Terraform

At OpsMx we have developed terraform stage which seamlessly integrates with the spinnaker through spinnaker custom stage. It will ideally create three stages in the spinnaker and the stages are:

Each stage has its own input fields and output.

Prerequisites:

  • To configure and use Terraform Custom Stage, you should have prior knowledge of spinnaker and spinnaker custom stage.

  • You must have a running spinnaker with Kubernetes cluster account configured in it.

For more information on spinnaker custom stage, refer here.

Configure Spinnaker with Terraform

Execute the following steps to configure Spinnaker with Terraform custom stage.

  1. Create an AWS account in the ISD. For detailed information on creating AWS account in ISD, refer here.

  2. Create a file ‘artifactaccounts.json’ and add the below details. Replace values according to your artifact account. Now the artifactaccounts.json file contains account details from where the job pulls terraform code. The details in artifactaccounts.json file are as follows:

    • Account name: This can be any descriptive name without spaces.

    • Artifact type: Github (Github supported source code repository).

    • Host: https://github.com (Domain name of the github).

    • Username and Password: These are the credentials for accessing the repository that will be specified during the stage input.

For example, the content in artifactaccounts.json file looks like as shown below:

    {
       "artifactaccounts": [
       {
         "accountname": "Terraform-artifact-Github-account",
         "artifacttype": "Github",
         "host": "https://github.com",
         "username": "gituser",
         "password": "< USER TOKEN >"
       }
     ]
}

Note: Please make sure the GIT Username & Password doesn't have ‘@’ symbol.

3. Create a secret with the information provided in artifactaccount.json file, by using the following command.

kubectl create secret generic terraspinbackendconfig  
--from-file=artifactaccounts.json -n <NAMESPACE of Spinnaker>

Note: The Spinnaker installed namespace is the one that is planned for using the Terraform stages, and orca-local.yml is already configured in the ISD spinnaker.

Execute Terraform Scripts via custom stage

Once spinnaker is configured with Terraform Custom stage, the following stages should be available in pipeline configuration:

Terraform plan-OpsMx

This stage performs terraform infra-code initial formal run, which includes “Terraform init” and “Terraform plan”.

To add “Terraform plan-OpsMx” stage to your pipeline follow the steps below:

  1. Go to your application and click “Pipeline builder” and click “Add Stage” and then select “Terraform plan-OpsMx” stage from the drop-down menu as shown below.

2. This stage requires the following parameters to configure Terraform plan-OpsMx.

Enter the following parameters on the above configuration screen:

  • AWS account name: This must be an AWS account created from the ISD as a cloud provider. For more information on how to create an AWS account, click here.

  • Spinnaker Namespace: Specify the namespace of the spinnaker installed.

  • Tf script Account: This must be one of the “account” values that are defined in the artifactaccounts.json file. You have to choose that account where your Tf script is present.

  • Tf Plan script Repo: This is the location of Terraform Script repo. Provide the location in the form of org/repo-name.git//branch. Note: Here the double slash (//) is used to separate the branch.

  • Tf Location: This is the location of Terraform Script folder. Provide the folder location of the terraform scripts.

  • Override file: (optional): If present, the file specified here will be applied to the root module. Possible use-case might be to provide a tfvars file. Note: If you would like to ignore this option, ensure the block is empty by removing the help text available in this location.

  • Terraform Workspace: Backend configured and stores the state file in that directory. For more information on Terraform Workspaces, click here.

3. Output: This stage will show terraform init and plan command output as shown in the image below.

Terraform apply-OpsMx

This stage performs terraform infra-code initial formal run, which includes “Terraform init” and “Terraform apply”.

To add “Terraform apply-OpsMx” stage to your pipeline follow the steps below:

  1. Go to your application and click “Pipeline builder” and click “Add Stage” and then select “Terraform apply-OpsMx” stage from the drop-down menu as shown below.

2. Now the configuration screen appears to provide the required parameters.

Enter the following parameters on the above configuration screen:

  • AWS account name: This must be an AWS account created from the ISD as a cloud provider. For more information on how to create an AWS account, click here.

  • Spinnaker Namespace: Specify the namespace of the spinnaker installed.

  • Tf script Account: This must be one of the “account” values that is defined in artifactaccounts.json file. You have to choose that account where your tf script is present.

  • Tf Plan script Repo: This is the location of Terraform Script repo. Provide the location in the form of org/repo-name.git//branch. Note: Here the double slash (//) is used to separate the branch.

  • Tf Location: This is the location of Terraform Script folder. Provide the folder location of the terraform scripts.

  • Override file: (optional): If present, the file specified here will be applied on the root module. Possible use-case might be to provide a tfvars file. Note: If you would like to ignore this option, ensure the block is empty by removing the help text available in this location.

  • Terraform Workspace: Backend configured and stores the state file in that directory. For more information on Terraform Workspaces, click here.

3. Output: This stage will show terraform init, plan and apply command output as shown in the image below.

Terraform destroy-OpsMx

The functionality of this stage is to destroy terraform infra-code.

To add “Terraform destroy-OpsMx” stage to your pipeline follow the steps below:

  1. Go to your application and click “Pipeline builder” and click “Add Stage” and then select “Terraform destroy-OpsMx” stage from the drop-down menu as shown below.

2. Now the configuration screen appears to provide the required parameters.

Enter the following parameters on the above configuration screen:

  • AWS account name: This must be an AWS account created from the ISD as a cloud provider. For more information on how to create an AWS account, click here.

  • Spinnaker Namespace: Specify the namespace of the spinnaker installed.

  • Tf script Account: This must be one of the “account” values that are defined in the artifactaccounts.json file. You have to choose the account where your Tf script is present.

  • Tf Plan script Repo: This is the location of Terraform Script repo. Provide the location in the form of org/repo-name.git//branch. Note: Here the double slash (//) is used to separate the branch.

  • Tf Location: This is the location of Terraform Script folder. Provide the folder location of the terraform scripts.

  • Override file: (optional): If present, the file specified here will be applied to the root module. A possible use-case might be to provide a tfvars file. Note: If you would like to ignore this option, ensure the block is empty by removing the help text available in this location.

  • Terraform Workspace: Backend configured and stores the state file in that directory. For more information on Terraform Workspaces, click here.

3. Output: This stage will show output as shown in the image below.

Last updated