Ephemeral Agents

This feature is supported from version 2.22.0

The following will explain how to run the executor component in"ephemeral" mode.

These environment variables can be used to customize the API component:

ExecutorEphemeralNamespace (Default value: "terrakube")
ExecutorEphemeralImage (Defatul value: "azbuilder/executor:2.22.0" )
ExecutorEphemeralSecret (Default value: "terrakube-executor-secrets" )

The above is basically to control where the job will be created and executed and to mount the secrets required by the executor component

Internally the Executor component will use the following to run in "ephemeral" :

EphemeralFlagBatch (Default value: "false")
EphemeralJobData, this contains all the data that the executor need to run.

Requirements

To use Ephemeral executors we need to create the following configuration:

Service Account Creation

apiVersion: v1
kind: ServiceAccount
metadata:
  name: terrakube-api-service-account
  namespace: terrakube

Role Creation

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: terrakube
  name: terrakube-api-role
rules:
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

Role Binding Creation

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: terrakube-api-role-binding
  namespace: terrakube
subjects:
- kind: ServiceAccount
  name: terrakube-api-service-account
  namespace: terrakube
roleRef:
  kind: Role
  name: terrakube-api-role
  apiGroup: rbac.authorization.k8s.io

Helm Chart Configuration

Once the above configuration is created we can deploy the Terrakube API like the following example:

## API properties
api:
  image: "azbuilder/api-server"
  version: "2.22.0"
  serviceAccountName: "terrakube-api-service-account"
  env:
  - name: ExecutorEphemeralNamespace
    value: terrakube
  - name: ExecutorEphemeralImage
    value: azbuilder/executor:2.22.0
  - name: ExecutorEphemeralSecret
    value: terrakube-executor-secrets

Workspace Configuration

Add the environment variable TERRAKUBE_ENABLE_EPHEMERAL_EXECUTOR=1 like the image below

Workspace Execution

Now when the job is running internally Terrakube will create a K8S job and will execute each step of the job in a "ephemeral executor"

Internal Kubernetes Job Example:

Plan Running in a pod:

Apply Running in a different pod:

Node Selector.

If required you can specify the node selector configuration where the pod will be created using something like the following:

api:
  env:
  - name: JAVA_TOOL_OPTIONS
    value: "-Dorg.terrakube.executor.ephemeral.nodeSelector.diskType=ssd -Dorg.terrakube.executor.ephemeral.nodeSelector.nodeType=spot"

The above will be the equivalent to use the Kubernetes YAML like:

  nodeSelector:
    disktype: ssd
    nodeType: spot

Adding node selector configuration is available from version 2.23.0

PreviousSelf-Hosted Agents NextProxy Configuration

Was this helpful?

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: terrakube name: terrakube-api-role rules: - apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: terrakube-api-role-binding namespace: terrakube subjects: - kind: ServiceAccount name: terrakube-api-service-account namespace: terrakube roleRef: kind: Role name: terrakube-api-role apiGroup: rbac.authorization.k8s.io

## API properties api: image: "azbuilder/api-server" version: "2.22.0" serviceAccountName: "terrakube-api-service-account" env: - name: ExecutorEphemeralNamespace value: terrakube - name: ExecutorEphemeralImage value: azbuilder/executor:2.22.0 - name: ExecutorEphemeralSecret value: terrakube-executor-secrets