-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated gitignore and added terraform lock files #27
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,40 @@ | ||
| **/.terraform | ||
| **/terraform.tfstate | ||
| **/terraform.tfstate.backup | ||
| # Local .terraform directories | ||
| **/.terraform/* | ||
|
|
||
| # .tfstate files | ||
| *.tfstate | ||
| *.tfstate.* | ||
|
|
||
| # Crash log files | ||
| crash.log | ||
| crash.*.log | ||
|
|
||
| # Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
| # password, private keys, and other secrets. These should not be part of version | ||
| # control as they are data points which are potentially sensitive and subject | ||
| # to change depending on the environment. | ||
| *.tfvars | ||
| *.tfvars.json | ||
|
|
||
| # Ignore override files as they are usually used to override resources locally and so | ||
| # are not checked in | ||
| override.tf | ||
| override.tf.json | ||
| *_override.tf | ||
| *_override.tf.json | ||
|
|
||
| # Ignore transient lock info files created by terraform apply | ||
| .terraform.tfstate.lock.info | ||
|
|
||
| # Include override files you do wish to add to version control using negated pattern | ||
| # !example_override.tf | ||
|
|
||
| # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
| # example: *tfplan* | ||
|
|
||
| # Ignore CLI configuration files | ||
| .terraformrc | ||
| terraform.rc | ||
|
|
||
| misc/experimental | ||
| .DS_Store | ||
| .DS_Store | ||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure this is always true though. The original idea about introducing tfvars files is that we want to keep some default values in version control and avoid going through repetitive questions on each TF run. Devs should make sensible decisions on not checking in sensitive data but only encrypted data. Following this gitignoring, can the current
terraform.tfvarsfiles be renamed to sth liketerraform.tfvars.exampleas still being instructive?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current
terraform.tfvarsthat have been checked in and committed won't be ignored, but new.tfvarsfiles will.Shouldn't the default values be provided in
variables.tffiles?People make mistakes, it's better to systematically try to prevent it from happening instead of relying on people to be careful.
Yes we can have a
terraform.tfvars.examplefile and ask people to copy it toterraform.tfvarswhen deploying, we're doing this in RADAR-Kubernetes withbase.yamlfile.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes but
variables.tfwon't memorise values the user typed in during the first run. On consecutive runs, the user needs to type in the same values again and again if they forget (or don't want) to update the default values invariables.tf.Great and it sounds
terraform.tfvars.examplecould be the middle ground.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In our own deployment I've created a
terraform.tfvarsfile on the top level of this repo and run terraform commands with-var-file=../terraform.tfvarsargument. I suspected that the S3 or Hashicorp backend also stores this file in a secure location but I haven't looked into them yet.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool. In that case, how can other Devs see the
terraform.tfvarsand your change to it if*.tfvarsis ignored?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright. We are not using a top-level
terraform.tfvarsand hence I believe it is safe to merge this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How to you manage your
terraform.tfvarsfile?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Our
terraform.tfvarsfiles only contain non-sensitive values so they are version-controlled in the private repo for each cluster.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it just a private fork of this repository with the terraform.tfvars committed to git?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, each cluster has its own forked private repo.