kubernetes

Stores the state in a Kubernetes secret.

This backend supports state locking, with locking done using a Lease resource.

Example Configuration

terraform {
  backend "kubernetes" {
    secret_suffix    = "state"
    config_path      = "~/.kube/config"
  }
}

This assumes the user/service account running terraform has permissions to read/write secrets in the namespace used to store the secret.

If the config_path or config_paths attribute is set the backend will attempt to use a kubeconfig file to gain access to the cluster.

If the in_cluster_config flag is set the backend will attempt to use a service account to access the cluster. This can be used if Terraform is being run from within a pod running in the Kubernetes cluster.

For most use cases either in_cluster_config, config_path, or config_paths will need to be set. If all flags are set the configuration at config_path will be used.

Note that for the access credentials we recommend using a partial configuration.

Example Referencing

data "terraform_remote_state" "foo" {
  backend = "kubernetes"
  config = {
    secret_suffix    = "state"
    load_config_file = true
  }
}

Configuration Variables

The following configuration options are supported: