Terraform Code Engine Module
-green){kind=icon}
This module provisions the IBM Cloud Code Engine fully managed and serverless platform. It supports deployment of containerized workloads, including web apps, batch jobs, builds, config maps, bindings, domain mappings, or secrets. For more information, see About Code Engine
Overview
terraform-ibm-code-engine
Known limitations
Currently, IBM provider supports basic functionalities, such as create/delete/update code engine projects, apps, jobs, builds and etc.
Known limitations are:
- No support to create/delete/update code engine functions. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5230
- No support to create/delete/update code engine subscriptions. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5231
- Apply twice keeps on showing changes for
ibm_code_engine_appandibm_code_engine_jobterraform resource https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4719 - CLI/API service binding implementation/interface is different from terraform implementation. For example, CLI or UI code engine has a support to create access secret, service credential and all bindings automatically, while
code_engine_binding_instanceterraform resource requires that access secret exists before the binding is created. The second discrepancy between implementations is that terraformcode_engine_binding_instanceterraform resource requiresprefixwhile using CLI or UIprefixis an optional parameter. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5229 - Visibility for application can not be set. While CLI uses
--visibility=privateflag to set the visibility, terraform provider doesn't support it. https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5228 - Apply twice throwns an error for
ibm_code_engine_secretterraform resource https://github.com/IBM-Cloud/terraform-provider-ibm/issues/5232
Usage
module "code_engine" {
source = "terraform-ibm-modules/code-engine/ibm"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
project_name = "your-project-name"
apps = {
"your-app-name-1" = {
image_reference = "container_registry_url"
run_env_variables = [{
type = "literal"
name = "env_name"
value = "env_value"
}]
},
"your-app-name-2" = {
image_reference = "container_registry_url"
}
}
jobs = {
"your-job-name" = {
image_reference = "container_registry_url"
run_env_variables = [{
type = "literal"
name = "env_name"
value = "env_value"
}]
}
}
config_maps = {
"your-config-name" = {
data = { "key_1" : "value_1", "key_2" : "value_2" }
}
}
secrets = {
"your-secret-name" = {
format = "generic"
data = { "key_1" : "value_1", "key_2" : "value_2" }
}
}
builds = {
"your-build-name" = {
output_image = "container_registry_url"
output_secret = "secret-name" # pragma: allowlist secret
source_url = "https://github.com/IBM/CodeEngine"
strategy_type = "dockerfile"
}
}
}Required IAM access policies
You need the following permissions to run this module.
- Account Management
- Resource Group service
Viewerplatform access
- Resource Group service
- IAM Services
- Code Engine service
Editorplatform accessWriterservice access
- Code Engine service
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.3.0 |
| ibm | >= 1.63.0, <2.0.0 |
Modules
| Name | Source | Version |
|---|---|---|
| app | ./modules/app | n/a |
| binding | ./modules/binding | n/a |
| build | ./modules/build | n/a |
| config_map | ./modules/config_map | n/a |
| domain_mapping | ./modules/domain_mapping | n/a |
| job | ./modules/job | n/a |
| project | ./modules/project | n/a |
| secret | ./modules/secret | n/a |
Resources
No resources.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apps | A map of code engine apps to be created. | map(object({ |
{} |
no |
| bindings | A map of code engine bindings to be created. | map(object({ |
{} |
no |
| builds | A map of code engine builds to be created. | map(object({ |
{} |
no |
| config_maps | A map of code engine config maps to be created. | map(object({ |
{} |
no |
| domain_mappings | A map of code engine domain mappings to be created. | map(object({ |
{} |
no |
| existing_project_id | The ID of the existing project to which code engine resources will be added. It is required if var.project_name is null. | string |
null |
no |
| jobs | A map of code engine jobs to be created. | map(object({ |
{} |
no |
| project_name | The name of the project to which code engine resources will be added. It is required if var.existing_project_id is null. | string |
null |
no |
| resource_group_id | ID of the resource group to use when creating resources. | string |
n/a | yes |
| secrets | A map of code engine secrets to be created. | map(object({ |
{} |
no |
Outputs
| Name | Description |
|---|---|
| app | Configuration of the created code engine app. |
| binding | Configuration of the created code engine binding. |
| build | Configuration of the created code engine build. |
| config_map | Configuration of the created code engine config map. |
| domain_mapping | Configuration of the created code engine domain maping. |
| job | Configuration of the created code engine job. |
| project_id | ID of the created code engine project. |
| secret | Configuration of the created code engine secret. |
Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.