Something went wrong on our end
-
Andrew Vella authoredSome products will start to use the 1Password terraform provider to automate the loading of external secrets into the product specific GCP secret manager. In turn, the 1Password terraform provider currently calls the 1Password CLI.
Andrew Vella authoredSome products will start to use the 1Password terraform provider to automate the loading of external secrets into the product specific GCP secret manager. In turn, the 1Password terraform provider currently calls the 1Password CLI.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
README.md 1.50 KiB
Terraform and Helm container
This builds a container from Google's Cloud SDK alpine image, adding terraform, op-cli, helm, and kubectl.
Google service account credentials for the terraform admin user should be mounted at /credentials.json.
It is recommended that you mount a volume at /terraform_data to hold the terraform data directory.
When running terraform init, modules will be fetched from git repos via
SSH. In order to allow this, the ssh-agent socket should be forwarded.
Additional wrappers
- The
with-kubeconfig.shwrapper script enables the use of terraform output (by defaultkubeconfig_contentbut overrided by TERRAFORM_KUBECONFIG_OUTPUT env) to set appropriate KUBECONFIG environment variable. - The
terraform-upgradewrapper script is intended to make it easier to upgrade terraform modules/providers and write provider dependency information into the dependency lock file.
Usage
$ docker run --rm -it \
-v ${SSH_AUTH_SOCK}:/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent \
-v terraform_gitlab_data:/terraform_data/ \
registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform:latest \
<terraform or additional wrapper command>Logan
This container can be used by logan
tool by specifying either of the following in the repo's .logan.yaml file:
image: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform`
image: uisautomation/logan-terraform