Armory Docs – Get Started with Terraform Integration/plugins/terraform/install/Recent content in Get Started with Terraform Integration on Armory DocsHugo -- gohugo.ioPlugins: Enable the Terraform Integration Stage in Armory Continuous Deployment/plugins/terraform/install/armory-cd/Mon, 01 Jan 0001 00:00:00 +0000/plugins/terraform/install/armory-cd/ <p><img src="/images/proprietary.svg" alt="Proprietary"></p> <h2 id="overview-of-enabling-terraform-integration">Overview of enabling Terraform Integration</h2> <p>Enabling the Terraform Integration stage consists of these steps:</p> <ol> <li><a href="#configure-armory-cd">Configure Armory CD</a></li> <li><a href="#enable-terraform-integration">Enable Terraform Integration</a></li> <li><a href="#apply-the-update">Apply the update</a></li> </ol> <h3 id="compatibility">Compatibility</h3> <table> <thead> <tr> <th style="text-align:left">Spinnaker Version</th> <th style="text-align:left">Terraform Integration Service Version</th> <th style="text-align:left">Terraform Integration Plugin Version</th> </tr> </thead> <tbody> <tr> <td style="text-align:left">1.30.x</td> <td style="text-align:left">2.30</td> <td style="text-align:left">0.0.2</td> </tr> <tr> <td style="text-align:left">1.29.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> <tr> <td style="text-align:left">1.28.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> </tbody> </table> <h2 id="before-you-begin">Before you begin</h2> <ul> <li>You have read the <a href="/plugins/terraform/">Terraform Integration Overview</a>.</li> <li>You are running Armory Continuous Deployment.</li> <li>You manage your instance using the Armory Operator.</li> </ul> <p>Terraform Integration is a built-in feature of Armory CD.</p> <p>If you are running open source Spinnaker, see the <a href="/plugins/terraform/#installation-paths">Terraform Integration Overview</a> for installation paths based on whether you are using Halyard or the Spinnaker Operator.</p> <p><strong>Terraform Integration requirements</strong></p> <ul> <li>Basic auth credentials for the Git repository where your store your Terraform scripts. The Terraform Integration plugin needs access to credentials to download directories that house your Terraform templates. <ul> <li>You can configure your Git repo with any of the following: <ul> <li>A Personal Access Token (potentially associated with a service account).</li> <li>SSH protocol in the form of an SSH key or an SSH key file</li> <li>Basic auth in the form of a user and password, or a user-password file</li> </ul> </li> </ul> </li> <li>A source for Terraform Input Variable files (<code>tfvar</code>) or a backend config. You must have a separate artifact provider that can pull your <code>tfvar</code> file(s). The Terraform Integration plugin supports the following artifact providers for <code>tfvar</code> files and backend configs: <ul> <li>GitHub</li> <li>BitBucket</li> <li>HTTP artifact</li> </ul> </li> <li>A dedicated external Redis instance <ul> <li>Armory requires configuring a dedicated external Redis instance for production usage of the Terraform Integration plugin. This is to ensure that you do not encounter scaling or stability issues in production.</li> </ul> </li> </ul> <h2 id="configure-armory-cd">Configure Armory CD</h2> <h3 id="configure-redis">Configure Redis</h3> <p>Terraform Integration uses Redis to store Terraform logs and plans.</p> <blockquote> <p>You can only configure the Terraform Integration feature to use a password with the default Redis user.</p> </blockquote> <p>Configure Redis settings in your Armory CD configuration and then apply your changes.</p> <ul class="nav nav-tabs justify-content-end" id="tabs-5" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-05-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-05-00" role="tab" aria-controls="tabs-05-00" aria-selected="true"> spinnaker-kustomize-patches </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-05-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-05-01" role="tab" aria-controls="tabs-05-01" aria-selected="false"> spinnakerservice.yml </button> </li> </ul> <div class="tab-content" id="tabs-5-content"> <div class="tab-body tab-pane fade show active" id="tabs-05-00" role="tabpanel" aria-labelled-by="tabs-05-00-tab" tabindex="5"> <p>You need to modify <code>spinnaker-kustomize-patches/armory/features/patch-terraformer.yml</code>. Add Redis configuration in the <code>profiles</code> section.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">redis</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: <span style="color:#f1fa8c">&#34;&lt;your-redis-url&gt;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: <span style="color:#f1fa8c">&#34;&lt;your-redis-password&gt;&#34;</span> </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-05-01" role="tabpanel" aria-labelled-by="tabs-05-01-tab" tabindex="5"> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">redis</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: <span style="color:#f1fa8c">&#34;&lt;your-redis-url&gt;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: <span style="color:#f1fa8c">&#34;&lt;your-redis-password&gt;&#34;</span> </span></span></code></pre></div> </div> </div> <h3 id="configure-your-artifact-account">Configure your artifact account</h3> <p>The Terraform Integration uses the following artifact accounts:</p> <ul> <li><strong>Git Repo</strong> - To fetch the repo housing your main Terraform files.</li> <li><strong>GitHub, BitBucket or HTTP</strong> - <em>Optional</em>. To fetch single files such as var-files or backend config files.</li> </ul> <p>Spinnaker uses the Git Repo Artifact Provider to download the repo containing your main Terraform templates. For more configuration options, see <a href="https://spinnaker.io/setup/artifacts/gitrepo/">Configure a Git Repo Artifact Account</a>.</p> <ul class="nav nav-tabs justify-content-end" id="tabs-6" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-06-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-06-00" role="tab" aria-controls="tabs-06-00" aria-selected="true"> spinnaker-kustomize-patches </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-06-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-06-01" role="tab" aria-controls="tabs-06-01" aria-selected="false"> spinnakerservice.yml </button> </li> </ul> <div class="tab-content" id="tabs-6-content"> <div class="tab-body tab-pane fade show active" id="tabs-06-00" role="tabpanel" aria-labelled-by="tabs-06-00-tab" tabindex="6"> <p>You need to modify <code>spinnaker-kustomize-patches/armory/features/patch-terraformer.yml</code>. Configure artifacts in the <code>spec.spinnakerConfig.config.artifacts</code> section.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">armory</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraform</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">gitrepo</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: gitrepo </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">username</span>: &lt;username&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;git-token&gt; </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># password:</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># tokenFile: </span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># usernamePasswordFile: </span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># sshPrivateKeyFilePath:</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># sshPrivateKeyPassphrase:</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># sshKnownHostsFilePath: </span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># sshTrustUnknownHosts: </span> </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-06-01" role="tabpanel" aria-labelled-by="tabs-06-01-tab" tabindex="6"> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">clouddriver</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">gitRepo</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: gitrepo </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-personal-access-token&gt; </span></span></code></pre></div> </div> </div> <h3 id="configure-additional-repos">Configure additional repos</h3> <p>You need to modify <code>spinnaker-kustomize-patches/armory/features/patch-terraformer.yml</code>. Configure additional artifacts in the <code>spec.spinnakerConfig.config.artifacts</code> section.</p> <blockquote> <p>This step is optional.</p> </blockquote> <ul class="nav nav-tabs justify-content-end" id="tabs-0" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-00-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-00" role="tab" aria-controls="tabs-00-00" aria-selected="false"> <strong>Configure Optional Repos</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-00-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-01" role="tab" aria-controls="tabs-00-01" aria-selected="true"> GitHub </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-00-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-02" role="tab" aria-controls="tabs-00-02" aria-selected="false"> Bitbucket </button> </li> </ul> <div class="tab-content" id="tabs-0-content"> <div class="tab-body tab-pane fade" id="tabs-00-00" role="tabpanel" aria-labelled-by="tabs-00-00-tab" tabindex="0"> </div> <div class="tab-body tab-pane fade show active" id="tabs-00-01" role="tabpanel" aria-labelled-by="tabs-00-01-tab" tabindex="0"> <p>These <em>optional</em> steps describe how to configure GitHub as an artifact provider for the Terraform Integration.