cpflow 4.0.1 → 4.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48de117fc2fbc2458b8469bfb3d93663c2950777803f84079dfdfa7cdbcda9e9
-  data.tar.gz: e3a8347bd330f6df7d2d5e98a3692144fa04d3c935241fbacf7ab06c8f039e79
+  metadata.gz: ff0b8272e9a7bff7f8dc1e0b259188726cb2bbd0b7c87cc8c3bc498a984e2023
+  data.tar.gz: 8ee3ebc353a638b11fb2a00b98e1a4ff9347c1f1c3170d26ab5e0f23efae95f1
 SHA512:
-  metadata.gz: '06907b1c67896b14b71376bc88253fcd74a675fb088aab8f6c7bf051ebfaf3f463c3ab96bf33bf64abe6da5bf1dff22529503508176a6d1fc5c35517021c9dc4'
-  data.tar.gz: ae76127106fa6dc3544669163e94571d68ec149f22b8ed68d1cf0332c3f333b65e1a1d2f6f6b2cb75039d45bcf1f8418f1cb4d5ceba750cf11cc930ac5d38ac4
+  metadata.gz: affaed65cdfe25c9be5ef91f331208153b8755a7e1fa3aeb13309388212168a74b0c6d3e70d5f2907df0d726daa50ab3c624de3139d02a9ee669445a991d0411
+  data.tar.gz: 59db782ffc610191aeec401c77ddd939722c7597fecb13afa708f70e994142a33b81ef4ee2971700b496ca2dc1efb445e36956a35adc57050e3c3d6fb721fd79

data/.gitignore

@@ -16,3 +16,7 @@
 
 /spec.log
 /spec/dummy/.controlplane/controlplane*-tmp-*.yml
+
+# Generated configs
+/terraform/
+/.controlplane/

data/CHANGELOG.md

@@ -16,9 +16,21 @@ _Please add entries here for your pull requests that have not yet been released.
 
 ### Fixed
 
-- Fixed issue where `run` command fails when runner workload has ENV but original workload does not. [PR 227](https://github.com/shakacode/control-plane-flow/pull/227) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
+- Fixed issue where `ps`, `ps:start`, `ps:stop`, `ps:wait`, and `run` commands fail when trying to fetch replicas with CPLN CLI. [PR 254](https://github.com/shakacode/control-plane-flow/pull/254) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
+
+## [4.1.0] - 2024-12-17
 
+### Fixed
+
+- Fixed issue where `run` command fails when runner workload has ENV but original workload does not. [PR 227](https://github.com/shakacode/control-plane-flow/pull/227) by [Rafael Gomes](https://github.com/rafaelgomesxyz).
 - Fixed potential infinite loop that could occur for a command if one of the execution steps fails and gets stuck. [PR 217](https://github.com/shakacode/control-plane-flow/pull/217) by [Zakir Dzhamaliddinov](https://github.com/zzaakiirr).
+- Fixed issue where app cannot be deleted because one of the workloads has a volumeset in-use. [PR 245](https://github.com/shakacode/control-plane-flow/pull/245) by [Zakir Dzhamaliddinov](https://github.com/zzaakiirr).
+- Fixed `resolv` may be not properly required [PR 250](https://github.com/shakacode/control-plane-flow/pull/250) by [Sergey Tarasov](https://github.com/dzirtusss).
+
+### Added
+
+- Added `--docker-context` option to `build-image` command. [PR 250](https://github.com/shakacode/control-plane-flow/pull/250) by [Sergey Tarasov](https://github.com/dzirtusss).
+
 
 ## [4.0.0] - 2024-08-21
 
@@ -268,7 +280,8 @@ Deprecated `cpl` gem. New gem is `cpflow`.
 
 First release.
 
