taskOptions
is an array of options that enable customizing any or all task pods. Multiple option sets can be created to customize each individual task. Some options are simply added to the pod spec intuitively. Others are used by the pod indirectly, like the pod’s ServiceAccount Role Policy. Finally there are options that change the task’s execution script.
Examples
Example #1:
taskOptions:
- for: ["init", "plan", "apply", "init-delete", "plan-delete", "apply-delete"]
script:
source: https://example.com/path/to/terraform-executor.sh
The above taskOptions
apply to the tasks called out in the for:
array. So for each of the tasks, the source
, which is the task’s run script, is modified to use https://example.com/path/to/terraform-executor.sh
.
Example #2:
taskOptions:
- for: ["preinit"]
annotations:
foo: bar
script:
source: https://example.com/my/preinit.sh
- for: ["plan"]
env:
- name: TF_LOG
value: DEBUG
This configuration sets the preinit task to execute the script from https://example.com/my/preinit.sh
and also adds an annotation to the preinit pod foo=bar
. A second configuration adds the environment variable TFO_LOG=DEBUG
to the plan pod.
Task Option Configuration Reference
When defining task options the user selects which tasks by name to apply the options too. This is done in the for
option.
Task selection option
Option | Description |
---|---|
for | A list of tasks that will accept the options. |
“Pod-like” options
These options are directly related with the Kubernetes Pod definition:
Option | Description |
---|---|
annotations | Key/value annotations that get added to the task pods's metadata annotations. |
labels | Key/value lablels that get added to the task pod's metadata labels. |
env | Environment variables, defined like the pod's container EnvVar, that are added to the task pod's main container. |
envFrom | Environment variables that get injected from a ConfigMap or Secret source. This is defined like a pod container's EnvFromSource. |
resources | Resource requests and limits for the pod. See Resource Requirements. |
RBAC Options
When the task needs more permissions, the following rbac options can be set to configure rbac:
Option | Description |
---|---|
policyRules | RBAC Role rules that will be added to all runner pods. (This option actually affects all tasks because they all currently share a ServiceAccount. Making a unique service account per task is a TODO item at the moment.) |
Task Execution Options
The main purpose of a task is to execute a script. There are several ways to change the task’s default execution. Only one of the three will be used. The order of precedence is:
inline
configMapSelector
script
Option | Description |
---|---|
script.inline | Define the script directly in the yaml. |
script.configMapSelector.name & script.configMapSelector.key | Select an existing ConfigMap name and data key that has the script as the value. |
script.source | An https endpoint that has the script to execute. Example: hello-world.sh |
Other Tasks
Aside from the built in tasks by name that ship with Terraform Operator, users may also want to add their own plugin-tasks into a workflow.
Plugins are actually (unmonitored) tasks and accept taskOptions
like any other task.
For example, given a plugin like the following:
plugins:
monitor:
image: "ghcr.io/galleybytes/monitor:latest"
imagePullPolicy: "IfNotPresent"
when: "After"
task: "setup"
the plugin is assigned the “monitor” task name. So the plugin pod can be defined further with taskOptions
:
taskOptions:
- for:
- "monitor"
env:
- name: CLUSTER_NAME
value: "kind-kind"
- name: DBHOST
value: "database"
- name: PGPASSWORD
value: "pass"
- name: PGUSER
value: "pg"
- name: PGDATABASE
value: "crud"
- name: PGPORT
value: "5432"
- name: ENV
value: "devlocal"
taskOptions
is an optional field in the Terraform spec.