</p> <p>Spinnaker uses the Github Artifact Provider to download any referenced <code>tfvar</code> files.</p> <p>Configure your GitHub artifact:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">github</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;github-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-github-personal-access-token&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>github-for-terraform</code> with a unique identifier for the artifact account.</li> <li><code>token</code>: GitHub personal access token; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> <div class="tab-body tab-pane fade" id="tabs-00-02" role="tabpanel" aria-labelled-by="tabs-00-02-tab" tabindex="0"> <p>Spinnaker uses the BitBucket Artifact Provider to download any referenced <code>tfvar</code> files, so it must be configured with the BitBucket token to pull these files.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">bitbucket</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;bitbucket-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">username</span>: &lt;your-bitbucket-username&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: &lt;your-bitbucket-password&gt; </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>&lt;bitbucket-for-terraform&gt;</code> with a unique identifier for the artifact account.</li> <li><code>username</code>: Your Bitbucket username.</li> <li><code>password</code>: Your Bitbucket password; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> </div> <h2 id="enable-terraform-integration">Enable Terraform Integration</h2> <ul class="nav nav-tabs justify-content-end" id="tabs-8" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-08-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-08-00" role="tab" aria-controls="tabs-08-00" aria-selected="true"> spinnaker-kustomize-patches </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-08-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-08-01" role="tab" aria-controls="tabs-08-01" aria-selected="false"> spinnakerservice.yml </button> </li> </ul> <div class="tab-content" id="tabs-8-content"> <div class="tab-body tab-pane fade show active" id="tabs-08-00" role="tabpanel" aria-labelled-by="tabs-08-00-tab" tabindex="8"> <p>You need to modify your Kustomization recipe to include <code>patch-terraformer.yml</code>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">patchesStrategicMerge</span>: </span></span><span style="display:flex;"><span> - armory/features/patch-terraformer.yml </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-08-01" role="tabpanel" aria-labelled-by="tabs-08-01-tab" tabindex="8"> <p>Add <code>enabled: true</code> to your <code>terraform</code> section.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">armory</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraform</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span></code></pre></div> </div> </div> <h2 id="apply-the-update">Apply the update</h2> <p>After you finish your Terraform Integration configuration, apply your changes. Confirm that the Terraform Integration service (Terraformer) is deployed with your Armory CD deployment:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl get pods -n &lt;your-spinnaker-namespace&gt; </span></span></code></pre></div><p>In the command output, look for a line similar to the following:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>spin-terraformer-d4334g795-sv4vz 2/2 Running <span style="color:#bd93f9">0</span> 0d </span></span></code></pre></div><h2 id="whats-next">What&rsquo;s next</h2> <ul> <li><a href="/plugins/terraform/install/configure/">Configure Terraform Integration optional features</a></li> <li><a href="/plugins/terraform/use/">Use the Terraform Integration stage</a></li> </ul>Plugins: Install Terraform Integration in Spinnaker (Spinnaker Operator)/plugins/terraform/install/spinnaker-operator/Mon, 01 Jan 0001 00:00:00 +0000/plugins/terraform/install/spinnaker-operator/ <h2 id="overview-of-installing-terraform-integration">Overview of installing Terraform Integration</h2> <p>In this guide, you use the Kustomize files in the <a href="https://github.com/armory/spinnaker-kustomize-patches"><code>spinnaker-kustomize-patches</code> repo</a> to install the plugin. You do need to update the contents of some files.</p> <ol> <li><a href="#configure-spinnaker">Configure Spinnaker</a></li> <li><a href="#get-the-terraform-integration-installation-files">Get the Terraform Integration installation files</a></li> <li><a href="#configure-the-service">Configure the service</a></li> <li><a href="#configure-the-plugin">Configure the plugin</a></li> <li><a href="#deploy-terraform-integration">Deploy Terraform Integration</a></li> </ol> <h3 id="compatibility">Compatibility</h3> <table> <thead> <tr> <th style="text-align:left">Spinnaker Version</th> <th style="text-align:left">Terraform Integration Service Version</th> <th style="text-align:left">Terraform Integration Plugin Version</th> </tr> </thead> <tbody> <tr> <td style="text-align:left">1.30.x</td> <td style="text-align:left">2.30</td> <td style="text-align:left">0.0.2</td> </tr> <tr> <td style="text-align:left">1.29.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> <tr> <td style="text-align:left">1.28.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> </tbody> </table> <h2 id="before-you-begin">Before you begin</h2> <p>You have read the <a href="/plugins/terraform/">Terraform Integration Overview</a>.</p> <p><strong>Spinnaker requirements</strong></p> <ul> <li>You are running open source Spinnaker.</li> <li>You manage your instance using the Spinnaker Operator and the <code>spinnaker-kustomize-patches</code> <a href="https://github.com/armory/spinnaker-kustomize-patches">repo</a>. If you are using Halyard, see <a href="/plugins/terraform/install/spinnaker-halyard/"}>Install Terraform Integration in Spinnaker (Halyard)</a>.</li> </ul> <p><strong>Terraform Integration requirements</strong></p> <ul> <li>Basic auth credentials for the Git repository where your store your Terraform scripts. The Terraform Integration plugin needs access to credentials to download directories that house your Terraform templates. <ul> <li>You can configure your Git repo with any of the following: <ul> <li>A Personal Access Token (potentially associated with a service account).</li> <li>SSH protocol in the form of an SSH key or an SSH key file</li> <li>Basic auth in the form of a user and password, or a user-password file</li> </ul> </li> </ul> </li> <li>A source for Terraform Input Variable files (<code>tfvar</code>) or a backend config. You must have a separate artifact provider that can pull your <code>tfvar</code> file(s). The Terraform Integration plugin supports the following artifact providers for <code>tfvar</code> files and backend configs: <ul> <li>GitHub</li> <li>BitBucket</li> <li>HTTP artifact</li> </ul> </li> <li>A dedicated external Redis instance <ul> <li>Armory requires configuring a dedicated external Redis instance for production usage of the Terraform Integration plugin. This is to ensure that you do not encounter scaling or stability issues in production.</li> </ul> </li> </ul> <h2 id="configure-spinnaker">Configure Spinnaker</h2> <h3 id="configure-redis">Configure Redis</h3> <p>Terraform Integration uses Redis to store Terraform logs and plans.</p> <blockquote> <p>You can only configure the Terraform Integration feature to use a password with the default Redis user.</p> </blockquote> <p>Configure Redis settings in your configuration and then apply.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">redis</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: <span style="color:#f1fa8c">&#34;redis://spin-redis:6379&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: <span style="color:#f1fa8c">&#34;password&#34;</span> </span></span></code></pre></div> <h3 id="configure-your-artifact-account">Configure your artifact account</h3> <p>The Terraform Integration uses the following artifact accounts:</p> <ul> <li><strong>Git Repo</strong> - To fetch the repo housing your main Terraform files.</li> <li><strong>GitHub, BitBucket or HTTP</strong> - <em>Optional</em>. To fetch single files such as var-files or backend config files.</li> </ul> <p><strong>Configure the Git Repo artifact</strong></p> <p>Spinnaker uses the Git Repo Artifact Provider to download the repo containing your main Terraform templates.</p> <p>Edit your configuration to add the following:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">clouddriver</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">gitRepo</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: gitrepo </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-personal-access-token&gt; <span style="color:#6272a4"># personal access token</span> </span></span></code></pre></div><p>For more configuration options, see <a href="https://spinnaker.io/setup/artifacts/gitrepo/">Configure a Git Repo Artifact Account</a>.</p> <h3 id="configure-additional-repos">Configure additional repos</h3> <blockquote> <p>This step is optional.