Terraform¶
This library leverages Terraform to manage deployments of Infrastructure as Code to different environments.
Steps¶
| Step | Description |
|---|---|
deploy_to(application_environment) |
performs a terraform apply |
Configuration¶
Working Directory¶
The working directory from which to run Terraform commands can be specified on the application environment pass to deploy_to or within the library configuration.
Pipeline Configuration
application_environments{
dev
prod{
terraform{
working_directory = "terraform-prod"
}
}
}
libraries{
terraform{
working_directory = "default-directory"
}
}
Pipeline Template
/*
because dev.terraform.working_directory is not set
the library will fallback to the library's configuration
and execute terraform commands within the "default" directory
*/
deploy_to dev
/*
because prod.terraform.working_directory is set to "terraform-prod"
the terraform commands will be executed within ./terraform-prod
*/
deploy_to prod
Note If the working directory isn't defined on either the library configuration or the application environment then the default value "." will be used.
Secrets¶
This library allows you to configure secrets as environment variables. This can be done in both the library configuration or application environments. There are two types of secrets currently supported: secret text and username/password credentials. These credentials must be stored are in the Jenkins credential store.
Library Secrets Syntax
libraries{
terraform{
secrets{
someTextCredential{
type = "text"
name = "VARIABLE_NAME"
id = "some-credential-id"
}
someUsernamePasswordCredential{
type = "usernamePassword"
usernameVar = "USER"
passwordVar = "PASS"
id = "some-credential-id"
}
}
}
}
The name of each credential block isn't important, and only used when describing configuration errors found by the step.
To pass secrets on a per application environment basis, define a app_env.terraform.secrets block:
Application Environments Secrets Syntax
application_environments{
prod{
terraform{
secrets{
someTextCredential{
type = "text"
name = "VARIABLE_NAME"
id = "some-credential-id"
}
someUsernamePasswordCredential{
type = "usernamePassword"
usernameVar = "USER"
passwordVar = "PASS"
id = "some-credential-id"
}
}
}
}
}
Important If the same secret block is defined on both the application environment and the library configuration, the application environment secret definition will be used.
Providers¶
The SDP Terraform Container Image can bundle custom providers, if necessary.
Sysdig Provider¶
The Sysdig Terraform Provider is bundled with the Terraform image.
To configure this provider, it is advisable to create secrets for SYSDIG_SECURE_API_TOKEN and SYSDIG_MONITOR_API_TOKEN.
These environment variables can be consumed by the provider to configure the required secrets.