-[Unreleased]: https://github.com/shakacode/control-plane-flow/compare/v4.0.0...HEAD
+[Unreleased]: https://github.com/shakacode/control-plane-flow/compare/v4.1.0...HEAD
+[4.1.0]: https://github.com/shakacode/control-plane-flow/compare/v4.0.0...v4.1.0
 [4.0.0]: https://github.com/shakacode/control-plane-flow/compare/v3.0.1...v4.0.0
 [3.0.1]: https://github.com/shakacode/control-plane-flow/compare/v3.0.0...v3.0.1
 [3.0.0]: https://github.com/shakacode/control-plane-flow/compare/v2.2.4...v3.0.0

data/COMM-LICENSE.txt

@@ -0,0 +1,9 @@
+Control Plane Flow - Commercial Licensing
+
+Control Plane Flow is currently licensed under the GNU Lesser General Public License v3.0, which allows for broad use, including integration with proprietary software, as long as modifications to Control Plane Flow itself are open-sourced.
+
+While there are no current commercial license offerings, ShakaCode LLC reserves the right to offer commercial licenses or additional options in the future. This may include support packages, premium features, or alternative licensing terms.
+
+For any inquiries or expressions of interest in potential commercial licensing, please reach out to ShakaCode LLC at justin@shakacode.com.
+
+You can find the full terms of the GNU Lesser General Public License v3.0 at <http://www.gnu.org/licenses/lgpl-3.0.html>.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cpflow (4.0.1)
+    cpflow (4.1.1)
       dotenv (~> 2.8.1)
       jwt (~> 2.8.1)
       psych (~> 5.1.0)

data/LICENSE

@@ -1,21 +1,8 @@
-MIT License
+Copyright (c) 2024 ShakaCode LLC
 
-Copyright (c) 2022 ShakaCode
+Control Plane Flow is an Open Source project licensed under the terms of
+the LGPLv3 license. Please see <http://www.gnu.org/licenses/lgpl-3.0.html> for license text.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+Control Plane Flow may offer commercial-friendly licensing options in the future.
+You can find any applicable commercial license terms in COMM-LICENSE.txt.
+For inquiries, please contact justin@shakacode.com.

data/README.md

@@ -1,9 +1,9 @@
 # The power of Kubernetes with the ease of Heroku!
 
-<meta name="author" content="Justin Gordon and Sergey Tarasov">
-<meta name="description" content="Instructions on how to migrate from Heroku to Control Plane and a CLI called cpflow to make it easier.">
-<meta name="copyright" content="ShakaCode, 2023">
-<meta name="keywords" content="Control Plane, Heroku, Kubernetes, K8, Infrastructure">
+<meta name="author" content="Justin Gordon and Sergey Tarasov" />
+<meta name="description" content="Instructions on how to migrate from Heroku to Control Plane and a CLI called cpflow to make it easier." />
+<meta name="copyright" content="ShakaCode, 2023" />
+<meta name="keywords" content="Control Plane, Heroku, Kubernetes, K8, Infrastructure" />
 <meta name="google-site-verification" content="dIV4nMplcYl6YOKOaZMqgvdKXhLJ4cdYY6pS6e_YrPU" />
 
 [![RSpec](https://github.com/shakacode/control-plane-flow/actions/workflows/rspec.yml/badge.svg)](https://github.com/shakacode/control-plane-flow/actions/workflows/rspec.yml)
@@ -12,7 +12,9 @@
 [![Gem](https://badge.fury.io/rb/cpflow.svg)](https://badge.fury.io/rb/cpflow)
 
 
-Enable the [Heroku Flow](https://www.heroku.com/flow) deployment model with [Control Plane](https://shakacode.controlplane.com) using the `cpflow` gem.
+Leverage the power of Kubernetes with the ease of Heroku! The `cpflow` gem enables simple CI configuration for Heroku-style "review apps," staging deployments, and seamless promotion from staging to production. This is similar to the the [Heroku Flow](https://www.heroku.com/flow) deployment model.
+
+Follow the "convention over configuration" philosophy to streamline your deployment workflows and reduce complexity.
 
 ----
 
@@ -20,8 +22,8 @@ _If you need a free demo account for Control Plane (no CC required), you can con
 
 ---
 
-Be sure to see the [demo app](https://github.com/shakacode/react-webpack-rails-tutorial/tree/master/.controlplane)
-If you would like to see the simple YAML configuration and setup,
+Be sure to see the [demo app](https://github.com/shakacode/react-webpack-rails-tutorial/tree/master/.controlplane), which includes simple YAML configurations and setup for `cpflow`.
+
 Also, check [how the `cpflow` gem (this project) is used in the Github actions](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.github/actions/deploy-to-control-plane/action.yml).
 Here is a brief [video overview](https://www.youtube.com/watch?v=llaQoAV_6Iw).
 
