Introduction
The official HashiCorp Terraform Enterprise Helm chart provides a method for deploying Terraform Enterprise (TFE) on a Kubernetes cluster. By default, the Helm chart deploys TFE agents into a separate namespace from the main TFE application.
This separation is an intentional security measure. It isolates the permissions granted to the TFE application, which are required to manage Kubernetes jobs, from the permissions available to the agent jobs themselves.
This article explains how to override the default behavior and configure TFE agents to run in the same Kubernetes namespace as the TFE application.
Prerequisites
- You must use version v1.3.4 or later of the Terraform Enterprise Helm chart, as this is the first release that includes a configurable agent namespace.
Procedure
To deploy the TFE agents into the same namespace as the TFE application, you must modify your Helm chart values.yaml file or provide the values during installation.
- Set the
agents.namespace.namevalue to the target namespace where the TFE application is deployed. - Set the
agents.namespace.enabledvalue tofalse. This prevents the Helm chart from attempting to create a namespace that already exists.
Your configuration should include the following values.
agents:
namespace:
## Set this to the namespace where TFE is installed.
name: "your-tfe-namespace"
## Set to false to prevent the chart from creating the namespace.
enabled: falseAfter applying these settings, the Helm chart will configure the TFE agents to launch in the specified namespace.