Closed joshgamache closed 6 months ago
Here are the directions that we used for the migration in cas-cif. These may need to be slightly rewritten to accomodate usage outside that.
/chart/cas-cif
), then to the terraform
directory within that.terraform@ggl-cas-storage.iam.gserviceaccount.com
credentials from the CAS 1Password (named cas-pipeline/gcp-tf-credentials.json) and place them in the Helm chart's Terraform directory (e.g. `/chart/cas-cif/terraform/credentials.json). WARNING: Do not commit these to Git or Helm!migration_example.tfvars
named local.tfvars
. Fill in the values for the various keys based on the project you are in. (See 1Password item named Migration local.tfvars base for reusable values)oc project {NAMESPACE_WITH_ENVIRNMENT}
(e.g. oc project c1234-dev
).local.tfvars
file in the kubernetes_token
key. gcp-credentials-secret
.tf_backend
with oc get secret gcp-credentials-secret -o go-template --template="{{.data.tf_backend|base64decode}}" > gcp-dev.tfbackend
. Change the target file name (e.g. gcp-dev.tfbackend
) depending on the environment (dev, test, prod). NOTE: Ensure that the bucket
value from this file matches your intended namespace!gcp-dev.tfbackend
in your code editor and change the key credentials
to the value credentials.json
. This is the path of the credentials file from step 2.terraform init -backend-config=gcp-dev.tfbackend
.terraform plan -var-file=local.tfvars
to ensure the state was created. This command is expected to want to create a number of new items. temp-state
directory within your current directory where Terraform is being run (e.g. /chart/cas-cif/terraform
=> /chart/cas-cif/terraform/temp-state
).terraform state pull > ./temp-state/local.tfstate
.tfcloud.tfstate
and place it in the temp-state
directory. This can be acquired via cloud.terraform.com or via a CLI command (TODO: Figure out this command)../tf-migrate.sh
. (See [[Shadowing with Josh L#Further notes for tf-migrate.sh script]] below)../tf-migration.sh
.terraform state push "./temp-state/local.tfstate"
.terraform state list
(should expect a list of resources) and then run terraform plan -var-file=local.tfvars
.cas-silver
workspace
I want move the migration script used in cas-cif to cas-pipeline along with it's directions because we will be reusing the same pattern and script on other repos and this will help me to remove our reliance on Terraform Cloud.
Acceptance criteria:
Consideration and notes
If the time allows, it would be better to have a make file to preform all (or as many) of the steps required. But only if the time spent in that is less than just following the directions for each subsequent repo.