To set up your local working environment run:
. <(pass terraform/secrets.sh)
- Set AWS environment variables
. ./import-docker-worker-secrets.sh
terraform init
To run this do:
- (setup steps above)
- Use
terraform validate|plan|apply
The validate
step does not make any changes to the actual deployment. The
plan
operation does not make changes but does acquire the state lock in order
to run. The apply
step will acquire the state lock, but will only make
changes if necessary.
Any secrets added should be documented as variables in secrets.tf
and added
to the terraform/secrets.sh
script in password-store.
Kubernetes is managed with kops.
If the state becomes locked because a process fails:
- Open the Azure portal
- Navigate to the tcterraformstate account
- Navigate to the tfstate container
- Find the blob in the "Leased" state
- Click the "..." menu and select "Break Lease".
In static-services.tf
each service has both a image_tag
and image_hash
field that can be updated to deploy a new version of the service. The
image_hash
is the sha256 Digest
of an image. Once you update this field and
terraform apply
, the ec2 instance will be replaced by a new one (this does
involve downtime!) and the eip will be hooked into the new instance.