diff --git a/.goreleaser.yml b/.goreleaser.yml index 71bef97cd..101d482ea 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,4 +1,4 @@ -project_name: tf-controller +project_name: tofu-controller release: prerelease: "true" diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index 84172fe41..bf893350a 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -18,7 +18,7 @@ to merge them for you after reviews. ## Protobuf Setup -TF-controller requires a specific version of Protobuf compiler and its Go plugins. +Tofu-controller requires a specific version of Protobuf compiler and its Go plugins. * Protoc: version [3.19.4](https://github.com/protocolbuffers/protobuf/releases/download/v3.19.4/protoc-3.19.4-linux-x86_64.zip) * Go plugin: `go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1` @@ -103,7 +103,7 @@ Tilt will automatically detect code changes which will retrigger a build and red Set the name of the container image to be created from the source code. This will be used when building, pushing and referring to the image on YAML files: ```sh -export MANAGER_IMG=registry-path/tf-controller +export MANAGER_IMG=registry-path/tofu-controller ``` Build the container image, tagging it as `$MANAGER_IMG:latest`: @@ -122,7 +122,7 @@ make docker-push ### Deploying into a cluster -Deploy `tf-controller` into the cluster that is configured in the local kubeconfig file (i.e. `~/.kube/config`): +Deploy `tofu-controller` into the cluster that is configured in the local kubeconfig file (i.e. `~/.kube/config`): ```sh make deploy @@ -132,11 +132,11 @@ Running the above will also deploy `source-controller` and its CRDs to the clust ### Debug -`sudo dlv --listen=:2345 --headless=true --api-version=2 attach $(pgrep tf-controller)` +`sudo dlv --listen=:2345 --headless=true --api-version=2 attach $(pgrep tofu-controller)` ## Communications -For realtime communications we use Slack: To join the conversation, simply join the [Weave Users](https://weave-community.slack.com/) Slack workspace and use the [#tf-controller](https://weave-community.slack.com/messages/tf-controller/) channel. +For realtime communications we use Slack: To join the conversation, simply join the [Weave Users](https://weave-community.slack.com/) Slack workspace and use the [#tofu-controller](https://weave-community.slack.com/messages/tofu-controller/) channel. To discuss ideas and specifications we use [Github Discussions](https://github.com/flux-iac/tofu-controller/discussions). diff --git a/README.md b/README.md index 723eda680..49f9756aa 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ If you have a feature request to share or a bug to report, please file an issue. To get started check out this [guide](https://flux-iac.github.io/tofu-controller/getting_started/) on how to GitOps your Terraform resources with Tofu Controller and Flux. -Check out the [documentation](https://flux-iac.github.io/tofu-controller/) and [use cases](https://flux-iac.github.io/tofu-controller/use-tf-controller/). +Check out the [documentation](https://flux-iac.github.io/tofu-controller/) and [use cases](https://flux-iac.github.io/tofu-controller/use-tofu-controller/). ## Roadmap diff --git a/api/v1alpha2/terraform_types.go b/api/v1alpha2/terraform_types.go index 9998bda2b..42b84245e 100644 --- a/api/v1alpha2/terraform_types.go +++ b/api/v1alpha2/terraform_types.go @@ -24,7 +24,6 @@ import ( "time" "unicode/utf8" - "github.com/flux-iac/tofu-controller/api/planid" "github.com/fluxcd/pkg/apis/meta" sourcev1 "github.com/fluxcd/source-controller/api/v1" corev1 "k8s.io/api/core/v1" @@ -33,10 +32,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" + + "github.com/flux-iac/tofu-controller/api/planid" ) const ( - CACertSecretName = "tf-controller.tls" + CACertSecretName = "tofu-controller.tls" // RunnerTLSSecretName is the name of the secret containing a TLS cert that will be written to // the namespace in which a terraform runner is created RunnerTLSSecretName = "terraform-runner.tls" diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 905408e33..36ff8033d 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -23,8 +23,6 @@ import ( "github.com/flux-iac/tofu-controller/mtls" "github.com/flux-iac/tofu-controller/runner" - infrav1 "github.com/flux-iac/tofu-controller/api/v1alpha2" - "github.com/flux-iac/tofu-controller/controllers" "github.com/fluxcd/pkg/runtime/acl" "github.com/fluxcd/pkg/runtime/client" runtimeCtrl "github.com/fluxcd/pkg/runtime/controller" @@ -44,6 +42,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + infrav1 "github.com/flux-iac/tofu-controller/api/v1alpha2" + "github.com/flux-iac/tofu-controller/controllers" + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" @@ -52,7 +53,7 @@ import ( //+kubebuilder:scaffold:imports ) -const controllerName = "tf-controller" +const controllerName = "tofu-controller" var ( scheme = runtime.NewScheme() @@ -183,9 +184,9 @@ func main() { certsReady := make(chan struct{}) rotator := &mtls.CertRotator{ Ready: certsReady, - CAName: "tf-controller", - CAOrganization: "weaveworks", - DNSName: "tf-controller", + CAName: "tofu-controller", + CAOrganization: "flux-iac", + DNSName: "tofu-controller", CAValidityDuration: caValidityDuration, RotationCheckFrequency: rotationCheckFrequency, LookaheadInterval: 4 * rotationCheckFrequency, // we do 4 rotation checks ahead diff --git a/cmd/tfctl/logs.go b/cmd/tfctl/logs.go index 28ec14536..aec557803 100644 --- a/cmd/tfctl/logs.go +++ b/cmd/tfctl/logs.go @@ -190,7 +190,7 @@ func getPods(ctx context.Context, c *kubernetes.Clientset, ns string) ([]corev1. var ret []corev1.Pod opts := metav1.ListOptions{ - LabelSelector: fmt.Sprintf("%s=%s", "app.kubernetes.io/name", "tf-controller"), + LabelSelector: fmt.Sprintf("%s=%s", "app.kubernetes.io/name", "tofu-controller"), } deployList, err := c.AppsV1().Deployments(ns).List(ctx, opts) if err != nil { diff --git a/cmd/tfctl/main.go b/cmd/tfctl/main.go index b698a9c2a..dcd4509f0 100644 --- a/cmd/tfctl/main.go +++ b/cmd/tfctl/main.go @@ -5,10 +5,11 @@ import ( "os" "strings" - "github.com/flux-iac/tofu-controller/tfctl" "github.com/spf13/cobra" "github.com/spf13/viper" "k8s.io/cli-runtime/pkg/genericclioptions" + + "github.com/flux-iac/tofu-controller/tfctl" ) var ( @@ -75,13 +76,13 @@ func newRootCommand() *cobra.Command { func buildVersionCmd(app *tfctl.CLI) *cobra.Command { install := &cobra.Command{ Use: "version", - Short: "Prints tf-controller and tfctl version information", + Short: "Prints tofu-controller and tfctl version information", Args: cobra.ExactArgs(0), RunE: func(cmd *cobra.Command, args []string) error { return app.Version(os.Stdout) }, } - install.Flags().String("version", "", "The version of tf-controller to install.") + install.Flags().String("version", "", "The version of tofu-controller to install.") viper.BindPFlag("version", install.Flags().Lookup("version")) return install } @@ -100,15 +101,15 @@ var installExamples = ` func buildInstallCmd(app *tfctl.CLI) *cobra.Command { install := &cobra.Command{ Use: "install", - Short: "Install the tf-controller", - Long: "Install the tf-controller resources in the specified namespace", + Short: "Install the tofu-controller", + Long: "Install the tofu-controller resources in the specified namespace", Example: strings.Trim(installExamples, "\n"), Args: cobra.ExactArgs(0), RunE: func(cmd *cobra.Command, args []string) error { return app.Install(os.Stdout, viper.GetString("version"), viper.GetBool("export")) }, } - install.Flags().String("version", "", "The version of tf-controller to install.") + install.Flags().String("version", "", "The version of tofu-controller to install.") install.Flags().Bool("export", false, "Print installation manifests to stdout") viper.BindPFlags(install.Flags()) return install @@ -117,7 +118,7 @@ func buildInstallCmd(app *tfctl.CLI) *cobra.Command { func buildUninstallCmd(app *tfctl.CLI) *cobra.Command { return &cobra.Command{ Use: "uninstall", - Short: "Uninstall the tf-controller", + Short: "Uninstall the tofu-controller", Args: cobra.ExactArgs(0), RunE: func(cmd *cobra.Command, args []string) error { return app.Uninstall(os.Stdout) diff --git a/docs/adr/0002-deny-cross-ns-by-default.md b/docs/adr/0002-deny-cross-ns-by-default.md index fb065924c..ce5f99466 100644 --- a/docs/adr/0002-deny-cross-ns-by-default.md +++ b/docs/adr/0002-deny-cross-ns-by-default.md @@ -7,7 +7,7 @@ ## Context -Like [Flux](https://fluxcd.io/), the tf-controller API has a handful +Like [Flux](https://fluxcd.io/), the tofu-controller API has a handful of places where it accepts cross-namespace references. - `Terraform.spec.sourceRef` -- refers to the Flux source object with diff --git a/docs/adr/0003-workspace-blob-caching.md b/docs/adr/0003-workspace-blob-caching.md index 8259c1255..46ac96ecc 100644 --- a/docs/adr/0003-workspace-blob-caching.md +++ b/docs/adr/0003-workspace-blob-caching.md @@ -7,7 +7,7 @@ ## Context -The TF-Controller currently faces challenges related to the deletion of Terraform resources. +The Tofu-Controller currently faces challenges related to the deletion of Terraform resources. These problems span across three categories: 1. Single object deletion, @@ -17,21 +17,21 @@ These problems span across three categories: These problems must be fixed in the above order as (2) and (3) require single object deletion to be resolved first. Deleting a single TF object can sometimes be obstructed because it's tied to other resources like Source objects, Secrets, and ConfigMaps. If we try to remove it without deleting these resources, the TF object gets stuck in an inconsistent state, making it harder for users to manage their infrastructure smoothly. -Therefore, the TF-Controller is being enhanced to address this problem more efficiently, using the contents of generated Workspace BLOBs. Each BLOB contains all necessary information from the associated Source, Secrets, and ConfigMaps to ensure that TF-Controller finalization procedures can delete objects correctly. +Therefore, the Tofu-Controller is being enhanced to address this problem more efficiently, using the contents of generated Workspace BLOBs. Each BLOB contains all necessary information from the associated Source, Secrets, and ConfigMaps to ensure that Tofu-Controller finalization procedures can delete objects correctly. -Currently, the TF-Controller downloads a Source BLOB and pushes it to a tf-runner. The tf-runner processes this BLOB to create a Workspace file system. It generates a backend configuration file, variable files, and other necessary files for the Workspace file system, using data from associated Secrets and ConfigMaps. This newly created Workspace file system is then compressed, sent back to the TF-Controller, and stored as a Workspace BLOB in the controller's storage. +Currently, the Tofu-Controller downloads a Source BLOB and pushes it to a tf-runner. The tf-runner processes this BLOB to create a Workspace file system. It generates a backend configuration file, variable files, and other necessary files for the Workspace file system, using data from associated Secrets and ConfigMaps. This newly created Workspace file system is then compressed, sent back to the Tofu-Controller, and stored as a Workspace BLOB in the controller's storage. A caching mechanism for these BLOBs is essential to fixing the single TF object deletion process. ## Decision 1. **BLOB Creation and Storage** - * A gRPC function named `CreateWorkspaceBlob` will be invoked by the TF-Controller + * A gRPC function named `CreateWorkspaceBlob` will be invoked by the Tofu-Controller to tell tf-runner to compress the Workspace file system into a tar.gz BLOB, which is then retrieved back to the controller. * The caching mechanism will be executed right before the Terraform Initialization step, ensuring that the latest and most relevant data is used. - * Each Workspace Blob will be cached on the TF-Controller's local disk, using the UUID of the Terraform object as the filename,`${uuid}.tar.gz`. + * Each Workspace Blob will be cached on the Tofu-Controller's local disk, using the UUID of the Terraform object as the filename,`${uuid}.tar.gz`. * To reduce the risk of unauthorized access to the cache entries, and cache collisions, the cache file will be deleted after the finalization process is complete. 