Last required release: v202207-2 (642)
Flexible deployment options terraform-enterprise container manifest: amd64/linux sha256:0ee3e432c42721295b600cc0229cbd56753aca7b39fd05380284f858a744fcc5
Breaking Changes
- This release enables the consolidated services architecture announced in v202306-1.
Application services are now consolidated into the terraform-enterprise
container. This container runs as a non-root user and contains the logs for all application services. The terraform-enterprise
container logs are in JSON-lines format. The ‘service’ key preceding the log message indicates the service that reported the log message. If using the fluentbit
log forwarding integration, the ‘component’ metadata attribute indicates which service reported the corresponding log message.
If you are monitoring containers or forwarding log messages to an external destination, you may need to update queries in your monitoring and log aggregation tools to reflect these changes. Terraform runs will continue to execute in isolated, short-lived containers, but will now run as a non-root user. This change can be disabled using the consolidated_services_enabled
setting until v202401-1, when we will remove it. You can only disable this change if you are deploying with Replicated. For more details, refer to Consolidated Services documentation
Highlights
- Terraform Enterprise now supports more flexible deployment options. You can deploy Terraform Enterprise with cloud-managed Kubernetes services (Amazon EKS, Azure AKS, and Google Cloud GKE) using helm, or with Docker Engine using Docker Compose.
- To get started with one of the new deployment options, check out the shared requirements, the requirements for your desired deployment option (docker or cloud-managed Kubernetes, and the migration guides for migrating from Replicated.
- The new lightweight, single-container architecture provides significantly faster startup times, and includes new startup checks that can help quickly diagnose configuration issues and prevent the application from starting up in a risky state.
- Flexible Deployment Options requires a new license file to download and install Terraform Enterprise for Docker or cloud-managed Kubernetes. All existing customers will receive the new license file by Thursday, September 21. If you do not receive your license file, please contact your HashiCorp account representative.
- You can now apply policy sets to projects in your organization. For each run in a project’s workspace, Terraform Enterprise checks the Terraform plan against the policy set. Refer to the Policy Enforcement documentation for details.
Improvements
- The no-code header no longer shows up in the sidebar when an organization cannot access the no-code feature.
- All TFE installations now automatically include a copy of HashiCorp’s public GPG keys. This simplifies the process of hosting an official HashiCorp Terraform provider for use in an air-gapped TFE installation.
- Temporary run data will now be retained for 1 day instead of 1 week. This will reduce disk usage when using the mounted disk operation mode, and object storage usage when using external services or active/active mode. This change does not impact user-visible behavior.
Bug Fixes
- Removed a duplicate checkbox for overriding policy sets.
- Fixed the dropdown with search components on the Policy Set and Variable Set pages to return the correct options after a search.
- Allow users to search for workspaces from page 2 and above.
- Notification delivery results for emails would always display in the frontend as an error regardless of delivery outcome. The frontend status should now be updated on successful email delivery.
- Fixes a bug where certain types of corrupt files in a module upload could cause publishing to fail without notifying the user of the failure.
- Users should now be able to see an error message if their modules cannot be uploaded into Registry, even in some rare cases. Previously in those cases users would just keep seeing “publishing in progress” messages.
Security
- Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.