Task Options

taskOptions is an optional field in the Terraform spec.

taskOptions is an array of options that enable customizing any or all task pods. Multiple option sets can be created to customize each individual task. Some options are simply added to the pod spec intuitively. Others are used by the pod indirectly, like the pod’s ServiceAccount Role Policy. Finally there are options that change the task’s execution script.

Examples

Example #1:

  taskOptions:
  - for: ["init", "plan", "apply", "init-delete", "plan-delete", "apply-delete"]
    script:
      source: https://example.com/path/to/terraform-executor.sh

The above taskOptions apply to the tasks called out in the for: array. So for each of the tasks, the source, which is the task’s run script, is modified to use https://example.com/path/to/terraform-executor.sh.

Example #2:

  taskOptions:
  - for: ["preinit"]
    annotations:
      foo: bar
    script:
      source: https://example.com/my/preinit.sh
  - for: ["plan"]
    env:
    - name: TF_LOG
      value: DEBUG

This configuration sets the preinit task to execute the script from https://example.com/my/preinit.sh and also adds an annotation to the preinit pod foo=bar. A second configuration adds the environment variable TFO_LOG=DEBUG to the plan pod.

Task Option Configuration Reference

When defining task options the user selects which tasks by name to apply the options too. This is done in the for option.

Task selection option

Option	Description
`for`	A list of tasks that will accept the options.

“Pod-like” options

These options are directly related with the Kubernetes Pod definition:

Option	Description
`annotations`	Key/value annotations that get added to the task pods's metadata annotations.
`labels`	Key/value lablels that get added to the task pod's metadata labels.
`env`	Environment variables, defined like the pod's container EnvVar, that are added to the task pod's main container.
`envFrom`	Environment variables that get injected from a ConfigMap or Secret source. This is defined like a pod container's EnvFromSource.
`resources`	Resource requests and limits for the pod. See Resource Requirements.

RBAC Options

When the task needs more permissions, the following rbac options can be set to configure rbac:

Option	Description
`policyRules`	RBAC Role rules that will be added to all runner pods. (This option actually affects all tasks because they all currently share a ServiceAccount. Making a unique service account per task is a TODO item at the moment.)

Task Execution Options

The main purpose of a task is to execute a script. There are several ways to change the task’s default execution. Only one of the three will be used. The order of precedence is:

inline
configMapSelector
script

Option	Description
`script.inline`	Define the script directly in the yaml.
`script.configMapSelector.name` & `script.configMapSelector.key`	Select an existing ConfigMap name and data key that has the script as the value.
`script.source`	An https endpoint that has the script to execute. Example: hello-world.sh

Other Tasks

Aside from the built in tasks by name that ship with Terraform Operator, users may also want to add their own plugin-tasks into a workflow.

Plugins are actually (unmonitored) tasks and accept taskOptions like any other task.

For example, given a plugin like the following:

  plugins:
    monitor:
        image: "ghcr.io/galleybytes/monitor:latest"
        imagePullPolicy: "IfNotPresent"
        when: "After"
        task: "setup"

the plugin is assigned the “monitor” task name. So the plugin pod can be defined further with taskOptions:

  taskOptions:
  - for:
    - "monitor"
    env:
    - name: CLUSTER_NAME
      value: "kind-kind"
    - name: DBHOST
      value: "database"
    - name: PGPASSWORD
      value: "pass"
    - name: PGUSER
      value: "pg"
    - name: PGDATABASE
      value: "crud"
    - name: PGPORT
      value: "5432"
    - name: ENV
      value: "devlocal"