v0.5.0 release

Changes in v0.5.0 since v0.4.0

Changes

• Terraform "outputs" can now be saved. The options now are saving the outputs to a secret or the terraform-resouce's status.
  • writeOutputsToStatus (bool) saves the status to the terraform-resource's status
  • outputsSecret (string) name of secret to update with outputs
  • outputsToInclude or outputsToOmit are whitelist and blacklist keys from the terraform module's outputs to write to the secret/terraform-resource
• Created two new ways for defining a terraform module;
  • terraformModuleConfigMap (map) uses a name and optional key to an existing ConfigMap to mount as a volume to use as the terraform module
  • terraformModuleInline (string) allows the user to write terraform as a string value which is used to create a module .tf file to use as the terraform module
• The setup runner is now a standalone container and not part of the init container anymore. Setup will run prior to all other runners.
• The exportRepo has now been changed to run as a runner. Formerly, this function used the controller pod to format tfvars and push to the confiugred git repo. Now it gets run as part of the terraform workflow by the aptly named "export-runner". The "export-runner" runs in parallel after "setup-runner" has been completed.

Breaking Changes

• Users who have pinned the any of the Runners will need to update to the following:

  • Runner Type	Image	Tag
    Terraform Execution	docker.io/isaaguilar/tf-runner-v5beta1	<terraformVersion>
    Setup	docker.io/isaaguilar/setup-runner	1.1.2
    Scripts	docker.io/isaaguilar/script-runner	1.0.0

• Environment variables (in runners) has changed; TFO_DOWNLOADS is now changed to TFO_MAIN_MODULE_ADDONS.

• The crd item spec.terraformModule.address is now just spec.terraformModule

• The crd item spec.sources has changed to spec.resourceDownloads.

  • The former spec.sources.extras field is removed in spec.resourceDownloads
  • spec.resourceDownloads.path (string) has been added to define the path to add the file or directory from the downloaded resource
  • spec.resourceDownloads.useAsVar (bool) has been added to use the downloaded file as a tfvar in the terraform execution.

Related Release:

The official helm-chart for v0.5.0 is released at https://github.com/isaaguilar/helm-charts/releases/tag/terraform-operator-v0.2.0

v0.5.0-betav1 release

Change in v0.5.0-betav1 since v0.4.0

Fixes

The terraform-runner build script will not overwrite a previous docekr image. This feature will be used in the future to add security to image downloads, but for now is just good to know.

Changes

• Resource downloads, formerly known as sources, are now downloaded in the setup-runner stage.
• The setup runner is now a standalone container and not part of the init container anymore. Setup will run prior to all other runners.
• The exportRepo has now been changed to run as a runner. The runner is creatively called "export-runner". When defined, the runner gets created after setup runner completes but does not block the terraform pipeline as the other runners do.

Breaking Changes

• The crd item spec.terraformModule.address is now just spec.terraformModule
• The crd item spec.sources has changed to spec.resourceDownloads. This is a little more than a name chnage. The extras item has been removed and two new fields have been added: path and useAsVar. See docs for details.
• All runners have been updated. The runners make use of new environment variables added to the pods and will likely fail unles updated. Users who have these pinned runners should now use the following:
  • isaaguialr/tf-runner-v5alpha3:<terraform_version>
  • isaaguilar/setup-runner:1.0.1
  • isaaguilar/script-runner:1.0.0

v0.4.0-betav2 release

Changes in v0.4.0-betav2 since v0.4.0-betav1

Fixes

• A bug was introduced with the "versioning" of workflow workspaces when it came time to delete a tf resource. Now, "delete" workspaces are treated exactly like new ones. (4101df9)

v0.4.0-betav1 release

Changes in v0.4.0-betav1 since v0.4.0-alphav3

Changes

• Workflow k8s-resources are "versioned" meaning they have the terraform k8s-resource's generation in the resource name. The exception is the PersistentVolumeClaim which is recycled for all the workflows of the same terraform k8s-resource.
• The workspace of a workflow is split into a "versioned" directory path in the mounted directory in the pod.

