Skip to main content
Version: 0.10.1

Get Started with the Terraform Controller

Preflight Checks

Here are the requirements you need to set up before you start:

  1. Flux v0.32.0 or later (not only the CLI, but also the controllers on the cluster). If you are not sure about the Flux version on your cluster, please re-bootstrap your cluster.
  2. TF-controller uses the Controller/Runner architecture. The Controller acts as a client, and talks to each Runner's Pod via gRPC. Please make sure
    1. Each Runner's Pod in each Namespace is allowed to open, and serve at port 30000 (the gRPC port of a Runner), and the Controller can connect to it.
    2. The Controller needs to download tar.gz BLOBs from the Source controller via port 80.
    3. The Controller needs to post the events to the Notification controller via port 80.


Before using TF-controller, you have to install Flux by using either flux install or flux bootstrap command. Please note that TF-controller now requires Flux v0.32.0 or later, so please make sure you have the latest version of Flux. After that you can install TF-controller with Flux HelmRelease by:

kubectl apply -f

For the most recent release candidate of TF-controller, please use rc.yaml.

kubectl apply -f

or manually with Helm by:

# Add tf-controller helm repository
helm repo add tf-controller

# Install tf-controller
helm upgrade -i tf-controller tf-controller/tf-controller \
--namespace flux-system

For details on configurable parameters of the TF-controller chart, please see chart readme.

Alternatively, you can install TF-controller via kubectl:

export TF_CON_VER=v0.12.0
kubectl apply -f${TF_CON_VER}/tf-controller.crds.yaml
kubectl apply -f${TF_CON_VER}/tf-controller.rbac.yaml
kubectl apply -f${TF_CON_VER}/tf-controller.deployment.yaml

Quick start

Here's a simple example of how to GitOps your Terraform resources with TF-controller and Flux.

Define source

First, we need to define a Source controller's source (GitRepository, Bucket, OCIRepository), for example:

kind: GitRepository
name: helloworld
namespace: flux-system
interval: 30s
branch: main

The GitOps Automation mode

The GitOps automation mode could be enabled by setting .spec.approvePlan=auto. In this mode, Terraform resources will be planned, and automatically applied for you.

kind: Terraform
name: helloworld
namespace: flux-system
interval: 1m
approvePlan: auto
path: ./
kind: GitRepository
name: helloworld
namespace: flux-system

For a full list of features and how to use them, please follow the terraform section in our docs.

Other Examples

  • A Terraform GitOps with Flux to automatically reconcile your AWS IAM Policies.
  • GitOps an existing EKS cluster, by partially import its nodegroup and manage it with TF-controller: An EKS scaling example.