1 of 100

Latest

Introduction

Terrakube is an open source collaboration platform for running remote infrastructure as code operations using Terraform or OpenTofu that aims to be a complete replacement for close source tools like Terraform Enterprise, Scalr or Env0.

The platform can be easily installed in any kubernetes cluster, you can easily customize the platform using other open source tools already available for terraform (Example: terratag, infracost, terrascan, etc) and you can integrate the tool with different authentication providers like Azure Active Directory, Google Cloud Identity, Github, Gitlab or any other provider supported by Dex.

Terrakube provides different features like the following:

Terraform module protocol:
- This allows Terrakube to expose an open source terraform registry that is protected and is private by default using different Dex for the authentication with different providers.
Terraform provider protocol:
- This allows Terrakube to expose an open source terraform registry where you can have create your own private terraform providers or create a mirror of the current terraform providers available in the public Hashicorp registry.
Handle you infrastructure as code using Organization like closed source tools like Terraform Enterprise and Scalr.
Easily extended by default integrating with many open source tools available today for terraform CLI.
Support to run the platform using any RDBMS supported by (mysql, postgres, oracle, sql server, etc).
Plugins support to extends functionality using different cloud providers and open source tools using the Terrakube Configuration Languague (TCL).
Easily extends the platform using common technologies like react js, java, spring, elide, liquibase, groovy, bash, go.
Native integration with the most popular VCS like:
- Github.
- Azure DevOps
- Bitbucket
Support for SSH key (RSA and ED25519)
Handle Personal Access Token
Extends and create custom flows when running terraform remote operations with custom logics like:
- Approvals
- Budget reviews
- Security reviews

Getting started

Architecture

This is the high level architecture of the platform

Component descriptions:

Terrakube API:
- Expose a JSON:API or GraphQL API providing endpoints to handle:

Security

General security

Terrakube security is based organizations and groups.

All Dex connectors that implement the groups claims can be used inside Terrakube.

An organization can have one or multiple groups and each group have different kind of access to manage the following options:

Module
- Manage terraform modules inside an organization
VCS

Adding a group to an organization will grant access to read the content inside the organization but to be able to manage any option like module, workspace, templates or providers or VCS a Terrakube administrator will need to grant it

Administrator group

There is one special group inside Terrakube called TERRAKUBE_ADMIN, this is the only group that has access to create organizations and grant access to a teams to manage different organization features, you can also customize the group name if you want to use a different name depending on which you are using when running Terrakube.

Getting Started

To quickly run terrakube in your test environment please check the following:

Minikube + HTTPS

Docker Images

Images for Terrakube components can be found in the following links:

Component

Link

Terrakube API

Terrakube Registry

Terrakube Executor

Terrakube UI

Default Images are based on Ubuntu Jammy (linux/amd64)

The docker images are generated using cloud native buildpacks with the maven plugin, more information can be found in these links:

Alpaquita Linux (Experimental)

From Terrakube 2.17.0 we generate 3 additional docker images for the API, Registry and Executor components that are based on that are designed and optimized for Spring Boot applications.

Alpaquita Linux images for the Executor component does not include GIT, Terraform modules using remote executions like the following wont work:

Docker Compose

Local Domains

We will be using following domains to run Terrakube with docker compose:

HTTPS Local Certificates

Install mkcert to generate the local certificates.

Generate local CA certificate

Create Docker Network

We will be using 10.25.25.253 for our the traefik gateway

Local DNS entries

Update the /etc/hosts file adding the following entries:

Running Terrakube Locally with HTTPS

After 1 or 2 minutes Terrakube will be available in the following URL once all the container are initialized correctly:

- Username:
- Password: admin

Special thanks to who has created the setup example to use Terrakube

Original Reference:

Deployment

The easiest way to deploy Terrakube is using our Helm Chart, to learn more about this please review the following:

You can deploy Terrakube using different authentication providers for more information check

Helm Chart

You can deploy Terrakube to any Kubernetes cluster using the helm chart available in the following repository:

https://github.com/terrakube-io/terrakube-helm-chart

Helm Repository

To use the repository do the following:

helm repo add terrakube-repo https://charts.terrakube.io
helm repo update

Ingress Configuration

The default ingress configuration for terrakube can be customize using a terrakube.yaml like the following:

dex:
  config:
    issuer: http://terrakube-api.minikube.net/dex ## CHANGE THIS DOMAIN
    #.....
    #PUT ALL THE REST OF THE DEX CONFIG AND UPDATE THE URL WITH THE NEW DOMAIN
    #.....

## Ingress properties
ingress:
  useTls: false
  ui:
    enabled: true
    domain: "terrakube-ui.minikube.net" ## CHANGE THIS DOMAIN
    path: "/"
    pathType: "Prefix" 
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
  api:
    enabled: true
    domain: "terrakube-api.minikube.net" ## CHANGE THIS DOMAIN
    path: "/"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
  registry:
    enabled: true
    domain: "terrakube-reg.minikube.net" ## Change to your customer domain
    path: "/"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
  dex:
    enabled: true
    path: "/dex/"
    pathType: "Prefix"
    annotations:
      kubernetes.io/ingress.class: nginx
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"

Update the custom domains and the other ingress configuration depending of your kubernetes environment

The above example is using a simple ngnix ingress

Now you can install terrakube using the command

Storage backend

Azure Storage Account

This guide will assume that you are using the minikube deployment, but the storage backend can be used in any real kubernetes environment.

The first step will be to create one azure storage account with the following containers:

content
registry
tfoutput
tfstate

Create Azure Storage Account tutorial

Once the storage account is created you will have to get the ""

Now you have all the information we will need to create a terrakube.yaml for our terrakube deployment with the following content:

Now you can install terrakube using the command

Amazon Cloud Storage

Using Access Key and Secret

This guide will assume that you are using the minikube deployment, but the storage backend can be used in any real kubernetes environment.

The first step will be to create one s3 bucket with private access

Google Cloud Storage

This guide will assume that you are using the minikube deployment, but the storage backend can be used in any real kubernetes environment.

The first step will be to create one google storage bucket with private access

Create storage bucket tutorial

Minio (S3 compatible)

This guide will assume that you are using the minikube deployment, but the storage backend can be used in any real kubernetes environment.

The first step will be to deploy a minio instance inside minikube in the terrakube namespace

MINIO helm deployment link

Create the file minio-setup.yaml that we can use to create the default user and buckets

Once the minio storage is installed lets get the service name.

