taskOptions is an optional field in the Terraform spec.

taskOptions is an array of options that enable customizing any or all task pods. Multiple option sets can be created to customize each individual task. Some options are simply added to the pod spec intuitively. Others are used by the pod indirectly, like the pod’s ServiceAccount Role Policy. Finally there are options that change the task’s execution script.


Example #1:

  - for: ["init", "plan", "apply", "init-delete", "plan-delete", "apply-delete"]
      source: https://example.com/path/to/terraform-executor.sh

The above taskOptions apply to the tasks called out in the for: array. So for each of the tasks, the source, which is the task’s run script, is modified to use https://example.com/path/to/terraform-executor.sh.

Example #2:

  - for: ["preinit"]
      foo: bar
      source: https://example.com/my/preinit.sh
  - for: ["plan"]
    - name: TF_LOG
      value: DEBUG

This configuration sets the preinit task to execute the script from https://example.com/my/preinit.sh and also adds an annotation to the preinit pod foo=bar. A second configuration adds the environment variable TFO_LOG=DEBUG to the plan pod.

Task Option Configuration Reference

When defining task options the user selects which tasks by name to apply the options too. This is done in the for option.

Task selection option

forA list of tasks that will accept the options.

“Pod-like” options

These options are directly related with the Kubernetes Pod definition:

annotationsKey/value annotations that get added to the task pods's metadata annotations.
labelsKey/value lablels that get added to the task pod's metadata labels.
envEnvironment variables, defined like the pod's container EnvVar, that are added to the task pod's main container.
envFrom Environment variables that get injected from a ConfigMap or Secret source. This is defined like a pod container's EnvFromSource.
resourcesResource requests and limits for the pod. See Resource Requirements.

RBAC Options

When the task needs more permissions, the following rbac options can be set to configure rbac:

policyRulesRBAC Role rules that will be added to all runner pods. (This option actually affects all tasks because they all currently share a ServiceAccount. Making a unique service account per task is a TODO item at the moment.)

Task Execution Options

The main purpose of a task is to execute a script. There are several ways to change the task’s default execution. Only one of the three will be used. The order of precedence is:

  • inline
  • configMapSelector
  • script
script.inlineDefine the script directly in the yaml.
Select an existing ConfigMap name and data key that has the script as the value.
script.sourceAn https endpoint that has the script to execute. Example: hello-world.sh

Other Tasks

Aside from the built in tasks by name that ship with Terraform Operator, users may also want to add their own plugin-tasks into a workflow.

Plugins are actually (unmonitored) tasks and accept taskOptions like any other task.

For example, given a plugin like the following:

        image: "ghcr.io/galleybytes/monitor:latest"
        imagePullPolicy: "IfNotPresent"
        when: "After"
        task: "setup"

the plugin is assigned the “monitor” task name. So the plugin pod can be defined further with taskOptions:

  - for:
    - "monitor"
    - name: CLUSTER_NAME
      value: "kind-kind"
    - name: DBHOST
      value: "database"
    - name: PGPASSWORD
      value: "pass"
    - name: PGUSER
      value: "pg"
    - name: PGDATABASE
      value: "crud"
    - name: PGPORT
      value: "5432"
    - name: ENV
      value: "devlocal"