Introduction
HashiCorp's Helm chart can be used to deploy Terraform Enterprise FDO on Kubernetes .
The default helm chart behaviour is to spawn the TFE agents in a different namespace than the TFE application.
Problem
Users asking for a way to spawn the TFE agents in the same namespace as the TFE application.
Things to consider before using the solution
Terraform agents (TFE agents) are deliberately placed in a separate namespace as the Terraform Enterprise application.This is because Terraform Enterprise is given an extremely dangerous collection of permissions in the namespace in which agents are run. This is intentional and necessary for Terraform Enterprise to manage the launching and monitoring of the Kubernetes jobs necessary for runs to process. The agents are deliberately placed in a separate namespace to isolate the danger those permissions provide. If you put the agents in the same namespace as the Terraform Enterprise FDO pods it would be a trivial exercise to customize some terraform run code to do serious harm to the FDO pods.
Solution
To change the TFE agents' namespace one will need to fork the helm chart
and change the TFE_RUN_PIPELINE_KUBERNETES_NAMESPACE value in the config map
from
TFE_RUN_PIPELINE_KUBERNETES_NAMESPACE: {{ .Release.Namespace }}-agents
to
TFE_RUN_PIPELINE_KUBERNETES_NAMESPACE: {{ .Release.Namespace }}