The service name for the minio storage should be "miniostorage"

Once minio is installed with a bucket you will need to get the following:

access key
secret key
bucket name
endpoint (http://miniostorage:9000)

Now you have all the information we will need to create a terrakube.yaml for our terrakube deployment with the following content:

Now you can install terrakube using the command:

Database Backend

In a production deployment, it is recommended to host your database backend on external cloud provider like AWS, GCP or Azure.

SQL Azure

To use a SQL Azure with your Terrakube deployment create a terrakube.yaml file with the following content:

loadSampleData this will add some organization, workspaces and modules by default in your database if need it

Now you can install terrakube using the command.

PostgreSQL

By default the helmchart deploy a postgresql database in your terrakube namespace but if you want to customize that you can change the default deployment values.

To use a PostgreSQL with your Terrakube deployment create a terrakube.yaml file with the following content:

## Terrakube API properties
api:
  defaultDatabase: false
  loadSampleData: false
  properties:
    databaseType: "POSTGRESQL"
    databaseHostname: "server_name.postgres.database.com"
    databaseName: "database_name"
    databaseUser: "database_user"
    databasePassword: "database_password"
    databaseSslMode: "disable"
    databasePort: "5432"

loadSampleData this will add some organization, workspaces and modules by default in your database if need it

Now you can install terrakube using the command.

Postgresql SSL mode can be use adding databaseSslMode parameter by default the value is "disable", but it accepts the following values; disable, allow, prefer, require, verify-ca, verify-full. This feature is supported from Terrakube 2.15.0. Reference:

H2

To use a H2 with your Terrakube deployment create a terrakube.yaml file with the following content:INT

H2 database is just for testing, each time the api pod is restarted a new database will be created

loadSampleData this will add some organization, workspaces and modules by default in your database, keep databaseHostname, databaseName, databaseUser and databasePassword empty

Custom Terraform CLI Builds

Terrakube will support terraform cli custom builds or custom cli mirrors, the only requirement is to expose an endpoint with the following structure:

Support is available from version 2.12.0

Example Endpoint:

https://eov1ys4sxa1bfy9.m.pipedream.net/

{
   "name":"terraform",
   "versions":{
      "1.3.9":{
         "builds":[
            {
               "arch":"amd64",
               "filename":"terraform_1.3.9_linux_amd64.zip",
               "name":"terraform",
               "os":"linux",
               "url":"https://releases.hashicorp.com/terraform/1.3.9/terraform_1.3.9_linux_amd64.zip",
               "version":"1.3.9"
            }
         ],
         "name":"terraform",
         "shasums":"terraform_1.3.9_SHA256SUMS",
         "shasums_signature":"terraform_1.3.9_SHA256SUMS.sig",
         "shasums_signatures":[
            "terraform_1.3.9_SHA256SUMS.72D7468F.sig",
            "terraform_1.3.9_SHA256SUMS.sig"
         ],
         "version":"1.3.9"
      }
   }
}

This is usefull when you have some network restrictions that does not allow to get the information from in your private kuberentes cluster.

To support custom terrafom cli releases when using the helm chart us the following:

Self-Hosted Agents

This feature is supported from version 2.20.0 and helm chart version 3.16.0

Terrakube allow to have one or multiple agents to run jobs, you can have as many agents as you want for a single organization.

To use this feature you could deploy a single executor component using the following values:

The above values are assuming the we have deploy terrakube using the domain "minikube.net" inside a namespace called "terrakube"

External Redis

By default the helm chart is using bitnami redis, this container is only for testing purposes and for a real cluster it is better to use an external redis.

To enable it, the following values can be used:

api:
  defaultRedis: false
  env:
  - name: TerrakubeRedisSSL
    value: "true"
  - name: TerrakubeRedisTruststorePath
    value: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts 
  - name: TerrakubeRedisTruststorePassword
    value: changeit
  properties:
    redisHostname: "MY-REDIS-IN-AZURE.redis.cache.windows.net"
    redisPassword: "MY-REDIS-ACCESS-KEY"
    redisPort: "6380"

executor:
  env:
  - name: SERVICE_BINDING_ROOT
    value: /mnt/platform/bindings
  - name: TerrakubeRedisSSL
    value: "true"
  - name: TerrakubeRedisTruststorePath
    value: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts 
  - name: TerrakubeRedisTruststorePassword
    value: changeit

"changeit" is the default password for the java keystore included in the container in this path "/layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts"

Ephemeral Executor with Redis SSL

Using EPHEMERAL_JOB_ENV_VARS is supported from version 2.28.0

To add the additional environment variables to the ephemeral executor the following could be used:

Value:

Proxy Configuration

When Terrrakube needs to run behind a corporate proxy the following environment variable can be used in each container:

When using the official helm chart the environment variable setting can be set like the following:

Token Security

Terrakube use two secrets internally to sign the personal access token and one internal token for intercomponent comunnication when using the helm deployment you can change this values using the following keys:

Make sure to change the default values in a real kubernetes deployment.

The secret should be 32 character long and it should be base64 compatible string.

Development

To quickly develop Terrakube you can use the following guides:

Gitpod (Deprecated)

User Management

You can handle Terrakube users with differen authentication providers like the following

User Guide

Organizations

Organizations are privately shared spaces for teams to collaborate on infrastructure. Basically are logical containers that you can use to define your company hierarchy to organize the workspaces, modules in the private registry and assign fine grained permissions to your teams.

In this section:

Creating an Organization

Only users that belongs to Terrakube administrator group can create organizations. This group is defined in the terrakube settings during deployment, for more details see

Click the organizations list on the main menu and then click the Create new organization button

Provide organization name and description and click the Create organization button

Then you will redirected to the Organization Settings page where you can define your teams, this is step is important so you can assign the permissions to users, otherwise you won't be able to create workspaces and modules inside the organization.

API Tokens

Terrakube has two kinds of API tokens: user and team. Each token type has a different access level and creation process, which are explained below.

API tokens are only shown once when you create them, and then they are hidden. You have to make a new token if you lose the old one.

User API Tokens

API tokens may belong directly to a user. User tokens inherit permissions from the user they are associated with.

User API tokens can be generated inside the User Settings.

