This is a custom Kubernetes controller designed to run in the Scipian namespace. It watches for changes on incoming Custom Resources and launches Jobs to create/update/destroy infrastructure using Terraform.
It is built with Kubebuilder 2.0, with full documentation found here.
The Scipian Terraform Controller expects a few things to be set up in the cluster it will run in:
- A
scipiannamespace - A secret named
scipian-aws-iam-credswith AWS IAM secret accesss key and access key ID asaws_access_key_idandaws_secret_access_keyrespectively. These creds are for Scipian's S3 bucket where it will access Terraform State, and should be for that AWS account. NOTE: These should be base64 encrypted. In order to avoid new line characters in the base64 encrypted string, use the following flags when encrypting:echo -n <aws_cred> | base64 -w 0. - An S3 bucket and corresponding DynamoDB table. Set these in
config/manager/manager.yamlin the ConfigMap section. NOTE: The DynamoDB table should have the same name as the S3 bucket, but with-lockingappended to it. make install- installs Custom Resource Definitions (CRDs) into the cluster
To run the project locally for developing:
- Using Direnv, set up your
.envrcfile withSCIPIAN_STATE_BUCKETandSCIPIAN_STATE_LOCKINGpointing to your desired s3 bucket and DynamoDB table respectively. go getmake installmake run(this will run against the cluster defined in$HOME/.kube/config)
To deploy the controller in a cluster:
make docker-buildmake docker-pushmake deploy
This project uses Ginkgo as a BDD testing framework. Make sure to have Ginkgo installed locally.