Provider Setup

Before you begin, ensure you have:
  • Kubiya account (sign up at kubiya.ai)
  • API key generated from Kubiya dashboard (Admin → Kubiya API Keys)
  • Terraform 1.0 or higher installed
terraform {
  required_version = ">= 1.0"
  
  required_providers {
    kubiya = {
      source  = "kubiya-terraform/kubiya"
      version = ">= 1.0.0"
    }
  }
}

provider "kubiya" {
  # API key is automatically read from KUBIYA_API_KEY environment variable
}

Agent Examples

1. Basic Agent

Start with a simple agent configuration to understand the fundamentals:
resource "kubiya_agent" "basic" {
  name         = "basic-assistant"
  runner       = "kubiya-hosted"
  description  = "A helpful AI assistant"
  instructions = "You are a helpful assistant. Provide clear and concise responses."
}

2. Agent with Custom Tools

3. Incident Response Automation

4. Deployment Orchestration

Webhook Examples

Data Processing Pipeline

Trigger Examples

CI/CD Pipeline

1

Setup HTTP Trigger

Configure a trigger that responds to GitHub webhooks for automated CI/CD:
resource "kubiya_trigger" "cicd_trigger" {
  name   = "github-cicd-pipeline"
  runner = "kubiya-hosted"
  
  workflow = jsonencode({
    name    = "CI/CD Pipeline"
    version = 1
    steps = [
      {
        name        = "checkout"
        description = "Checkout code"
        executor = {
          type = "command"
          config = {
            command = "git clone ${REPO_URL} /tmp/repo && cd /tmp/repo && git checkout ${BRANCH}"
          }
        }
      },
      {
        name        = "test"
        description = "Run tests"
        depends     = ["checkout"]
        executor = {
          type = "tool"
          config = {
            tool_def = {
              name        = "test-runner"
              description = "Execute test suite"
              type        = "docker"
              image       = "node:18"
              content     = "cd /tmp/repo && npm install && npm test"
            }
          }
        }
        output = "TEST_RESULTS"
      },
      {
        name        = "build"
        description = "Build application"
        depends     = ["test"]
        executor = {
          type = "command"
          config = {
            command = "cd /tmp/repo && docker build -t app:${VERSION} ."
          }
        }
      },
      {
        name        = "scan"
        description = "Security scan"
        depends     = ["build"]
        executor = {
          type = "tool"
          config = {
            tool_def = {
              name        = "security-scanner"
              description = "Scan for vulnerabilities"
              type        = "docker"
              image       = "aquasec/trivy"
              content     = "trivy image app:${VERSION}"
            }
          }
        }
        output = "SCAN_RESULTS"
      },
      {
        name        = "deploy"
        description = "Deploy to environment"
        depends     = ["scan"]
        executor = {
          type = "command"
          config = {
            command = <<-BASH
              kubectl set image deployment/app app=app:${VERSION} -n ${ENVIRONMENT}
              kubectl rollout status deployment/app -n ${ENVIRONMENT}
            BASH
          }
        }
      }
    ]
  })
}

output "cicd_trigger_url" {
  value       = kubiya_trigger.cicd_trigger.url
  sensitive   = true
  description = "CI/CD pipeline trigger URL"
}
2

Configure GitHub

Use the trigger URL in your GitHub webhook configuration to automatically trigger builds on code changes.

Complete Solutions

Full DevOps Platform

# Shared tools and workflows
resource "kubiya_source" "devops_tools" {
  name = "devops-toolkit"
  
  tools = jsonencode([
    {
      name        = "k8s-diagnostics"
      description = "Kubernetes cluster diagnostics"
      type        = "docker"
      image       = "bitnami/kubectl:latest"
      content     = <<-BASH
        echo "=== Cluster Health Check ==="
        kubectl get nodes
        echo ""
        echo "=== Pod Status ==="
        kubectl get pods --all-namespaces | grep -v Running
        echo ""
        echo "=== Resource Usage ==="
        kubectl top nodes
        kubectl top pods --all-namespaces | head -20
      BASH
    },
    {
      name        = "database-health"
      description = "Check database health"
      type        = "docker"
      image       = "postgres:14"
      content     = <<-SQL
        psql -h ${DB_HOST} -U ${DB_USER} -d ${DB_NAME} -c "
          SELECT 
            pg_database.datname,
            pg_size_pretty(pg_database_size(pg_database.datname)) as size,
            count(pg_stat_activity.pid) as connections
          FROM pg_database
          LEFT JOIN pg_stat_activity ON pg_database.datname = pg_stat_activity.datname
          GROUP BY pg_database.datname
          ORDER BY pg_database_size(pg_database.datname) DESC;
        "
      SQL
      args = [
        {
          name        = "DB_HOST"
          type        = "string"
          description = "Database host"
          required    = true
        },
        {
          name        = "DB_USER"
          type        = "string"
          description = "Database user"
          required    = true
        },
        {
          name        = "DB_NAME"
          type        = "string"
          description = "Database name"
          required    = true
        }
      ]
    }
  ])
  
  workflows = jsonencode([
    {
      name        = "incident-response"
      description = "Automated incident response"
      steps = [
        {
          name = "diagnose"
          executor = {
            type = "tool"
            config = {
              tool_name = "k8s-diagnostics"
            }
          }
          output = "DIAGNOSIS"
        },
        {
          name    = "create-ticket"
          depends = ["diagnose"]
          executor = {
            type = "agent"
            config = {
              teammate_name = "jira-agent"
              message       = "Create incident ticket with diagnosis: ${DIAGNOSIS}"
            }
          }
          output = "TICKET_ID"
        },
        {
          name    = "notify"
          depends = ["create-ticket"]
          executor = {
            type = "agent"
            config = {
              teammate_name = "slack-agent"
              message       = "Incident ${TICKET_ID} created. Diagnosis: ${DIAGNOSIS}"
            }
          }
        }
      ]
    }
  ])
  
  runner = "kubiya-hosted"
}

Data Processing Platform

Best Practices

Security

  • Use environment variables for API keys
  • Implement proper access controls
  • Enable audit logging
  • Store secrets securely

Organization

  • Use consistent naming conventions
  • Create reusable Terraform modules
  • Store configurations in Git
  • Document custom resources

Testing

  • Test in development first
  • Validate workflows before deployment
  • Set up monitoring and alerts
  • Always have rollback plans

Performance

  • Choose appropriate runners
  • Use parallel execution
  • Set resource limits
  • Implement caching strategies

Security Guidelines

# Always use environment variables for sensitive data
export KUBIYA_API_KEY="your-api-key-here"
export DB_PASSWORD="secure-password"
export WEBHOOK_SECRET="webhook-secret"

Troubleshooting

Getting Help

Conclusion

This comprehensive guide demonstrates the full capabilities of the Kubiya Terraform Provider with production-ready examples. Each configuration can be adapted to your specific requirements and infrastructure needs.
All examples in this guide are production-ready but should be customized for your specific environment, security requirements, and operational procedures.