Default Templates

Terrakube creates the following default templates:

CLI-Driven Templates

Terrakube use job templates for all executions, Terrakube automatically create the following templates that are used when using the terraform remote state backend operations. This templates are created in all organizations.

Terraform Plan/Apply Cli Template

Will be used when you execute terraform apply using the terraform cli

Terraform Plan/Destroy Cli Templates

Will be used when you execute terraform destroyusing the terraform cli

This templates can be updated if need it but in order for the terraform remote state backed to work properly the step number and the template names should not be changed. So if you delete or modify this templates

Import Templates

Templates can become big over time while adding steps to execute additional business logic.

Example before template import:

Terrakube supports having the template logic in an external git repository like the following:

This feature is only available from Terrakube 2.11.0

Using import templates become simply and we can reuse the logic accross several Terrakube organizations

The sample template can be found .

UI Templates

Terrakube allows you to customize the UI for each step inside your templates using standard HTML. So you can render any kind of content extracted from your Job execution in the Terrakube UI.

For example you can present the costs using Infracost in a friendly way:

Or present a table with the OPA policies

In order to use UI templates you will need to save the HTML for each template step using the Persistent Context. Terrakube expects the ui templates in the following format.

terrakubeUI :{
   "100" : "<span>Some Content</span>"
}

In the above example the 100 property in the JSON refers to the step number inside your template. In order to save this value from the template you can use the Context extension. For example:

flow:
  - type: "terraformPlan"
    step: 100
    name: "Plan"
    commands:
      - runtime: "GROOVY"
        priority: 300
        after: true
        script: |
          import Context
          
          def uiTemplate = '{"100":"<span>Simple Text</span>"}'
          new Context("$terrakubeApi", "$terrakubeToken", "$jobId", "$workingDirectory").saveProperty("terrakubeUI", uiTemplate)

          "Save context completed..."
  - type: "terraformApply"
    step: 200
    name: "Apply"

Filter global variables in jobs

In some special cases it is necesarry to filter the global variables used inside the job execution, if the "inpursEnv" or "inpustTerraform" is not defined all global variables will be imported to the job context.

Template Configuration

$IMPORT1 and $IMPORT2 will be added to the job context as env variable INPUT_IMPORT1 and INPUT_IMPORT2

VCS Providers

Terrakube empowers collaboration between different teams in your organization. To achieve this, you can integrate Terrakube with your version control system (VCS) provider. Although Terrakube can be used with public Git repositories or with private Git repositories using SSH, connecting to your Terraform code through a VCS provider is the preferred method. This allows for a more streamlined and secure workflow, as well as easier management of access control and permissions.

Terrakube supports the following VCS providers:

Github OAuth Github Enterprise GitLab Gitlab EE and CE Bitbucket Azure DevOps SSH

Webhooks

Terrakube uses webhooks to monitor new commits. This features is not available in SSH and Azure DevOps.

When new commits are added to a branch, Terrakube workspaces based on that branch will automatically initiate a Terraform job. Terrakube will use the "Plan and apply" template by default, but you can specify a different Template during the Workspace creation.
When you specify a directory in the Workspace. Terrakube will run the job only if a file changes in that directory

GitLab

For using repositories from Gitlab.com with Terrakube workspaces and modules you will need to follow these steps:

Manage VCS Providers permission is required to perform this action, please check for more info.

Navigate to the desired organization and click the Settings button, then on the left menu select VCS Providers

SSH

Terrakube can use SSH keys to authenticate to your private repositories. The SSH keys can be uploaded inside the settings menu.

To handle SSH keys inside Terrakube your team should have "Manage VCS settings" access

Terrakube support keys with RSA and ED25519

SSH keys can be used to authenticate to private repositories where you can store modules or workspaces

Once SSH keys are added inside your organization you can use them like the following example:

Modules:

Workspace:

When using SSH keys make sure to use your repository URL using the ssh format. For github it is something like :AzBuilder/terrakube-docker-compose.git

SSH Key Injection

The selected SSH key will be used to clone the workspace information at runtime when running the job inside Terrakube, but it will also be injected to the job execution to be use inside our terraform code.

For example if you are using a module using a GIT connection like the following:

When running the job, internally terraform will be using the selected SSH key to clone the necesary module dependencies like the below image:

When using a VCS connection you can select which SSH key should be injected when downloading modules in the workspace settings:

This will allow to use modules using the git format inside a workspace with VCS connection like the following:

Workspaces

When working with Terraform at Enterprise level, you need to organize your infrastructure in different collections. Terrakube manages infrastructure collections with workspaces. A workspace contains everything Terraform needs to manage a given collection of infrastructure, so you can easily organize all your resources based in your requirements.

For example, you can create a workspace for dev environment and a different workspace for production. Or you can separate your workspaces based in your resource types, so you can create a workspace for all your SQL Databases and anothers workspace for all your VMS.

You can create unlimited workspaces inside each Terrakube Organization. In this section:

Creating Workspaces Terraform State Variables Workspace scheduler

Overview

The workspace overview page provides you a summary of the current workspace state.

Managing Workspace Tags

You can manage tags for the workspace in the overview page. The right panel lets you search existing tags or type a new tag name to add or remove tags from the workspace.

Terraform State

Each Terrakube workspace has its own separate state data, used for jobs within that workspace. In Terrakube you can see the Terraform state in the standard JSON format provided by the Terraform cli or you can see a Visual State, this is a diagram created by Terrakube to represent the resources inside the JSON state.

JSON State

Go to the workspace and click the States tab and then click in the specific state you want to see.

You will see the state in JSON format

You can click the Download button to get a copy of the JSON state file

Visual State

Inside the states page, click the diagram tab and you will see the visual state for your terraform state.

The visual state will also show some information if you click each element like the following:

Resources

All the resources can be shown in the overview page inside the workspace:

If you click the resources you can check the information about each resouce like the folloing

Share Workspace State

Terrakube support sharing the terraform state between workspaces using the following data block.

For example it can be used in the following way:

This feature is supported from Terrakube 2.15.0

Provider Cache

The component use to execute terraform/opentofu configuration is stateless so everytime that it is executing a job will try to download the terraform/opentofu providers, in order to speed up the execution the following environment variable can be added to have a provider cache.

TF_PLUGIN_CACHE_DIR=/home/cnb/.terraform.d/plugin-cache

When deploying the helm chart the following can be used to add an emptyDir volume to cache the providers.

executor:
  volumes:
    - name: cache-volume
      emptyDir:
        sizeLimit: 1024Mi
  volumeMounts:
  - mountPath: /home/cnb/.terraform.d/plugin-cache
    name: cache-volume

When running tofu init, temporary files such as .terraform.lock.hcl are generated based on the current machine’s architecture. On subsequent runs, OpenTofu verifies that the required providers match the architecture specified in the lock file to decide whether a new download is necessary.

However, when working locally on macOS, the architecture (e.g., darwin/amd64 or darwin/arm64) differs from the architecture used by remote Terrakube jobs (linux/arm64). This mismatch forces OpenTofu to redownload providers each time.

If you want to avoid that issue you need to run this command to generate lock file for Terrakube's image architecture.

tofu providers lock -platform=linux_amd64

Make sure to use the correct size for the volume mount, in the example is only using 1024Mi, more information can be found in this

If you want to use cache with EphemeralJob you will need to provision a volume with in ReadWriteMany as several jobs can be writing to the cache at the same time.

AWS Dynamic Provider Credentials

Requirements

The dynamic provider credential setup in AWS can be done with the Terrraform code available in the following link:

https://github.com/AzBuilder/terrakube/tree/main/dynamic-credential-setup/aws

The code will also create a sample workspace with all the require environment variables that can be used to test the functionality using the CLI driven workflow.

Make sure to mount your public and private key to the API container as explained

Mare sure the private key is in "pkcs8" format

Validate the following terrakube api endpoints are working:

Set terraform variables using: "variables.auto.tfvars"

To generate the API token check

Run Terraform apply to create all the federated credential setup in AWS and a sample workspace in terrakube for testing

To test the following terraform code can be used:

Azure Dynamic Provider Credentials

Requirements

The dynamic provider credential setup in Azure can be done with the Terrraform code available in the following link:

The code will also create a sample workspace with all the require environment variables that can be used to test the functionality using the CLI driven workflow.

GCP Dynamic Provider Credentials

Requirements

The dynamic provider credential setup in GCP can be done with the Terrraform code available in the following link:

https://github.com/AzBuilder/terrakube/tree/main/dynamic-credential-setup/gcp

The code will also create a sample workspace with all the require environment variables that can be used to test the functionality using the CLI driven workflow.

Make sure to mount your public and private key to the API container as explained

Mare sure the private key is in "pkcs8" format

Validate the following terrakube api endpoints are working:

Set terraform variables using: "variables.auto.tfvars"

To generate the API token check

Run Terraform apply to create all the federated credential setup in GCP and a sample workspace in terrakube for testing

To test the following terraform code can be used:

Running Example

Workspace scheduler

Terrakube allows to schedule a job inside workspaces, this will allow to execute a specific template in an specific time.

To create a workspace schedule click the "schedule" tab and click "Add schedule" like the following image.

This is usefull for example when you want to destroy your infrastructure by the end of every week to save some money with your cloud provider and recreate it every monday morning.

Example.

Lets destroy the workspace every friday at 6 pm

Cron expression will be 30 18 * * 5

Lets create the workspace every monday at 5:30 am

Cron expression will be 30 5 * * 1

API-driven Workflow

In progress

Developing Actions

In this section:

Display Criteria

Display Criteria offer a flexible way to determine when an action will appear. While you can add logic inside your component to show or hide the action, using display criteria provides additional advantages:

Optimize Rendering: Save on the loading cost of each component.
Multiple Criteria: Add multiple display criteria based on your requirements.
Conditional Settings: Define settings to be used when the criteria are met.

Action Types

Action Types define where an action will appear in Terrakube. Here is the list of supported types:

Workspace/Action

The action will appear on the Workspace page, next to the Lock button. Actions are not limited to buttons, but this section is particularly suitable for adding various kinds of buttons. Use this type for actions that involves interaction with the Workspace

Workspace/ResourceDrawer/Action

The action will appear for each resource when you click on a resource using the Overview Workspace page or the Visual State Diagram. Use this when an action applies to specific resources, such as restarting a VM or any actions that involve interaction with the resource. \

Workspace/ResourceDrawer/Tab

The action will appear for each resource when you click on a resource using the Overview Workspace page or the Visual State Diagram. Use this when you want to display additional data for the resource, such as activity history, costs, metrics, and more.

For this type, theLabel property will be used as the name of the Tab pane.

Action Context

The context object contains data related to the Workspace that you can use inside the action. The properties depends on the Action Type.

Tip

Inside your action you can use console.log(context) to quickly explore the available properties for the context

context.workspace

Contains the workspace information in the Terrakube api format. See the for more details on the properties available.

Examples

context.workspace.id: Id of the workspace
context.workspace.attributes.name: Name of the workspace
context.workspace.attributes.terraformVersion: Terraform version

Available for action types

workspace/action
workspace/resourcedrawer/action
workspace/resourcedrawer/tab

context.settings

Contains the settings that you configured in the display criteria.

Examples

context.settings.Repository: the value of repository that you set for the setting. Example:

Available for action types

workspace/action
workspace/resourcedrawer/action
workspace/resourcedrawer/tab

context.state

For workspace/action this property contains the full terraform or open tofu state. For workspace/resourcedrawer/action and workspace/resourcedrawer/tab contains only the section of the resource

Available for action types

workspace/action
workspace/resourcedrawer/action
workspace/resourcedrawer/tab

context.apiUrl

Contains the Terrakube api Url. Useful if you want to use the or execute a call to the Terrakube API.

Available for action types

workspace/action
workspace/resourcedrawer/action
workspace/resourcedrawer/tab

Action Proxy

The Action Proxy allows you to call other APIs without needing to add the Terrakube frontend to the CORS settings, which is particularly useful if you don't have access to configure CORS. Additionally, it can be used to inject Workspace variables and Global variables into your requests.

Calling the Action Proxy

The proxy supports POST, GET, PUT, and DELETE methods. You can access it using the axiosInstance variable, which contains an Axios object.

To invoke the proxy, use the following URL format: ${context.apiUrl}/proxy/v1

When calling the Action Proxy, use the following required parameters:

targetUrl: Contains the URL that you want to invoke.
proxyHeaders: Contains the headers that you want to send to the target URL.
workspaceId: The workspace ID that will be used for some validations from the proxy side

Injecting Variables via the Action Proxy

If you need to access sensitive keys or passwords from your API call, you can inject variables using the template notation ${{var.variable_name}}, where variable_name represents a or a.

