loodse / kubeterra Goto Github PK

Besides autoApprove workflow there should be "just" (without auto) approve possibility.

The terraform state needs to be kept persistent and up-to-date as much as possible especially for long running terraform operations.

Create examples on how to use KubeTerra with AWS.

Not everyone will need/want to save state in TerraformState object so httpbackend should be optional.

TerraformConfiguration and TerraformPlan have status.phase fields, implement updating it on phase change.

ref: https://github.com/kubermatic/template-project

This issue is a placeholder to show of diagram of information flow though the controllers

A wrapper / launcher / image entrypoint for terraform worker pods, that will act as a proxy between terraform and TerraformState object.

Once TerraformConfiguration is removed, terraform destroy pod should be triggered.

kubeterra export command to read from cluster when given TerraformConfiguration object name.

Dump contents of TerraformConfiguration:

• spec.configuration -> main.tf
• spec.values -> terraform.tfvars
• if case when volumes reference secrets and/or configMaps and not references in env/envFrom, fetch their contents as files

Dump contents of TerraformState:

• spec.state -> terraform.tfstate

Once created, print instructions on how to proceed next.

• tell about ENV credentials that might be needed
• tell about possible need to adjust paths to file if any

Figure out how to deploy KubeTerra on a Kubernetes cluster.
(Helm Chart/kustomize)

KMS systems should be used to retrieve secrets for terraform runs.

Example KMS: AWS KMS, Vault.

Terraform may delete parts of the created infrastructure when inputs or references change, so a machanism to (automatically) review the changes and aprove them (similar to terraform plan) with KubeTerra is needed.

Add ability to periodically schedule terraform runs.

API types kubeterra/v1alpha1 created after schema from #6

kubeterra import command, when run inside the directory with terraform config should create TerraformConfuguration object.

Files to import:

• contact all *.tf files -> goes to spec.configuration
• contact terraform.tfvars + *.auto.tfvars if presented -> goes to spec.values
• always spec.autoApprove=false
• always spec.paused=true

Once created, print instructions on how to proceed next.

• tell about spec.template.env and spec.template.envFrom (to configure credentials)
• tell about spec.template.volumes and spec.template.volumeMounts to configure some additional files (like ssh keys)
• tell about spec.paused to unpause the processing of TerraformConfuguration.