2. **Persistence** - * [The persistence mechanism used by the Source Controller](https://fluxcd.io/flux/installation/configuration/vertical-scaling/#persistent-storage-for-flux-internal-artifacts) will be adopted for the TF-Controller's persistence volume. + * [The persistence mechanism used by the Source Controller](https://fluxcd.io/flux/installation/configuration/vertical-scaling/#persistent-storage-for-flux-internal-artifacts) will be adopted for the Tofu-Controller's persistence volume. 3. **BLOB Encryption** * The encryption and decryption of the BLOBs will be tasked to the runner, with the controller solely responsible for storing encrypted BLOBs. * Each namespace will require a service account, preferably named "tf-runner". diff --git a/docs/branch-planner/branch-planner-getting-started.md b/docs/branch-planner/branch-planner-getting-started.md index 6e7e3bf89..a035c483e 100644 --- a/docs/branch-planner/branch-planner-getting-started.md +++ b/docs/branch-planner/branch-planner-getting-started.md @@ -36,13 +36,13 @@ kubectl create secret generic branch-planner-token \ --from-literal="token=${GITHUB_TOKEN}" ``` -4. Install Branch Planner from a HelmRelease provided by the TF-Controller repository. Use TF-Controller v0.16.0-rc.2 or later. +4. Install Branch Planner from a HelmRelease provided by the Tofu-Controller repository. Use Tofu-Controller v0.16.0-rc.2 or later. ``` kubectl apply -f https://raw.githubusercontent.com/weaveworks/tf-controller/fa4b3b85d316340d897fda4fed757265ba2cd30e/docs/branch_planner/release.yaml ``` -5. Create a Terraform object with a Source pointing to a repository. Your repository must contain a Terraform file—for example, `main.tf`. Check out [this demo](https://github.com/tf-controller/branch-planner-demo) for an example. +5. Create a Terraform object with a Source pointing to a repository. Your repository must contain a Terraform file—for example, `main.tf`. Check out [this demo](https://github.com/flux-iac/branch-planner-demo) for an example. ```bash export GITHUB_USER= @@ -85,7 +85,7 @@ Branch Planner uses a ConfigMap as configuration. The ConfigMap is optional but ### Configuration -By default, Branch Planner will look for the `branch-planner` ConfigMap in the same namespace as where the TF-Controller is installed. +By default, Branch Planner will look for the `branch-planner` ConfigMap in the same namespace as where the Tofu-Controller is installed. That ConfigMap allows users to specify which Terraform resources in a cluster the Brach Planner should monitor. The ConfigMap has two fields: diff --git a/docs/branch-planner/branch-planner-tfc-integration-getting-started.md b/docs/branch-planner/branch-planner-tfc-integration-getting-started.md index ea1ec1524..416b0c1d2 100644 --- a/docs/branch-planner/branch-planner-tfc-integration-getting-started.md +++ b/docs/branch-planner/branch-planner-tfc-integration-getting-started.md @@ -1,6 +1,6 @@ ## Branch Planner and Terraform Cloud Integration: Getting Started -With Branch Planner, you can provision the `main` branch directly on Terraform Cloud. TF-Controller communicates with Terraform Cloud to run the necessary plans and apply your approved code. The state is securely stored on Terraform Cloud. +With Branch Planner, you can provision the `main` branch directly on Terraform Cloud. Tofu-Controller communicates with Terraform Cloud to run the necessary plans and apply your approved code. The state is securely stored on Terraform Cloud. **Note:** For now, Branch Planner only supports GitHub as the Git provider. We plan to add other Git providers in time. @@ -36,7 +36,7 @@ metadata: namespace: flux-system spec: interval: 30s - url: https://github.com/tf-controller/branch-planner-demo + url: https://github.com/flux-iac/branch-planner-demo ref: branch: main --- @@ -49,7 +49,7 @@ spec: interval: 2m approvePlan: auto cloud: - organization: weaveworks + organization: flux-iac workspaces: name: branch-planner-tfc cliConfigSecretRef: @@ -68,7 +68,7 @@ spec: ### Step 3: Edit File, Create a Branch, and Open a Pull Request 1. **Navigate to Your Repository:** Open a web browser and visit your GitHub repository. -For our example, navigate [here](https://github.com/tf-controller/branch-planner-demo). +For our example, navigate [here](https://github.com/flux-iac/branch-planner-demo). 2. **Locate the File to Edit:** Browse through the repository's file structure and click on the Terraform configuration file you wish to edit. @@ -104,7 +104,7 @@ This enables you and your team to review the expected changes before they're app 2. **Iterate on Changes if Necessary**: - If you spot any discrepancies or wish to make further adjustments, click on the file in the `Files changed` section. - - After making the desired edits, commit the changes to the same branch. This will automatically prompt TF-Controller and Branch Planner to generate a new plan. + - After making the desired edits, commit the changes to the same branch. This will automatically prompt Tofu-Controller and Branch Planner to generate a new plan. - If, for any reason, the automatic replan doesn't occur or you believe there might be an inconsistency, you can manually trigger a new plan by commenting `!replan` on the PR. Branch Planner will then process the request and display the new plan results. 3. **Approve the Changes**: @@ -116,4 +116,4 @@ This enables you and your team to review the expected changes before they're app - With the changes approved, click on the `Merge pull request` button. - Choose your desired merge strategy from the options provided, such as "Squash and merge" or "Rebase and merge". - Click `Confirm merge`. - - Following the merge, TF-Controller will take over. It will send the updated Terraform configuration to Terraform Cloud, where the changes will be planned and then applied. The resulting infrastructure state will be securely stored within your Terraform Cloud workspace. + - Following the merge, Tofu-Controller will take over. It will send the updated Terraform configuration to Terraform Cloud, where the changes will be planned and then applied. The resulting infrastructure state will be securely stored within your Terraform Cloud workspace. diff --git a/docs/branch-planner/index.md b/docs/branch-planner/index.md index e310f0d33..a97b9863e 100644 --- a/docs/branch-planner/index.md +++ b/docs/branch-planner/index.md @@ -1,8 +1,8 @@ # Branch Planner Overview -The GitOps methodology streamlines infrastructure provisioning and management, using Git as the source of truth. The Branch Planner, a component of TF-Controller, aims to take this a step further by allowing developers and operations teams to plan Terraform configurations on a branch that's separate from the `main` branch. This makes it easier to review and understand the potential impact of your changes before you run `terraform apply`. +The GitOps methodology streamlines infrastructure provisioning and management, using Git as the source of truth. The Branch Planner, a component of Tofu-Controller, aims to take this a step further by allowing developers and operations teams to plan Terraform configurations on a branch that's separate from the `main` branch. This makes it easier to review and understand the potential impact of your changes before you run `terraform apply`. -The Branch Planner's most important feature is its seamless integration with the PR (Pull Request) user interface. When enabled through Helm values, it watches repositories that contain Terraform resources at regular intervals—checking their referenced Source, and polling for Pull Requests using GitHub's API and the provided token. When changes are proposed on a new branch, Branch Planner runs a plan in the cluster and displays the results directly as comments on your PR. Once you're satisfied with the results, you can merge your branch into the `main` branch to trigger the TF-Controller to reconcile the updated code. +The Branch Planner's most important feature is its seamless integration with the PR (Pull Request) user interface. When enabled through Helm values, it watches repositories that contain Terraform resources at regular intervals—checking their referenced Source, and polling for Pull Requests using GitHub's API and the provided token. When changes are proposed on a new branch, Branch Planner runs a plan in the cluster and displays the results directly as comments on your PR. Once you're satisfied with the results, you can merge your branch into the `main` branch to trigger the Tofu-Controller to reconcile the updated code. ![branch planner](branch-planner.png) diff --git a/docs/branch-planner/rc.yaml b/docs/branch-planner/rc.yaml index e4723c99a..797281407 100644 --- a/docs/branch-planner/rc.yaml +++ b/docs/branch-planner/rc.yaml @@ -2,28 +2,28 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: interval: 1h0s type: oci - url: oci://ghcr.io/weaveworks/charts + url: oci://ghcr.io/flux-iac/charts --- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: chart: spec: - chart: tf-controller + chart: tofu-controller sourceRef: kind: HelmRepository - name: tf-controller + name: tofu-controller version: '>=0.16.0-rc.3' interval: 1h0s - releaseName: tf-controller + releaseName: tofu-controller targetNamespace: flux-system install: crds: Create diff --git a/docs/branch-planner/release.yaml b/docs/branch-planner/release.yaml index d155d3e57..b25fbe212 100644 --- a/docs/branch-planner/release.yaml +++ b/docs/branch-planner/release.yaml @@ -2,28 +2,28 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: interval: 1h0s type: oci - url: oci://ghcr.io/weaveworks/charts + url: oci://ghcr.io/flux-iac/charts --- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: chart: spec: - chart: tf-controller + chart: tofu-controller sourceRef: kind: HelmRepository - name: tf-controller + name: tofu-controller version: '>=0.16.0-rc.4' interval: 1h0s - releaseName: tf-controller + releaseName: tofu-controller targetNamespace: flux-system install: crds: Create diff --git a/docs/getting_started.md b/docs/getting_started.md index 66467e859..6a0cc2971 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -6,22 +6,22 @@ Here are the requirements you need to set up before you start: 1. For Terraform Controller **v0.15+**, it requires **Flux v2.0** or later (not only the CLI, but also the controllers on the cluster). If you are not sure about the Flux version on your cluster, please re-bootstrap your cluster. 2. For Terraform Controller v0.13 and v0.14, Flux 2 v0.32 - v0.41 (of course, not only the CLI, but also the controllers on the cluster). - 3. TF-controller uses **the Controller/Runner architecture**. The Controller acts as a client, and talks to each Runner's Pod via gRPC. Please make sure + 3. tofu-controller uses **the Controller/Runner architecture**. The Controller acts as a client, and talks to each Runner's Pod via gRPC. Please make sure 1. **Each Runner's Pod in each Namespace** is allowed to open, and serve at **port 30000** (the gRPC port of a Runner), and the Controller can connect to it. 2. **The Controller** needs to download tar.gz BLOBs from the **Source controller** via **port 80**. 