Usage
Installation
Dependencies
- Kubernetes Cluster
- Gitlab / Github token
- Terraform Cloud token
- NATS (installed by TFBuddy helm chart)
Helm
helm repo add tfbuddy https://zapier.github.io/tfbuddy/
For use with Github
export TFC_TOKEN="" \
GITHUB_TOKEN=""
helm install tfbuddy charts/tfbuddy \
--set secrets.env.TFC_TOKEN="${TFC_TOKEN}" \
--set secrets.env.GITHUB_TOKEN="${GITHUB_TOKEN}" \
--dependency-update
For use with Gitlab
export TFC_TOKEN="" \
GITLAB_TOKEN="" \
helm install tfbuddy charts/tfbuddy \
--set secrets.env.TFC_TOKEN="${TFC_TOKEN}" \
--set secrets.env.GITLAB_TOKEN="${GITLAB_TOKEN}" \
--dependency-update
The default helm values can be found here.
Configuration
Set the necessary environment variables for your setup.
env:
TFBUDDY_LOG_LEVEL: info
TFBUDDY_NATS_SERVICE_URL: nats://tfbuddy-nats:4222
TFBUDDY_PROJECT_ALLOW_LIST: tfc-project/
TFBUDDY_WORKSPACE_ALLOW_LIST: tfc-workspace
TFBUDDY_DEFAULT_TFC_ORGANIZATION: companyX
For sensitive environment variables use secrets.envs
which can contain a list of key/value pairs
secrets:
create: true
name: tfbuddy
# envs can be used for writing sensitive environment variables
# to the secret resource. These should be passed into the
# deployment as arguments.
# envs: []
An ingress resource is provided for setting external access.
ingress:
create: true
annotations:
kubernetes.io/ingress.class: nginx-external
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: tfbuddy.example.com
paths:
- path: /hooks/
pathType: Prefix
For nats
helm specific configurations go here
.tfbuddy.yaml
To use TF Buddy in a given repo, place a file named .tfbuddy.yaml
in its root, with contents similar to this:
workspaces:
# The actual name of the TFC workspace you want to control with TF Buddy
- name: team_name_prod
# The main directory (relative to this file) to monitor for changes
dir: terraform/production/
# Any additional directories (relative to this file) to monitor for changes
triggerDirs:
- terraform/production/**
# Additional configuration, with a separate TFC workspace and directories
- name: team_name_staging
dir: terraform/staging/
triggerDirs:
- terraform/staging/**/*.tf
- terraform/staging/{foo,bar}/**
- terraform/staging/**/[^0-9]*
TF Buddy uses doublestar for its path matching. In the example above, the following directories/files would be watched:
terraform/$ENV
- anything that is a direct child ofterraform/production
orterraform/staging
terraform/production/**
- anything that hasterraform/production
as an ancestorterraform/staging/**/*.tf
- any Terraform files that haveterraform/staging
as an ancestorterraform/staging/{foo,bar}/**
- anything that hasterraform/staging/foo
orterraform/staging/bar
as an ancestorterraform/staging/**/[^0-9]*
- anything that hasterraform/staging
as an ancestor and does not start with an integer