Skip to main content
Version: v1.4

Terraform

To provision cloud resources, you can use terraform along with related cloud provider addons.

Enable Terraform addon

vela addon enable terraform

After terraform addon enabled, you will have a basic capability to create cloud resource in CRD ways. Then you can enable a terraform provider addon for specific cloud.s

Enable Terraform Provider addon

KubeVela can support following cloud providers by enabling the Terraform provider addons.

$ vela addon list | grep terraform-
terraform-alibaba KubeVela Kubernetes Terraform Controller for Alibaba Cloud [1.0.2, 1.0.1] enabled (1.0.2)
terraform-tencent KubeVela Kubernetes Terraform Controller Provider for Tencent Cloud [1.0.0, 1.0.1] enabled (1.0.0)
terraform-aws KubeVela Kubernetes Terraform Controller for AWS [1.0.0, 1.0.1] enabled (1.0.0)
terraform-azure KubeVela Kubernetes Terraform Controller for Azure [1.0.0, 1.0.1] enabled (1.0.0)
terraform-baidu KubeVela Kubernetes Terraform Controller Provider for Baidu Cloud [1.0.0, 1.0.1] enabled (1.0.0)
terraform-gcp KubeVela Kubernetes Terraform Controller Provider for Google Cloud Platform [1.0.0, 1.0.1] enabled (1.0.0)
terraform-ucloud KubeVela Kubernetes Terraform Controller Provider for UCloud [1.0.1, 1.0.0] enabled (1.0.1)

To enable one of them, use the following command:

$ vela addon enable terraform-<provider-name>

You can also disable, upgrade, check status of an addon by command vela addon.

Authenticate Terraform Provider

After any of the terraform provider addon enabled, you can create credential for them by vela provider command.

Add Credential

Each Terraform provider can be authenticated by the command as below.

$ vela provider add -h
Authenticate Terraform Cloud Provider by creating a credential secret and a Terraform Controller Provider

Usage:
vela provider add [flags]
vela provider add [command]

Examples:
vela provider add <provider-type>

Available Commands:
terraform-alibaba Authenticate Terraform Cloud Provider terraform-alibaba
terraform-aws Authenticate Terraform Cloud Provider terraform-aws
terraform-azure Authenticate Terraform Cloud Provider terraform-azure
terraform-baidu Authenticate Terraform Cloud Provider terraform-baidu
terraform-gcp Authenticate Terraform Cloud Provider terraform-gcp
terraform-tencent Authenticate Terraform Cloud Provider terraform-tencent
terraform-ucloud Authenticate Terraform Cloud Provider terraform-ucloud

For example, let's authenticate the Terraform provider terraform-aws.

Here is the help message for authenticate the terraform-aws.

$ vela provider add terraform-aws -h
Authenticate Terraform Cloud Provider terraform-aws by creating a credential secret and a Terraform Controller Provider

Usage:
vela provider add terraform-aws [flags]

Examples:
vela provider add terraform-aws

Flags:
--AWS_ACCESS_KEY_ID string Get AWS_ACCESS_KEY_ID per https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
--AWS_DEFAULT_REGION string Choose one of Code form region list https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
--AWS_SECRET_ACCESS_KEY string Get AWS_SECRET_ACCESS_KEY per https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/
--AWS_SESSION_TOKEN string Get AWS_SESSION_TOKEN per https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
-h, --help help for terraform-aws
--name default The name of Terraform Provider for AWS, default is default (default "aws")

Global Flags:
-y, --yes Assume yes for all user prompts

Authenticate a Terraform provider

$ vela provider add terraform-aws --AWS_ACCESS_KEY_ID=xxx --AWS_SECRET_ACCESS_KEY=yyy --AWS_DEFAULT_REGION=us-east-1

Without setting a provider name by --name, an AWS Terraform provider named aws will be created.

You also create multiple providers by specifying the --name flag.

$ vela provider add terraform-aws --name aws-dev --AWS_ACCESS_KEY_ID=xxx --AWS_SECRET_ACCESS_KEY=yyy --AWS_DEFAULT_REGION=us-east-1

Provision cloud resources

After a Terraform provider is authenticated, you can provision and/or consume cloud resources.