the environment variable
CONFIRM_DESTROY=1
to the workspace.
This integrates a VCS provider and allows us to do pull request automation.
-
Go to Terraform Cloud and click on the Organization's settings.
-
Follow the VCS integration guide and set up the VCS provider of your choice.
-
cd gcp
-
Let's initialize a workspace. We use a backend configuration that contains a workspace prefix, so we need to create and select the workspaces.
terraform init -backend-config=backend.conf terraform workspace new production terraform workspace select production
-
Go to Terraform Cloud. You should see the workspace in the console.
-
Set up the workspace to use the VCS provider.
-
Under Settings -> General, enter the
gcp
working directory. -
Under Settings -> Version Control, set up the repository.
-
-
With remote, need to add variables to workspace.
tfh pushvars -svar project=$TF_VAR_project \ -svar credentials="$TF_VAR_credentials" \ -var region=$TF_VAR_region \ -var subnet_cidr=$TF_VAR_subnet_cidr \ -var cluster_name=$TF_VAR_cluster_name
-
Create a new branch.
git checkout -b qa
-
Set up a new workspace.
terraform workspace new qa
-
Set up the workspace to use the VCS provider.
-
Under Settings -> General, select "auto-apply" and enter the
gcp
working directory. -
Under Settings -> Version Control, set up the repository and set auto-triggering to always trigger on run.
-
-
Push up the variables.
tfh pushvars -svar project=$TF_VAR_project \ -svar credentials="$TF_VAR_credentials" \ -var region=$TF_VAR_region \ -var subnet_cidr=$TF_VAR_subnet_cidr \ -var cluster_name=$TF_VAR_cluster_name \ -env-var CONFIRM_DESTROY=1
-
Push the branch.
git push origin qa
-
Configure Settings -> Version Control to use the branch
qa
. -
Queue plan to create an environment that mimics production.
-
This branch is currently parity with production in configuration, so we'll going to add a new subnet (just as an example).
-
Commit and push to the
qa
branch. -
Go to the Terraform Cloud console and point out the commit logged and trigger by the change.
-
Create a pull request from Github. Within the PR, we see some new checks being generated that reference Terraform Cloud.
-
When we merge, it will automatically get added to master.