HashiConf 2024 Now streaming live from Boston! Attend for free
Terraform
Terraform Home

You are viewing documentation for version v202402-1. View latest version.

Set up the Terraform Cloud Operator for Kubernetes

The Terraform Cloud Operator for Kubernetes' CustomResourceDefinitions (CRD) allow you to dynamically create Terraform Cloud workspaces with Terraform modules, populate workspace variables, and provision infrastructure with Terraform runs.

You can install the operator with the official HashiCorp Helm chart.

Prerequisites

All Terraform Cloud users can use the Terraform Cloud Operator for Kubernetes. You can use the operator to manage the supported features that your organization's pricing tier enables.

Networking requirements

The Terraform Cloud Operator for Kubernetes makes outbound requests over HTTPS (TCP port 443) to the Terraform Cloud application APIs. This may require perimeter networking as well as container host networking changes, depending on your environment. Refer to Terraform Cloud IP Ranges for more information about IP ranges. Below, we list the services that run on specific IP ranges.

HostnamePort/ProtocolDirectionalityPurpose
app.terraform.iotcp/443, HTTPSOutboundDynamically managing Terraform Cloud workspaces and returning the output to Kubernetes with the Terraform Cloud API

Compatibility

The Terraform Cloud Operator for Kubernetes supports the following versions:

  • Helm 3.0.1 and above
  • Kubernetes 1.15 and above

Install and configure

  1. Generate an organization token within Terraform Cloud and save it to a file. These instructions assume you are using a file named credentials.

  2. Set the NAMESPACE environment variable. This will be the namespace that you will install the Helm chart to.

    export NAMESPACE=tfc-operator-system

  3. Create the namespace.

    kubectl create namespace $NAMESPACE

  4. Create a Kubernetes Secret with the Terraform Cloud API credentials.

    kubectl -n $NAMESPACE create secret generic terraformrc --from-file=credentials

  5. Add sensitive variables, such as your cloud provider credentials, to the namespace.

    kubectl -n $NAMESPACE create secret generic workspacesecrets --from-literal=secret_key=abc123

  6. Install the Terraform Cloud Operator for Kubernetes with Helm.

    helm repo add hashicorp https://helm.releases.hashicorp.com
 
helm install --namespace ${RELEASE_NAMESPACE} hashicorp/terraform --generate-name

  7. To create a Terraform workspace, you can create a separate Helm chart to deploy the custom resource or refer to these examples.

Upgrade

When a new version of the Terraform Cloud Operator for Kubernetes Helm Chart is available from the HashiCorp Helm repository, you can upgrade with the following command.

helm upgrade --namespace ${RELEASE_NAMESPACE} ${RELEASE_NAME} hashicorp/terraform