@@ -33,11 +35,11 @@ Control Plane's `cpln` CLI.
 Heroku provides a UX and CLI that enables easy publishing of Ruby on Rails and other apps. This ease of use comes via
 many "Heroku" abstractions and naming conventions.
 
-Control Plane, on the other hand, gives you access to raw cloud computing power. However, you need to know precisely how
-to use it.
+Control Plane provides access to raw cloud computing power but lacks the simple abstractions of Heroku. The `cpflow` CLI bridges this gap, delivering a streamlined and familiar experience for developers.
+
+While this repository simplifies migration from Heroku, the `cpflow` CLI is versatile and can be used for new applications as well. It follows a **concept mapping** and **helper CLI** approach to streamline deployment workflows and minimize manual effort.
 
-To simplify migration to and usage of Control Plane for Heroku users, this repository provides a **concept mapping** and
-a **helper CLI** based on templates to save lots of day-to-day typing (and human errors).
+Additionally, the documentation includes numerous examples and practical tips for teams transitioning from Heroku to Kubernetes, helping them make the most of Control Plane's advanced features.
 
 1. [Key Features](#key-features)
 2. [Concept Mapping](#concept-mapping)
@@ -52,14 +54,15 @@ a **helper CLI** based on templates to save lots of day-to-day typing (and human
 11. [CLI Commands Reference](#cli-commands-reference)
 12. [Mapping of Heroku Commands to `cpflow` and `cpln`](#mapping-of-heroku-commands-to-cpflow-and-cpln)
 13. [Examples](#examples)
-14. [Migrating Postgres Database from Heroku Infrastructure](/docs/postgres.md)
-15. [Migrating Redis Database from Heroku Infrastructure](/docs/redis.md)
-16. [Tips](/docs/tips.md)
+14. [Migrating Postgres Database from Heroku Infrastructure](https://www.shakacode.com/control-plane-flow/docs/postgres/)
+15. [Migrating Redis Database from Heroku Infrastructure](https://www.shakacode.com/control-plane-flow/docs/redis/)
+16. [Tips](https://www.shakacode.com/control-plane-flow/docs/tips/)
 
 ## Key Features
 
-- A `cpflow` command to complement the default Control Plane `cpln` command with "Heroku style scripting." The Ruby source
-  can serve as inspiration for your own scripts.
+- The `cpflow` CLI complements the Control Plane `cpln` CLI, enabling "Heroku-style scripting" for review apps, staging, and production environments.
+- Extensive Heroku-to-Control Plane migration examples included in the documentation.
+- Convention-driven configuration to simplify workflows and reduce custom scripting requirements.
 - Easy to understand Heroku to Control Plane conventions in setup and naming.
 - **Safe, production-ready** equivalents of `heroku run` and `heroku run:detached` for Control Plane.
 - Automatic sequential release tagging for Docker images.
@@ -134,7 +137,7 @@ The `cpln` CLI is the Control Plane CLI.
 
 ## Steps to Migrate
 
-Click [here](/docs/migrating.md) to see the steps to migrate.
+Click [here](https://www.shakacode.com/control-plane-flow/docs/migrating/) to see the steps to migrate.
 
 ## Configuration Files
 
@@ -476,7 +479,7 @@ development purposes.
 
 ## Scheduled Jobs
 
-Control Plane supports scheduled jobs via [cron workloads](https://shakadocs.controlplane.com/reference/workload#cron).
+Control Plane supports scheduled jobs via [cron workloads](https://shakadocs.controlplane.com/reference/workload/types#cron).
 
 Here's a partial example of a template for a cron workload, using the app image:
 