Breaking Changes

• Users who pinned the setupRunner image will need to update to isaaguilar/setup-runner-alphav5 or change their setup-runner scripts to create the "versioned" directory path https://github.com/isaaguilar/terraform-operator/blob/26eb76a497337e652d853d44f79a07fbcdcdabf8/terraform-runner/setup.sh#L10-L11 (26eb76a)

v0.4.0-alphav3 release

Changes in v0.4.0-alphav3 since v0.4.0-alphav2

Changes

• Bug fix for SSH keys to be configured before pulling any items via ssh. Also fixed permissions to be able to set up the SSH key to be used by uid 2000 60152e4
• The workflow PersistentVolumeClaim is checked to exist before continuing the runner workflow ccbda81

Breaking changes

None

Additions

• Worker concurrency has been added to run more than one terraform resource at a time. This is added as the container argument --max-concurrent-reconciles. 057f94c
• new options to the .spec to support using a script (via a configmap) to change runner scripts. e3a209a (This was later broken by 4af468a on accident.)
  • scriptRunnerExecutionScriptConfigMap is used to run custom scripts for this script containers
  • setupRunnerExecutionScriptConfigMap is used to run a custom script for setup containers
  • terraformRunnerExecutionScriptConfigMap is used to run a custom script for tf containers
• added .spec.scmAuthMethods.timeout which is used to set custom timeouts when the TFO controller fetches "sources" from a matching host of scmAuthMethod 9f2ef64
• .spec.keepCompletedPods to prevent completed pods from "self-cleanup". When set as true, pods stay in a Completed state on the cluster. ca2bd89
• .spec.runnerRules[] lets users define extra RBAC rules for runner pods ca2bd89

v0.4.0-alphav2 release

Changes in v0.4.0-alphav1 since v0.4.0-alphav1

Features

• added runnerAnnotations to the terraform spec 37c04ee

Bug Fixes

• fixed the setup runner's pull policy which was statically set to "IfNotPresent" . b53209c
• fixed volume mounts from the PVC have the correct permissions 0fce5d6
• fixed terraform version >= 0.15.x syntax for terraform init commands 1603184

v0.3.10 release

• added spec.runnerAnnotations to allow passing in custom annotations into runner pods (#51)

v0.3.9 release

• fixed possible whitespace issue in address sources (#36)
• changed TFOPS_MAIN_MODULE to be a static env (fixed in 0960fc4, identified by @number21 in #48)

v0.4.0-alphav1 release

Changes in v0.4.0-alphav1 since v0.3.8

Changes:

• The controller now deploys pods for each step of a terraform workflow which includes pods for terraform init, terraform plan, and trraform apply. Before the controller would create a Kubernetes Job that would perform the entire workflow by creating a single job.
• Pods that fail do not try again (the Job pod before would try again multiple times). To retry, the user deleted the failed pod and a new pod with the same configuration as the old pod launched by the controller.
• Pods now use a PersistentVolumeClaims that is handed from pod to pod to keep logs and terraform run data. PVCs must be allowed to be created by the controller and the Kubernetes cluster.

Breaking changes:

• prerunScript is equivilent to preInitScriptand the script runs as an init-container right before the terraform initcontainer
• postrunScript is equivilent to postInitScript and runs a new pod after terraform applycompletes
• applyOnApply no longer function as terraform is always executed
• applyOnUpdate no longer functions as terraform is always executed
• applyOnDeleteno longer function as terraform is always executed
• The tfstate is no longer added to a ConfigMap after terraform is completed. (This will be readded soon)
• Many enviroment variables within the runner Pods have changed. These are:
  • TFOPS_MAIN_MODULE -> TFO_MAIN_MODULE
  • NAMESPACE -> TFO_NAMESPACE
  • STACK_REPO-> TFO_MAIN_MODULE_REPO
  • STACK_REPO_HASH-> TFO_MAIN_MODULE_REPO_REF
  • STACK_REPO_SUBDIR-> TFO_MAIN_MODULE_REPO_SUBDIR
  • TFOPS_CONFIGMAP_PATH -> TFO_DOWNLOADS
  • INSTANCE_NAME -> TFO_RUNNER

Additions

• new scripts that execture before and after the terraform commands have been introduced. The scripts can be configured with inline yaml scripts for any of the following:

  • preInitScript
  • postInitScript
  • prePlanScript
  • postPlanScript
  • preApplyScript
  • postApplyScript
  • preInitDeleteScript
  • postInitDeleteScript
  • prePlanDeleteScript
  • postPlanDeleteScript
  • preApplyDeleteScript
  • postApplyDeleteScript

v0.3.8 release

• added spec.terraformRunnerPullPolicy to define the pullPolicy for the runner image