</p> </blockquote> <ul class="nav nav-tabs justify-content-end" id="tabs-0" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-00-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-00" role="tab" aria-controls="tabs-00-00" aria-selected="false"> <strong>Configure Optional Repos</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-00-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-01" role="tab" aria-controls="tabs-00-01" aria-selected="true"> GitHub </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-00-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-02" role="tab" aria-controls="tabs-00-02" aria-selected="false"> Bitbucket </button> </li> </ul> <div class="tab-content" id="tabs-0-content"> <div class="tab-body tab-pane fade" id="tabs-00-00" role="tabpanel" aria-labelled-by="tabs-00-00-tab" tabindex="0"> </div> <div class="tab-body tab-pane fade show active" id="tabs-00-01" role="tabpanel" aria-labelled-by="tabs-00-01-tab" tabindex="0"> <p>These <em>optional</em> steps describe how to configure GitHub as an artifact provider for the Terraform Integration.</p> <p>Spinnaker uses the Github Artifact Provider to download any referenced <code>tfvar</code> files.</p> <p>Configure your GitHub artifact:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">github</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;github-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-github-personal-access-token&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>github-for-terraform</code> with a unique identifier for the artifact account.</li> <li><code>token</code>: GitHub personal access token; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> <div class="tab-body tab-pane fade" id="tabs-00-02" role="tabpanel" aria-labelled-by="tabs-00-02-tab" tabindex="0"> <p>Spinnaker uses the BitBucket Artifact Provider to download any referenced <code>tfvar</code> files, so it must be configured with the BitBucket token to pull these files.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">bitbucket</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;bitbucket-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">username</span>: &lt;your-bitbucket-username&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: &lt;your-bitbucket-password&gt; </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>&lt;bitbucket-for-terraform&gt;</code> with a unique identifier for the artifact account.</li> <li><code>username</code>: Your Bitbucket username.</li> <li><code>password</code>: Your Bitbucket password; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> </div> <h2 id="get-the-terraform-integration-installation-files">Get the Terraform Integration installation files</h2> <p>You can find the Terraform Integration service and plugin files in the <code>spinnaker-kustomize-patches</code> repo&rsquo;s <code>plugins/oss/terraformer</code> directory.</p> <ul> <li><code>kustomization.yml</code>: Kustomize build file</li> <li><code>deployment.yml</code>: <code>spin-terraformer</code> Deployment manifest</li> <li><code>service.yml</code>: <code>spin-terraformer</code> Service manifest</li> <li><code>terraformer-plugin-config.yml</code>: plugin installation</li> <li><code>terraformer.yml</code>: config file</li> <li><code>terraformer-local.yml</code>: config file for <a href="/plugins/terraform/install/configure/#named-profiles">Named Profiles</a></li> <li><code>spinnaker.yml</code>: Spinnaker service mapping</li> <li><code>versions</code> directory: contains version-specific values that Kustomize inserts into the manifest during generation</li> </ul> <p>The <code>spinnaker-kustomize-patches/recipes</code> directory contains the example <code>kustomization-oss-terraformer.yml</code> recipe. You can use that recipe or copy the entries to your recipe. This guide uses the <code>kustomization-oss-terraformer.yml</code> recipe for examples.</p> <h2 id="configure-the-service">Configure the service</h2> <p>Make sure the service version is compatible with your Spinnaker version.</p> <p>You specify the version in the <code>patchesStrategicMerge</code> section of <code>plugins/oss/terraformer/kustomization.yml</code>. You can find supported versions in the <code>plugins/oss/terraformer/versions</code> directory. For example, if you are running Spinnaker 1.27.x, replace <code>./versions/v-1.28.yml</code> with <code>./versions/v-1.27.yml</code>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">patchesStrategicMerge</span>: </span></span><span style="display:flex;"><span> - ./pac-plugin-config.yml </span></span><span style="display:flex;"><span> - ./versions/v-1.28.yml </span></span></code></pre></div><h2 id="configure-the-plugin">Configure the plugin</h2> <p>In <code>terraformer-plugin-config.yml</code>, make sure the <code>version</code> number is compatible with your Spinnaker instance.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnaker</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">extensibility</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">plugins</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">Armory.Terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#ff79c6">&amp;pluginversion</span> <span style="color:#bd93f9">0.0.1</span> </span></span></code></pre></div><p>For example, if you want to use plugin version 0.0.2, your <code>version</code> value would be <code>&amp;pluginversion 0.0.2</code>.</p> <h2 id="deploy-terraform-integration">Deploy Terraform Integration</h2> <p>This step deploys the Terraformer service and installs the plugin. If you want to see the generated manifest before you deploy, execute <code>kubectl kustomize</code>.</p> <p>Apply the updates to your Kustomization file.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubectl apply -k &lt;kustomization-directory-path&gt; </span></span></code></pre></div><h2 id="whats-next">What&rsquo;s next</h2> <ul> <li><a href="/plugins/terraform/install/configure/">Configure Terraform Integration optional features</a></li> <li><a href="/plugins/terraform/use/">Use the Terraform Integration stage</a></li> </ul>Plugins: Install Terraform Integration in Spinnaker (Halyard)/plugins/terraform/install/spinnaker-halyard/Mon, 01 Jan 0001 00:00:00 +0000/plugins/terraform/install/spinnaker-halyard/ <h2 id="overview-of-installing-terraform-integration">Overview of installing Terraform Integration</h2> <p>Installing the Terraform Integration plugin consists of these steps:</p> <ol> <li><a href="#configure-spinnaker">Configure Spinnaker</a>: Redis, <code>gitrepo</code> artifact, and optional repos</li> <li><a href="#install-the-service">Install the service</a>: Kubernetes manifests</li> <li><a href="#install-the-plugin">Install the plugin</a>: Local config files</li> </ol> <h3 id="compatibility">Compatibility</h3> <table> <thead> <tr> <th style="text-align:left">Spinnaker Version</th> <th style="text-align:left">Terraform Integration Service Version</th> <th style="text-align:left">Terraform Integration Plugin Version</th> </tr> </thead> <tbody> <tr> <td style="text-align:left">1.30.x</td> <td style="text-align:left">2.30</td> <td style="text-align:left">0.0.2</td> </tr> <tr> <td style="text-align:left">1.29.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> <tr> <td style="text-align:left">1.28.x</td> <td style="text-align:left">2.28</td> <td style="text-align:left">0.0.1</td> </tr> </tbody> </table> <h2 id="before-you-begin">Before you begin</h2> <p>You have read the <a href="/plugins/terraform/">Terraform Integration Overview</a>.</p> <p><strong>Spinnaker requirements</strong></p> <ul> <li>You are running open source Spinnaker.</li> <li>You manage your instance using Halyard. If you are using the Spinnaker Operator, see <a href="/plugins/terraform/install/spinnaker-operator/"}>Install Terraform Integration in Spinnaker (Spinnaker Operator)</a></li> </ul> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">Warning</h4> The examples in this guide are for a vanilla Spinnaker installation. You may need to adjust them for your environment. </div> <p><strong>Terraform Integration requirements</strong></p> <ul> <li>Basic auth credentials for the Git repository where your store your Terraform scripts. The Terraform Integration plugin needs access to credentials to download directories that house your Terraform templates. <ul> <li>You can configure your Git repo with any of the following: <ul> <li>A Personal Access Token (potentially associated with a service account).</li> <li>SSH protocol in the form of an SSH key or an SSH key file</li> <li>Basic auth in the form of a user and password, or a user-password file</li> </ul> </li> </ul> </li> <li>A source for Terraform Input Variable files (<code>tfvar</code>) or a backend config. You must have a separate artifact provider that can pull your <code>tfvar</code> file(s). The Terraform Integration plugin supports the following artifact providers for <code>tfvar</code> files and backend configs: <ul> <li>GitHub</li> <li>BitBucket</li> <li>HTTP artifact</li> </ul> </li> <li>A dedicated external Redis instance <ul> <li>Armory requires configuring a dedicated external Redis instance for production usage of the Terraform Integration plugin. This is to ensure that you do not encounter scaling or stability issues in production.</li> </ul> </li> </ul> <h2 id="configure-spinnaker">Configure Spinnaker</h2> <h3 id="configure-redis">Configure Redis</h3> <p>Terraform Integration uses Redis to store Terraform logs and plans.</p> <blockquote> <p>You can only configure the Terraform Integration feature to use a password with the default Redis user.</p> </blockquote> <p>Configure Redis settings in your configuration and then apply.