If you have a Global variable and a Workspace variable with the same name, the Workspace variable value will take priority.

Example Usage

In this example:

${{var.OPENAI_API_KEY}} is a placeholder for a sensitive key that will be injected by the proxy.
proxyBody contains the data to be sent in the request body.
proxyHeaders contains the headers to be sent to the target URL.

By using the Action Proxy, you can easily interact with external APIs while using Terrakube's capabilities to manage and inject necessary variables securely.

Built-in Actions

The following actions are added by default in Terrakube. However, not all actions are enabled by default. Please refer to the documentation below if you are interested in activating these actions.

General

: Adds a button to quickly navigate to the Terraform registry documentation for a specific resource.

Open Documentation

Description

The Open Documentation action is designed to provide quick access to the Terraform registry documentation for a specific provider and resource type. By using the context of the current state, this action constructs the appropriate URL and presents it as a clickable button.

Display Criteria

Resource Details

Description

The Resource Details action is designed to show detailed information about a specific resource within the workspace. By using the context of the current state, this action provides a detailed view about the properties and dependencies in a tab within the resource drawer.

Display Criteria

By default this Action is enabled and will appear for all the resources. If you want to display this action only for certain resources, please check .

Usage

Navigate to the Workspace Overview or the Visual State and click a resource name.

In the Resource Drawer, you will see a new tab Details with the resource attributes and dependencies.

Open in Azure Portal

Description

The Open In Azure Portal action is designed to provide quick access to the Azure portal for a specific resource. By using the context of the current state, this action constructs the appropriate URL and presents it as a clickable button.

Display Criteria

Restart Azure VM

Description

The Restart VM action is designed to restart a specific virtual machine in Azure. By using the context of the current state, this action fetches an Azure access token and issues a restart command to the specified VM. The action ensures that the VM is restarted successfully and provides feedback on the process.

Display Criteria

By default, this Action is disabled and when enabled will appear for all resources that have resource type azurerm_virtual_machine. If you want to display this action only for certain resources, please check .

Setup

This action requires the following variables as or in the Workspace Organization:

ARM_CLIENT_ID: The Azure Client ID used for authentication.
ARM_CLIENT_SECRET: The Azure Client Secret used for authentication.
ARM_TENANT_ID: The Azure Tenant ID associated with your subscription.

The Client ID should have at least Virtual Machine Contributor access on the VM or resource group.

Usage

Navigate to the Workspace Overview or the Visual State and click on a resource name.

In the Resource Drawer, click the "Restart" button.

The VM will be restarted, and a success or error message will be displayed.

Azure Monitor

Description

The Azure Monitor Metrics action allows users to fetch and visualize metrics from Azure Monitor for a specified resource.

Display Criteria

By default, this Action is disabled and when enabled will appear for all the azurerm resources. If you want to display this action only for certain resources, please check .

Setup

This action requires the following variables as or in the Workspace Organization:

ARM_CLIENT_ID: The Azure Client ID used for authentication.
ARM_CLIENT_SECRET: The Azure Client Secret used for authentication.
ARM_TENANT_ID: The Azure Tenant ID associated with your subscription.

The Client ID should have at least Monitoring Reader or Reader access on resource group or subscription.

Usage

Navigate to the Workspace Overview or the Visual State and click on a resource name.

Click the Monitor tab to view metrics for the selected resource.

You can view additional details for the metrics using the tooltip.

You can see more details for each chart by navigating through it.

Private Registry

Terraform provides a public registry, where you can share and reuse your terraform modules or providers, but sometimes you need to define a Terraform module that can be accessed only within your organization.

Terrakube provides a private registry that works similarly to the and helps you share and privately across your organization. You can use any of the main to maintain your terraform module code.

At the moment the Terrakube UI only supports but you can publish providers using the

In this section:

Publishing Private Modules

Manage Modules permission is required to perform this action, please check Team Management for more info.

Click Registry in the main menu and then click the Publish module button

Select an existing version control provider or click Connect to a different VCS to configure a new one. See VCS Providers for more details.

Provide the git repository URL and click the Continue button.

In the next screen, configure the required fields and click the Publish Module button.

The module will be published inside the specified organization. On the details page, you can view available versions, read documentation, and copy a usage example.

Releasing New Versions of a Module

To release a new version of a module, create a new release tag to its VCS repository. The registry automatically imports the new version.

Deleting Modules

In the Module details page click the Delete Module button and then click the Yes button to confirm

Updates

July 2025 (2.27.0)

This release introduces several significant advancements designed to enhance the functionality, security, and integration capabilities of Terrakube.

New UI container

The terrakube-ui container now utilizes the nginxinc/nginx-unprivileged image, replacing the bitnami/nginx image used in previous versions.

Centralized Terraform Module Version Management

Terraform module versions are now persistently managed within the database, transitioning from the prior Redis-based ephemeral storage. Upon the initial startup following this update, Terrakube will initiate a comprehensive update of all modules. This process may require several minutes, depending on the volume of existing modules.

Dynamic Credential Authentication

Enhanced support has been implemented for dynamic credential authentication with Openbao or Vault, streamlining secure access and integration with these systems.

Inside the workspace settings it only requires to use the following variables

When running a job for example using the terraform cloud block it will work like the following:

GitLab Integration

Jobs can now be automatically triggered by merge request and release events within GitLab repositories when defining the webhook configuration like the following:

A gitlab webhook will be created inside the repository

After every job execution a status will be shown inside gitlab

Bitbucket Integration

Support has been added for triggering jobs through pull request and release events in Bitbucket.

Improved Development Environment Support

The devcontainer environment now offers enhanced support for both PostgreSQL and MSSQL databases, facilitating more flexible development workflows.

Internal System Migration

The entire project codebase has been migrated to the io.terrakube package structure. Concurrently, all previously defined Quartz jobs have been successfully migrated to this new package hierarchy, ensuring consistency and maintainability.

July 2024 (2.22.0)

Welcome to the 2.22.0 release of Terrakube! As the summer season comes to a close, we’re focusing on enhancing the stability of the recent features we’ve introduced. While this is a smaller update compared to previous releases, we’re excited to see an increase in contributions from the community. Let’s dive into the key highlights:

Ephemeral Agents

Before this version, the executor component—responsible for running jobs like plan, apply, destroy, etc.—was more static, with the API always running and listening for new jobs. In this update, we’re introducing a more dynamic and efficient approach: ephemeral agents. Now, a new executor is created for each job and is disposed of once the job is finished. This enhancement leverages Kubernetes jobs to schedule each run, plan, and apply, making the process more resource-efficient and scalable.

