Use TF-controller to provision resources and auto approve
TF-controller is a tool that allows you to manage infrastructure as code using Terraform, a popular infrastructure as code tool, within a Kubernetes cluster. With TF-controller, you can define your infrastructure in a declarative way and have it automatically managed and updated. In this guide, we will walk through the steps of setting up and using TF-controller to provision resources, as well as setting it up to automatically approve changes.
Create a Terraform object
To get started with using TF-controller, the first step is to prepare the necessary objects. This includes creating a Terraform object and a Flux source object.
The Terraform object is a Kubernetes custom resource (CR) that defines the Terraform module, backend configuration, and GitOps automation mode. The Terraform module is the configuration used to provision resources and can be stored in a Git repository or packaged in an OCI image in an OCI registry.
The backend configuration is optional and sets the backend to be used to store the Terraform state. If not specified, the Kubernetes backend will be used by default.
The GitOps automation mode is also optional, with the default being "plan-and-manually-apply". In this example, we'll use the "auto-apply" mode.
The Flux source object is a source of configuration files,
such as a Git repository or OCI registry. It tells TF-controller where to find the Terraform module
and any other necessary configuration files.
There are several types of Flux source objects available, including
Choose the one that best fits your needs.
Once you have prepared these objects, you are ready to start using TF-controller to manage your infrastructure.
GitOps Automation Mode
In TF-controller, the GitOps automation mode determines how Terraform runs and manages your infrastructure. There are several options available for the GitOps automation mode, including "plan-and-manually-apply" and "auto-apply".
In the "plan-and-manually-apply" mode, TF-controller will run a Terraform plan and output the proposed changes to a Git repository. A human must then review and manually apply the changes. This is the default GitOps automation mode if none is specified.
In the "auto-apply" mode, TF-controller will automatically apply the changes after a Terraform plan is run. This can be useful for environments where changes can be made automatically, but it is important to ensure that the proper controls, like policies, are in place to prevent unintended changes from being applied.
To specify the GitOps automation mode in a Terraform object,
you can set the
spec.approvePlan field to the desired value. For example, to use the "auto-apply" mode, y
ou would set it to
It is important to carefully consider which GitOps automation mode is appropriate for your use case to ensure that your infrastructure is properly managed and controlled.
This code is defining a
Terraform object in Kubernetes.
apiVersion field specifies the version of the Kubernetes API being used,
kind field specifies that it is a
metadata block contains information about the object, including its
spec field contains the specification for the
path field specifies the path to the Terraform configuration files,
in this case a directory named "helloworld".
interval field specifies the frequency at which TF-controller should run the Terraform configuration,
in this case every 10 minutes. The
approvePlan field specifies whether or not
to automatically approve the changes proposed by a Terraform plan.
In this case, it is set to
auto, meaning that changes will be automatically approved.
sourceRef field specifies the Flux source object to be used.
In this case, it is a
GitRepository object with the name "helloworld".
This indicates that the Terraform configuration is stored in a Git repository object with the name