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">redis</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: <span style="color:#f1fa8c">&#34;redis://spin-redis:6379&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: <span style="color:#f1fa8c">&#34;password&#34;</span> </span></span></code></pre></div> <h3 id="configure-your-artifact-account">Configure your artifact account</h3> <p>The Terraform Integration uses the following artifact accounts:</p> <ul> <li><strong>Git Repo</strong> - To fetch the repo housing your main Terraform files.</li> <li><strong>GitHub, BitBucket or HTTP</strong> - <em>Optional</em>. To fetch single files such as var-files or backend config files.</li> </ul> <p><strong>Configure the Git Repo artifact</strong></p> <p>Spinnaker uses the Git Repo Artifact Provider to download the repo containing your main Terraform templates.</p> <p>Edit your configuration to add the following:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">clouddriver</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">gitRepo</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: gitrepo </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-personal-access-token&gt; <span style="color:#6272a4"># personal access token</span> </span></span></code></pre></div><p>For more configuration options, see <a href="https://spinnaker.io/setup/artifacts/gitrepo/">Configure a Git Repo Artifact Account</a>.</p> <h3 id="configure-additional-repos">Configure additional repos</h3> <blockquote> <p>This step is optional.</p> </blockquote> <ul class="nav nav-tabs justify-content-end" id="tabs-0" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-00-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-00" role="tab" aria-controls="tabs-00-00" aria-selected="false"> <strong>Configure Optional Repos</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-00-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-01" role="tab" aria-controls="tabs-00-01" aria-selected="true"> GitHub </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-00-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-02" role="tab" aria-controls="tabs-00-02" aria-selected="false"> Bitbucket </button> </li> </ul> <div class="tab-content" id="tabs-0-content"> <div class="tab-body tab-pane fade" id="tabs-00-00" role="tabpanel" aria-labelled-by="tabs-00-00-tab" tabindex="0"> </div> <div class="tab-body tab-pane fade show active" id="tabs-00-01" role="tabpanel" aria-labelled-by="tabs-00-01-tab" tabindex="0"> <p>These <em>optional</em> steps describe how to configure GitHub as an artifact provider for the Terraform Integration.</p> <p>Spinnaker uses the Github Artifact Provider to download any referenced <code>tfvar</code> files.</p> <p>Configure your GitHub artifact:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">github</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;github-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;your-github-personal-access-token&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>github-for-terraform</code> with a unique identifier for the artifact account.</li> <li><code>token</code>: GitHub personal access token; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> <div class="tab-body tab-pane fade" id="tabs-00-02" role="tabpanel" aria-labelled-by="tabs-00-02-tab" tabindex="0"> <p>Spinnaker uses the BitBucket Artifact Provider to download any referenced <code>tfvar</code> files, so it must be configured with the BitBucket token to pull these files.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">config</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">artifacts</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">bitbucket</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: &lt;bitbucket-for-terraform&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">username</span>: &lt;your-bitbucket-username&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">password</span>: &lt;your-bitbucket-password&gt; </span></span></code></pre></div><ul> <li><code>name</code>: the name for this account; replace <code>&lt;bitbucket-for-terraform&gt;</code> with a unique identifier for the artifact account.</li> <li><code>username</code>: Your Bitbucket username.</li> <li><code>password</code>: Your Bitbucket password; this field supports &ldquo;encrypted&rdquo; field references.</li> </ul> </div> </div> <h2 id="install-the-service">Install the service</h2> <h3 id="configure-kubernetes-permissions">Configure Kubernetes permissions</h3> <p>The following manifest creates a ServiceAccount, ClusterRole, and ClusterRoleBinding. Apply the manifest in your <code>spinnaker</code> namespace.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: ServiceAccount </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer-sa </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">namespace</span>: spinnaker </span></span><span style="display:flex;"><span>--- </span></span><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: rbac.authorization.k8s.io/v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: ClusterRole </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer-cluster-role </span></span><span style="display:flex;"><span><span style="color:#ff79c6">rules</span>: </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - extensions </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - ingresses </span></span><span style="display:flex;"><span> - ingresses/status </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span> - delete </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - networking.k8s.io </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - ingresses </span></span><span style="display:flex;"><span> - ingresses/status </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span> - delete </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f1fa8c">&#34;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - pods </span></span><span style="display:flex;"><span> - endpoints </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span> - delete </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f1fa8c">&#34;&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - services </span></span><span style="display:flex;"><span> - services/finalizers </span></span><span style="display:flex;"><span> - events </span></span><span style="display:flex;"><span> - configmaps </span></span><span style="display:flex;"><span> - secrets </span></span><span style="display:flex;"><span> - namespaces </span></span><span style="display:flex;"><span> - jobs </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span> - delete </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - batch </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - jobs </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - apps </span></span><span style="display:flex;"><span> - extensions </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - deployments </span></span><span style="display:flex;"><span> - deployments/finalizers </span></span><span style="display:flex;"><span> - deployments/scale </span></span><span style="display:flex;"><span> - daemonsets </span></span><span style="display:flex;"><span> - replicasets </span></span><span style="display:flex;"><span> - statefulsets </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span> - delete </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - monitoring.coreos.com </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - servicemonitors </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - spinnaker.armory.io </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f1fa8c">&#39;*&#39;</span> </span></span><span style="display:flex;"><span> - spinnakerservices </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - create </span></span><span style="display:flex;"><span> - get </span></span><span style="display:flex;"><span> - list </span></span><span style="display:flex;"><span> - update </span></span><span style="display:flex;"><span> - watch </span></span><span style="display:flex;"><span> - patch </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">apiGroups</span>: </span></span><span style="display:flex;"><span> - admissionregistration.k8s.io </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: </span></span><span style="display:flex;"><span> - validatingwebhookconfigurations </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">verbs</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f1fa8c">&#39;*&#39;</span> </span></span><span style="display:flex;"><span>--- </span></span><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: rbac.authorization.k8s.io/v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: ClusterRoleBinding </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer-cluster-role-binding </span></span><span style="display:flex;"><span><span style="color:#ff79c6">roleRef</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">apiGroup</span>: rbac.authorization.k8s.io </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">kind</span>: ClusterRole </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer-cluster-role </span></span><span style="display:flex;"><span><span style="color:#ff79c6">subjects</span>: </span></span><span style="display:flex;"><span>- <span style="color:#ff79c6">kind</span>: ServiceAccount </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer-sa </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">namespace</span>: spinnaker </span></span></code></pre></div> <h3 id="configure-the-service">Configure the service</h3> <p>Create a ConfigMap to contain your Terraformer Integration service configuration. Be sure to check the <code>spinnaker.yml</code> entry in the <code>data</code> section to ensure the values match your Spinnaker installation.