If you’re interested in switching to ephemeral agents, follow our to get started.

Enhanced GitHub Integration with Status Checks

In this version, we’ve enhanced the GitHub integration by adding status checks. Previously, every push to the branch configured in your Terrakube workspace would trigger a Terraform/OpenTofu apply, but there was no way to monitor the job’s progress or navigate to the workspaces directly from GitHub. With this update, you can now see the status (completed or failed) of the job directly within GitHub, and by clicking the "Details" button, you can easily navigate to Terrakube to view more information.

Thanks to @stanleyz for this contribution!

ARM64 Support for Terrakube Images

In this version, we’ve converted all Terrakube images for the UI, API, and executor to multi-architecture images. This means you can now run Terrakube on both Linux/AMD64 and Linux/ARM64 platforms, providing greater flexibility and compatibility across different environments.

For more details about our official images, take a look at our .

Custom Releases Endpoint for OpenTofu

As OpenTofu continues to gain popularity, we’ve added a new feature in this version that allows you to specify a custom releases endpoint. By default, Terrakube uses the official OpenTofu repository to list available versions. With this update, you now have the option to define a custom releases endpoint, giving you more control over the versions you allow internally for your workspaces. This also enables you to create and use custom builds from OpenTofu in your Terrakube jobs.

Thanks to @gespinozat for this contribution!

Multiple Branches Support in a Workspace

In this version, we’ve added the option to specify multiple branches within a single workspace. This feature is particularly useful if you need to run Terrakube jobs across different branches within the same workspace, such as during development. It provides greater flexibility and control over your infrastructure management process, allowing you to test and deploy changes in various branches without needing separate workspaces.

Thanks @akozhuharov for this contribution!

Other Fixes and Dependency Updates

As always, we’ve updated a bunch of dependencies to keep Terrakube up to date and secure, and we’ve also fixed multiple bugs reported by the community. You can see the full list of changes .

May 2024 (2.21.0)

Welcome to the 2.21.0 release from Terrakube! As we reach the midpoint of the year, we’re excited to introduce several new features and enhancements that improve the overall user experience and functionality. Let’s dive into the key highlights:

Terrakube Actions

Terrakube actions allow you to extend the UI in Workspaces, functioning similarly to plugins. These actions enable you to add new functions to your Workspace, transforming it into a hub where you can monitor and manage your infrastructure and gain valuable insights. With Terrakube actions, you can quickly observe your infrastructure and apply necessary actions.

In the below demo, you can view how to use a couple of the new actions to and .

Additionally, we are providing an action to interact with OpenAI directly from the workspace. Check out the for more details.

Check our for more details on how to use and start creating Terrakube actions.

Authenticate Providers with Dynamic Credentials

Terrakube's dynamic provider credentials feature allows you to establish a secure trust relationship between Terraform/OpenTofu and your cloud provider. By using unique, short-lived credentials for each job, this feature significantly reduces the risk of compromised credentials. We are excited to announce support for dynamic credentials for the following cloud providers:

This enhancement ensures that your infrastructure management is both secure and efficient, minimizing potential security vulnerabilities while maintaining seamless integration with your cloud environments.

Support for --auto-approve Flag

We are pleased to announce the addition of support for the --auto-approve flag in the CLI-driven workflow. This feature allows for the automatic approval of Terraform and OpenTofu apply operations.

UI Enhancements

We have made several enhancements to the UI, focusing on improving the overall user experience:

Buttons: Basic rounded corner adjustments.
Global Shadow Optimization: Adjusted from three layers of shadows to two layers, used in various components.
Loading Spinners: Added spinners for loading main pages instead of static loading text.
Field Validations: Added validations for fields to improve form submission accuracy.

These updates aim to make the Terrakube interface more intuitive and visually appealing.

Bug fixes

We have made some improvements and fixes based on the feedback from the community and the security analysis. You can find the full list of changes for this version here https://github.com/AzBuilder/terrakube/releases/tag/2.21.0

March 2024 (2.20.0)

Welcome to the 2.20.0 release from Terrakube! In our second update of the year, we're excited to share several key highlights with you:

Workspace Importer

Our newly Workspace Importer is designed to improve your migration from Terraform Cloud or Terraform Enterprise to Terrakube. Providing a user-friendly wizard, this feature simplifies the process of transferring all your workspaces to Terrakube, ensuring that variables, tags, state files, and other components are easily copied over. During its beta phase, this feature has been tested with hundreds of workspaces, receiving positive feedback from the community. If you're considering a migration to Terrakube, we highly recommend reviewing to see how this feature can save you time and effort.

Enhanced API Token Management

We've enhanced the UI for managing , making it more intuitive and efficient. Now, revoking tokens can be done directly through the UI with ease.

Organization Default Execution Mode Update

This new feature allows you to set the default execution mode—either local or remote—at the organization level.

Enhanced Support for Monorepos in Private Registry

Responding to community feedback regarding the management of Terraform modules within a monorepo, we've made significant enhancements to our Private Registry. Now, you have the capability to specify the path of the module within the monorepo and set a tag prefix when creating a module.

Agents Support

We've expanded Terrakube capabilities with the introduction of multiple terrakube executor agents. Now, you have the flexibility to select the specific agent you wish to use for each workspace. This new feature enables a higher level of execution isolation based on workspaces, offering improved security and customization to suit your project's needs.

Prefix Support for Remote Backend

If you are using the remote backend this enhancement allows you to perform operations across multiple workspaces under the same prefix, improving workspace management and operation execution.

Breaking change for POSTGRESQL user

if you are using POSTGRESQL and using the helm chart 3.16.0 it will require you to add the database port using the property

More information can be found in this

Bug fixes

January 2024 (2.19.0)

As we step into the new year, we are thrilled to announce the release of Terrakube 2.19.0, a significant update that continues to push the boundaries of Infrastructure as Code (IaC) management. Here are some key highlights of this release:

OpenTofu Now Available on Terrakube

With OpenTofu now in General Availability (GA), we've integrated it as an alternative within Terrakube. Now, when you create workspaces, you have the option to select either Terraform or OpenTofu. Terrakube will then tailor the user experience specifically to the tool you choose. Additionally, you can switch your existing workspaces to OpenTofu via the Workspace settings, allowing for a smooth transition between tools.

