This is another controller that listens to tf resource events. Add and update events will transmit the tf manifest to a TFO-API server.
Set up the following environment vars for the API server:
CLIENT_NAME=foo-k8s-cluster
TFO_API_PROTOCOL=http
TFO_API_HOST=localhost
TFO_API_PORT=5001
TFO_API_LOGIN_USER=username
TFO_API_LOGIN_PASSWORD=passwordMake sure you're connected to a cluster:
KUBECONFIG=~/.kube/configInCluster configuration is automatically configured when this binary runs in a kubernetes pod.
This will require get and list permissions to terraforms resources:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tforc
rules:
- apiGroups:
- tf.galleybytes.com
resources:
- terraforms
verbs:
- get
- listAdditional rules can be added when defining a post job to run after a successful terraform workflow.
# ADDITIONAL RULES
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- get
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- '*'And run the binary or run an in-cluster container:
go run main.go