📄️ Configuring Providers
In the context of the controller, cloud access credentials are embodied by the Provider Custom Resource Definition (CRD), a cluster-scoped resource. When defining a Terraform module, developers reference a provider using the spec.providerRef field, thereby establishing a connection between the resource and the corresponding credentials.
🗃️ Define Guardrails
3 items
📄️ Contexts
Contexts serve as a mechanism for sharing common configuration elements across Configurations. This resource type is scoped at the cluster level, allowing any Configuration within the cluster to utilize it.
📄️ Cloud Resources
This feature is only available from >= v0.4.0 releases
🗃️ Observability
1 item
📄️ Expose Costs
The cost integration feature enables developers to preview the associated costs before applying the terraform. This controller currently leverages infracost to predict the costs of a configuration, making the cost visible within the status of the Kubernetes object. This can be viewed by running kubectl get configuration.
📄️ Injecting Defaults
Through the implementation of policies, platform administrators are empowered to inject both variables and secrets into developer Configurations, addressing key use cases such as:
📄️ Drift Detection
Drift detection is a feature that periodically executes a Terraform plan on a Configuration to ensure that the expected state, as defined by the Terraform state, aligns with the actual cloud resources. To utilize drift detection, Configurations must explicitly opt-in through their specification.
📄️ Terraform State
Terraform maintains a state that encapsulates information about the managed infrastructure and configuration. This state serves as a critical component, enabling Terraform to establish a correlation between real-world resources and the corresponding configuration, manage metadata, and optimize performance for large-scale infrastructures. For a comprehensive understanding of Terraform state, we recommend consulting the official documentation.
📄️ Kubernetes RBAC
The following provides comprehensive guidance on the recommended roles and permissions in Kubernetes for consumers. To ensure a streamlined and efficient approach, all permissions are defined as a ClusterRole and bound locally within a namespace.
📄️ Customize Job Template
The controller utilizes a template to generate the final job configuration when a configuration change is initiated, such as for plan, apply, or destroy operations. This template incorporates options specified on the controller command line, custom policies, and the Terraform configuration itself. The aggregated options are then used to create a batch job, which is subsequently executed to implement the change. The default template for this process can be accessed here.
📄️ Additional Secrets
The controller provides the capability to inject supplementary secrets into the Terraform execution process. This feature is particularly useful for supplying additional credentials, API tokens, or custom configurations to jobs.