Migrate Tofu Controller to OpenTofu #1675
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alex Marston <[email protected]>
Signed-off-by: Alex Marston <[email protected]>
Signed-off-by: Alex Marston <[email protected]>
Signed-off-by: Alex Marston <[email protected]>
Signed-off-by: Alex Marston <[email protected]>
Contributor
|
This probably needs to be highlighted as a breaking change for those who build their own runner images and update terraform binary there |
alexandermarston
changed the title
Contributor
|
This PR may fix #1437 |
OS-alexandrebrito
added a commit
to OS-alexandrebrito/tofu-controller
that referenced
this pull request
Jan 9, 2026
Implements support for both Terraform and OpenTofu binaries using
separate Dockerfiles with minimal code changes. This enables teams
to use either binary while maintaining security compliance, with
OpenTofu as the default and a clear deprecation path for Terraform.
Changes:
- Updated runner.Dockerfile and runner-azure.Dockerfile to OpenTofu v1.11.2
- Created runner-terraform.Dockerfile and runner-terraform-azure.Dockerfile
- Updated CI/CD workflows to build all 4 image variants
- Added binary detection in runner/server.go
- Added Terraform v1.14.3 support via separate images
- Updated documentation for binary selection
- Removed unnecessary BINARY_TYPE build arguments
Images published:
- OpenTofu (default): v{VERSION}, latest
- Terraform: v{VERSION}-terraform, latest-terraform
Binary versions:
- OpenTofu: 1.11.2
- Terraform: 1.14.3 (up from 1.5.7)
Breaking changes for Terraform users:
- S3 backend role_arn deprecated (use assume_role block)
- -state flag deprecated (use backend configuration)
- See IMPLEMENTATION_VERIFICATION.md for migration guidance
Related to PR flux-iac#1675
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For some time, Tofu Controller has only supported up to version
1.5.7of Terraform due to the licensing changes Hashicorp announced and implemented in 2023. As we have not been able to update to a newer version of Terraform and had not completed the migration to OpenTofu, users have been forced to deploy their own custom runner images.This PR starts the process of moving away from Hashicorp Terraform and to the OpenTofu implementation.
For this change, a few changes have been made:
tofubinary available to the runner, pulling this in from the OpenTofu minimal images rather than downloading architecture specific binaries.