search

hashicorp / terraform-cloud-operator

Kubernetes Operator allows managing HCP Terraform resources via Kubernetes Custom Resources.
https://developer.hashicorp.com/terraform/cloud-docs
Mozilla Public License 2.0
114 stars 27 forks source link

Option to avoid creating empty output resources (ConfigMaps/Secrets) #425

Open nabadger opened 1 month ago

nabadger commented 1 month ago

Description

In our use-case, we don't make use of Workspace or Module outputs. I've noticed that these resources are still created with empty data.

It would be beneficial to have the option to avoid creating these empty resources.

The potential benefits are:

  1. Less resources on k8s. We actually impl. ResourceQuotas here and hit this - it was only then that I noticed they were empty. I'm not sure this was the case with the v1 operator which seems to have them populated.
  2. Less reconciliation work for the controllers todo

If we went down the route of not writing out the secret, then it could be a breaking feature since applications may be relying on these (i.e. referencing them in their Deployment manifests.

I therefore think we should have options around this, perhaps something like:

createOutputResourcesIfEmpty: true|false  # default true

Potential YAML Configuration

apiVersion: app.terraform.io/v1alpha2
kind: Module
metadata:
  name: this
spec:
  organization: kubernetes-operator
  token:
    secretKeyRef:
      name: tfc-operator
      key: token
  destroyOnDeletion: true
  module:
    source: app.terraform.io/kubernetes-operator/module-random/provider
    version: 0.0.5
  variables:
  - name: counter
  createOutputResourcesIfEmpty: true|false  # default true  
  outputs:
  - name: secret
    sensitive: true
  - name: random_strings
  workspace:

Regarding an option to disable outputs entirely, I suspect this would have to be a cmd-line arg to the controller.

References

https://github.com/hashicorp/terraform-cloud-operator/issues/418

Community Note