In the future we are planning to introduce specific features for each Terraform and Opentofu based in their evolution. Also we will introduce support for more Iac tools later.

Enhanced Workspace Overview Page

We've upgraded the Workspace Overview Page to enrich your interaction with your infrastructure. Now, you'll find a detailed count of resources and outputs. Each resource is represented by an icon indicating its type, with current support for AWS and Azure icons. Clicking on a resource name unfolds a detailed view of all its attributes and dependencies, and provides direct access to the resource's documentation.

You can access the attributes and dependencies view from both Workspace Overview Page or using the .

Webhook Improvements

Now, you have the flexibility to select the default template that will execute for each new push in your Version Control System (VCS) at the workspace level. By default, Terrakube performs Plan and Apply operations, but you can now choose a different template tailored to your specific use case. This enhancement allows for the implementation of customized workflows across different organizations or workspaces.

Additionally, Terrakube now checks for the configured directory in the Workspace and will only run the job when a file changes in the specified directory. This feature is particularly useful for monorepositories, where you want to manage different workspaces from a single repository. This functionality has been implemented for GitLab, GitHub, and Bitbucket.

CLI Driven workflow

When leveraging the , you now have the option to utilize the refresh flag.

Here's an example without the refresh flag:

Example setting refresh to false:

API Token Revocation

You now have the ability to revoke both Personal and Team API Tokens. Currently, this functionality is exclusively accessible via the API, but it will be extended to the UI in a forthcoming release. For more information, please refer to .

Bug fixes

December 2023 (2.18.0)

Greetings! As the year comes to a close, we are excited to present you the 2.18.0 release of Terrakube. This version brings you some features and enhancements that we hope you’ll enjoy, some of the key highlights include:

AWS icons in State Diagram

The state diagram now includes all the AWS architecture icons, so you can easily recognize each resource type. This feature will help you visualize your Terraform state in a more intuitive way. We are also working on improving the diagram to group the resources by VPC, location, etc which will give you a closer look at how your architecture is designed using the Terraform state.

Visual State Diagram export option

Following the state diagram enhancements, we have also added the option to save the diagram in different formats. You can export a high-quality image in png, svg or jpeg formats by using the Download and selecting the preferred format. This feature will help you use the diagram for your documentation or presentations.

Self Hosted VCS Providers Support

We have added support for Github Enterprise, GitLab Enterprise Edition and GitLab Community Edition. This means that you can now integrate your workspaces and modules using your self-hosted VCS providers. This is a major milestone in our vision of providing an enterprise-grade experience with Terrakube. In the upcoming releases we will add Bitbucket Server and Azure DevOps Server. For more details in how to use this feature check the following links.

Webhooks support for GitLab (Cloud, EE and CE), BitBucket and Github (Cloud and Enterprise)

We have introduced a new feature that will make your workflow more efficient and convenient. Now, Terrakube will automatically trigger a new Plan and Apply job for each new push in the repository that is linked to the workspace. You no longer have to run the jobs manually using the UI or the terraform CLI. This feature will help you keep your infrastructure in sync with your code changes.

Bug fixes

November 2023 (2.17.0)

Welcome to the 2.17.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Submodules view

You can now view the submodules of your Terraform Module in the open registry. When you select a submodule, you will see its details, such as inputs, outputs and resources.

Workspace Overview

We have enhanced the workspace overview to give you more information at a glance. You can now see the Terraform version, the repository, and the list of resources and outputs for each workspace.

Team API Tokens

You can now generate team API tokens using the Terrakube UI and specify their expiration time in days/minutes/hours. This gives you more flexibility and control over your team’s access to Terrakube. To learn more, please visit our .

Terraform provider for Terrakube

You can use the for Terraform to manage modules, organizations and so on.

Bug fixes

We’ve addressed some issues reported by the community and fixed some vulnerabilities. You can see the full change log for this version here https://github.com/AzBuilder/terrakube/releases/tag/2.17.0

October 2023 (2.16.0)

Welcome to the 2.16.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Improvement in Workspaces List

We have added more filters to workspaces, so you can easily find the one you need. You can now use the tags or description of the workspaces to narrow down your search. Additionally, you can see the tags of each workspace on its card, without having to enter it. This way, you can quickly identify the workspaces that are relevant to you.

Team API Tokens

In the previous version, you could only generate API tokens that were associated with a user account. Now, you can also generate API tokens that are linked to a specific team. This gives you more flexibility and control over your API access and permissions. To generate a team API token, you need to use the API for now, but we are working on adding this feature to the UI in the next version. You can find more information on how to use team API tokens in our

Bug fixes and Performance

We’ve addressed some issues reported by the community regarding performance,bugs and security. You can see the full change log for this version here https://github.com/AzBuilder/terrakube/releases/tag/2.16.0

August 2023 (2.15.0)

Welcome to the 2.15.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Local Execution Mode

In the previous version, all executions were run remotely in Terrakube. However, starting from this version, you can choose to define the execution mode as either local or remote. By default, all workspaces run remotely. If you want to disable remote execution for a workspace, you can change its execution mode to “Local”. This mode allows you to perform Terraform runs locally using the CLI-driven run workflow.

Accessing State from Other Workspaces

Now its possible to use terraform_remote_state datasource to acces state between workspaces. For further details check

Support Cloud Block with Tags

In our previous version, we introduced support for adding tags to Workspaces. Starting from this version, you can use these tags within the cloud block to apply Terraform operations across multiple workspaces that share the same tags. You can find more details in the

Search modules

We’ve added a search function to the Modules pages, making it easier to find modules.

Bug fixes

We’ve addressed some issues reported by the community, so Terrakube is becoming more stable. You can see the full change log for this version here https://github.com/AzBuilder/terrakube/releases/tag/2.15.0

Thanks for all the community support and contributions. Special thanks to @klinux for implementing the search feature inside Modules.

Jun 2023 (2.14.0)

Welcome to the 2.14.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Terraform cloud block support

This new version lets you use the to execute remote operations using the .

Enhanced UI error messages for Authorization errors

We have enhanced the UI to handle authorization errors more gracefully.

Workspace Tags

We have enabled tagging functionality within the workspaces. In an upcoming release, you will be able to use these tags in the cloud block feature. For more details please check the .

