aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Programming

How To GitOps Your Terraform

  • aster.cloud
  • October 5, 2022
  • 4 minute read

This is the first blog post in a series where we want to shine a light on projects in the Flux Ecosystem. This time it’s going to be the Terraform Controller.

If you use Terraform, you might think of it as “Infrastructure as Code” and to be separate from the concept of GitOps. Quite often we have seen debates about “Infrastructure as Code vs. GitOps”. The Terraform Controller reconciles these two worlds and lets you take advantage of the benefits of GitOps for existing Terraform resources: one source of truth, one single pane of glass and drift detection among them.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

You might have resorted to using pipelines or manual deployments up until now. In this blog post we are going to show how to have your Terraform resources managed the GitOps way. Without having to convert your code at all!

What is the Terraform Controller?

The Terraform Controller is a Flux controller that can manage your Terraform resources. Although Flux runs on Kubernetes, whatever you are using Terraform for, the Flux controller can manage it. It has several features including the ability to do manual approvals or auto-approve Terraform plans, and the Terraform outputs can be set as a Kubernetes secret. It is also integrated with Terraform Cloud and Terraform Enterprise.

The benefits of using the Terraform Controller is that you are able to take advantage of GitOps for existing Terraform resources. There is drift detection of Terraform resources and it can be used as a glue for Terraform resources and Kubernetes workloads.

Terraform Controller is very versatile because it offers different modes of operation and many features which give you the integration points and control you need. Primarily it supports these use-cases:

  • GitOps Automation Model: Here you GitOps your Terraform resources from the provision steps to the enforcement steps, like for example a whole EKS cluster.
  • Hybrid GitOps Automation Model: Here you GitOps parts of your existing infrastructure resources. For example, you have an existing EKS cluster. You can choose to GitOps only its nodegroup, or its security group.
Read More  Unify Kubernetes And GCP Resources For Simpler And Faster Deployments

Building on this, you can make use of these features if you have a TFSTATE file:

  • State Enforcement: Use GitOps to enforce it, without changing anything else.
  • Drift Detection: Use GitOps just for drift detection, so you can decide to do things later when a drift occurs.

And there’s more: Multi-Tenancy, Plan and Manual Approve and more features on the roadmap.

Now let’s move on to how to integrate it practically!

GitOpsing your Terraform

Prerequisites

Obviously you will need a Kubernetes cluster and Flux installed. Terraform Controller will require at least Flux 0.32, which in turn needs at least Kubernetes version 1.20.6. Either use flux install or flux bootstrap as explained in the Flux documentation.

Installation

Now you need to install Terraform Controller. There are many ways to do it, check out the installation docs for more information.

One very easy way to do it is to add this HelmRelease to your bootstrap repository.

Tying in your Terraform resources

And here is where all the beauty of Terraform Controller comes in – it does all the hard work for you. All you will need to do to is

  1. Define the source of your Terraform resources
  2. Enable GitOps Automation

Define source

So let’s go ahead, here we define a Source controller’s source (you can pick any of GitRepository, Bucket, OCIRepository). A GitRepository entry could look like this:

<span class="token literal-property property">apiVersion</span><span class="token operator">:</span> source<span class="token punctuation">.</span>toolkit<span class="token punctuation">.</span>fluxcd<span class="token punctuation">.</span>io<span class="token operator">/</span>v1beta1
<span class="token literal-property property">kind</span><span class="token operator">:</span> GitRepository
<span class="token literal-property property">metadata</span><span class="token operator">:</span>
  <span class="token literal-property property">name</span><span class="token operator">:</span> helloworld
  <span class="token literal-property property">namespace</span><span class="token operator">:</span> flux<span class="token operator">-</span>system
<span class="token literal-property property">spec</span><span class="token operator">:</span>
  <span class="token literal-property property">interval</span><span class="token operator">:</span> 30s
  <span class="token literal-property property">url</span><span class="token operator">:</span> https<span class="token operator">:</span><span class="token operator">/</span><span class="token operator">/</span>github<span class="token punctuation">.</span>com<span class="token operator">/</span>tf<span class="token operator">-</span>controller<span class="token operator">/</span>helloworld
  <span class="token literal-property property">ref</span><span class="token operator">:</span>
    <span class="token literal-property property">branch</span><span class="token operator">:</span> main

The GitOps Automation mode

The GitOps automation mode could be enabled by setting .spec.approvePlan=auto. In this mode, Terraform resources will be planned, and automatically applied for you. Here is a simple example you can just copy and paste.

<span class="token literal-property property">apiVersion</span><span class="token operator">:</span> infra<span class="token punctuation">.</span>contrib<span class="token punctuation">.</span>fluxcd<span class="token punctuation">.</span>io<span class="token operator">/</span>v1alpha1
<span class="token literal-property property">kind</span><span class="token operator">:</span> Terraform
<span class="token literal-property property">metadata</span><span class="token operator">:</span>
  <span class="token literal-property property">name</span><span class="token operator">:</span> helloworld
  <span class="token literal-property property">namespace</span><span class="token operator">:</span> flux<span class="token operator">-</span>system
<span class="token literal-property property">spec</span><span class="token operator">:</span>
  <span class="token literal-property property">interval</span><span class="token operator">:</span> 1m
  <span class="token literal-property property">approvePlan</span><span class="token operator">:</span> <span class="token string">"auto"</span>
  <span class="token literal-property property">path</span><span class="token operator">:</span> <span class="token punctuation">.</span><span class="token operator">/</span>
  <span class="token literal-property property">sourceRef</span><span class="token operator">:</span>
    <span class="token literal-property property">kind</span><span class="token operator">:</span> GitRepository
    <span class="token literal-property property">name</span><span class="token operator">:</span> helloworld
    <span class="token literal-property property">namespace</span><span class="token operator">:</span> flux<span class="token operator">-</span>system

Note: If you have a kustomization.yaml file (which is the case in the basic flux bootstrap use-case), make sure you add the file(s) the above manifest portions are in into the resources list.

