HashiDays One conference. Three cities. Find a city near you
Terraform
Terraform Home

Set up the HCP Terraform Operator for Kubernetes

The HCP Terraform Operator for Kubernetes' CustomResourceDefinitions (CRD) allow you to dynamically create HCP Terraform workspaces with Terraform modules, populate workspace variables, and provision infrastructure with Terraform runs.

You can install the operator with the official HashiCorp Helm chart.

Prerequisites

All HCP Terraform users can use the HCP Terraform Operator for Kubernetes. You can use the operator to manage the supported features that your organization's pricing tier enables.

Networking requirements

The HCP Terraform Operator for Kubernetes makes outbound requests over HTTPS (TCP port 443) to the HCP Terraform application APIs. This may require perimeter networking as well as container host networking changes, depending on your environment. Refer to HCP Terraform IP Ranges for more information about IP ranges. Below, we list the services that run on specific IP ranges.

HostnamePort/ProtocolDirectionalityPurpose
app.terraform.iotcp/443, HTTPSOutboundDynamically managing HCP Terraform workspaces and returning the output to Kubernetes with the HCP Terraform API

Compatibility

The HCP Terraform Operator for Kubernetes supports the following versions:

  • Helm 3.0.1 and above
  • Kubernetes 1.15 and above

Install and configure

  1. Generate an organization token within HCP Terraform and save it to a file. These instructions assume you are using a file named credentials.

  2. Set the NAMESPACE environment variable. This will be the namespace that you will install the Helm chart to.

    export NAMESPACE=tfc-operator-system

  3. Create the namespace.

    kubectl create namespace $NAMESPACE

  4. Create a Kubernetes Secret with the HCP Terraform API credentials.

    kubectl -n $NAMESPACE create secret generic terraformrc --from-file=credentials

  5. Add sensitive variables, such as your cloud provider credentials, to the namespace.

    kubectl -n $NAMESPACE create secret generic workspacesecrets --from-literal=secret_key=abc123

  6. Install the HCP Terraform Operator for Kubernetes with Helm.

    helm repo add hashicorp https://helm.releases.hashicorp.com
 
helm install --namespace ${RELEASE_NAMESPACE} hashicorp/terraform --generate-name

  7. To create a Terraform workspace, you can create a separate Helm chart to deploy the custom resource or refer to these examples.

Upgrade

When a new version of the HCP Terraform Operator for Kubernetes Helm Chart is available from the HashiCorp Helm repository, you can upgrade with the following command.

helm upgrade --namespace ${RELEASE_NAMESPACE} ${RELEASE_NAME} hashicorp/terraform
Edit this page on GitHub