3. **The Controller** needs to post the events to the **Notification controller** via **port 80**. ## Installation -Before using TF-controller, you have to install Flux by using either `flux install` or `flux bootstrap` command. -Please note that TF-controller now requires **Flux v2.0** or later, so please make sure you have the latest version of Flux. -After that you can install TF-controller with Flux HelmRelease by: +Before using tofu-controller, you have to install Flux by using either `flux install` or `flux bootstrap` command. +Please note that tofu-controller now requires **Flux v2.0** or later, so please make sure you have the latest version of Flux. +After that you can install tofu-controller with Flux HelmRelease by: ```shell kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/release.yaml ``` -For the most recent release candidate of TF-controller, please use [rc.yaml](https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/rc.yaml). +For the most recent release candidate of tofu-controller, please use [rc.yaml](https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/rc.yaml). ```shell kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/rc.yaml @@ -30,9 +30,9 @@ kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main ### Installation on GKE As of September 2023, GKE Autopilot clusters will use Cloud DNS for internal DNS resolution. -This means that the default DNS resolution method used by TF-controller will not work. -To use TF-controller on GKE Autopilot, you must set flag `--use-pod-subdomain-resolution=true` on the TF-controller deployment. -This flag can be set by adding the following to the TF-controller HelmRelease: +This means that the default DNS resolution method used by tofu-controller will not work. +To use tofu-controller on GKE Autopilot, you must set flag `--use-pod-subdomain-resolution=true` on the tofu-controller deployment. +This flag can be set by adding the following to the tofu-controller HelmRelease: ```yaml spec: @@ -44,11 +44,11 @@ spec: - dev-team ``` -Enabling this value will cause TF-controller to use the Pod's subdomain for DNS resolution instead of the default Pod resolution method. +Enabling this value will cause tofu-controller to use the Pod's subdomain for DNS resolution instead of the default Pod resolution method. Pod's subdomain resolution requires a Service to be created for the Pod. The HelmRelease above will create a Service named `tf-runner` in each namespace specified by the `runner.allowedNamespaces` value. -We have provided a HelmRelease to install TF-controller on GKE Autopilot with Pod's subdomain resolution enabled here. +We have provided a HelmRelease to install tofu-controller on GKE Autopilot with Pod's subdomain resolution enabled here. ```shell kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/rc-gke.yaml @@ -62,7 +62,7 @@ Tested with GKE Autopilot v1.27.3-gke.100. kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/branch-planner/release.yaml ``` -For the most recent release candidate of TF-controller with Branch Planner, please use [branch-planner/rc.yaml](https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/branch-planner/rc.yaml). +For the most recent release candidate of tofu-controller with Branch Planner, please use [branch-planner/rc.yaml](https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/branch-planner/rc.yaml). ```shell kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/branch-planner/rc.yaml @@ -76,29 +76,29 @@ For more details about the Branch Planner, please visit the With Helm by: ```shell -# Add tf-controller helm repository -helm repo add tf-controller https://flux-iac.github.io/tofu-controller +# Add tofu-controller helm repository +helm repo add tofu-controller https://flux-iac.github.io/tofu-controller -# Install tf-controller -helm upgrade -i tf-controller tf-controller/tf-controller \ +# Install tofu-controller +helm upgrade -i tofu-controller flux-iac/tofu-controller \ --namespace flux-system ``` -For details on configurable parameters of the TF-controller chart, -please see [chart readme](https://github.com/flux-iac/tofu-controller/tree/main/charts/tf-controller#tf-controller-for-flux). +For details on configurable parameters of the tofu-controller chart, +please see [chart readme](https://github.com/flux-iac/tofu-controller/tree/main/charts/tofu-controller#tofu-controller-for-flux). -Alternatively, you can install TF-controller via `kubectl`: +Alternatively, you can install tofu-controller via `kubectl`: ```shell -export TF_CON_VER=v0.15.1 -kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tf-controller.crds.yaml -kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tf-controller.rbac.yaml -kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tf-controller.deployment.yaml +export TF_CON_VER=v0.16.0-rc.4 +kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tofu-controller.crds.yaml +kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tofu-controller.rbac.yaml +kubectl apply -f https://github.com/flux-iac/tofu-controller/releases/download/${TF_CON_VER}/tofu-controller.deployment.yaml ``` ## Quick start -Here's a simple example of how to GitOps your Terraform resources with TF-controller and Flux. +Here's a simple example of how to GitOps your Terraform resources with tofu-controller and Flux. ### Define source @@ -112,7 +112,7 @@ metadata: namespace: flux-system spec: interval: 30s - url: https://github.com/tf-controller/helloworld + url: https://github.com/flux-iac/helloworld ref: branch: main ``` @@ -138,8 +138,8 @@ spec: namespace: flux-system ``` -For a full list of features and how to use them, please follow the [Use TF-controller](use-tf-controller/index.md) guide. +For a full list of features and how to use them, please follow the [Use tofu-controller](use-tofu-controller/index.md) guide. ## Other Examples - * A Terraform GitOps with Flux to automatically reconcile your [AWS IAM Policies](https://github.com/tf-controller/aws-iam-policies). - * GitOps an existing EKS cluster, by partially import its nodegroup and manage it with TF-controller: [An EKS scaling example](https://github.com/tf-controller/eks-scaling). + * A Terraform GitOps with Flux to automatically reconcile your [AWS IAM Policies](https://github.com/flux-iac/aws-iam-policies). + * GitOps an existing EKS cluster, by partially import its nodegroup and manage it with tofu-controller: [An EKS scaling example](https://github.com/flux-iac/eks-scaling). diff --git a/docs/index.md b/docs/index.md index 6acecc666..263adf755 100644 --- a/docs/index.md +++ b/docs/index.md @@ -2,18 +2,18 @@ ~> **BREAKING NEWS:** The **Technology Preview** of the Branch Planner is now available! [Learn more](./branch-planner/index.md) or Get started with the [Branch Planner](./branch-planner/branch-planner-getting-started.md). -TF-controller is a reliable controller for [Flux](https://fluxcd.io) to reconcile Terraform resources +Tofu-controller is a reliable controller for [Flux](https://fluxcd.io) to reconcile Terraform resources in the GitOps way. -With the power of Flux together with Terraform, TF-controller allows you to GitOps-ify infrastructure, +With the power of Flux together with Terraform, tofu-controller allows you to GitOps-ify infrastructure, and application resources, in the Kubernetes and Terraform universe, at your own pace. "At your own pace" means you don't need to GitOps-ify everything at once. -A high-level diagram of how TF-controller works is shown below: +A high-level diagram of how tofu-controller works is shown below: -![TF-controller basic architecture](tf-controller-basic-architecture.png) +![tofu-controller basic architecture](tofu-controller-basic-architecture.png) -TF-controller offers many GitOps models: +Tofu-controller offers many GitOps models: 1. **GitOps Automation Model:** GitOps your Terraform resources from the provision steps to the enforcement steps, like a whole EKS cluster. 2. **Hybrid GitOps Automation Model:** GitOps parts of your existing infrastructure resources. For example, you have an existing EKS cluster. @@ -25,12 +25,12 @@ To get started, follow the [getting started](./getting_started.md) guide. ## Features - * **Multi-Tenancy**: TF-controller supports multi-tenancy by running Terraform `plan` and `apply` inside Runner Pods. + * **Multi-Tenancy**: tofu-controller supports multi-tenancy by running Terraform `plan` and `apply` inside Runner Pods. When specifying `.metadata.namespace` and `.spec.serviceAccountName`, the Runner Pod uses the specified ServiceAccount and runs inside the specified Namespace. These settings enable the soft multi-tenancy model, which can be used within the Flux multi-tenancy setup. _This feature is available since v0.9.0._ * **GitOps Automation for Terraform**: With setting `.spec.approvePlan=auto`, it allows a `Terraform` object - to be reconciled and act as the representation of your Terraform resources. The TF-controller uses the spec of + to be reconciled and act as the representation of your Terraform resources. The tofu-controller uses the spec of the `Terraform` object to perform `plan`, `apply` its associated Terraform resources. It then stores the `TFSTATE` of the applied resources as a `Secret` inside the Kubernetes cluster. After `.spec.interval` passes, the controller performs drift detection to check if there is a drift occurred between your live system, @@ -45,7 +45,7 @@ To get started, follow the [getting started](./getting_started.md) guide. * **Plan and Manual Approve**: This feature allows you to separate the `plan`, out of the `apply` step, just like the Terraform workflow you are familiar with. A good thing about this is that it is done in a GitOps way. When a plan is generated, the controller shows you a message like **'set approvePlan: "plan-main-123" to apply this plan.'**. - You make change to the field `.spec.approvePlan`, commit and push to tell the TF-controller to apply the plan for you. + You make change to the field `.spec.approvePlan`, commit and push to tell the tofu-controller to apply the plan for you. With this GitOps workflow, you can optionally create and push this change to a new branch for your team member to review and approve too. _This feature is available since v0.6.0._ * **First-class YAML-based Terraform**: The `Terraform` object in v0.13.0+ allows you to better configure your diff --git a/docs/rc-gke.yaml b/docs/rc-gke.yaml index cc03de485..2aaa0498b 100644 --- a/docs/rc-gke.yaml +++ b/docs/rc-gke.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: interval: 1h0s @@ -12,18 +12,18 @@ spec: apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: chart: spec: - chart: tf-controller + chart: tofu-controller sourceRef: kind: HelmRepository - name: tf-controller + name: tofu-controller version: '0.16.0-rc.4' interval: 1h0s - releaseName: tf-controller + releaseName: tofu-controller targetNamespace: flux-system install: crds: Create diff --git a/docs/rc.yaml b/docs/rc.yaml index d16b46ac5..984637dbd 100644 --- a/docs/rc.yaml +++ b/docs/rc.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: interval: 1h0s @@ -12,18 +12,18 @@ spec: apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: chart: spec: - chart: tf-controller + chart: tofu-controller sourceRef: kind: HelmRepository - name: tf-controller + name: tofu-controller version: '0.16.0-rc.4' interval: 1h0s - releaseName: tf-controller + releaseName: tofu-controller targetNamespace: flux-system install: crds: Create diff --git a/docs/release.yaml b/docs/release.yaml index 053faa891..15fb8f692 100644 --- a/docs/release.yaml +++ b/docs/release.yaml @@ -2,7 +2,7 @@ apiVersion: source.toolkit.fluxcd.io/v1beta2 kind: HelmRepository metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: interval: 1h0s @@ -12,18 +12,18 @@ spec: apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: tf-controller + name: tofu-controller namespace: flux-system spec: chart: spec: - chart: tf-controller + chart: tofu-controller sourceRef: kind: HelmRepository - name: tf-controller + name: tofu-controller version: '0.16.0-rc.4' interval: 1h0s - releaseName: tf-controller + releaseName: tofu-controller targetNamespace: flux-system install: crds: Create diff --git a/docs/tfctl.md b/docs/tfctl.md index 4cf560a05..45e6c1d97 100644 --- a/docs/tfctl.md +++ b/docs/tfctl.md @@ -1,6 +1,6 @@ # tfctl -`tfctl` is a command-line utility to help with tf-controller operations. +`tfctl` is a command-line utility to help with tofu-controller operations. ## Installation @@ -22,13 +22,13 @@ Available Commands: delete Delete a Terraform resource get Get Terraform resources help Help about any command - install Install the tf-controller + install Install the tofu-controller plan Plan a Terraform configuration reconcile Trigger a reconcile of the provided resource resume Resume reconciliation for the provided resource suspend Suspend reconciliation for the provided resource - uninstall Uninstall the tf-controller - version Prints tf-controller and tfctl version information + uninstall Uninstall the tofu-controller + version Prints tofu-controller and