Read More  New Relic Introduces Low-Overhead Kubernetes Monitoring

Once you commit this to Git, you should see Terraform Controller pick this up quickly. One way to confirm is:

kubectl <span class="token operator">-</span>n flux<span class="token operator">-</span>system <span class="token keyword">get</span> terraforms<span class="token punctuation">.</span>infra<span class="token punctuation">.</span>contrib<span class="token punctuation">.</span>fluxcd<span class="token punctuation">.</span>io

<span class="token constant">NAME</span> <span class="token constant">READY</span> <span class="token constant">STATUS</span> <span class="token constant">AGE</span>

helloworld True No drift<span class="token operator">:</span>
main<span class="token operator">/</span>d9c5cc348e555526ea563fb82fc901e37de4d732 1m

Simple, wasn’t it?

What else is there?

The Terraform Controller team has been hard at work and made sure that many of the common use-cases are supported. Above we covered the automation mode, some teams might want more control, so there’s a “plan and manual apply” mode as well. You can configure it as well to just do “drift detection only”.

And there’s more, you can disable drift detection, use it with AWS EKS IRSA, interact with Terraform (set variables, manage terraform state), there’s health checks and lots of other flexibility. OCI fans will love to hear that it supports OCI Artifacts as Source as well.

It is also integrated with Terraform Cloud and Terraform Enterprise.

code example

In past weeks the performance of the Terraform Controller has been improved significantly as well. Now the controller is greatly scalable to reconcile and provision a high volume of Terraform modules concurrently. The team has recently tested the controller with 1,500 Terraform modules.

code example

In the most recent release (v0.12.0) new features are: custom backend support, interoperability with Flux’s Notification Controller, and supporting human-readable plan output in ConfigMap.

And there’s more to come, check out the team’s roadmap. While you are checking it out, please give feedback as well. If you are missing something, if you like it, if you want to contribute – the team is eager to hear from you.

Read More  Kubernetes Best Practice: How To (Correctly) Set Resource Requests And Limits

 

 

Project post originally published on the Flux Blog by Priyanka Ravi and Daniel Holbach
Source CNCF


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • CNCF
  • Flux
  • Flux Ecosystem
  • Kubernetes
  • Terraform
  • Terraform Controller
You May Also Like
View Post
  • Architecture
  • Data
  • Engineering
  • People
  • Programming
  • Software Engineering
  • Technology
  • Work & Jobs

Predictions: Top 25 Careers Likely In High Demand In The Future

  • June 6, 2023
View Post
  • Programming
  • Software Engineering
  • Technology

Build a Python App to Alert You When Asteroids Are Close to Earth

  • May 22, 2023
View Post
  • Programming

Illuminating Interactions: Visual State In Jetpack Compose

  • May 20, 2023
View Post
  • Computing
  • Data
  • Programming
  • Software
  • Software Engineering

The Top 10 Data Interchange Or Data Exchange Format Used Today

  • May 11, 2023
View Post
  • Architecture
  • Programming
  • Public Cloud

From Receipts To Riches: Save Money W/ Google Cloud & Supermarket Bills – Part 1

  • May 8, 2023
View Post
  • Programming
  • Public Cloud

3 New Ways To Authorize Users To Your Private Workloads On Cloud Run

  • May 4, 2023
View Post
  • Programming
  • Public Cloud

Buffer HTTP Requests With Cloud Tasks

  • May 4, 2023
View Post
  • Programming
  • Public Cloud
  • Software
  • Software Engineering

Learn About Google Cloud’s Updated Renderer For The Maps SDK For Android

  • May 4, 2023

Stay Connected!
LATEST
  • 1
    Just make it scale: An Aurora DSQL story
    • May 29, 2025
  • 2
    Reliance on US tech providers is making IT leaders skittish
    • May 28, 2025
  • Examine the 4 types of edge computing, with examples
    • May 28, 2025
  • AI and private cloud: 2 lessons from Dell Tech World 2025
    • May 28, 2025
  • 5
    TD Synnex named as UK distributor for Cohesity
    • May 28, 2025
  • Weigh these 6 enterprise advantages of storage as a service
    • May 28, 2025
  • 7
    Broadcom’s ‘harsh’ VMware contracts are costing customers up to 1,500% more
    • May 28, 2025
  • 8
    Pulsant targets partner diversity with new IaaS solution
    • May 23, 2025
  • 9
    Growing AI workloads are causing hybrid cloud headaches
    • May 23, 2025
  • Gemma 3n 10
    Announcing Gemma 3n preview: powerful, efficient, mobile-first AI
    • May 22, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • Understand how Windows Server 2025 PAYG licensing works
    • May 20, 2025
  • By the numbers: How upskilling fills the IT skills gap
    • May 21, 2025
  • 3
    Cloud adoption isn’t all it’s cut out to be as enterprises report growing dissatisfaction
    • May 15, 2025
  • 4
    Hybrid cloud is complicated – Red Hat’s new AI assistant wants to solve that
    • May 20, 2025
  • 5
    Google is getting serious on cloud sovereignty
    • May 22, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.