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: ConfigMap </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spin-terraformer-config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">namespace</span>: spinnaker </span></span><span style="display:flex;"><span><span style="color:#ff79c6">data</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer.yml</span>: |<span style="color:#f1fa8c"> </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriver: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: ${services.clouddriver.baseUrl} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> executor: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> scrapeLogsIntervalSecs: 5 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> workers: 3 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> git: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> redis: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: ${services.redis.baseUrl} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: ${services.redis.enabled} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> server: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: ${services.terraformer.host} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: ${services.terraformer.port} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> spectator: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> applicationName: ${spring.application.name} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> webEndpoint: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> spinnaker: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> extensibility: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> plugins: {} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> plugins-root-path: /opt/terraformer/plugins </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> repositories: {} </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> strict-plugin-loading: false</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnaker.yml</span>: |<span style="color:#f1fa8c"> </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> global.spinnaker.timezone: America/Los_Angeles </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> services: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriver: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-clouddriver:7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriverCaching: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-clouddriver-caching:7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriverRo: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-clouddriver-ro:7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriverRoDeck: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-clouddriver-ro-deck:7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> clouddriverRw: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-clouddriver-rw:7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7002 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> deck: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://localhost:9000 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 9000 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> dinghy: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-dinghy:8081 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8081 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> echo: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-echo:8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> echoScheduler: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-echo-scheduler:8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> echoWorker: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-echo-worker:8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8089 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> fiat: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-fiat:7003 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7003 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> front50: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-front50:8080 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8080 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> gate: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://localhost:8084 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8084 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> igor: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-igor:8088 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8088 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> kayenta: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-kayenta:8090 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8090 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> monitoringDaemon: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-monitoring-daemon:8008 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8008 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> orca: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-orca:8083 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8083 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> redis: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: redis://spin-redis:6379 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 6379 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> rosco: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-rosco:8087 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: true </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 8087 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> terraformer: </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> baseUrl: http://spin-terraformer:7088 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> enabled: false </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> host: 0.0.0.0 </span></span></span><span style="display:flex;"><span><span style="color:#f1fa8c"> port: 7088</span> </span></span></code></pre></div> <h3 id="deploy-the-service">Deploy the service</h3> <p>Replace <code>&lt;version&gt;</code> with the Terraform Integration service version <a href="#compatibility">compatible</a> with your Spinnaker version.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: Service </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spin-terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">labels</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app</span>: spin </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">cluster</span>: spin-terraformer </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">selector</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app</span>: spin </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">cluster</span>: spin-terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: http </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">port</span>: <span style="color:#bd93f9">7088</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">protocol</span>: TCP </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">targetPort</span>: <span style="color:#bd93f9">7088</span> </span></span><span style="display:flex;"><span>--- </span></span><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: apps/v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: Deployment </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spin-terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">annotations</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">deployment.kubernetes.io/revision</span>: <span style="color:#f1fa8c">&#34;1&#34;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">moniker.spinnaker.io/application</span>: <span style="color:#f1fa8c">&#39;&#34;spin&#34;&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">moniker.spinnaker.io/cluster</span>: <span style="color:#f1fa8c">&#39;&#34;terraformer&#34;&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">labels</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app</span>: spin </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/managed-by</span>: armory </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/name</span>: terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/part-of</span>: spinnaker </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/version</span>: &lt;version&gt; <span style="color:#6272a4"># CHANGE</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">cluster</span>: spin-terraformer </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">progressDeadlineSeconds</span>: <span style="color:#bd93f9">600</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">replicas</span>: <span style="color:#bd93f9">1</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">revisionHistoryLimit</span>: <span style="color:#bd93f9">10</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">selector</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">matchLabels</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app</span>: spin </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">cluster</span>: spin-terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">strategy</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">rollingUpdate</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">maxSurge</span>: <span style="color:#bd93f9">25</span>% </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">maxUnavailable</span>: <span style="color:#bd93f9">25</span>% </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">type</span>: RollingUpdate </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">template</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">labels</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app</span>: spin </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/managed-by</span>: armory </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/name</span>: terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/part-of</span>: spinnaker </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">app.kubernetes.io/version</span>: &lt;version&gt; <span style="color:#6272a4"># CHANGE</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">cluster</span>: spin-terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">affinity</span>: {} </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">containers</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">env</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: SPRING_PROFILES_ACTIVE </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">value</span>: local </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">image</span>: docker.io/armory/terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">imagePullPolicy</span>: IfNotPresent </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">lifecycle</span>: {} </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: terraformer </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">containerPort</span>: <span style="color:#bd93f9">7088</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">protocol</span>: TCP </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">readinessProbe</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">exec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">command</span>: </span></span><span style="display:flex;"><span> - wget </span></span><span style="display:flex;"><span> - --<span style="color:#ff79c6">no</span>-check-certificate </span></span><span style="display:flex;"><span> - --spider </span></span><span style="display:flex;"><span> - -q </span></span><span style="display:flex;"><span> - http://localhost:7088/health </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">failureThreshold</span>: <span style="color:#bd93f9">3</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">periodSeconds</span>: <span style="color:#bd93f9">10</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">successThreshold</span>: <span style="color:#bd93f9">1</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">timeoutSeconds</span>: <span style="color:#bd93f9">1</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">resources</span>: {} </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terminationMessagePath</span>: /dev/termination-log </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terminationMessagePolicy</span>: File </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">volumeMounts</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">mountPath</span>: /opt/spinnaker/config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spin-terraformer-config-file </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">dnsPolicy</span>: ClusterFirst </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">restartPolicy</span>: Always </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">schedulerName</span>: default-scheduler </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">securityContext</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">fsGroup</span>: <span style="color:#bd93f9">1000</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">runAsUser</span>: <span style="color:#bd93f9">1000</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terminationGracePeriodSeconds</span>: <span style="color:#bd93f9">60</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">volumes</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: spin-terraformer-config-file </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">secret</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">secretName</span>: spin-terraformer-config-file </span></span></code></pre></div> <p>Apply the ConfigMap and Deployment manifests in your <code>spinnaker</code> namespace.</p> <h2 id="install-the-plugin">Install the plugin</h2> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">A note about installing plugins in Spinnaker</h4> When Halyard adds a plugin to a Spinnaker installation, it adds the plugin repository information to all services, not just the ones the plugin is for. This means that when you restart Spinnaker, each service restarts, downloads the plugin, and checks if an extension exists for that service. Each service restarting is not ideal for large Spinnaker installations due to service restart times. Clouddriver can take an hour or more to restart if you have many accounts configured. </div> <p>The Terraform plugin extends Deck, Gate, and Orca. To avoid every Spinnaker service restarting and downloading the plugin, do not add the plugin using Halyard. Instead, follow the local config installation method, in which you configure the plugin in each extended service’s local profile.</p> <p>Replace <code>&lt;version&gt;</code> with the plugin version [that&rsquo;s compatible with your Spinnaker instance].</p> <ol> <li> <p>Add the following to <code>gate-local.yml</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">proxies</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">id</span>: terraform </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">uri</span>: http://spin-terraformer:7088 </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">methods</span>: </span></span><span style="display:flex;"><span> - GET </span></span><span style="display:flex;"><span><span style="color:#ff79c6">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: http://spin-terraformer:7088 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spinnaker</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">extensibility</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">plugins</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">Armory.Terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: &lt;version&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">repositories</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">url</span>: https://raw.githubusercontent.com/armory-plugins/pluginRepository/master/repositories.json </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">deck-proxy</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">plugins</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">Armory.Terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: &lt;version&gt; </span></span></code></pre></div></li> <li> <p>Add the following to <code>orca-local.yml</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">services</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: http://spin-terraformer:7088 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">spinnaker</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">extensibility</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">plugins</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">Armory.Terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: &lt;version&gt; </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">repositories</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">url</span>: https://raw.githubusercontent.com/armory-plugins/pluginRepository/master/repositories.json </span></span></code></pre></div></li> <li> <p>Save your files and apply your changes by running <code>hal deploy apply</code>.</p> </li> </ol> <h2 id="whats-next">What&rsquo;s next</h2> <ul> <li><a href="/plugins/terraform/install/configure/">Configure Terraform Integration optional features</a></li> <li><a href="/plugins/terraform/use/">Use the Terraform Integration stage</a></li> </ul>Plugins: Configure Terraform Integration Optional Features/plugins/terraform/install/configure/Mon, 01 Jan 0001 00:00:00 +0000/plugins/terraform/install/configure/ <h2 id="where-to-configure-the-terraform-integration-service">Where to configure the Terraform Integration service</h2> <ul> <li>Spinnaker (Spinnaker Operator): <code>spinnaker-kustomize-patches/plugins/oss/pipelines-as-code/terraformer.yml</code>; use <code>spinnaker-kustomize-patches/plugins/oss/pipelines-as-code/terraformer-local.yml</code> for <a href="#named-profiles">Named Profiles</a></li> <li>Spinnaker (Halyard): <code>terraformer.yml</code> section of your ConfigMap; create a new <code>terraformer-local.yml</code> section to configure <a href="#named-profiles">Named Profiles</a></li> <li>Armory CD: <code>spinnaker-kustomize-patches/armory/features/patch-terraformer.yml</code></li> </ul> <h2 id="cloud-provider">Cloud provider</h2> <p>Terraform Integration is cloud provider agnostic. Terraform commands execute against the terraform binary. All methods of configuring authentication are supported as per Terraform&rsquo;s compatibility and capabilities.