Introduction
Problem
When using a Custom Terraform Cloud agent with hooks on Kubernetes everything works as expected. When using the same image on OpenShift the hooks are not being executed.
Prerequisites
- The Custom Terraform Cloud image runs on OpenShift
Cause
In OpenShift, the way containers handle file permissions and paths is different compared to standard Kubernetes environments. For more information please see the following documentation here from OpenShift.
This results in a Custom Terraform Cloud agent image with hooks like the following will not work on OpenShift as it would on Kubernetes
FROM hashicorp/tfc-agent:latest
USER root
RUN mkdir -p /home/tfc-agent/.tfc-agent
ADD --chown=tfc-agent:tfc-agent hooks /home/tfc-agent/.tfc-agent/hooks
USER tfc-agent
Solution:
You will have to alter the Custom Terraform Cloud agent image for OpenShift in the following way
FROM hashicorp/tfc-agent:latest
USER root
RUN mkdir /.tfc-agent && \
chmod 770 /.tfc-agent
ADD hooks /.tfc-agent/hooks
USER tfc-agent
Outcome
Hooks will be executed as documented here.
Additional Information
-
Official documentation about Terraform Cloud agents and hooks can be found here