This is an experimental version meant to get started and enable concrete feedback on some of the choices made, such as:
Use terraform despite license. OpenTofu could be better, but might be a separate task.
Minimal setup with a fixed version of terraform. Perhaps one should support tfenv.
No support for testing. This is expected to be better done in a separate task.
Utilize TF_PLUGIN_CACHE_DIR in .ods/cache/deps/terraform to support caching of provider versions.
Derive environment variables from kubernetes secret `terraform-var-{{target-environment}}. Currently it appears that tekton has no mechanism to allow for injecting arbitrary env variables unless I overlooked something. One can opt out in case this is not needed.
The kubernetes backend requires permissions to list secrets. I am not sure why this is needed. In the e2e tests an admin role is used but inpractice one should instead have a secret reader role perhaps associated with ods-pipeline.
Support for an umbrella repo is modeled after ods-pipeline-helm. However for each sub repo a separate terraform init/plan/apply happens, so it would not be fused together. At the moment there is no test coverage for that.
In addition future work which would likely make sense is:
Support S3 backends in addition to kubernetes backend.
Fixes #1
Please read
docs/deploy.adoc.This is an experimental version meant to get started and enable concrete feedback on some of the choices made, such as:
.ods/cache/deps/terraformto support caching of provider versions.In addition future work which would likely make sense is: