Feature Request: "Break-the-Glass" Operability for Running Terraform/OpenTofu π οΈΒ #65
Description
Description:
As a user exploring the provider-opentofu, I'm very interested in enhancing the operational capabilities for managing Terraform/OpenTofu code deployed via Crossplane.
In a previous project, we found a feature called "break-the-glass" to be extremely valuable for operators π§βπ§. This functionality, implemented in projects like https://github.com/flux-iac/tofu-controller (using the tfctl client), allows operators to:
-
Attach directly to the Kubernetes Pod where the Terraform/OpenTofu execution is happening β‘οΈ.
-
Execute commands directly within that environment β¨οΈ.
This capability provides crucial operational flexibility βοΈ for debugging, troubleshooting, and potentially performing manual interventions in exceptional circumstances.
Request:
I would like to propose considering a similar "break-the-glass" functionality for the provider-opentofu. This could involve:
-
Providing a mechanism for operators to gain shell access to the environment where the Terraform/OpenTofu plan and apply operations are being executed (likely a Kubernetes Pod in most Crossplane deployments) π.
-
Potentially integrating with or suggesting a compatible CLI tool (similar to tfctl) that could facilitate this interaction π.
Benefits:
Implementing such a feature could significantly improve the operational maturity π± of managing infrastructure through Crossplane and the OpenTofu provider by:
-
Facilitating easier debugging of complex issues π.
-
Providing a way to recover from unexpected states π.
-
Empowering operators with more direct control when necessary πͺ.
Thank you for considering this feature request π. I'm happy to discuss this further and provide any additional context needed.