</p> <p>You can also configure a <a href="#named-profiles">Named Profile</a> that grants access to resources such as AWS.</p> <h2 id="logging-and-metrics">Logging and metrics</h2> <blockquote> <p>If the logging URL is not responsive, Terraform Integration may not process deploys until the URL can be reached.</p> </blockquote> <p>You can enable logging and metrics for Prometheus by adding the following configuration to the <code>spec.spinnakerConfig.profiles.terraformer.logging.remote</code> block in your <code>SpinnakerService</code> manifest:</p> <ul class="nav nav-tabs justify-content-end" id="tabs-0" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-00-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-00" role="tab" aria-controls="tabs-00-00" aria-selected="true"> Spinnaker </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-00-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-01" role="tab" aria-controls="tabs-00-01" aria-selected="false"> Armory CD </button> </li> </ul> <div class="tab-content" id="tabs-0-content"> <div class="tab-body tab-pane fade show active" id="tabs-00-00" role="tabpanel" aria-labelled-by="tabs-00-00-tab" tabindex="0"> <p>Add the following to your <code>terraformer.yml</code> config:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">logging</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">remote</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">endpoint</span>: &lt;TheLoggingEndPoint&gt; <span style="color:#6272a4"># For example, https://debug.armory.io</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">1.2.3</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">customerId</span>: someCustomer123 <span style="color:#6272a4"># Your Armory Customer ID</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">metrics</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">frequency</span>: &lt;Seconds&gt; <span style="color:#6272a4"># Replace with an integer value for seconds based on how frequently you want metrics to be scraped</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">prometheus</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">commonTags</span>: <span style="color:#6272a4"># The following tags are examples. Use tags that are relevant for your environment</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># env: dev</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># nf_app: exampleApp</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># nf_region: us-west-1</span> </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-00-01" role="tabpanel" aria-labelled-by="tabs-00-01-tab" tabindex="0"> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">logging</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">remote</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">endpoint</span>: &lt;TheLoggingEndPoint&gt; <span style="color:#6272a4"># For example, https://debug.armory.io</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">version</span>: <span style="color:#bd93f9">1.2.3</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">customerId</span>: someCustomer123 <span style="color:#6272a4"># Your Armory Customer ID</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">metrics</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">frequency</span>: &lt;Seconds&gt; <span style="color:#6272a4"># Replace with an integer value for seconds based on how frequently you want metrics to be scraped</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">prometheus</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">commonTags</span>: <span style="color:#6272a4"># The following tags are examples. Use tags that are relevant for your environment</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># env: dev</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># nf_app: exampleApp</span> </span></span><span style="display:flex;"><span> <span style="color:#6272a4"># nf_region: us-west-1</span> </span></span></code></pre></div> </div> </div> <h2 id="named-profiles">Named Profiles</h2> <p>When creating pipelines, a Named Profile gives you the ability to reference certain kinds of external sources, such as a private remote repository. The supported credentials are described in <a href="#types-of-credentials">Types of credentials</a>.</p> <h3 id="configure-a-named-profile">Configure a Named Profile</h3> <p>Configure profiles that you can select when creating a Terraform Integration stage.</p> <ul class="nav nav-tabs justify-content-end" id="tabs-1" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-01-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-00" role="tab" aria-controls="tabs-01-00" aria-selected="true"> Spinnaker (Operator) </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-01" role="tab" aria-controls="tabs-01-01" aria-selected="false"> Spinnaker (Halyard) </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-02" role="tab" aria-controls="tabs-01-02" aria-selected="false"> Armory CD </button> </li> </ul> <div class="tab-content" id="tabs-1-content"> <div class="tab-body tab-pane fade show active" id="tabs-01-00" role="tabpanel" aria-labelled-by="tabs-01-00-tab" tabindex="1"> <p>Add profiles to the <code>terraformer-local.yml</code> file. The following example adds a profile named <code>pixel-git</code> for an SSH key secured in Vault. You can find additional profile examples at <a href="#types-of-credentials">Types of credentials</a>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: pixel-git <span style="color:#6272a4"># Unique profile name displayed in Deck</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: git-ssh </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">sshPrivateKey</span>: encrypted:vault!e:&lt;secret engine&gt;!p:&lt;path to secret&gt;!k:&lt;key&gt;!b:&lt;is base64 encoded?&gt; </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-01" role="tabpanel" aria-labelled-by="tabs-01-01-tab" tabindex="1"> <p>Add profiles to the <code>terraformer-local.yml</code> section of your ConfigMap. The following example adds a profile named <code>pixel-git</code> for an SSH key secured in Vault. You can find additional profile examples at <a href="#types-of-credentials">Types of credentials</a>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">apiVersion</span>: v1 </span></span><span style="display:flex;"><span><span style="color:#ff79c6">kind</span>: ConfigMap </span></span><span style="display:flex;"><span><span style="color:#ff79c6">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: spin-terraformer-config </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">namespace</span>: spinnaker </span></span><span style="display:flex;"><span><span style="color:#ff79c6">data</span>: </span></span><span style="display:flex;"><span> terraformer-local.yml | </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">name</span>: pixel-git <span style="color:#6272a4"># Unique profile name displayed in Deck</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: git-ssh </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">sshPrivateKey</span>: encrypted:vault!e:&lt;secret engine&gt;!p:&lt;path to secret&gt;!k:&lt;key&gt;!b:&lt;is base64 encoded?&gt; </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-02" role="tabpanel" aria-labelled-by="tabs-01-02-tab" tabindex="1"> <p>Add profiles to the <code>spec.spinnakerConfig.profiles.terraformer.profiles</code> section. The following example adds a profile named <code>pixel-git</code> for an SSH key secured in Vault. You can find additional profile examples at <a href="#types-of-credentials">Types of credentials</a>.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: pixel-git <span style="color:#6272a4"># Unique profile name displayed in Deck</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: git-ssh </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">sshPrivateKey</span>: encrypted:vault!e:&lt;secret engine&gt;!p:&lt;path to secret&gt;!k:&lt;key&gt;!b:&lt;is base64 encoded?&gt; </span></span></code></pre></div> </div> </div> <p>Keep in mind:</p> <ol> <li> <p>When you create or edit a Terraform Integration stage in the UI, you can select the profile <code>pixel-git</code> from a dropdown.</p> </li> <li> <p>When adding profiles:</p> <ul> <li> <p>You can add multiple profiles under the <code>profiles</code> section.</p> </li> <li> <p>As a best practice, do not commit plain text secrets to <code>spec.spinnakerConfig.profiles.terraformer</code>. Instead, use a <a href="/continuous-deployment/armory-admin/secrets/">secret store</a>: <a href="/continuous-deployment/armory-admin/secrets/secrets-vault/">Vault</a>, an <a href="/continuous-deployment/armory-admin/secrets/secrets-s3/">encrypted S3 bucket</a>, an <a href="/continuous-deployment/armory-admin/secrets/secrets-aws-sm/">AWS Secrets Manager</a>, or an <a href="/continuous-deployment/armory-admin/secrets/secrets-gcs/">encrypted GCS bucket</a>.</p> </li> <li> <p>For SSH keys, each profile supports only one option parameter at a time. This means that you can use a private key file (<code>sshPrivateKeyFilePath</code>) or the key (<code>sshPrivateKey</code>) as the option. To use the key file path, use <code>sshPrivateKeyFilePath</code> for the option and provide the path to the key file. You can also encrypt the path using a secret store such as Vault. The following <code>option</code> example uses <code>sshPrivateKeyFilePath</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span><span style="color:#ff79c6">sshPrivateKeyFilePath</span>: encryptedFile:&lt;secret_store&gt;!e:... </span></span></code></pre></div><p>For more information, see the documentation for your secret store.