hail
hail copied to clipboard
[infra] SOPS-encrypt global.tfvars for Azure deployment
What happened?
The infrastructure necessary to run a Hail Batch deployment (network, buckets, DB, Kubernetes cluster) are managed through Terraform in infra/gcp
and infra/azure
. In order to migrate terraform resources, the terraform module need to be given input variables specific to our deployment provided through a global.tfvars
file. Since this file contains secrets, in GCP we encrypt the file with SOPS and check it into the repo so that any developer with the credentials to our deployment can run the terraform. This is not the case in Azure, so if a developer wants to run the Azure terraform they have to obtain the global.tfvars
from myself. We should use the same strategy for communicating this file as we do in GCP.
Version
0.2.129
Relevant log output
No response