@@ -500,7 +503,7 @@ spec:
       image: "/org/APP_ORG/image/APP_IMAGE"
 ```
 
-A complete example can be found at [templates/daily-task.yml](templates/daily-task.yml), optimized for Control Plane and
+A complete example can be found at [templates/daily-task.yml](https://github.com/shakacode/control-plane-flow/blob/main/templates/daily-task.yml), optimized for Control Plane and
 suitable for development purposes.
 
 You can create the cron workload by adding the template for it to the `.controlplane/templates/` directory and running
@@ -510,7 +513,7 @@ Then to view the logs of the cron workload, you can run `cpflow logs -a my-app -
 
 ## CLI Commands Reference
 
-Click [here](/docs/commands.md) to see the commands.
+Click [here](https://www.shakacode.com/control-plane-flow/docs/commands/) to see the commands.
 
 You can also run the following command:
 

data/docs/commands.md

@@ -1,4 +1,4 @@
-<!-- NOTE: This file is automatically generated by running `script/generate_commands_docs`. Do NOT edit it manually. -->
+{ /* Automatically Generated <!-- NOTE: This file is automatically generated by running `script/update_command_docs`. Do NOT edit it manually. --> */}
 
 ## Common Options
 
@@ -431,8 +431,8 @@ cpflow run -a $APP_NAME --entrypoint /app/alternative-entrypoint.sh -- rails db:
 - Creates an app and all its workloads
 - Specify the templates for the app and workloads through `setup_app_templates` in the `.controlplane/controlplane.yml` file
 - This should only be used for temporary apps like review apps, never for persistent apps like production or staging (to update workloads for those, use 'cpflow apply-template' instead)
-- Configures app to have org-level secrets with default name "{APP_PREFIX}-secrets"
-  using org-level policy with default name "{APP_PREFIX}-secrets-policy" (names can be customized, see docs)
+- Configures app to have org-level secrets with default name `"{APP_PREFIX}-secrets"`
+  using org-level policy with default name `"{APP_PREFIX}-secrets-policy"` (names can be customized, see docs)
 - Creates identity for secrets if it does not exist
 - Use `--skip-secrets-setup` to prevent the automatic setup of secrets,
   or set it through `skip_secrets_setup` in the `.controlplane/controlplane.yml` file
@@ -444,6 +444,22 @@ cpflow run -a $APP_NAME --entrypoint /app/alternative-entrypoint.sh -- rails db:
 cpflow setup-app -a $APP_NAME
 ```
 
+### `terraform generate`
+
+- Generates terraform configuration files based on `controlplane.yml` and `templates/` config
+
+```sh
+cpflow terraform generate
+```
+
+### `terraform import`
+
+- Imports terraform resources from the generated configuration files
+
+```sh
+cpflow terraform import
+```
+
 ### `version`
 
 - Displays the current version of the CLI

data/docs/postgres.md

@@ -25,7 +25,7 @@ And if the database is small or it is a hobby app, this should not be looked any
 However, this is not acceptable for 99% of production apps as their databases are huge and maintenance time
 should be as small as possible.
 
-Rough timing for a 1Gb database can be (but your mileage may vary):
+Rough timing for a 1Tb database can be (but your mileage may vary):
 
 - 2.5h creating Heroku backup
 - 0.5h downloading backup to EC2
@@ -52,7 +52,7 @@ The migration process with Bucardo looks as follows:
 
 Maintenance downtime here can be minutes not hours or days like in p1, but no free lunches - the process is more complex.
 
-Rough timing for a 1Gb database can be (but your mileage may vary):
+Rough timing for a 1Tb database can be (but your mileage may vary):
 
 - whatever setup time, no hurry
 - 1.5 days for onetimecopy (in 1 thread) - DDL changes not allowed, but no downtime