</p> </li> </ul> </li> </ol> <h3 id="add-authz-to-named-profiles">Add authz to Named Profiles</h3> <p>Armory recommends that you enable authorization for your Named Profiles to provide more granular control and give App Developers better guardrails. When you configure authz for Named Profiles, you need to explicitly grant permission to the roles you want to have access to the profile. Users who do not have permission to use a certain Named Profile do not see it as an option in the UI. Also, any stage that uses a Named Profile that a user is not authorized for fails.</p> <div class="alert alert-warning" role="alert"> <h4 class="alert-heading">Note</h4> Before you start, make sure you enable Fiat. For more information about Fiat, see <a href="/continuous-deployment/overview/fiat-permissions-overview/">Fiat Overview</a> and <a href="https://spinnaker.io/setup/security/authorization/">Authorization (RBAC)</a>. </div> <p>This example does the following:</p> <ul> <li>Grants access to the resources and accounts that you need, such as permissions to deploy to AWS via FIAT in Cloud</li> <li>Enables FIAT authz to work with Terraformer</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#ff79c6">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">spinnakerConfig</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">terraformer</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">profiles</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">fiat</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">baseUrl</span>: https://spin-fiat:7003 <span style="color:#6272a4"># ${services.fiat.baseUrl}</span> </span></span></code></pre></div><h3 id="types-of-credentials">Types of credentials</h3> <p>The Terraform integration supports multiple types of credentials for Named Profiles:</p> <ul> <li>AWS</li> <li>SSH</li> <li>Static</li> <li>Terraform remote backend</li> </ul> <p>If you’re not using AWS, you should configure one of the other credential types in your Named Profile.</p> <p><strong>AWS</strong></p> <p>Use the <code>aws</code> credential type to provide authentication to AWS. There are two methods you can use to provide authentication - by defining a static key pair or a role that should be assumed before a Terraform action is executed.</p> <p>For defining a static key pair, supply an <code>accessKeyId</code> and a <code>secretAccessKey</code>:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: devops <span style="color:#6272a4"># Unique name for the profile. Shows up in Deck.</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: aws <span style="color:#6272a4"># Type of credential</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">accessKeyId</span>: AKIAIOWQXTLW36DV7IEA </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">secretAccessKey</span>: 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 </span></span></code></pre></div><p>For assuming a role instead of defining a static set of credentials, supply the ARN of the role to assume:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: devops <span style="color:#6272a4"># Unique name for the profile. Shows up in Deck.</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: aws <span style="color:#6272a4"># Type of credential</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">assumeRole</span>: arn:aws:iam::012345567:role/roleAssume </span></span></code></pre></div><p><em>When assuming a role, if <code>accessKeyId</code> and <code>secretAccessKey</code> are supplied, the Terraform integration uses these credentials to assume the role. Otherwise, the environment gets used for authentication, such as a machine role or a shared credentials file.</em></p> <p><strong>SSH Key</strong></p> <p>Use the <code>git-ssh</code> credential kind to provide authentication to private Git repositories used as modules within your Terraform actions. The supplied SSH key will be available to Terraform for the duration of your execution, allowing it to fetch any modules it needs:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: pixel-git <span style="color:#6272a4"># Unique name for the profile. Shows up in Deck.</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: git-ssh <span style="color:#6272a4"># Type of credential</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">sshPrivateKey</span>: encrypted:vault!e:&lt;secret engine&gt;!p:&lt;path to secret&gt;!k:&lt;key&gt;!b:&lt;is base64 encoded?&gt; </span></span></code></pre></div><p><strong>Static</strong></p> <p>Use the <code>static</code> credential kind to provide any arbitrary key/value pair that isn&rsquo;t supported by any of the other credential kinds. For example, if you want all users of the <code>devops</code> profile to execute against the <code>AWS_REGION=us-west-2</code>, use the following <code>static</code> credential configuration.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: devops <span style="color:#6272a4"># Unique name for the profile. Shows up in Deck.</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: static <span style="color:#6272a4"># Type of credential</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">name</span>: AWS_REGION </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">value</span>: us-west-2 </span></span></code></pre></div><p><strong>Terraform remote backend</strong></p> <p>Use the <code>tfc</code> credential kind to provide authentication to remote Terraform backends.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span>- <span style="color:#ff79c6">name</span>: milton-tfc <span style="color:#6272a4"># Unique name for the profile. Shows up in Deck.</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">variables</span>: </span></span><span style="display:flex;"><span> - <span style="color:#ff79c6">kind</span>: tfc </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">options</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">domain</span>: app.terraform.io <span style="color:#6272a4"># or Terraform Enterprise URL</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">token</span>: &lt;authentication-token&gt; <span style="color:#6272a4"># Replace with your token</span> </span></span></code></pre></div><h2 id="remote-backends">Remote backends</h2> <p>The Terraform Integration feature supports using remote backends provided by Terraform Cloud and Terraform Enterprise.</p> <p>When using remote backends, keep the following in mind:</p> <ul> <li>The Terraform stage must use the same Terraform version that your Terraform Cloud/Enterprise workspace is configured to run.</li> <li>The minimum supported Terraform version is 0.12.0.</li> <li>In the Terraform Cloud/Enterprise UI, the type of <code>plan</code> action that the Terraform Integration stage performs is a &ldquo;speculative plan.&rdquo; For more information, see <a href="https://www.terraform.io/docs/cloud/run/index.html#speculative-plans">Speculative Plans</a> in the Terraform docs.</li> <li>You cannot save and apply a plan file.</li> </ul> <h4 id="enable-remote-backend-support">Enable remote backend support</h4> <p>You can use remote backends by configuring the Terraform Integration stage with the following parameters:</p> <ul> <li>A Terraform version that is 0.12.0 or later and matches the version that your Terraform Cloud/Enterprise runs.</li> <li>Reference a remote backend in your Terraform code.</li> </ul> <p>To enable support, add the following config to your <code>terraformer-local.yml</code> file in the <code>.hal/default/profiles</code> directory:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>terraform: </span></span><span style="display:flex;"><span> remoteBackendSupport: <span style="color:#8be9fd;font-style:italic">true</span> </span></span></code></pre></div><h2 id="retries">Retries</h2> <p>The Terraformer service can retry connections if it fails to fetch artifacts from Clouddriver. Configure the retry behavior in your <code>terraformer-local.yml</code> file by adding the following snippet:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#6272a4"># terraformer-local.yml</span> </span></span><span style="display:flex;"><span><span style="color:#ff79c6">clouddriver</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">retry</span>: </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">enabled</span>: <span style="color:#ff79c6">true</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">minWait</span>: 4s <span style="color:#6272a4"># must be a duration, such as 4s for 4 seconds</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">maxWait</span>: 8s <span style="color:#6272a4"># must be a duration, such as 8s for 8 seconds</span> </span></span><span style="display:flex;"><span> <span style="color:#ff79c6">maxRetries</span>: <span style="color:#bd93f9">5</span> </span></span></code></pre></div><p>The preceding example enables retries and sets the minimum wait between attempts to 4 seconds, the maximum wait between attempts to 8s, and the maximum number of retries to 5.</p> <h2 id="whats-next">What&rsquo;s next</h2> <ul> <li><a href="/plugins/terraform/use/">Use the Terraform Integration stage</a></li> </ul>