Manage agent pools with the Terraform Cloud Operator v2
Note
HCP Terraform Free Edition includes one self-hosted agent. Refer to HCP Terraform pricing for details.
The Terraform Cloud Operator for Kubernetes lets you create and manage HCP Terraform agents, agent pools, and tokens through a single Kubernetes custom resource.
HCP Terraform Agents let HCP Terraform communicate with isolated, private, or on-premises infrastructure. By deploying agents within a specific network segment, you can connect your environment and HCP Terraform, which lets Terraform provision and manage private infrastructure.
In this tutorial you will use the Terraform Cloud Operator for Kubernetes to create and manage an HCP Terraform Agent. The operator manages the lifecycle of agents, making it easier to scale them quickly and securely.
Prerequisites
This tutorial assumes that you are familiar with the standard Terraform workflow, HCP Terraform, and basic Kubernetes usage.
For this tutorial, you will need:
- An HCP Terraform organization owner account
- kubectl
- A running Kubernetes cluster v1.16+ with the Terraform Cloud Operator for Kubernetes installed
If you do not have the Terraform Cloud Operator for Kubernetes installed already, follow the Deploy Infrastructure with the Terraform Cloud Operator for Kubernetes tutorial through the Deploy the operator step and do not delete the Kind cluster or any of the resources created.
Clone repository
In your terminal, clone the Learn Terraform Cloud Operator for Kubernetes repository.
Review configuration
Navigate into the v2
directory in the repository.
Navigate into the operator
directory, which contains configuration files for the operator.
Open the agentpool.yml
file. This file defines an HCP Terraform agent pool with one agent. Replace ORGANIZATION-NAME
with your own HCP Terraform organization and save the file.
Configure HCP Terraform access
The operator requires owner privileges in your HCP Terraform organization to manage your agents. To do so, create an API token for your owners team, then add it to your cluster as a Kubernetes secret.
First, sign into your HCP Terraform account, then select Settings -> Teams.
Click on the owners team then click Create a team token to generate a new team API token. If you already have an active token for your owners team, retrieve it or regenerate it if necessary.
Warning
The Team token has global privileges. Ensure that the Kubernetes cluster using this token has proper role-based access control to limit access to the secret, or store it in a secret manager with access control policies.
Copy this token and store it somewhere safe.
Create the agent pool
Create an environment variable to configure the Kubernetes namespace to deploy to named NAMESPACE
and set it to edu
.
Create a secret containing your HCP Terraform Team API token. Replace APITOKEN
with the token that you created earlier.
Apply the AgentPool specification to the namespace.
Review the operator logs to confirm you launched the agent and agent pool.
Verify the agent pool
Navigate to your HCP Terraform organization settings. Go to the Agents page and verify that you created a new agent pool named agent-pool-demo
with one agent.
Enable autoscaling
Note: HCP Terraform Free Edition includes one self-hosted agent. Refer to HCP Terraform pricing for details.
Provide the .spec.autoscaling
configuration in your AgentPool
specification so that the operator scales the number of agents based on the number of pending Terraform workloads.
Open the agentpool.yml
file and add the following configuration.
The minReplicas
and maxReplicas
fields define the number of agents that the operator will deploy. By default, the operator will wait 300 seconds between scaling events, but you can configure the wait time with the cooldownPeriodSeconds
field.
The optional targetWorkspaces
configuration takes an array of workspaces to enable autoscaling on. If you omit this field, the operator will determine when to scale the agent pods based on the load of all workspaces configured to use the agent pool. You can identify workspaces with the following identifiers:
name
: The name of the workspace (Example:greetings
).id
: The ID of the workspace (Example:ws-NUVHA9feCXzAmPHx
).wildcardName
: A pattern to search for workspace names (Example:west-development-*
).
In the above example, the operator will only scale the pods for this agent pool based on the load of the greetings
workspace.
Apply the updated AgentPool
spec.
Open the workspace.yml
file and configure the workspace to use the agent pool by adding the .spec.agentPool
configuration with the agent pool name.
Next, update the workspace executionMode
and set the vale to agent
.
Finally, apply the updated Workspace
spec.
With no pending Terraform workloads, the operator automatically scales the number of agents to match the minReplicas
defined in your configuration. In this case, the operator stops all running agents. Watch the pods in the operator namespace and verify that the agent pods are stopped.
Clean up resources
First, destroy the agent pool and agent by removing the resource definition from your cluster.
Next, delete the Kubernetes resources. Navigate to the root directory.
Destroy the namespace, secrets, and the operator. Confirm the deletion by typing yes
when prompted.
Finally, if you are running on Kind, delete the cluster.
Next steps
In this tutorial, you used the Terraform Cloud Operator for Kubernetes to create an HCP Terraform agent pool. You can modify and extend the example configuration to deploy multiple agent pools, and scale the number of agents in each agent pool.
Visit the following resources to learn more about the Terraform Cloud Operator for Kubernetes.
- Read the Deploy infrastructure with the Terraform Cloud Operator v2 tutorial.
- To learn more about the operator and its design, check out the hashicorp/terraform-cloud-operator repository.
- To discover more about managing Kubernetes with Terraform, review the HashiCorp Kubernetes tutorials.