data/docs/terraform/details.md

@@ -0,0 +1,415 @@
+### Terraform Configurations from CPLN Templates
+
+#### Providers
+
+Terraform provider configurations are controlled via `required_providers.tf` and `providers.tf`:
+
+- **`required_providers.tf`**
+
+```hcl
+terraform {
+  required_providers {
+    cpln = {
+      source = "controlplane-com/cpln"
+      version = "~> 1.0"
+    }
+  }
+}
+```
+
+- **`providers.tf`**
+
+```hcl
+provider "cpln" {
+  org = "org-name-example"
+}
+```
+
+#### GVC (Global Virtual Cloud)
+
+CPLN template in YAML format:
+
+```yaml
+kind: gvc
+name: app-name
+description: app-description
+tags:
+  tag-name-1: "tag-value-1"
+  tag-name-2: "tag-value-2"
+spec:
+  domain: "app.example.com"
+  env:
+    - name: DATABASE_URL
+      value: "postgres://the_user:the_password@postgres.app-name.cpln.local:5432/app-name"
+    - name: RAILS_ENV
+      value: production
+    - name: RAILS_SERVE_STATIC_FILES
+      value: "true"
+  staticPlacement:
+    locationLinks:
+      - "//location/aws-us-west-2"
+  pullSecretLinks:
+    - "/org/org-name/secret/some-secret"
+  loadBalancer:
+    dedicated: true
+    trustedProxies: 0
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_gvc" "app-name" {
+  name = "app-name"
+  description = "app-description"
+  tags = {
+    tag_name_1 = "tag-value-1"
+    tag_name_2 = "tag-value-2"
+  }
+  domain = "app.example.com"
+  locations = ["aws-us-west-2"]
+  pull_secrets = ["cpln_secret.some-secret.name"]
+  env = {
+    DATABASE_URL = "postgres://the_user:the_password@postgres.app-name.cpln.local:5432/app-name"
+    RAILS_ENV = "production"
+    RAILS_SERVE_STATIC_FILES = "true"
+  }
+  load_balancer {
+    dedicated = true
+    trusted_proxies = 0
+  }
+}
+```
+
+#### Identity
+
+CPLN template in YAML format:
+
+```yaml
+kind: identity
+name: postgres-poc-identity
+description: postgres-poc-identity
+tags:
+  tag-name-1: "tag-value-1"
+  tag-name-2: "tag-value-2"
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_identity" "postgres-poc-identity" {
+  name = "postgres-poc-identity"
+  description = "postgres-poc-identity"
+  tags = {
+    tag_name_1 = "tag-value-1"
+    tag_name_2 = "tag-value-2"
+  }
+}
+```
+
+#### Secret
+
+CPLN template in YAML format
+
+**For `aws` secret:**
+
+```yaml
+kind: secret
+name: aws
+description: aws
+type: aws
+data:
+  accessKey: 'AccessKeyExample'
+  externalId: 'ExternalIdExample'
+  roleArn: arn:awskey
+  secretKey: 'SecretKeyExample'
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_secret" "aws" {
+  name = "aws"
+  description = "aws"
+  aws {
+    secret_key = "SecretKeyExample"
+    access_key = "AccessKeyExample"
+    role_arn = "arn:awskey"
+    external_id = "ExternalIdExample"
+  }
+}
+```
+
+**For `azure-connector` secret:**
+
+```yaml
+kind: secret
+name: azure-connector
+description: azure_connector
+tags:
+  tag1: tag-val
+type: azure-connector
+data:
+  code: 'CodeExample'
+  url: https://example.com
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_secret" "azure-connector" {
+  name = "azure-connector"
+  description = "azure_connector"
+  tags = {
+    tag1 = "tag-val"
+  }
+  azure_connector {
+    url = "https://example.com"
+    code = "CodeExample"
+  }
+}
+```
+
+**For `azure-sdk-secret` secret:**
+
+```yaml
+kind: secret
+name: azure-sdk-secret
+description: azure-sdk-secret
+type: azure-sdk
+data: >-
+  {"subscriptionId":"subscriptionId","tenantId":"tenantId","clientId":"clientId","clientSecret":"CONFIDENTIAL"}
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_secret" "azure-sdk-secret" {
+  name = "azure-sdk-secret"
+  description = "azure-sdk-secret"
+  azure_sdk = "{"subscriptionId":"subscriptionId","tenantId":"tenantId","clientId":"clientID","clientSecret":"CONFIDENTIAL"}"
+}
+```
+
+**For `dictionary` secret:**
+
+```yaml
+kind: secret
+name: dictionary
+description: dictionary
+tags: {}
+type: dictionary
+data:
+  example: 'value'
+```
+
+Will transform to Terraform config:
+
+```hcl
+resource "cpln_secret" "dictionary" {
+  name = "dictionary"
+  description = "dictionary"
+  tags = {
+  }
+  dictionary = {
