terraform-controller icon indicating copy to clipboard operation
terraform-controller copied to clipboard

Published 20 hours ago verified publisher icon kubevela

Provide a way to propagate annotationa and labels to the terraform apply and destroy jobs

Open anoop2811 opened this issue 2 years ago • 3 comments

A problem we are facing is when we use istio, it enables a sidecar called istio-proxy due to which the job remains in the running status as it continues running even after the terraform-executor has completed. Due to this, the job continues to stay in the Running status. In order to disable istio for jobs, we will need to add the annotation sidecar.istio.io/inject: "false" to the job. If we could propagate the annotation and labels from the application object to the jobs, it would help to selectively disable the sidecar injection.

anoop2811 avatar Feb 28 '22 02:02 anoop2811

An example Job creation that works when we are able to disable istio injection that worked would look like this:

	return &batchv1.Job{
		TypeMeta: metav1.TypeMeta{
			Kind:       "Job",
			APIVersion: "batch/v1",
		},
		ObjectMeta: metav1.ObjectMeta{
			Name:      meta.Name + "-" + string(executionType),
			Namespace: meta.Namespace,
		},
		Spec: batchv1.JobSpec{
			Parallelism:  &parallelism,
			Completions:  &completions,
			BackoffLimit: &backoffLimit,
			Template: v1.PodTemplateSpec{
				ObjectMeta: metav1.ObjectMeta{
					Annotations: map[string]string{
						"sidecar.istio.io/inject": "false",
					},
				},
				Spec: v1.PodSpec{
					// InitContainer will copy Terraform configuration files to working directory and create Terraform
					// state file directory in advance
					InitContainers: initContainers,
					// Container terraform-executor will first copy predefined terraform.d to working directory, and
					// then run terraform init/apply.
					Containers: []v1.Container{{
						Name:            terraformContainerName,
						Image:           meta.TerraformImage,
						ImagePullPolicy: v1.PullIfNotPresent,
						Command: []string{
							"bash",
							"-c",
							fmt.Sprintf("terraform init && terraform %s -lock=false -auto-approve", executionType),
						},
						VolumeMounts: []v1.VolumeMount{
							{
								Name:      meta.Name,
								MountPath: WorkingVolumeMountPath,
							},
							{
								Name:      InputTFConfigurationVolumeName,
								MountPath: InputTFConfigurationVolumeMountPath,
							},
						},
						Env: meta.Envs,
					},
					},
					ServiceAccountName: ServiceAccountName,
					Volumes:            executorVolumes,
					RestartPolicy:      v1.RestartPolicyOnFailure,
				},
			},
		},
	}

anoop2811 avatar Feb 28 '22 20:02 anoop2811

@zzxwill Would it make sense to get these labels from the helm chart as user provided to start?

anoop2811 avatar Feb 28 '22 20:02 anoop2811

@anoop2811 It makes sense. You can set it directly like the code sample. In the future, if we need to interact with Isitio, we can expose the setting of the annotation to user-side:)

zzxwill avatar Mar 01 '22 02:03 zzxwill