tfctl version information Flags: -h, --help help for tfctl diff --git a/docs/tf-controller-basic-architecture.png b/docs/tofu-controller-basic-architecture.png similarity index 100% rename from docs/tf-controller-basic-architecture.png rename to docs/tofu-controller-basic-architecture.png diff --git a/docs/use-tf-controller/index.md b/docs/use-tf-controller/index.md deleted file mode 100644 index 119985dfd..000000000 --- a/docs/use-tf-controller/index.md +++ /dev/null @@ -1,33 +0,0 @@ -# Use TF-controller - - - [Use TF-controller to provision resources and **auto approve**](provision-resources-and-auto-approve.md) - - [Use TF-controller to **plan and manually apply** Terraform resources](plan-and-manually-apply-terraform-resources.md) - - [Use TF-controller to provision resources and **obtain outputs**](provision-resources-obtain-outputs.md) - - [Use TF-controller to **detect drifts only** without plan or apply](detect-drifts-only-without-plan-or-apply.md) - - [Use TF-controller with **drift detection disabled**](with-drift-detection-disabled.md) - - [Use TF-controller with **AWS EKS IRSA**](with-aws-eks-irsa.md) - - [Use TF-controller to **set variables** for Terraform resources](set-variables-for-terraform-resources.md) - - [Use TF-controller with a **custom backend**](with-a-custom-backend.md) - - [Use TF-controller with an **OCI Artifact as Source**](with-an-oci-artifact-as-source.md) - - [Use TF-controller to provision Terraform resources that are required **health checks**](provision-Terraform-resources-that-are-required-health-checks.md) - - [Use TF-controller to provision resources and **destroy them when the Terraform object gets deleted**](provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md) - - [Use TF-controller to **force unlock** Terraform states](force-unlock-terraform-states.md) - - [Use TF-controller with Terraform Runners enabled via Env Variables](with-tf-runner-logging.md) - - [Use TF-controller to provision resources with **customized Runner Pods**](provision-resources-with-customized-runner-pods.md) - - [Use TF-controller with **Terraform Enterprise**](integration-with-terraform-enterprise-or-cloud.md) - - [Use TF-controller with **Terraform Private Registries**](integration-with-terraform-private-registries.md) - - [Use TF-controller with **primitive modules**](with-primitive-modules.md) - - [Use TF-controller with **GitOps dependency management**](with-gitops-dependency-management.md) - - [Use TF-controller with **the ready-to-use AWS package**](with-the-ready-to-use-aws-package.md) - - [User TF-controller with **plan-only mode**](with-plan-only-mode.md) - - [Use TF-controller with **external webhooks**](with-external-webhooks.md) - - [Use TF-controller with Terraform Runners **exposed via hostname/subdomain**](with-tf-runner-exposed-using-hostname-subdomain.md) - - [How to **backup and restore** a Terraform state](backup-and-restore-a-Terraform-state.md) - - [How to **build and use** a custom runner image](build-and-use-a-custom-runner-image.md) - - [How to integrate with Flux Receivers and Alerts?](flux-receiver-and-alert.md) - - [How does the interval and retryInterval work?](interval-and-retryInterval.md) - - [How does the resource deletion work?](resource-deletion.md) - - [How to troubleshoot with **Break the Glass** mode](troubleshooting-with-break-the-glass-mode.md) - - [How to enable cross-namespace references](use-cross-namespace-refs.md) - - [How to run TF-controller in Azure Kubernetes Service](with-azure.md) - - [How to upgrade TF-controller to a newer version](upgrade-tf-controller.md) \ No newline at end of file diff --git a/docs/use-tf-controller/backup-and-restore-a-Terraform-state.md b/docs/use-tofu-controller/backup-and-restore-a-Terraform-state.md similarity index 100% rename from docs/use-tf-controller/backup-and-restore-a-Terraform-state.md rename to docs/use-tofu-controller/backup-and-restore-a-Terraform-state.md diff --git a/docs/use-tf-controller/build-and-use-a-custom-runner-image.md b/docs/use-tofu-controller/build-and-use-a-custom-runner-image.md similarity index 81% rename from docs/use-tf-controller/build-and-use-a-custom-runner-image.md rename to docs/use-tofu-controller/build-and-use-a-custom-runner-image.md index aca8e88dd..99a8bfc15 100644 --- a/docs/use-tf-controller/build-and-use-a-custom-runner-image.md +++ b/docs/use-tofu-controller/build-and-use-a-custom-runner-image.md @@ -49,7 +49,7 @@ docker push $REMOTE_REPO:${TF_CONTROLLER_VERSION} Replace the relevant values above with the corresponding values in your organisation/implementation. -3. Update the `values.runner.image` values in the TF-Controller Helm chart values to point to the new image: +3. Update the `values.runner.image` values in the tofu-controller Helm chart values to point to the new image: ```yaml values: @@ -62,7 +62,7 @@ values: 4. Commit and push the changes to Git. Confirm that the HelmRelease has been updated: ```bash -kubectl get deployments.apps -n flux-system tf-controller -o jsonpath='{.spec.template.spec.containers[*]}' | jq '.env[] | select(.name == "RUNNER_POD_IMAGE")' +kubectl get deployments.apps -n flux-system tofu-controller -o jsonpath='{.spec.template.spec.containers[*]}' | jq '.env[] | select(.name == "RUNNER_POD_IMAGE")' { "name": "RUNNER_POD_IMAGE", "value": "ghcr.io/my-org/custom-runner:v0.16.0-rc3" @@ -71,4 +71,4 @@ kubectl get deployments.apps -n flux-system tf-controller -o jsonpath='{.spec.te ### References -A [set of GitHub actions in the TF-Controller community repo](https://github.com/tf-controller/tf-runner-images/blob/main/.github/workflows/release-runner-images.yaml) facilitates a process similar to the above, but uses GitHub Actions to build and push the image. +A [set of GitHub actions in the tofu-controller community repo](https://github.com/flux-iac/tf-runner-images/blob/main/.github/workflows/release-runner-images.yaml) facilitates a process similar to the above, but uses GitHub Actions to build and push the image. diff --git a/docs/use-tf-controller/detect-drifts-only-without-plan-or-apply.md b/docs/use-tofu-controller/detect-drifts-only-without-plan-or-apply.md similarity index 88% rename from docs/use-tf-controller/detect-drifts-only-without-plan-or-apply.md rename to docs/use-tofu-controller/detect-drifts-only-without-plan-or-apply.md index 677b73747..9c23f52e3 100644 --- a/docs/use-tf-controller/detect-drifts-only-without-plan-or-apply.md +++ b/docs/use-tofu-controller/detect-drifts-only-without-plan-or-apply.md @@ -1,4 +1,4 @@ -## Use TF-Controller to detect drifts only without plan or apply +## Use tofu-controller to detect drifts only without plan or apply We can set `.spec.approvePlan` to `disable` to tell the controller to detect drifts of your Terraform resources only. Doing so will skip the `plan` and `apply` stages. @@ -23,4 +23,4 @@ spec: ### When Terraform resource detects drift, but no plan is generated for approval In this situation, you may not have `spec.approvePlan` set to `disable`. Try setting `spec.approvePlan: auto` and using `tfctl replan` to trigger a replan. -After the drift disappears, you can set the `spec.approvePlan: ""` to get into the manual mode again. \ No newline at end of file +After the drift disappears, you can set the `spec.approvePlan: ""` to get into the manual mode again. diff --git a/docs/use-tf-controller/flux-receiver-and-alert.md b/docs/use-tofu-controller/flux-receiver-and-alert.md similarity index 93% rename from docs/use-tf-controller/flux-receiver-and-alert.md rename to docs/use-tofu-controller/flux-receiver-and-alert.md index f7e138651..55ccf3404 100644 --- a/docs/use-tf-controller/flux-receiver-and-alert.md +++ b/docs/use-tofu-controller/flux-receiver-and-alert.md @@ -10,7 +10,7 @@ installation's bootstrap manifests. Find it under the `flux-system` directory. ### Enable Notifications for Third-Party Controllers -Enable notifications for 3rd party Flux controllers such as [tf-controller](https://github.com/flux-iac/tofu-controller): +Enable notifications for 3rd party Flux controllers such as [tofu-controller](https://github.com/flux-iac/tofu-controller): ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/docs/use-tf-controller/force-unlock-terraform-states.md b/docs/use-tofu-controller/force-unlock-terraform-states.md similarity index 95% rename from docs/use-tf-controller/force-unlock-terraform-states.md rename to docs/use-tofu-controller/force-unlock-terraform-states.md index d288300b0..54087d727 100644 --- a/docs/use-tf-controller/force-unlock-terraform-states.md +++ b/docs/use-tofu-controller/force-unlock-terraform-states.md @@ -1,4 +1,4 @@ -# Use TF-Controller to force unlock Terraform states +# Use tofu-controller to force unlock Terraform states In some situations, you may need to perform the Terraform [force-unlock](https://www.terraform.io/language/state/locking#force-unlock) operation on the tfstate inside the cluster. diff --git a/docs/use-tofu-controller/index.md b/docs/use-tofu-controller/index.md new file mode 100644 index 000000000..f9ef853aa --- /dev/null +++ b/docs/use-tofu-controller/index.md @@ -0,0 +1,33 @@ +# Use tofu-controller + + - [Use tofu-controller to provision resources and **auto approve**](provision-resources-and-auto-approve.md) + - [Use tofu-controller to **plan and manually apply** Terraform resources](plan-and-manually-apply-terraform-resources.md) + - [Use tofu-controller to provision resources and **obtain outputs**](provision-resources-obtain-outputs.md) + - [Use tofu-controller to **detect drifts only** without plan or apply](detect-drifts-only-without-plan-or-apply.md) + - [Use tofu-controller with **drift detection disabled**](with-drift-detection-disabled.md) + - [Use tofu-controller with **AWS EKS IRSA**](with-aws-eks-irsa.md) + - [Use tofu-controller to **set variables** for Terraform resources](set-variables-for-terraform-resources.md) + - [Use tofu-controller with a **custom backend**](with-a-custom-backend.md) + - [Use tofu-controller with an **OCI Artifact as Source**](with-an-oci-artifact-as-source.md) + - [Use tofu-controller to provision Terraform resources that are required **health checks**](provision-Terraform-resources-that-are-required-health-checks.md) + - [Use tofu-controller to provision resources and **destroy them when the Terraform object gets deleted**](provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md) + - [Use tofu-controller to **force unlock** Terraform states](force-unlock-terraform-states.md) + - [Use tofu-controller with Terraform Runners enabled via Env Variables](with-tf-runner-logging.md) + - [Use tofu-controller to provision resources with **customized Runner Pods**](provision-resources-with-customized-runner-pods.md) + - [Use tofu-controller with **Terraform Enterprise**](integration-with-terraform-enterprise-or-cloud.md) + - [Use tofu-controller with **Terraform Private Registries**](integration-with-terraform-private-registries.md) + - [Use tofu-controller with **primitive modules**](with-primitive-modules.md) + - [Use tofu-controller with **GitOps dependency management**](with-gitops-dependency-management.md) + - [Use tofu-controller with **the ready-to-use AWS package**](with-the-ready-to-use-aws-package.md) + - [User tofu-controller with **plan-only mode**](with-plan-only-mode.md) + - [Use tofu-controller with **external webhooks**](with-external-webhooks.md) + - [Use tofu-controller with Terraform Runners **exposed via hostname/subdomain**](with-tf-runner-exposed-using-hostname-subdomain.md) + - [How to **backup and restore** a Terraform state](backup-and-restore-a-Terraform-state.md) + - [How to **build and use** a custom runner image](build-and-use-a-custom-runner-image.md) + - [How to integrate with Flux Receivers and Alerts?](flux-receiver-and-alert.md) + - [How does the interval and retryInterval work?](interval-and-retryInterval.md) + - [How does the resource deletion work?](resource-deletion.md) + - [How to troubleshoot with **Break the Glass** mode](troubleshooting-with-break-the-glass-mode.md) + - [How to enable cross-namespace references](use-cross-namespace-refs.md) + - [How to run tofu-controller in Azure Kubernetes Service](with-azure.md) + - [How to upgrade tofu-controller to a newer version](upgrade-tofu-controller) diff --git a/docs/use-tf-controller/integration-with-terraform-enterprise-or-cloud.md b/docs/use-tofu-controller/integration-with-terraform-enterprise-or-cloud.md similarity index 82% rename from docs/use-tf-controller/integration-with-terraform-enterprise-or-cloud.md rename to docs/use-tofu-controller/integration-with-terraform-enterprise-or-cloud.md index a5c88e69b..ee005e552 100644 --- a/docs/use-tf-controller/integration-with-terraform-enterprise-or-cloud.md +++ b/docs/use-tofu-controller/integration-with-terraform-enterprise-or-cloud.md @@ -4,7 +4,7 @@ Terraform is a secure and robust platform designed to store the Terraform states for your production systems. When working with Infrastructure as Code, managing and ensuring the state is both secure and consistent is critical. -TF-Controller supports both Terraform Cloud and Terraform Enterprise. The `spec.cloud` in the Terraform CRD enables users to integrate their Kubernetes configurations with Terraform workflows. +Tofu-controller supports both Terraform Cloud and Terraform Enterprise. The `spec.cloud` in the Terraform CRD enables users to integrate their Kubernetes configurations with Terraform workflows. To get started, simply place your Terraform Cloud token in a Kubernetes Secret and specify it in the `spec.cliConfigSecretRef` field of the Terraform CR. @@ -12,7 +12,7 @@ The `spec.cloud` field specifies the organization and workspace name. ## Terraform Enterprise -Here are the steps to set up TF-Controller for your TFE instance. +Here are the steps to set up tofu-controller for your TFE instance. ![](tfe_integration_01.png) @@ -38,7 +38,7 @@ Content of the file will look like this: ``` ### Prepare an TFRC file -TF-Controller accepts an TFRC file in the HCL format. So you have to prepare `terraform.tfrc` file using contents from above. +Tofu-controller accepts an TFRC file in the HCL format. So you have to prepare `terraform.tfrc` file using contents from above. ```hcl credentials "tfe.dev.example.com" { token = "mXXXXXXXXX.atlasv1.ixXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" @@ -97,7 +97,7 @@ terraform { required_version = ">= 1.1.0" cloud { hostname = "tfe.dev.example.com" - organization = "weaveworks" + organization = "flux-iac" workspaces { name = "dev" @@ -118,9 +118,9 @@ output "greeting" { ### Terraform Cloud -TF-Controller can send your Terraform resources to be planned and applied via Terraform Cloud. +Tofu-controller can send your Terraform resources to be planned and applied via Terraform Cloud. States are automatically stored in your Terraform Cloud's workspace. -To use TF-Controller with Terraform Cloud, replace your hostname to `app.terraform.io`. Also, set `spec.approvalPlan` to `auto`. +To use tofu-controller with Terraform Cloud, replace your hostname to `app.terraform.io`. Also, set `spec.approvalPlan` to `auto`. Here's how the configuration looks: @@ -134,7 +134,7 @@ spec: interval: 2m approvePlan: auto cloud: - organization: weaveworks + organization: flux-iac workspaces: name: branch-planner-tfc cliConfigSecretRef: diff --git a/docs/use-tf-controller/integration-with-terraform-private-registries.md b/docs/use-tofu-controller/integration-with-terraform-private-registries.md similarity index 100% rename from docs/use-tf-controller/integration-with-terraform-private-registries.md rename to docs/use-tofu-controller/integration-with-terraform-private-registries.md diff --git a/docs/use-tf-controller/interval-and-retryInterval.md b/docs/use-tofu-controller/interval-and-retryInterval.md similarity index 100% rename from docs/use-tf-controller/interval-and-retryInterval.md rename to docs/use-tofu-controller/interval-and-retryInterval.md diff --git a/docs/use-tf-controller/plan-and-manually-apply-terraform-resources.md b/docs/use-tofu-controller/plan-and-manually-apply-terraform-resources.md similarity index 75% rename from docs/use-tf-controller/plan-and-manually-apply-terraform-resources.md rename to docs/use-tofu-controller/plan-and-manually-apply-terraform-resources.md index 16b322d08..86ce273a0 100644 --- a/docs/use-tf-controller/plan-and-manually-apply-terraform-resources.md +++ b/docs/use-tofu-controller/plan-and-manually-apply-terraform-resources.md @@ -1,15 +1,15 @@ -# Use TF-controller to plan and manually apply Terraform resources +# Use tofu-controller to plan and manually apply Terraform resources -Assume that you have a `GitRepository` object named `helloworld` pointing to a Git repository, and you want to plan and apply the Terraform resources under `./` of that Git repo. Let's walk through the steps of using TF-Controller to plan and +Assume that you have a `GitRepository` object named `helloworld` pointing to a Git repository, and you want to plan and apply the Terraform resources under `./` of that Git repo. Let's walk through the steps of using tofu-controller to plan and manually apply Terraform resources. - Create a `Terraform` object and set the necessary fields in the spec: - `approvePlan`, which sets the mode. For plan and manual approval mode, either keep this field blank or omit it entirely. - - `interval`, which determines how often TF-Controller will run the Terraform configuration + - `interval`, which determines how often tofu-controller will run the Terraform configuration - `path`, which specifies the location of the configuration files, in this case `./` - `sourceRef`, which points to the `helloworld` GitRepository object - Once this object is created, use kubectl to obtain the `approvePlan` value and set it in the `Terraform` object. -- After making our changes and pushing them to the Git repository, TF-Controller will apply the plan and create the real resources. +- After making our changes and pushing them to the Git repository, tofu-controller will apply the plan and create the real resources. Here is an example: @@ -31,7 +31,7 @@ spec: ## View the approval message -After a reconciliation loop, TF-Controller will generate a plan. Run this command to receive the `.spec.approvePlan` value from TF-Controller, which you'll need to approve the plan: +After a reconciliation loop, tofu-controller will generate a plan. Run this command to receive the `.spec.approvePlan` value from tofu-controller, which you'll need to approve the plan: ```bash kubectl -n flux-system get tf/helloworld @@ -41,7 +41,7 @@ This value enables you to edit the Terraform object file and set the `spec.appro to the value obtained from the message. After making your changes and pushing them to the Git repository, -TF-Controller will apply the plan and create the real resources. +tofu-controller will apply the plan and create the real resources. ```yaml hl_lines="7" apiVersion: infra.contrib.fluxcd.io/v1alpha2 @@ -57,4 +57,4 @@ spec: kind: GitRepository name: helloworld namespace: flux-system -``` \ No newline at end of file +``` diff --git a/docs/use-tf-controller/provision-Terraform-resources-that-are-required-health-checks.md b/docs/use-tofu-controller/provision-Terraform-resources-that-are-required-health-checks.md similarity index 94% rename from docs/use-tf-controller/provision-Terraform-resources-that-are-required-health-checks.md rename to docs/use-tofu-controller/provision-Terraform-resources-that-are-required-health-checks.md index 533df5865..89eaa67fa 100644 --- a/docs/use-tf-controller/provision-Terraform-resources-that-are-required-health-checks.md +++ b/docs/use-tofu-controller/provision-Terraform-resources-that-are-required-health-checks.md @@ -1,4 +1,4 @@ -# Use TF-Controller to provision Terraform resources that are required health checks +# Use tofu-controller to provision Terraform resources that are required health checks For some Terraform resources, it may be useful to perform health checks on them to verify that they are ready to accept connection before the terraform goes into `Ready` state: diff --git a/docs/use-tf-controller/provision-resources-and-auto-approve.md b/docs/use-tofu-controller/provision-resources-and-auto-approve.md similarity index 82% rename from docs/use-tf-controller/provision-resources-and-auto-approve.md rename to docs/use-tofu-controller/provision-resources-and-auto-approve.md index d6e70d885..d66f70547 100644 --- a/docs/use-tf-controller/provision-resources-and-auto-approve.md +++ b/docs/use-tofu-controller/provision-resources-and-auto-approve.md @@ -1,12 +1,12 @@ -# Use TF-Controller to provision resources and auto approve +# Use tofu-controller to provision resources and auto approve -To provision resources with TF-Controller, you need to create a `Terraform` object and a Flux source object, +To provision resources with tofu-controller, you need to create a `Terraform` object and a Flux source object, such as a `GitRepository` or `OCIRepository` object. ## Create a Terraform object The `Terraform` object is a Kubernetes custom resource definition (CRD) object. -It is the core object of TF-Controller and defines +It is the core object of tofu-controller and defines the Terraform module, backend configuration, and GitOps automation mode. The Terraform module is a Terraform configuration that you can use to provision resources. @@ -19,10 +19,10 @@ It is optional. If not specified, the Kubernetes backend will be used by default Use the GitOps automation mode to run the Terraform module. It determines how Terraform runs and manages your infrastructure. It is optional. If not specified, the "plan-and-manually-apply" mode is used by default. In the "plan-and-manually-apply" mode, -TF-Controller will run a Terraform plan and output the proposed changes to a Git repository. +tofu-controller will run a Terraform plan and output the proposed changes to a Git repository. A human must then review and manually apply the changes. -In the "auto-apply" mode, TF-Controller will automatically apply the changes after a Terraform plan is run. +In the "auto-apply" mode, tofu-controller will automatically apply the changes after a Terraform plan is run. This can be useful for environments where changes can be made automatically, but it is important to ensure that the proper controls, like policies, are in place to prevent unintended changes from being applied. @@ -56,11 +56,11 @@ The `metadata` block contains information about the object, including its `name` The `spec` field contains the specification for the `Terraform` object. The `path` field specifies the path to the Terraform configuration files, in this case a directory named "helloworld". -The `interval` field specifies the frequency at which TF-Controller should run the Terraform configuration, +The `interval` field specifies the frequency at which tofu-controller should run the Terraform configuration, in this case every 10 minutes. The `approvePlan` field specifies whether or not to automatically approve the changes proposed by a Terraform plan. In this case, it is set to `auto`, meaning that changes will be automatically approved. The `sourceRef` field specifies the Flux source object to be used. In this case, it is a `GitRepository` object with the name "helloworld". -This indicates that the Terraform configuration is stored in a Git repository object with the name `helloworld`. \ No newline at end of file +This indicates that the Terraform configuration is stored in a Git repository object with the name `helloworld`. diff --git a/docs/use-tf-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md b/docs/use-tofu-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md similarity index 91% rename from docs/use-tf-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md rename to docs/use-tofu-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md index 3f3c129ab..5d8ca5db3 100644 --- a/docs/use-tf-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md +++ b/docs/use-tofu-controller/provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md @@ -1,4 +1,4 @@ -# Use TF-Controller to provision resources and destroy them when the Terraform object gets deleted +# Use tofu-controller to provision resources and destroy them when the Terraform object gets deleted The resources provisioned by a Terraform object are not destroyed by default, and the tfstate of that Terraform object still remains in the cluster. diff --git a/docs/use-tf-controller/provision-resources-obtain-outputs.md b/docs/use-tofu-controller/provision-resources-obtain-outputs.md similarity index 94% rename from docs/use-tf-controller/provision-resources-obtain-outputs.md rename to docs/use-tofu-controller/provision-resources-obtain-outputs.md index 25e08eaab..a10b6dbd2 100644 --- a/docs/use-tf-controller/provision-resources-obtain-outputs.md +++ b/docs/use-tofu-controller/provision-resources-obtain-outputs.md @@ -1,4 +1,4 @@ -# Use TF-Controller to provision resources and obtain outputs +# Use tofu-controller to provision resources and obtain outputs Outputs created by Terraform can be written to a secret using `.spec.writeOutputsToSecret`. @@ -54,7 +54,7 @@ spec: Some time we'd like to use rename an output, so that it can be consumed by other Kubernetes controllers. For example, we might retrieve a key from a Secret manager, and it's an AGE key, which must be ending with ".agekey" in the secret. In this case, we need to rename the output. -TF-controller supports mapping output names using the `old_name:new_name` format. +Tofu-controller supports mapping output names using the `old_name:new_name` format. In the following example, we renamed `age_key` output as `age.agekey` entry for the `helloworld-output` secret's data, so that other components in the GitOps pipeline could consume it. diff --git a/docs/use-tf-controller/provision-resources-with-customized-runner-pods.md b/docs/use-tofu-controller/provision-resources-with-customized-runner-pods.md similarity index 96% rename from docs/use-tf-controller/provision-resources-with-customized-runner-pods.md rename to docs/use-tofu-controller/provision-resources-with-customized-runner-pods.md index b59053875..a2ac159b7 100644 --- a/docs/use-tf-controller/provision-resources-with-customized-runner-pods.md +++ b/docs/use-tofu-controller/provision-resources-with-customized-runner-pods.md @@ -1,4 +1,4 @@ -# Use TF-Controller to provision resources with customized Runner Pods +# Use tofu-controller to provision resources with customized Runner Pods ## Customize Runner Pod metadata diff --git a/docs/use-tf-controller/resource-deletion.md b/docs/use-tofu-controller/resource-deletion.md similarity index 100% rename from docs/use-tf-controller/resource-deletion.md rename to docs/use-tofu-controller/resource-deletion.md diff --git a/docs/use-tf-controller/set-variables-for-terraform-resources.md b/docs/use-tofu-controller/set-variables-for-terraform-resources.md similarity index 96% rename from docs/use-tf-controller/set-variables-for-terraform-resources.md rename to docs/use-tofu-controller/set-variables-for-terraform-resources.md index a95e30df4..2d17d9f91 100644 --- a/docs/use-tf-controller/set-variables-for-terraform-resources.md +++ b/docs/use-tofu-controller/set-variables-for-terraform-resources.md @@ -1,8 +1,8 @@ -# Use TF-Controller to Set Variables for Terraform Resources +# Use tofu-controller to Set Variables for Terraform Resources ~> **BREAKING CHANGE**: This is a breaking change of the `v1alpha1` API. -Users who are upgrading from TF-Controller <= 0.7.0 must update `varsFrom` +Users who are upgrading from tofu-controller <= 0.7.0 must update `varsFrom` from a single object to become an array of objects: ```yaml hl_lines="2" diff --git a/docs/use-tf-controller/terraform-init-steps.md b/docs/use-tofu-controller/terraform-init-steps.md similarity index 73% rename from docs/use-tf-controller/terraform-init-steps.md rename to docs/use-tofu-controller/terraform-init-steps.md index 3b33668a6..18b1bb7cf 100644 --- a/docs/use-tf-controller/terraform-init-steps.md +++ b/docs/use-tofu-controller/terraform-init-steps.md @@ -1,4 +1,4 @@ -## Aligning TF-Controller with Terraform's Init Workflow Stage +## Aligning tofu-controller with Terraform's Init Workflow Stage This page covers required and optional steps you should take in alignment with Terraform's "init" workflow stage. We cover "plan," "apply," and "destroy" steps in subsequent pages. @@ -14,7 +14,7 @@ metadata: namespace: flux-system spec: interval: 30s - url: https://github.com/tf-controller/helloworld + url: https://github.com/flux-iac/helloworld ref: branch: main ``` @@ -23,21 +23,21 @@ Here's guidance for [when your source is an OCI artifact](with-an-oci-artifact-a ### Optional Steps -At this point you have options to enhance your use of TF-Controller: -- Optional: [Use TF-Controller with GitOps Dependency Management](with-gitops-dependency-management.md) +At this point you have options to enhance your use of tofu-controller: +- Optional: [Use tofu-controller with GitOps Dependency Management](with-gitops-dependency-management.md) - This is to avoid the Kustomization controller's variable substitution -- Optional: [Using TF-Controller with Primitive Modules](with-primitive-modules.md) for an optional way to write Terraform code. +- Optional: [Using tofu-controller with Primitive Modules](with-primitive-modules.md) for an optional way to write Terraform code. ### Resource Provisioning Related resources, with optional steps noted: -- [Use TF-Controller to Provision Resources and Auto-Approve](provision-resources-and-auto-approve.md) +- [Use tofu-controller to Provision Resources and Auto-Approve](provision-resources-and-auto-approve.md) - Optional: [Provision Resources and Destroy Them When the Terraform Object Gets Deleted](provision-resources-and-destroy-them-when-terraform-object-gets-deleted.md) - Optional: [Provision Terraform Resources That Are Required Health Checks](provision-Terraform-resources-that-are-required-health-checks.md) - You would check these during the "apply" workflow stage - Optional, operations-related: [Using a Custom Backend](with-a-custom-backend.md) - - TF-Controller uses the Kubernetes backend by default + - tofu-controller uses the Kubernetes backend by default Be mindful of locking mechanism when pursuing these steps. @@ -45,8 +45,8 @@ Be mindful of locking mechanism when pursuing these steps. - [Working with Terraform Cloud and Terraform Enterprise](integration-with-terraform-enterprise-or-cloud.md); see also: [Terraform Cloud and Branch Planner](../branch-planner/branch-planner-tfc-integration-getting-started.md) ### Context-Related Steps -- Optional: [Use TF-Controller with Terraform Runners enabled via Env Variables](with-tf-runner-logging.md) +- Optional: [Use tofu-controller with Terraform Runners enabled via Env Variables](with-tf-runner-logging.md) - Optional: [Set variables for Terraform resources](set-variables-for-terraform-resources.md) - Optional: [Provision resources and obtain outputs](provision-resources-obtain-outputs.md) - [Provision resources with customized Runner Pods](provision-resources-with-customized-runner-pods.md) -- Optional: [Use with external webhooks](with-external-webhooks.md) \ No newline at end of file +- Optional: [Use with external webhooks](with-external-webhooks.md) diff --git a/docs/use-tf-controller/tfe_integration_01.png b/docs/use-tofu-controller/tfe_integration_01.png similarity index 100% rename from docs/use-tf-controller/tfe_integration_01.png rename to docs/use-tofu-controller/tfe_integration_01.png diff --git a/docs/use-tf-controller/troubleshooting-with-break-the-glass-mode.md b/docs/use-tofu-controller/troubleshooting-with-break-the-glass-mode.md similarity index 93% rename from docs/use-tf-controller/troubleshooting-with-break-the-glass-mode.md rename to docs/use-tofu-controller/troubleshooting-with-break-the-glass-mode.md index 913dada74..edb7fe4ee 100644 --- a/docs/use-tf-controller/troubleshooting-with-break-the-glass-mode.md +++ b/docs/use-tofu-controller/troubleshooting-with-break-the-glass-mode.md @@ -3,7 +3,7 @@ ## What is break the glass? "Break the glass" refers to a troubleshooting mode specifically designed -to provide a manual solution when TF-Controller is not performing as expected. This feature is available in the Terraform controller *v0.15.0* and above. +to provide a manual solution when tofu-controller is not performing as expected. This feature is available in the Terraform controller *v0.15.0* and above. ~> **WARNING:** Please note that you cannot use this feature to fix the Terraform resources with `v1alpha1` version of the Terraform CRD. It works only with `v1alpha2` version of the Terraform CRD. diff --git a/docs/use-tf-controller/upgrade-tf-controller.md b/docs/use-tofu-controller/upgrade-tofu-controller.md similarity index 67% rename from docs/use-tf-controller/upgrade-tf-controller.md rename to docs/use-tofu-controller/upgrade-tofu-controller.md index d91823502..82eaf2869 100644 --- a/docs/use-tf-controller/upgrade-tf-controller.md +++ b/docs/use-tofu-controller/upgrade-tofu-controller.md @@ -1,16 +1,16 @@ -# Upgrading TF-Controller +# Upgrading tofu-controller -Please follow these steps to upgrade TF-Controller: +Please follow these steps to upgrade tofu-controller: 1. Read the latest release changelogs. 2. Check your API versions. 3. To make sure you don't get new state changes, suspend Terraform resources (`tfctl suspend --all`) to minimize the impact on live systems. 4. Back up Terraform tfstates to avoid losing data. If you're using the default backend with secrets in Kubernetes, use your backup toolset (i.e., Velero) to back up the state data. 5. Upgrade Flux first, following [the Flux documentation](https://fluxcd.io/flux/installation/upgrade/). -6. Disable [auto-approval](https://flux-iac.github.io/tofu-controller/use-tf-controller/provision-resources-and-auto-approve/) by either removing the approvePlan value or setting it to "". +6. Disable [auto-approval](https://flux-iac.github.io/tofu-controller/use-tofu-controller/provision-resources-and-auto-approve/) by either removing the approvePlan value or setting it to "". 7. To prevent unintentional resource deletions, set the `spec.destroyResourcesOnDeletion` flag to `false` for critical or production systems (the default value is `false`) -8. If the Flux upgrade goes well, proceed to upgrade the TF-controller via its image tag. Adjust the values in the HelmRelease to match the new version to which you are upgrading. -9. Check the pod logs for the TF-Controller deployment and any runner logs in order to identify potential issues. If you check the `warnings` in the logs, you can also identify any required API changes. For example: +8. If the Flux upgrade goes well, proceed to upgrade the tofu-controller via its image tag. Adjust the values in the HelmRelease to match the new version to which you are upgrading. +9. Check the pod logs for the tofu-controller deployment and any runner logs in order to identify potential issues. If you check the `warnings` in the logs, you can also identify any required API changes. For example: ` v1alpha1 Terraform is deprecated, upgrade to v1alpha2`. 10. Push the changes you made. 11. Resume your Terraform resources—either one-by-one for critical resources, or all of them with `tfctl resume --all` @@ -19,7 +19,7 @@ Please follow these steps to upgrade TF-Controller: 14. Resume any suspended Kustomization objects to restore GitOps automation. 15. Restore `spec.destroyResourcesOnDeletion`, if this has been disabled for any resources in critical or production systems. -TF-Controller supports v1alpha1 for backward compatibility. This means that you need v1alpha2 for newer (as of September 2023) features such as: +Tofu-controller supports v1alpha1 for backward compatibility. This means that you need v1alpha2 for newer (as of September 2023) features such as: - the branch planner - pod sub-domain DNS resolutions - new PodSpec fields like PriorityClass, SecurityContext, and ResourceRequirements (Limits / Requests) diff --git a/docs/use-tf-controller/use-cross-namespace-refs.md b/docs/use-tofu-controller/use-cross-namespace-refs.md similarity index 65% rename from docs/use-tf-controller/use-cross-namespace-refs.md rename to docs/use-tofu-controller/use-cross-namespace-refs.md index adaecf452..10b49b802 100644 --- a/docs/use-tf-controller/use-cross-namespace-refs.md +++ b/docs/use-tofu-controller/use-cross-namespace-refs.md @@ -1,6 +1,6 @@ # Using Cross-Namespace References -The Terraform CRD in the API for TF-Controller includes fields which are references to other objects: +The Terraform CRD in the API for tofu-controller includes fields which are references to other objects: | Name | Purpose | |------|---------| @@ -15,6 +15,6 @@ Branch Planner configuration can also have cross-namespace references: | .secretNamespace | Namespace of secret containing a GitHub token | | .resources[*] | Each entry refers to a Terraform object to include in branch planning | -All of these can refer to an object in a namespace different to that of the Terraform object. However, giving access to objects in other namespaces is generally considered a security risk, so this is disallowed by default. Only references that mention the same namespace, or that omit the namespace field, will be accepted. References using a different namespace will cause TF-Controller to stop processing the Terraform object and put it in a non-Ready state. +All of these can refer to an object in a namespace different to that of the Terraform object. However, giving access to objects in other namespaces is generally considered a security risk, so this is disallowed by default. Only references that mention the same namespace, or that omit the namespace field, will be accepted. References using a different namespace will cause tofu-controller to stop processing the Terraform object and put it in a non-Ready state. -To **allow** cross-namespace references, use the flag `--allow-cross-namespace-refs` with TF-Controller and the Branch Planner. When using the Helm chart to install or update TF-Controller and Branch Planner, the value `allowCrossNamespaceRefs` will allow cross-namespace references for both. +To **allow** cross-namespace references, use the flag `--allow-cross-namespace-refs` with tofu-controller and the Branch Planner. When using the Helm chart to install or update tofu-controller and Branch Planner, the value `allowCrossNamespaceRefs` will allow cross-namespace references for both. diff --git a/docs/use-tf-controller/with-a-custom-backend.md b/docs/use-tofu-controller/with-a-custom-backend.md similarity index 92% rename from docs/use-tf-controller/with-a-custom-backend.md rename to docs/use-tofu-controller/with-a-custom-backend.md index 7be27d794..1cbe65509 100644 --- a/docs/use-tf-controller/with-a-custom-backend.md +++ b/docs/use-tofu-controller/with-a-custom-backend.md @@ -1,6 +1,6 @@ -# Option: Use TF-Controller with a Custom Backend +# Option: Use tofu-controller with a Custom Backend -By default, TF-Controller uses the [Kubernetes backend](https://www.terraform.io/language/settings/backends/kubernetes) to store the Terraform state file (tfstate) in clusters. +By default, tofu-controller uses the [Kubernetes backend](https://www.terraform.io/language/settings/backends/kubernetes) to store the Terraform state file (tfstate) in clusters. The tfstate is stored in a secret named: `tfstate-${workspace}-${secretSuffix}`. The default `suffix` will be the name of the Terraform resource, however you may override this setting using `.spec.backendConfig.secretSuffix`. The default `workspace` name is "default", you can also override the workspace by setting `.spec.workspace` to another value. diff --git a/docs/use-tf-controller/with-an-oci-artifact-as-source.md b/docs/use-tofu-controller/with-an-oci-artifact-as-source.md similarity index 78% rename from docs/use-tf-controller/with-an-oci-artifact-as-source.md rename to docs/use-tofu-controller/with-an-oci-artifact-as-source.md index 76dc499c1..0428854a6 100644 --- a/docs/use-tf-controller/with-an-oci-artifact-as-source.md +++ b/docs/use-tofu-controller/with-an-oci-artifact-as-source.md @@ -1,4 +1,4 @@ -# Use TF-Controller with an OCI Artifact as Source +# Use tofu-controller with an OCI Artifact as Source To use OCI artifacts as the source of Terraform objects, you need Flux 2 version **v0.32.0** or higher. @@ -7,12 +7,12 @@ you can use Flux CLI to create an OCI artifact for your Terraform modules by running the following commands: ```bash -flux push artifact oci://ghcr.io/tf-controller/helloworld:$(git rev-parse --short HEAD) \ +flux push artifact oci://ghcr.io/flux-iac/helloworld:$(git rev-parse --short HEAD) \ --path="./modules" \ --source="$(git config --get remote.origin.url)" \ --revision="$(git branch --show-current)/$(git rev-parse HEAD)" -flux tag artifact oci://ghcr.io/tf-controller/helloworld:$(git rev-parse --short HEAD) \ +flux tag artifact oci://ghcr.io/flux-iac/helloworld:$(git rev-parse --short HEAD) \ --tag main ``` @@ -26,7 +26,7 @@ metadata: name: helloworld-oci spec: interval: 1m - url: oci://ghcr.io/tf-controller/helloworld + url: oci://ghcr.io/flux-iac/helloworld ref: tag: main --- diff --git a/docs/use-tf-controller/with-aws-eks-irsa.md b/docs/use-tofu-controller/with-aws-eks-irsa.md similarity index 84% rename from docs/use-tf-controller/with-aws-eks-irsa.md rename to docs/use-tofu-controller/with-aws-eks-irsa.md index 63dac90c1..2a09e32c7 100644 --- a/docs/use-tf-controller/with-aws-eks-irsa.md +++ b/docs/use-tofu-controller/with-aws-eks-irsa.md @@ -1,4 +1,4 @@ -# Use TF-Controller with AWS EKS IRSA +# Use tofu-controller with AWS EKS IRSA AWS Elastic Kubernetes Service (EKS) offers IAM Roles for Service Accounts (IRSA) as a mechanism by which to provide credentials to Kubernetes pods. This can be used to provide the required AWS credentials to Terraform runners @@ -12,7 +12,7 @@ eksctl utils associate-iam-oidc-provider --cluster CLUSTER_NAME --approve Then follow the instructions [here](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html) to add a trust policy to the IAM role which grants the necessary permissions for Terraform. -If you have installed TF-Controller following the README, then the `namespace:serviceaccountname` +If you have installed tofu-controller following the README, then the `namespace:serviceaccountname` will be `flux-system:tf-runner`. You'll obtain a Role ARN to use in the next step. Finally, annotate the ServiceAccount for the `tf-runner` with the obtained Role ARN in your cluster: @@ -21,7 +21,7 @@ Finally, annotate the ServiceAccount for the `tf-runner` with the obtained Role kubectl annotate -n flux-system serviceaccount tf-runner eks.amazonaws.com/role-arn=ROLE_ARN ``` -If deploying the `tf-controller` via Helm, do this as follows: +If deploying the `tofu-controller` via Helm, do this as follows: ```yaml hl_lines="5" values: diff --git a/docs/use-tf-controller/with-azure.md b/docs/use-tofu-controller/with-azure.md similarity index 98% rename from docs/use-tf-controller/with-azure.md rename to docs/use-tofu-controller/with-azure.md index 09bcfb57d..683ed1f79 100644 --- a/docs/use-tf-controller/with-azure.md +++ b/docs/use-tofu-controller/with-azure.md @@ -1,4 +1,4 @@ -## Use TF-Controller with Azure +## Use tofu-controller with Azure This content was [provided](https://github.com/flux-iac/tofu-controller/issues/561) by users [@mingmingshiliyu](https://github.com/mingmingshiliyu) and [@maciekdude](https://github.com/maciekdude). diff --git a/docs/use-tf-controller/with-drift-detection-disabled.md b/docs/use-tofu-controller/with-drift-detection-disabled.md similarity index 88% rename from docs/use-tf-controller/with-drift-detection-disabled.md rename to docs/use-tofu-controller/with-drift-detection-disabled.md index efd121e77..978f6fc2f 100644 --- a/docs/use-tf-controller/with-drift-detection-disabled.md +++ b/docs/use-tofu-controller/with-drift-detection-disabled.md @@ -1,4 +1,4 @@ -# Use TF-Controller with drift detection disabled +# Use tofu-controller with drift detection disabled Drift detection is enabled by default. You can set `.spec.disableDriftDetection: true` to disable it. diff --git a/docs/use-tf-controller/with-external-webhooks.md b/docs/use-tofu-controller/with-external-webhooks.md similarity index 86% rename from docs/use-tf-controller/with-external-webhooks.md rename to docs/use-tofu-controller/with-external-webhooks.md index 48db62e41..57c308503 100644 --- a/docs/use-tf-controller/with-external-webhooks.md +++ b/docs/use-tofu-controller/with-external-webhooks.md @@ -1,6 +1,6 @@ -# Use TF-Controller with External Webhooks +# Use tofu-controller with External Webhooks -The TF-Controller provides a way to integrate with webhooks to further validate Terraform plans and manage the Terraform execution process. +The tofu-controller provides a way to integrate with webhooks to further validate Terraform plans and manage the Terraform execution process. With the webhook feature, you can implement custom policy checks, validations, and other logic to determine if the Terraform process should proceed. ## Setting up the Webhook @@ -48,7 +48,7 @@ spec: Important Considerations: -- Ensure that your webhook endpoint is secure, as the TF-Controller will be sending potentially sensitive Terraform plan data to it. +- Ensure that your webhook endpoint is secure, as the tofu-controller will be sending potentially sensitive Terraform plan data to it. - Test your webhook implementation thoroughly before deploying to production, as any issues could interrupt or halt your Terraform process. -With the webhook feature, you can create a more robust and flexible GitOps Terraform pipeline that respects custom organizational policies and other requirements. \ No newline at end of file +With the webhook feature, you can create a more robust and flexible GitOps Terraform pipeline that respects custom organizational policies and other requirements. diff --git a/docs/use-tf-controller/with-gitops-dependency-management.md b/docs/use-tofu-controller/with-gitops-dependency-management.md similarity index 91% rename from docs/use-tf-controller/with-gitops-dependency-management.md rename to docs/use-tofu-controller/with-gitops-dependency-management.md index 879505f74..4db0b2328 100644 --- a/docs/use-tf-controller/with-gitops-dependency-management.md +++ b/docs/use-tofu-controller/with-gitops-dependency-management.md @@ -1,10 +1,10 @@ -# Use TF-controller with GitOps dependency management +# Use tofu-controller with GitOps dependency management -TF-controller supports GitOps dependency management. +Tofu-controller supports GitOps dependency management. The GitOps dependency management feature is based on the similar technique implemented in the Kustomization controller of Flux. -This means that you can use TF-controller to provision resources that depend on other resources at the GitOps level. -For example, you can use TF-controller to provision an S3 bucket, and then use TF-controller to provision another resource to configure ACL for that bucket. +This means that you can use tofu-controller to provision resources that depend on other resources at the GitOps level. +For example, you can use tofu-controller to provision an S3 bucket, and then use tofu-controller to provision another resource to configure ACL for that bucket. GitOps dependency management is different from Terraform's HCL dependency management in the way that it is not based on Terraform's mechanism, which is controlled by the Terraform binary. Instead, it is implemented at the controller level, which means that each Terraform module is reconciled and can be managed independently, while still being able to depend on other modules. @@ -31,7 +31,7 @@ metadata: spec: path: aws_s3_bucket values: - bucket: my-tf-controller-test-bucket + bucket: my-tofu-controller-test-bucket tags: Environment: Dev Name: My bucket diff --git a/docs/use-tf-controller/with-ipv6.md b/docs/use-tofu-controller/with-ipv6.md similarity index 67% rename from docs/use-tf-controller/with-ipv6.md rename to docs/use-tofu-controller/with-ipv6.md index 4be091ae5..ed4eb235d 100644 --- a/docs/use-tf-controller/with-ipv6.md +++ b/docs/use-tofu-controller/with-ipv6.md @@ -1,10 +1,10 @@ -# Use TF-Controller with IPv6 addresses. +# Use tofu-controller with IPv6 addresses. -TF-Controller uses pod IPv4 address to generate the in-cluster hostname to +Tofu-controller uses pod IPv4 address to generate the in-cluster hostname to communicate with the runner instance. This logic fails when the runner pod has IPv6 address instead of IPv4. -The TF-Controller has a flag to use pod subdomain resolution instead of an IP +The tofu-controller has a flag to use pod subdomain resolution instead of an IP address, with that enabled the controller will use cluster subdomains, and it works with IPv6 addresses as the resolution is happening at cluster level. diff --git a/docs/use-tf-controller/with-plan-only-mode.md b/docs/use-tofu-controller/with-plan-only-mode.md similarity index 79% rename from docs/use-tf-controller/with-plan-only-mode.md rename to docs/use-tofu-controller/with-plan-only-mode.md index e517c103a..9088ca8b6 100644 --- a/docs/use-tf-controller/with-plan-only-mode.md +++ b/docs/use-tofu-controller/with-plan-only-mode.md @@ -1,9 +1,9 @@ -# Use TF-Controller with a plan-only mode +# Use tofu-controller with a plan-only mode This plan-only mode is designed to be used in conjunction with the [Branch Planner](../branch-planner/index.md). But you can also use it whenever you want to run `terraform plan` only. -If `planOnly` is set to `true`, TF-Controller will skip the `apply` step, run +If `planOnly` is set to `true`, tofu-controller will skip the `apply` step, run `terraform plan`, and save the output. ``` diff --git a/docs/use-tf-controller/with-primitive-modules.md b/docs/use-tofu-controller/with-primitive-modules.md similarity index 85% rename from docs/use-tf-controller/with-primitive-modules.md rename to docs/use-tofu-controller/with-primitive-modules.md index b289c9a28..207270bb1 100644 --- a/docs/use-tf-controller/with-primitive-modules.md +++ b/docs/use-tofu-controller/with-primitive-modules.md @@ -1,7 +1,7 @@ -# Use TF-Controller with primitive modules +# Use tofu-controller with primitive modules -This document describes how to use TF-Controller with a primitive module. -It requires TF-Controller v0.13+ to run the example. +This document describes how to use tofu-controller with a primitive module. +It requires tofu-controller v0.13+ to run the example. ## What is a primitive module? @@ -17,7 +17,7 @@ It's a Terraform module that contains only a single resource. Here is an example of how a primitive module can be defined in YAML. Assume that we have a ready-to-use OCI image with a primitive module for the imaginary resource `aws_hello_world`, -and the image is tagged as `ghcr.io/tf-controller/hello-primitive-modules/v4.32.0:v1`. +and the image is tagged as `ghcr.io/flux-iac/hello-primitive-modules/v4.32.0:v1`. We'll use the following Terraform object definition to provision the resource. @@ -39,7 +39,7 @@ metadata: namespace: flux-system spec: interval: 30s - url: oci://ghcr.io/tf-controller/hello-primitive-modules/v4.32.0 + url: oci://ghcr.io/flux-iac/hello-primitive-modules/v4.32.0 ref: tag: v1 --- diff --git a/docs/use-tf-controller/with-tf-runner-exposed-using-hostname-subdomain.md b/docs/use-tofu-controller/with-tf-runner-exposed-using-hostname-subdomain.md similarity index 61% rename from docs/use-tf-controller/with-tf-runner-exposed-using-hostname-subdomain.md rename to docs/use-tofu-controller/with-tf-runner-exposed-using-hostname-subdomain.md index 40da1125f..2cd6d19c8 100644 --- a/docs/use-tf-controller/with-tf-runner-exposed-using-hostname-subdomain.md +++ b/docs/use-tofu-controller/with-tf-runner-exposed-using-hostname-subdomain.md @@ -1,12 +1,12 @@ -# Use TF-controller with Terraform Runners **exposed via hostname/subdomain** +# Use tofu-controller with Terraform Runners **exposed via hostname/subdomain** -TF-controller uses the Controller/Runner architecture. The Controller acts as a client, and talks to each Runner's Pod via gRPC over port 30000. +Tofu-controller uses the Controller/Runner architecture. The Controller acts as a client, and talks to each Runner's Pod via gRPC over port 30000. -TF-controller must thus be able to reliably connect to each Runner's pod regardless of the cluster network topology. +Tofu-controller must thus be able to reliably connect to each Runner's pod regardless of the cluster network topology. ## The Default Runner DNS resolution -By default, TF-controller fetches the Runner's pod IP address after it is instantiated (e.g. `1.2.3.4`). +By default, tofu-controller fetches the Runner's pod IP address after it is instantiated (e.g. `1.2.3.4`). It then transforms the IP address into its `IP-based pod DNS A record` (e.g. `1.2.3.4..pod.`) which is used to connect to the Runner pod using gRPC protocol. @@ -20,7 +20,7 @@ cluster.local { } ``` -IMPORTANT: The gRPC communication between TF-controller and Runner's pod is secured with mTLS. TF-controller generates a valid wildcard TLS certificate for `*..pod.` hosts on the Runner's namespace. The Runner's pod present this certificate during TLS handshake with TF-controller. +IMPORTANT: The gRPC communication between tofu-controller and Runner's pod is secured with mTLS. tofu-controller generates a valid wildcard TLS certificate for `*..pod.` hosts on the Runner's namespace. The Runner's pod present this certificate during TLS handshake with tofu-controller. ## Hostname/Subdomain Runner DNS resolution @@ -42,7 +42,7 @@ spec: - name: grpc port: 30000 selector: - app.kubernetes.io/created-by: tf-controller + app.kubernetes.io/created-by: tofu-controller app.kubernetes.io/name: tf-runner ``` @@ -52,7 +52,7 @@ spec: apiVersion: v1 kind: Pod labels: - app.kubernetes.io/created-by: tf-controller + app.kubernetes.io/created-by: tofu-controller app.kubernetes.io/instance: tf-runner-3ac83e0f app.kubernetes.io/name: tf-runner infra.contrib.fluxcd.io/terraform: hello-world @@ -70,7 +70,7 @@ spec: - terraform-runner.tls-1693866794 - --grpc-max-message-size - "4" - image: ghcr.io/weaveworks/tf-runner:v0.16.0-rc.2 + image: ghcr.io/flux-iac/tf-runner:v0.16.0-rc.4 name: tf-runner ports: - containerPort: 30000 @@ -99,8 +99,8 @@ spec: serviceAccountName: tf-runner ``` -The Runner's pod can then be targeted by TF-Controller using `.tf-runner..svc. (helloworld.tf-runner.hello-world.svc.cluster.local)` as per Kubernetes specification instead of `IP-based pod DNS resolution`. +The Runner's pod can then be targeted by tofu-controller using `.tf-runner..svc. (helloworld.tf-runner.hello-world.svc.cluster.local)` as per Kubernetes specification instead of `IP-based pod DNS resolution`. -The switch is performed by setting the following _Helm value_ `usePodSubdomainResolution: true` or running directly TF-controller with the option `--use-pod-subdomain-resolution=true` +The switch is performed by setting the following _Helm value_ `usePodSubdomainResolution: true` or running directly tofu-controller with the option `--use-pod-subdomain-resolution=true` -IMPORTANT: The gRPC communication between TF-Controller and Runner's pod is secured with mTLS. TF-controller generates a valid wildcard TLS certificate for `*..pod.` and `*.tf-runner..svc.` hosts on the Runner's namespace. The Runner's pod present this certificate during TLS handshake with TF-Controller. \ No newline at end of file +IMPORTANT: The gRPC communication between tofu-controller and Runner's pod is secured with mTLS. tofu-controller generates a valid wildcard TLS certificate for `*..pod.` and `*.tf-runner..svc.` hosts on the Runner's namespace. The Runner's pod present this certificate during TLS handshake with tofu-controller. diff --git a/docs/use-tf-controller/with-tf-runner-logging.md b/docs/use-tofu-controller/with-tf-runner-logging.md similarity index 95% rename from docs/use-tf-controller/with-tf-runner-logging.md rename to docs/use-tofu-controller/with-tf-runner-logging.md index 840331279..ec97a0da6 100644 --- a/docs/use-tf-controller/with-tf-runner-logging.md +++ b/docs/use-tofu-controller/with-tf-runner-logging.md @@ -18,7 +18,7 @@ the `DISABLE_TF_LOGS` variable must also be set to "1". - For `Plan` calls made on the runner, error messages are sanitized as a part of the default configuration. For more information on configuring the Terraform Runner and its environment variables, -please consult the documentation on [customizing runners](provision-resources-with-customized-runner-pods.md) within the Weave TF-controller. +please consult the documentation on [customizing runners](provision-resources-with-customized-runner-pods.md) within the FluxIaC Tofu-controller. ## Logging human-readable plan diff --git a/docs/use-tf-controller/with-the-ready-to-use-aws-package.md b/docs/use-tofu-controller/with-the-ready-to-use-aws-package.md similarity index 87% rename from docs/use-tf-controller/with-the-ready-to-use-aws-package.md rename to docs/use-tofu-controller/with-the-ready-to-use-aws-package.md index fbc3e3872..b5320e5af 100644 --- a/docs/use-tf-controller/with-the-ready-to-use-aws-package.md +++ b/docs/use-tofu-controller/with-the-ready-to-use-aws-package.md @@ -1,19 +1,19 @@ -## Use TF-Controller with the ready-to-use AWS package +## Use tofu-controller with the ready-to-use AWS package -You need TF-Controller v0.13+ to running the example of TF-Controller with the ready-to-use AWS package. +You need tofu-controller v0.13+ to running the example of tofu-controller with the ready-to-use AWS package. ## What is a package? A package is a collection of primitive Terraform modules that are bundled into an OCI image. -You can think of a TF-controller's package as a thin wrapper around a Terraform module provider, -and a TF-controller primitive module as a thin wrapper around a Terraform resource or a root module. +You can think of a tofu-controller's package as a thin wrapper around a Terraform module provider, +and a tofu-controller primitive module as a thin wrapper around a Terraform resource or a root module. We will provide a set of ready-to-use packages for the most popular cloud providers. Currently, we ship the package for AWS only. ## AWS Package -To provide the out-of-the-box experience, the AWS Package is installed by default when you installed the TF-controller. +To provide the out-of-the-box experience, the AWS Package is installed by default when you installed the tofu-controller. Unlike other IaC implementation, our package model is designed to be very lightweight as a package is just a set of TF files in the form of OCI. Packages would not put any burden to your cluster. However, you can opt this package out by setting `awsPackage.install: false` in your Helm chart values. @@ -27,7 +27,7 @@ aws-package v4.38.0-v1alpha11/6033f3b False True stored artifact fo ## A step-by-step tutorial -This section describes how to use the AWS package to provision an S3 bucket with ACL using the TF-controller. +This section describes how to use the AWS package to provision an S3 bucket with ACL using the tofu-controller. ### Create a KinD local cluster @@ -45,12 +45,12 @@ After you have a Kubernetes cluster, you can install Flux with the following com flux install ``` -### Install TF-controller +### Install tofu-controller -Then, you can install the TF-controller with the following command: +Then, you can install the tofu-controller with the following command: ```shell -kubectl apply -f https://raw.githubusercontent.com/weaveworks/tf-controller/main/docs/release.yaml +kubectl apply -f https://raw.githubusercontent.com/flux-iac/tofu-controller/main/docs/release.yaml ``` ### Setup AWS credentials @@ -99,7 +99,7 @@ metadata: spec: path: aws_s3_bucket values: - bucket: my-tf-controller-test-bucket + bucket: my-tofu-controller-test-bucket tags: Environment: Dev Name: My bucket diff --git a/mkdocs.yml b/mkdocs.yml index 795fbaf01..9d2913b48 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,4 +1,4 @@ -site_name: Weave GitOps Terraform Controller +site_name: FluxIaC GitOps Tofu Controller theme: name: material icon: @@ -17,7 +17,7 @@ theme: - content.code.copy repo_url: https://github.com/flux-iac/tofu-controller -repo_name: weaveworks/tf-controller +repo_name: flux-iac/tofu-controller markdown_extensions: - pymdownx.highlight: @@ -29,7 +29,7 @@ markdown_extensions: nav: - Overview: 'index.md' - Getting Started: 'getting_started.md' - - Use TF-Controller: 'use-tf-controller/index.md' + - Use Tofu-Controller: 'use-tofu-controller/index.md' - Branch Planner: - User Guide: 'branch-planner/index.md' - Getting Started: 'branch-planner/branch-planner-getting-started.md'