Workspace runs on Terraform Enterprise FDO - OpenShift are stuck

Avatar
Patrick Munne
  • Updated

Problem

Workspace runs in Terraform Enterprise Flexible Deployment Options (FDO) on OpenShift do not execute and remain in a Plan queued state.

Prerequisites

  • Terraform Enterprise FDO running on OpenShift.

Cause

By default, Terraform Enterprise uses a standard worker image to execute runs. When running on OpenShift, this default worker image does not have the required permissions to execute a run, causing the process to fail.

The Terraform Enterprise logs show the following error, indicating the Kubernetes container terminated due to an error.

{"@level":"debug","@message":"kubeconfig path is not specified. App will fall back to using inClusterConfig or default config","@module":"task-worker.executor"}
W[...] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
{"@level":"error","@message":"error running task instance","@module":"task-worker.executor","err":"error waiting for kubernetes container to start: pod container is not ready: kubernetes container terminated. reason: Error, message: , exit code: 1"}

Solution

To resolve this issue, you must create and configure a custom agent image that meets OpenShift's security requirements. Follow the steps for creating a custom agent as documented in the OpenShift deployment requirements.

Procedure

  1. Create a custom agent image using a Dockerfile that sets the correct user and permissions. This example creates a directory for the agent and grants it the necessary permissions.

    FROM hashicorp/tfc-agent
USER root
RUN mkdir /.tfc-agent && \
    chmod 770 /.tfc-agent
USER tfc-agent
  2. Configure your Terraform Enterprise environment to use the custom agent image by setting the following parameters.

Outcome

After applying the configuration, Terraform Enterprise runs will execute successfully using the custom agent image.

Additional Information

Articles in this section

See more

Related articles