AzBuilder / terrakube

Open source IaC Automation and Collaboration Software.
https://docs.terrakube.io
Apache License 2.0
515 stars 44 forks source link

Multiple AWS account support #1396

Closed BenjaminDecreusefond closed 2 weeks ago

BenjaminDecreusefond commented 2 weeks ago

Feature description 💡

Hi !

I was wondering if it was possible to run apply on different accounts during a single run, for instance pull a resource from an account (admin one) and use the value pulled into another account ?

Regards !

Anything else?

No response

alfespa17 commented 2 weeks ago

I think you have two options.

1 - Simply use two providers with different alias and secrets something like this:

provider "aws" {
  region     = "us-west-1"
  access_key = var.access_key1
  secret_key = var.secret_key1
  alias  = "provider1"
}

provider "aws" {
  region     = "us-west-1"
  access_key = var.access_key2
  secret_key = var.secret_key2
  alias  = "provider2"
}

2 - Manage a workspace with the information that you need with one provider and use other workspace to read the information from the shared state.

data "terraform_remote_state" "remote_creation_time" {
  backend = "remote"
  config = {
    organization = "simple"
    hostname = "8080-azbuilder-terrakube-vg8s9w8fhaj.ws-us102.gitpod.io"
    workspaces = {
      name = "simple_tag1"
    }
  }
}

resource "null_resource" "previous" {}

resource "time_sleep" "wait_30_seconds" {
  depends_on = [null_resource.previous]

  create_duration = data.terraform_remote_state.remote_creation_time.outputs.creation_time
}

resource "null_resource" "next" {
  depends_on = [time_sleep.wait_30_seconds]
}
BenjaminDecreusefond commented 2 weeks ago

Thank you ! I have a better understanding now, I think everything lies in the executor configurations. Just a last question sorry. If I set the replicaCount to 3 for executor will terrakube automatically assign runs to the 3 of them ? Or is there additionnal set up to do ?

alfespa17 commented 2 weeks ago

Thank you ! I have a better understanding now, I think everything lies in the executor configurations. Just a last question sorry. If I set the replicaCount to 3 for executor will terrakube automatically assign runs to the 3 of them ? Or is there additionnal set up to do ?

The job will be only executed in 1, you don't need to do any additional setup, unless you are deploying the executor in a different cluster or a different name space

BenjaminDecreusefond commented 2 weeks ago

What if there are severals jobs at once ? The executor will run them all together ?

alfespa17 commented 2 weeks ago

What if there are severals jobs at once ? The executor will run them all together ?

It can run several jobs from different workspaces together at the same time

BenjaminDecreusefond commented 2 weeks ago

Sorry for spamming but, I have a question regarding keycloak. I managed to create a group "TERRAKUBE_ADMIN" on keycloak and then login to terrakube it seems that I have admin rights but I can't edit any workspace from the UI. Is there any docs that I might have missed ? I'd like to have full full privilege on terrakube as platform administrator

BenjaminDecreusefond commented 2 weeks ago

What if there are severals jobs at once ? The executor will run them all together ?

It can run several jobs from different workspaces together at the same time

Thank you ! That was the information I was looking for !

alfespa17 commented 2 weeks ago

Sorry for spamming but, I have a question regarding keycloak. I managed to create a group "TERRAKUBE_ADMIN" on keycloak and then login to terrakube it seems that I have admin rights but I can't edit any workspace from the UI. Is there any docs that I might have missed ? I'd like to have full full privilege on terrakube as platform administrator

The admin group can only create organizations and manage team access, if you want to manage workspaces inside the organization you will need to add the same team that you are using as admin to the "teams setup"

https://docs.terrakube.io/user-guide/organizations/team-management

BenjaminDecreusefond commented 2 weeks ago

Thank you very much ! You are right, my bad for that !

Have a good week-end !