-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-terraform.yaml
149 lines (127 loc) · 5.07 KB
/
aws-terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
id: 5f9c2fcd-86d4-42c9-9a5a-2f4126f39b06
name: terraform
description: |-
Allow to manage terraform
source_url: "https://github.com/Qovery/lifecycle-templates/blob/main/aws-terraform.yaml"
cloud_provider:
name: AWS
events:
- name: start
entrypoint: null
command: ["start"]
- name: delete
entrypoint: null
command: ["delete"]
resources:
cpu_milli: 500
ram_mib: 512
max_duration_in_minutes: 30
variables:
- name: TF_VAR
is_secret: false
description: "The terraform tf_var content that will be used during the execution. Store secrets as separate environment variables and use the interpolation."
file:
path: "/data/terraform/terraform.tfvars"
enable_interpolation: true
default: |-
variable1="qovery-{{QOVERY_JOB_NAME}}"
dockerfile: |-
# The following Dockerfile has been designed to package and run your Terraform manifest with the following constraints:
# - TF version 1.8.5
# - use Kubernetes as backend
# - cloud provider agnostic: you will have to properly configure the authentication to manage your resources
# - we expect the TF_VARs to be declared within an environment variable named "TF_VAR" (of type file)
# All the points above can be customized in the corresponding line within this Dockerfile
# you can change the TF version here
FROM hashicorp/terraform:1.9
# downloading dependencies and initializing working dir
RUN <<EOF
set -e
apk update
apk add dumb-init
adduser -D app
mkdir /data
chown -R app:app /data
EOF
WORKDIR /data
USER app
# We create here an entrypoint script that will be executed during the run phase.
# A different command is defined to manage the lifecycle of your resources:
# - start --> run "terraform apply" + use "terraform output" to generate the output to be fetched by Qovery and injected later as environment variable for the other services within the same environment
# - stop --> nothing, customize it based on your needs
# - delete --> run "terraform destroy"
# other commands are available and can be customized in this Dockerfile
# these commands can be assigned as CMD ARGS to one of the Actions/Triggers of your lifecycle job.
RUN cat <<EOF > entrypoint.sh
#!/bin/sh
CMD=\$1; shift
set -e
cd terraform
############################################################
# BACKEND CONFIGURATION
############################################################
# We provide Kubernetes as default backend for your Terraform provider
# If you already have your own backend definition, remove the line below
echo '
terraform {
backend "kubernetes" {
in_cluster_config = true
}
}' > backend.tf
# This is the TF init command dedicated to the Kubernetes backend that we provide by default. Change it based on your own backend type, see the examples below.
terraform init -backend-config="secret_suffix=qovery-\${QOVERY_JOB_ID}" -backend-config="namespace=\${QOVERY_KUBERNETES_NAMESPACE_NAME}"
# example of initialization with other backend types
# S3: terraform init -backend-config="key=qovery-\${QOVERY_JOB_ID}" -backend-config="bucket=${TERRAFORM_BACKEND_BUCKET}" -backend-config="region=${AWS_REGION}"
############################################################
case "\$CMD" in
start)
# This is the command to manage the creation and update of a resource
echo 'start command invoked'
echo 'Running Terraform PLAN'
terraform plan -input=false -out=tf.plan -var-file=\$TF_VAR
echo 'Running Terraform APPLY with auto-approve'
terraform apply -input=false -auto-approve tf.plan
echo 'Writing the TF output and injecting it as Qovery environment variables for downstream usage.'
# The TF output is written in a specific file which is automatically retrieved by Qovery and injected as environment variable which can be used by any service within the same environment to access the resource.
terraform output -json > /qovery-output/qovery-output.json
;;
stop)
echo 'stop command invoked'
exit 0
;;
delete)
echo 'delete command invoked'
echo 'Running Terraform PLAN'
terraform plan -destroy -out=tf.plan -input=false -var-file=\$TF_VAR
echo 'Running Terraform DESTROY with auto-approve'
terraform apply -destroy -auto-approve -input=false tf.plan
;;
raw)
echo 'raw command invoked'
terraform "\$1" "\$2" "\$3" "\$4" "\$5" "\$6" "\$7" "\$8" "\$9"
;;
debug)
echo 'debug command invoked. sleeping for 9999999sec'
echo 'Use remote shell to connect and execute commands'
sleep 9999999999
exit 1
;;
*)
echo "Command not handled by entrypoint.sh: '\$CMD'"
exit 1
;;
esac
EOF
COPY --chown=app:app . terraform
# initialize terraform without the backend
RUN <<EOF
set -e
chmod +x entrypoint.sh
cd terraform
terraform init -backend=false
EOF
# These env vars shall be set as environment variables within the Qovery console
# TF_VAR should contains a terraform vars file to customize your job
ENV TF_VAR=must-be-set-as-env-var-file
ENTRYPOINT ["/usr/bin/dumb-init", "-v", "--", "/data/entrypoint.sh"]
CMD ["start"]