HashiCorp has released v2 of their Terraform Cloud Operator for Kubernetes. The Operator enables managing Terraform Cloud workspaces through a single Kubernetes custom resource. The release adds support for multiple customer resources, setting the watch scope to specific namespaces, improved synchronization, and newly exposed metrics.
With the Terraform Cloud Operator for Kubernetes, it is possible to provision infrastructure, both internal and external to Kubernetes, directly from the Kubernetes control plane. As noted by John Houston, senior software engineer at HashiCorp, and Vishnu Ravindra, product manager at HashiCorp, "[p]latform teams can now provide application developers with Kubernetes-native workflows, while ensuring the use of approved Terraform modules."
With the version 2 release, there are now multiple custom resources, each with its own separate controllers for different Terraform Cloud resources. It is now possible to modify the number of worker threads assigned to each controller. By default, each controller has one worker, but more can be added to increase the number of custom resources the controller can handle concurrently.
The Operator can be used to manage Terraform Cloud agent pools and Terraform Cloud agent tokens via the AgentPool. Module is used to implement API-driven run workflows and Workspace can be used to manage Terraform Cloud workspaces. The following example creates an agent pool named agent-pool-development and generates a token named token-red:
---
apiVersion: app.terraform.io/v1alpha2
kind: AgentPool
metadata:
name: this
spec:
organization: kubernetes-operator
token:
secretKeyRef:
name: tfc-operator
key: token
name: agent-pool-development
agentTokens:
- name: token-red
agentDeployment:
replicas: 1
autoscaling:
targetWorkspaces:
- name: us-west-development
- id: ws-NUVHA9feCXzAmPHx
- wildcardName: eu-development-*
minReplicas: 1
maxReplicas: 3
When run, the token-red agent token is stored in the my-agent-pool-token-red Kubernetes secret. The autoscaling portion enables the operator to ensure at least one agent pod is running with a maximum of 3 based on resource needs. This assessment is done by monitoring the load of the workspaces listed under targetWorkspaces.
The Operator now manages a Terraform Cloud client for each Custom Resource. With this improvement, a single Operator deployment can be used across multiple Terraform Cloud organizations.
The release also exposes standard Prometheus format metrics for each controller available at the standard /metrics path over HTTPS port 8443. The Operator exports all metrics provided by the controller-runtime. A full list of exposed metrics can be found within the Kubebuilder documentation.
The release also adds a new --namespace option to focus the Operator's watch scope to specific namespaces. The new --sync-period option improves the synchronization between custom resources and Terraform Cloud.
The Terraform Cloud Operator for Kubernetes is available for users of Terraform Cloud. There is a migration guide available for users moving from version 1 to version 2. More details can be found in the release blog post or within the Terraform discussion forums. The Terraform Cloud Operator for Kubernetes is available on GitHub.