Overview Workspace page

With Terrakube’s new workspace Overview page, you can access all the essential information for each of your workspaces in a simple and convenient panel. Initially we are including the last run and workspace tags. We will add more information in upcoming releases.

Improved CLI run workflow logs

From this version onwards, you can view the logs in real time when you use the Terraform CLI remote backend or the cloud block.

SSH key injection

Before, Terrakube only used SSH keys to clone private git repos. Now, Terrakube will inject the keys into the workspace. This way, if your terraform modules use git as source, Terraform will access the modules with the keys. Check the for further details.

For the full changelog for this version please check https://github.com/AzBuilder/terrakube/releases/tag/2.14.0

May 2023 (2.13.0)

Welcome to the 2.13.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Terraform init -migrate-state support

Now you can easily migrate your Terraform state from other tools like TFE or Terraform Cloud to Terrakube. The migration command is supported by using the terraform CLI.

Check out our for further details about the process.

Improved Log streaming in the UI

Starting with this version, you can see the logs in the Terrakube UI in almost real time, so you can easily follow up on your Terraform changes.

Also we optimized the code and updated most libs to the latest versions For the full changelog for this version please check https://github.com/AzBuilder/terrakube/releases/tag/2.13.0

Mar 2023 (2.12.0)

Welcome to the 2.12.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Search options in Workspaces

Use the new controls in the workspaces list to filter by status or search by name.

Simplified process to add a new VCS provider

You can now connect to a vcs provider in one step, instead of creating it first and then updating the call back url.

Open Telemetry

We added Open Telemetry to the api, registry and executor components for monitoring Terrakube. In future versions, we will also provide Grafana templates for custom metrics like jobs execution and workspaces usage. Check the for further information.

Improvement to Templates

In the previous version we introduced the use of importCommands, and now improve reutilization we are adding inputsTerraform and inputsEnv so basically now you can send parameters to your templates in an easy way. For example:

Check the for more details.

And if you want to create a schedule for a template, you can do it easily now with scheduleTemplates.

Check for more details.

Restrict Terraform Versions or Provide your own Terraform build

You can now use a custom Terraform CLI build or restrict the Terraform versions in your organization with terrakube. Check the for more details.

Terrakube Installation

We improved the helm chart to make the installation easy and now you can quickly install Terrakube for a Sandbox Test environment in . If you prefer you can now try Terrakube using

Thanks for the community contribution, specially thanks to @Diliz and @jstewart612 for their contributions in the Helm Chart. For the full changelog for this version please check https://github.com/AzBuilder/terrakube/releases/tag/2.12.0

And if you have any idea or suggestion don't hesitate to let us know.

February 2023 (2.11.0)

Welcome to the 2.11.0 release of Terrakube. There are a couple of updates in this version that we hope you'll like, some of the key highlights include:

Adding Global Variables to Organization Settings

Global Variables allow you to define and apply variables one time across all workspaces within an organization. So you can set your cloud provider credentials and reuse it in all the workspaces inside the same organization. See more details in

Adding CLI and API Driven workflows to workspaces

and workflows are available now. This mean you can create a workspace in the UI and then connect to the same using the Terraform cli or the Terrakube API. Or if you prefer you can go ahead and connect to your Terrakube organization locally from the Terraform cli. Check the for further details.

For CLI or API driven workspaces you will see the steps directly in the overview tab:

And in the list of workspaces you will see a badge so you can easily identify CLI and API driven workspaces

Improved error handling for invalid templates

If you have an error in your template yaml syntax will be easy to identify it. You will see a more clear message about the job execution failure so you can easily see if the error is related with the execution or with the template configuration.

Import scripts inside the templates

If you have some scripts that you want to reuse, you can import it using the new importCommand this will improve the reuse of templates, so you can share some commons steps with the community in your github repos. See for more details in how to import scripts

Adding UI templates support in workspaces

UI templates extend the idea of templates to the UI, so you can customize how each step will look like, in your custom flow inside Terrakube. Basically you can use standard HTML to build the way in which Terrakube will present the specific step

For example you can present a more user friendly information when extracting data from infracost result. And in the UI if you have a custom Template for that step you will se the Structured UI by default, but you can switch the view to the standard terminal output to see the full logs for that step.

Check some examples:

UI templates will allow to create better UI experiences. And brings new ways to customize the way you use Terrakube in your organization. In the upcoming releases we will create some standards templates that you can reuse for the terraform plan and apply. And also we will provide a Terrakube extensions that allows to create UI templates easily.

When you login to Terrakube for the first time and if you have multiple organizations assigned, then you will see a screen to select your organization.

For the full changelog for this version please check https://github.com/AzBuilder/terrakube/releases/tag/2.11.0

And if you have any idea or suggestion don't hesitate to let us know.

Latest

Introduction

Sponsors

Getting started

Architecture

Security

General security

Administrator group

Getting Started

Docker Images

Alpaquita Linux (Experimental)

Docker Compose

Local Domains

HTTPS Local Certificates

Generate local CA certificate

Create Docker Network

Local DNS entries

Running Terrakube Locally with HTTPS

Deployment

Helm Chart

Helm Repository

Ingress Configuration

Storage backend

Azure Storage Account

Amazon Cloud Storage

Using Access Key and Secret

Google Cloud Storage

Minio (S3 compatible)

Database Backend

SQL Azure

PostgreSQL

H2

Custom Terraform CLI Builds

Self-Hosted Agents

External Redis

Ephemeral Executor with Redis SSL

Proxy Configuration

Token Security

Development

User Management

User Guide

Organizations

Creating an Organization

API Tokens

User API Tokens

Default Templates

CLI-Driven Templates

Terraform Plan/Apply Cli Template

Terraform Plan/Destroy Cli Templates

Import Templates

UI Templates

Filter global variables in jobs

Template Configuration

Tags

Creating a Tag

VCS Providers

Webhooks

GitLab

SSH

Modules:

Workspace:

SSH Key Injection

Workspaces

Overview

Managing Workspace Tags

Terraform State

JSON State

Visual State

Resources

Share Workspace State

Provider Cache

AWS Dynamic Provider Credentials

Requirements

Azure Dynamic Provider Credentials

Requirements

GCP Dynamic Provider Credentials

Requirements

Running Example

Workspace scheduler

API-driven Workflow