search

GalleyBytes / terraform-operator

A Kubernetes CRD to handle terraform operations
http://tf.galleybytes.com
Apache License 2.0
364 stars 47 forks source link

init pod shows error state and terraform fails to deploy #72

Closed dniasoff closed 2 years ago

dniasoff commented 2 years ago

Trying to deploy the following terraform module

apiVersion: tf.isaaguilar.com/v1alpha1
kind: Terraform
metadata:
  name: external-dns-service-principal
  namespace: tf-system
spec:
  terraformVersion: 1.0.9
  customBackend: |-
    terraform {
      backend "kubernetes" {
        secret_suffix    = "external-dns-service-principal"
        in_cluster_config  = true
      }
    }
  ignoreDelete: false
  terraformModule: https://github.com/QumulusTechnology/terraform-azure-enterprise-application.git
  credentials:
  - secretNameRef:
      name: azure-session-credentials
  env:
  - name: TF_VAR_name
    value: external-dns-service-principal

Getting the following error Noticed this error in pod logs

Initializing the backend...
╷
│ Error: Failed to get existing workspaces: secrets is forbidden: User "system:serviceaccount:tf-system:tf-external-dns-service-principal-bkpnv2rm-v2" cannot list resource "secrets" in API group "" in the namespace "default"
│

Thanks for a great project and amazing concept

dniasoff commented 2 years ago

Issue is resolved if I use default namespace instead of tf-system (for both helm install and above yaml) but would prefer not to

isaaguilar commented 2 years ago

I think the "kubernetes" terraform backend will default to "default" if not specified. You should be able to change this:

    terraform {
      backend "kubernetes" {
        secret_suffix    = "external-dns-service-principal"
+       namespace = "tf-system"
        in_cluster_config  = true
      }
    }
dniasoff commented 2 years ago

Thanks :)