+    example = "value"
+  }
+}
+```
+
+Supported all types of the secrets which can be configured in Control Plane.
+
+#### Policy
+
+CPLN template in YAML format:
+
+```yaml
+kind: policy
+name: policy-name
+description: policy description
+tags:
+  tag1: tag1_value
+  tag2: tag2_value
+target: all
+targetKind: secret
+targetLinks:
+- "//secret/postgres-poc-credentials"
+- "//secret/postgres-poc-entrypoint-script"
+bindings:
+  - permissions:
+    - reveal
+    - view
+    - use
+    principalLinks:
+      - "//gvc/{{APP_NAME}}/identity/postgres-poc-identity"
+  - permissions:
+    - view
+    principalLinks:
+      - user/fake-user@fake-email.com
+```
+
+Will be transformed to Terraform config:
+
+```hcl
+resource "cpln_policy" "policy-name" {
+  name = "policy-name"
+  description = "policy description"
+  tags = {
+    tag1 = "tag1_value"
+    tag2 = "tag2_value"
+  }
+  target_kind = "secret"
+  gvc = cpln_gvc.app-name.name
+  target = "all"
+  target_links = ["postgres-poc-credentials", "postgres-poc-entrypoint-script"]
+  binding {
+    permissions = ["reveal", "view", "use"]
+    principal_links = ["gvc/app-name/identity/postgres-poc-identity"]
+  }
+  binding {
+    permissions = ["view"]
+    principal_links = ["user/fake-user@fake-email.com"]
+  }
+}
+```
+
+#### Volumeset
+
+CPLN template in YAML format:
+
+```yaml
+kind: volumeset
+name: postgres-poc-vs
+description: postgres-poc-vs
+spec:
+  autoscaling:
+    maxCapacity: 1000
+    minFreePercentage: 1
+    scalingFactor: 1.1
+  fileSystemType: ext4
+  initialCapacity: 10
+  performanceClass: general-purpose-ssd
+  snapshots:
+    createFinalSnapshot: true
+    retentionDuration: 7d
+```
+
+Will be transformed to Terraform config:
+
+```hcl
+resource "cpln_volume_set" "postgres-poc-vs" {
+  gvc = cpln_gvc.app-name.name
+  name = "postgres-poc-vs"
+  description = "postgres-poc-vs"
+  initial_capacity = 10
+  performance_class = "general-purpose-ssd"
+  file_system_type = "ext4"
+  snapshots {
+    create_final_snapshot = true
+    retention_duration = "7d"
+  }
+  autoscaling {
+    max_capacity = 1000
+    min_free_percentage = 1
+    scaling_factor = 1.1
+  }
+}
+```
+
+#### Workload
+
+CPLN template in YAML format:
+
+```yaml
+kind: workload
+name: rails
+spec:
+  type: standard
+  containers:
+    - name: rails
+      cpu: 300m
+      env:
+        - name: LOG_LEVEL
+          value: debug
+      inheritEnv: true
+      image: {{APP_IMAGE_LINK}}
+      memory: 512Mi
+      ports:
+        - number: 3000
+          protocol: http
+  defaultOptions:
+    autoscaling:
+      maxScale: 1
+    capacityAI: false
+  firewallConfig:
+    external:
+      inboundAllowCIDR:
+        - 0.0.0.0/0
+      outboundAllowCIDR:
+        - 0.0.0.0/0
+```
+
+Will be transformed to Terraform configs:
+
+- **`rails.tf`**
+
+```hcl
+module "rails" {
+  source = "../workload"
+  type = "standard"
+  name = "rails"
+  gvc = cpln_gvc.my-app-production.name
+  containers = {
+    rails: {
+      image: "/org/shakacode-demo/image/my-app-production:rails",
+      cpu: "300m",
+      memory: "512Mi",
+      inherit_env: true,
+      envs: local.rails_envs,
+      ports: [
+        {
+          number: 3000,
+          protocol: "http"
+        }
+      ]
+    }
+  }
+  options = {
+    autoscaling: {
+      max_scale: 1
+    }
+    capacity_ai: false
+  }
+  firewall_spec = {
+    external: {
+      inbound_allow_cidr: [
+        "0.0.0.0/0"
+      ],
+      outbound_allow_cidr: [
+        "0.0.0.0/0"
+      ]
+    }
+  }
+}
+```
+
+Notice the `source: ../workload` line - there is a common `workload` module which is used for generating Terraform configs from workload templates:
+```
+workload/
+├── main.tf -- Configurable workload resource in HCL
+├── required_providers.tf -- Required providers for Terraform in HCL
+├── variables.tf -- Variables used to configure workload resource above
+```
+
+- **`rails_envs.tf`**
+
+```hcl
+locals {
+  rails_envs = {
+    LOG_LEVEL = "debug"
+  }
+}
+```
+
+### References
+
+- [Control Plane Terraform Provider](https://registry.terraform.io/providers/controlplane-com/cpln/latest/docs)