/terraform-ibm-code-engine

Provisions and configures IBM Cloud Code Engine.

Primary LanguageHCLApache License 2.0Apache-2.0

Terraform Code Engine Module

Stable (With quality checks) latest release pre-commit Renovate enabled semantic-release

This module provisions the IBM Cloud Code Engine fully managed and serverless platform. It supports deployment of containerized workloads, including web apps, batch jobs, builds, config maps, bindings, domain mappings, or secrets. For more information, see About Code Engine

Overview

terraform-ibm-code-engine

Known limitations

Currently, IBM provider supports basic functionalities, such as create/delete/update code engine projects, apps, jobs, builds and etc.

Known limitations are:

  • No support to create/delete/update code engine functions. IBM-Cloud/terraform-provider-ibm#5230
  • No support to create/delete/update code engine subscriptions. IBM-Cloud/terraform-provider-ibm#5231
  • Apply twice keeps on showing changes for ibm_code_engine_app and ibm_code_engine_job terraform resource IBM-Cloud/terraform-provider-ibm#4719
  • CLI/API service binding implementation/interface is different from terraform implementation. For example, CLI or UI code engine has a support to create access secret, service credential and all bindings automatically, while code_engine_binding_instance terraform resource requires that access secret exists before the binding is created. The second discrepancy between implementations is that terraform code_engine_binding_instance terraform resource requires prefix while using CLI or UI prefix is an optional parameter. IBM-Cloud/terraform-provider-ibm#5229
  • Visibility for application can not be set. While CLI uses --visibility=private flag to set the visibility, terraform provider doesn't support it. IBM-Cloud/terraform-provider-ibm#5228
  • Apply twice throwns an error for ibm_code_engine_secret terraform resource IBM-Cloud/terraform-provider-ibm#5232

Usage

module "code_engine" {
  source       = "terraform-ibm-modules/code-engine/ibm"
  version      = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  project_name = "your-project-name"
  apps         = {
                  "your-app-name-1" = {
                    image_reference = "container_registry_url"
                    run_env_variables = [{
                      type  = "literal"
                      name  = "env_name"
                      value = "env_value"
                      }]
                  },
                  "your-app-name-2" = {
                    image_reference = "container_registry_url"
                  }
                }
  jobs         = {
                  "your-job-name" = {
                    image_reference = "container_registry_url"
                    run_env_variables = [{
                      type  = "literal"
                      name  = "env_name"
                      value = "env_value"
                    }]
                  }
                }
  config_maps  = {
                  "your-config-name" = {
                    data = { "key_1" : "value_1", "key_2" : "value_2" }
                  }
                }
  secrets      = {
                  "your-secret-name" = {
                    format = "generic"
                    data   = { "key_1" : "value_1", "key_2" : "value_2" }
                  }
                }
  builds       = {
                  "your-build-name" = {
                    output_image  = "container_registry_url"
                    output_secret = "secret-name" # pragma: allowlist secret
                    source_url    = "https://github.com/IBM/CodeEngine"
                    strategy_type = "dockerfile"
                  }
                }
}

Required IAM access policies

You need the following permissions to run this module.

  • Account Management
    • Resource Group service
      • Viewer platform access
  • IAM Services
    • Code Engine service
      • Editor platform access
      • Writer service access

Requirements

Name Version
terraform >= 1.3.0
ibm >= 1.63.0, <2.0.0

Modules

Name Source Version
app ./modules/app n/a
binding ./modules/binding n/a
build ./modules/build n/a
config_map ./modules/config_map n/a
domain_mapping ./modules/domain_mapping n/a
job ./modules/job n/a
project ./modules/project n/a
secret ./modules/secret n/a

Resources

No resources.

Inputs

Name Description Type Default Required
apps A map of code engine apps to be created.
map(object({
image_reference = string
image_secret = optional(string)
run_env_variables = optional(list(object({
type = optional(string)
name = optional(string)
value = optional(string)
prefix = optional(string)
key = optional(string)
reference = optional(string)
})))
run_volume_mounts = optional(list(object({
mount_path = string
reference = string
name = optional(string)
type = string
})))
image_port = optional(number)
managed_domain_mappings = optional(string)
run_arguments = optional(list(string))
run_as_user = optional(number)
run_commands = optional(list(string))
run_service_account = optional(string)
scale_concurrency = optional(number)
scale_concurrency_target = optional(number)
scale_cpu_limit = optional(string)
scale_ephemeral_storage_limit = optional(string)
scale_initial_instances = optional(number)
scale_max_instances = optional(number)
scale_memory_limit = optional(string)
scale_min_instances = optional(number)
scale_request_timeout = optional(number)
}))
{} no
bindings A map of code engine bindings to be created.
map(object({
secret_name = string
components = list(object({
name = string
resource_type = string
}))
}))
{} no
builds A map of code engine builds to be created.
map(object({
output_image = string
output_secret = string # pragma: allowlist secret
source_url = string
strategy_type = string
source_context_dir = optional(string)
source_revision = optional(string)
source_secret = optional(string)
source_type = optional(string)
strategy_size = optional(string)
strategy_spec_file = optional(string)
timeout = optional(number)
}))
{} no
config_maps A map of code engine config maps to be created.
map(object({
data = map(string)
}))
{} no
domain_mappings A map of code engine domain mappings to be created.
map(object({
tls_secret = string # pragma: allowlist secret
components = list(object({
name = string
resource_type = string
}))
}))
{} no
existing_project_id The ID of the existing project to which code engine resources will be added. It is required if var.project_name is null. string null no
jobs A map of code engine jobs to be created.
map(object({
image_reference = string
image_secret = optional(string)
run_env_variables = optional(list(object({
type = optional(string)
name = optional(string)
value = optional(string)
prefix = optional(string)
key = optional(string)
reference = optional(string)
})))
run_volume_mounts = optional(list(object({
mount_path = string
reference = string
name = optional(string)
type = string
})))
run_arguments = optional(list(string))
run_as_user = optional(number)
run_commands = optional(list(string))
run_mode = optional(string)
run_service_account = optional(string)
scale_array_spec = optional(string)
scale_cpu_limit = optional(string)
scale_ephemeral_storage_limit = optional(string)
scale_max_execution_time = optional(number)
scale_memory_limit = optional(string)
scale_retry_limit = optional(number)
}))
{} no
project_name The name of the project to which code engine resources will be added. It is required if var.existing_project_id is null. string null no
resource_group_id ID of the resource group to use when creating resources. string n/a yes
secrets A map of code engine secrets to be created.
map(object({
format = string
data = map(string)
# Issue with provider, service_access is not supported at the moment. IBM-Cloud/terraform-provider-ibm#5232
# service_access = optional(list(object({
# resource_key = list(object({
# id = optional(string)
# }))
# role = list(object({
# crn = optional(string)
# }))
# service_instance = list(object({
# id = optional(string)
# }))
# })))
}))
{} no

Outputs

Name Description
app Configuration of the created code engine app.
binding Configuration of the created code engine binding.
build Configuration of the created code engine build.
config_map Configuration of the created code engine config map.
domain_mapping Configuration of the created code engine domain maping.
job Configuration of the created code engine job.
project_id ID of the created code engine project.
secret Configuration of the created code engine secret.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.