Install Terraform Integration in Spinnaker (Spinnaker Operator)

Overview of installing Terraform Integration

In this guide, you use the Kustomize files in the spinnaker-kustomize-patches repo to install the plugin. You do need to update the contents of some files.

1. Configure Spinnaker
2. Get the Terraform Integration installation files
3. Configure the service
4. Configure the plugin
5. Deploy Terraform Integration

Compatibility

Before you begin

You have read the Terraform Integration Overview.

Spinnaker requirements

• You are running open source Spinnaker.
• You manage your instance using the Spinnaker Operator and the spinnaker-kustomize-patches repo. If you are using Halyard, see Install Terraform Integration in Spinnaker (Halyard).

Terraform Integration requirements

• Basic auth credentials for the Git repository where your store your Terraform scripts. The Terraform Integration plugin needs access to credentials to download directories that house your Terraform templates.
  • You can configure your Git repo with any of the following:
    • A Personal Access Token (potentially associated with a service account).
    • SSH protocol in the form of an SSH key or an SSH key file
    • Basic auth in the form of a user and password, or a user-password file
• A source for Terraform Input Variable files (tfvar) or a backend config. You must have a separate artifact provider that can pull your tfvar file(s). The Terraform Integration plugin supports the following artifact providers for tfvar files and backend configs:
  • GitHub
  • BitBucket
  • HTTP artifact
• A dedicated external Redis instance
  • Armory requires configuring a dedicated external Redis instance for production usage of the Terraform Integration plugin. This is to ensure that you do not encounter scaling or stability issues in production.

Configure Spinnaker

Configure Redis

Terraform Integration uses Redis to store Terraform logs and plans.

You can only configure the Terraform Integration feature to use a password with the default Redis user.

Configure Redis settings in your configuration and then apply.

spec:
  spinnakerConfig:
    profiles:
      terraformer:
        redis:
          baseUrl: "redis://spin-redis:6379"
          password: "password"

Configure your artifact account

The Terraform Integration uses the following artifact accounts:

• Git Repo - To fetch the repo housing your main Terraform files.
• GitHub, BitBucket or HTTP - Optional. To fetch single files such as var-files or backend config files.

Configure the Git Repo artifact

Spinnaker uses the Git Repo Artifact Provider to download the repo containing your main Terraform templates.

Edit your configuration to add the following:

spec:
  spinnakerConfig:
    profiles:
      clouddriver:
        artifacts:
          gitRepo:
            enabled: true
            accounts:
            - name: gitrepo
              token: <your-personal-access-token> #  personal access token

For more configuration options, see Configure a Git Repo Artifact Account.

Configure additional repos

This step is optional.

• Configure Optional Repos:
• GitHub
• Bitbucket

spec:
  spinnakerConfig:
    config:
      artifacts:
        github:
          accounts:
          - name: <github-for-terraform> 
            token: <your-github-personal-access-token>
          enabled: true

spec:
  spinnakerConfig:
    config:
      artifacts:
        bitbucket:
          enabled: true
          accounts:
          - name: <bitbucket-for-terraform>
            username: <your-bitbucket-username>
            password: <your-bitbucket-password>

Get the Terraform Integration installation files

You can find the Terraform Integration service and plugin files in the spinnaker-kustomize-patches repo’s plugins/oss/terraformer directory.

• kustomization.yml: Kustomize build file
• deployment.yml: spin-terraformer Deployment manifest
• service.yml: spin-terraformer Service manifest
• terraformer-plugin-config.yml: plugin installation
• terraformer.yml: config file
• terraformer-local.yml: config file for Named Profiles
• spinnaker.yml: Spinnaker service mapping
• versions directory: contains version-specific values that Kustomize inserts into the manifest during generation

The spinnaker-kustomize-patches/recipes directory contains the example kustomization-oss-terraformer.yml recipe. You can use that recipe or copy the entries to your recipe. This guide uses the kustomization-oss-terraformer.yml recipe for examples.

Configure the service

Make sure the service version is compatible with your Spinnaker version.

You specify the version in the patchesStrategicMerge section of plugins/oss/terraformer/kustomization.yml. You can find supported versions in the plugins/oss/terraformer/versions directory. For example, if you are running Spinnaker 1.27.x, replace ./versions/v-1.28.yml with ./versions/v-1.27.yml.

patchesStrategicMerge:
  - ./pac-plugin-config.yml
  - ./versions/v-1.28.yml

Configure the plugin

In terraformer-plugin-config.yml, make sure the version number is compatible with your Spinnaker instance.

...
        spinnaker:
          extensibility:
            plugins:
              Armory.Terraformer:
                enabled: true
                version: &pluginversion 0.0.1

For example, if you want to use plugin version 0.0.2, your version value would be &pluginversion 0.0.2.

Deploy Terraform Integration

This step deploys the Terraformer service and installs the plugin. If you want to see the generated manifest before you deploy, execute kubectl kustomize.

Apply the updates to your Kustomization file.

kubectl apply -k <kustomization-directory-path>

What’s next

• Configure Terraform Integration optional features
• Use the Terraform Integration stage