search

GalleyBytes / terraform-operator

A Kubernetes CRD to handle terraform operations
http://tf.galleybytes.com
Apache License 2.0
366 stars 47 forks source link

offline setup - disconnected environment #128

Open abdennour opened 1 year ago

abdennour commented 1 year ago

overview

Trying to execute the example but it includes public links.

challenge

we are running infra behind proxy

isaaguilar commented 1 year ago

Hi @abdennour Thanks for trying tfo out. The urls do not have to be public as they are in the example. It's hard to give a good example that does not use public links because the uses of terraform vary widely from org to org. But if you wanted to try getting started and have an internal endpoint accessible. Other options are inline modules or configmap modules. Here is an example of an inline module:

apiVersion: tf.isaaguilar.com/v1alpha2
kind: Terraform
metadata:
  name: simple-template-example
  namespace: default
spec:
  terraformVersion: 1.0.0
  # Pull this module to execute
  terraformModule:
    # source: <REPLACE_ME>  example: https://git.example.com/myorg/mymodule
    inline: |-
      terraform {    
        required_providers {
          local  = "~> 2.2"
          random = "~> 2.2"
        }
      }

      variable "example" {
        description = "Example variable"
        default     = "hello world"
      }

      resource "random_integer" "id" {
        min = 1
        max = 50000
        keepers = {
          example = var.example
        }
      }

      locals {
        example = format("%v %v", var.example, join("", random_integer.id[*].result))
      }

      output "example" {
        description = "Example output"
        value       =  local.example 
      }

      output "id" {
        description = "Stable random number for this example"
        value       = join("", random_integer.id[*].result) 
      }

  # Use kubernetes as a backend which is available for terraform >= v0.13
  backend: |-
    terraform {
      backend "kubernetes" {
        secret_suffix      = "simple-template-example"
        in_cluster_config  = true
        namespace          = "default"
      }
    }
  ignoreDelete: false
  keepLatestPodsOnly: true
abdennour commented 1 year ago

Awesome! And thanks for the example. Let's say I want to use the Nutanix module, how it will work? Also let's I want to use vault as backend or s3 as backend , how it will work too ?

rajewluk commented 1 year ago

@isaaguilar Looks like the issue or question is still valid. First, the bash scripts for default tasks are being downloaded from the github. This can be changed by including setup and tf scripts in the CR definition so they are taken from the inline source, configmap, or internal source. The issue is unfortunately still valid for any terraform stage pods/jobs. Although we can specify the docker image for them, which comes from the internal (behind the firewall) registry, the operator and CRD does not allow setting imagePullSecrets for such an internal registry. In consequence, the images cannot be pulled from such a registry. So, in order to fix it, CRD must support imagePullSecrets option, and the operator, when creating pods/jobs, must use it.