 
  				MMS • Claudio Masolo

HashiCorp recently released version 2.3 of Terraform Cloud Operator for Kubernetes with a new feature: the ability to initiate workspace runs declaratively. The Terraform Cloud Operator for Kubernetes was introduced in November 2023 to provide a Kubernetes-native experience while leveraging Terraform workflows.
The Terraform Cloud Operator allows users to manage Terraform Cloud resources with Kubernetes Custom Resource Definitions (CRD). This operator allows the users to provision infrastructure internal or external to the Kubernetes cluster directly from the Kubernetes control plane.
The Key Benefits of Terraform Cloud Operator are:
- Flexible resource management: Version 2 introduces multiple custom resources with dedicated controllers for various Terraform Cloud resources, enhancing flexibility and performance for managing custom resources concurrently in large-scale deployments.
- Namespace management: Tailor the operator’s watch scope to specific namespaces using the --namespaceoption, enabling fine-grained resource management tailored to your organizational needs.
- Configurable synchronization: Adjust the synchronization frequency between custom resources and Terraform Cloud with the --sync-periodoption, ensuring timely updates and operational smoothness.
In previous iterations of the Terraform Cloud Operator v2, initiating a run was limited to patching the restartedAt timestamp within the Module resource. This method proved non-intuitive, lacked universality across workspace types, and offered no control over run types, hampering migration efforts. However, version 2.3 addresses these challenges by enabling users to declaratively commence plan, apply, and refresh runs on workspaces, thereby empowering developers with enhanced self-service capabilities across all Operator-managed workspaces, including VCS-driven ones.
Version 2.3 introduces three new annotations within the Workspace custom resource to facilitate workspace run initiation:
- workspace.app.terraform.io/run-new: Set to- trueto trigger a new run.
- workspace.app.terraform.io/run-type: Control the run type (plan, apply, or refresh).
- workspace.app.terraform.io/run-terraform-version: Specify the Terraform version for speculative plan runs.
This is an example of Workspace Resource and Annotation:
apiVersion: app.terraform.io/v1alpha2
kind: Workspace
metadata:
  name: this
spec:
  organization: kubernetes-operator
  token:
    secretKeyRef:
      name: tfc-operator
      key: token
  name: kubernetes-operator
To immediately initiate a new apply run for the above workspace resource using kubectl:
kubectl annotate workspace this 
    workspace.app.terraform.io/run-new="true" 
    workspace.app.terraform.io/run-type=apply --overwrite
After successful execution, the annotation is reflected in the Workspace resource for observability:
apiVersion: app.terraform.io/v1alpha2
kind: Workspace
metadata:
  annotations:
    workspace.app.terraform.io/run-new: "true"
    workspace.app.terraform.io/run-type: apply
  name: this
spec:
  organization: kubernetes-operator
  token:
    secretKeyRef:
      name: tfc-operator
      key: token
  name: kubernetes-operator
Post-run completion, the operator automatically resets the run-new value to false.
With Terraform Cloud Operator v2.3, initiating and managing workspace runs becomes more intuitive, empowering teams to efficiently manage infrastructure while embracing Kubernetes-native experiences.