Get startedSign in

Terraform interop with service contexts

Communicate data between terraform and kubernetes using Service Contexts

Overview

A common and incredibly frustrating challenge with managing kubernetes, especially at scale, is sharing state between terraform and the common tools used to manage Kubernetes configuration like helm and kustomize, or with other independent sections of terraform code.

We've created an API called Service Contexts to facilitate this. At its core, it is simply named bundles of configuration that can be created via api (thus easily integrated with Terraform or Pulumi) and mounted to Plural services, or imported as data resources in other stacks. This will guide you through how to leverage the api throughout your IAC Usage.

Defining a service context

Here's a simple example, involving setting up an IRSA role for external-dns:

tf
module "assumable_role_externaldns" {
  source                        = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
  version                       = "3.14.0"
  create_role                   = true
  role_name                     = "${var.cluster_name}-externaldns"
  provider_url                  = replace(local.cluster_oidc_issuer_url, "https://", "")
  role_policy_arns              = [aws_iam_policy.externaldns.arn] # defined elsewhere
  oidc_fully_qualified_subjects = ["system:serviceaccount:${var.namespace}:${var.externaldns_serviceaccount}"]
}

resource "plural_service_context" "externaldns" {
    name = "externaldns"
    configuration = {
        roleArn = module.assumeable_role_externaldns.this_iam_role_arn
    }
}

Using in another Plural Terraform stack

Refering a service context in another stack is simple:

tf
data "plural_service_context "externaldns" {
  name = "externaldns"
}

local {
  # can wire it in wherever, this is just an example
  external_dns_arn = data.plural_service_context.externaldns.configuration.roleArn 
}

Attaching to a Plural ServiceDeployment

Edit on Github