Replies: 1 comment 2 replies
-
@saviogl first of all, thank you for starting a discussion here and being active on using the Operator :) The operator is just a Kubernetes controller, it watches the For your setup to work, you need the Reason for that is Terraform objects create Kubernetes jobs to execute the Terraform flow, if secrets & config maps are present where the job is, it wouldn't be an issue |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've deployed the operator in a different namespace (operations) from the actual Terraform resource (default). The idea was to manage centralized configuration like
git-ssh-key
andaws
provider secret close to the operator instead of having to deploy these in all the namespaces where we would be managing Terraform resources.This setup doesn't work as the
terraform-runner
Job can't reference the required resources:which live outside of its own namespace (default). This issue is expected as K8s doesn't allow cross-namespace secret reference, but it means that currently we'd have to deploy the operator in all targeted namespaces (if this is the case the operator should document this).
Did I miss some configuration to enable this setup? If not, is worth thinking through a way of achieving it?
If the
runner
runs within the operator namespace instead this setup could work. We could just use K8s Events and Status field on theTerraform
CRD to notify progressBeta Was this translation helpful? Give feedback.
All reactions