Skip to main content
Version: 0.21.1

Use TF-controller to provision resources and auto approve

TF-controller is a tool that allows you to manage infrastructure as code using Terraform, a popular infrastructure as code tool, within a Kubernetes cluster. With TF-controller, you can define your infrastructure in a declarative way and have it automatically managed and updated. In this guide, we will walk through the steps of setting up and using TF-controller to provision resources, as well as setting it up to automatically approve changes.

Create a Terraform object

To get started with using TF-controller, the first step is to prepare the necessary objects. This includes creating a Terraform object and a Flux source object.

The Terraform object is a Kubernetes custom resource (CR) that defines the Terraform module, backend configuration, and GitOps automation mode. The Terraform module is the configuration used to provision resources and can be stored in a Git repository or packaged in an OCI image in an OCI registry.

The backend configuration is optional and sets the backend to be used to store the Terraform state. If not specified, the Kubernetes backend will be used by default.

The GitOps automation mode is also optional, with the default being "plan-and-manually-apply". In this example, we'll use the "auto-apply" mode.

The Flux source object is a source of configuration files, such as a Git repository or OCI registry. It tells TF-controller where to find the Terraform module and any other necessary configuration files. There are several types of Flux source objects available, including GitRepository and OCIRepository. Choose the one that best fits your needs.

Once you have prepared these objects, you are ready to start using TF-controller to manage your infrastructure.

GitOps Automation Mode

In TF-controller, the GitOps automation mode determines how Terraform runs and manages your infrastructure. There are several options available for the GitOps automation mode, including "plan-and-manually-apply" and "auto-apply".

In the "plan-and-manually-apply" mode, TF-controller will run a Terraform plan and output the proposed changes to a Git repository. A human must then review and manually apply the changes. This is the default GitOps automation mode if none is specified.

In the "auto-apply" mode, TF-controller will automatically apply the changes after a Terraform plan is run. This can be useful for environments where changes can be made automatically, but it is important to ensure that the proper controls, like policies, are in place to prevent unintended changes from being applied.

To specify the GitOps automation mode in a Terraform object, you can set the spec.approvePlan field to the desired value. For example, to use the "auto-apply" mode, y ou would set it to spec.approvePlan: auto.

It is important to carefully consider which GitOps automation mode is appropriate for your use case to ensure that your infrastructure is properly managed and controlled.

Example

apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
  name: helloworld
spec:
  path: ./helloworld
  interval: 10m
  approvePlan: auto
  sourceRef:
    kind: GitRepository
    name: helloworld

This code is defining a Terraform object in Kubernetes. The apiVersion field specifies the version of the Kubernetes API being used, and the kind field specifies that it is a Terraform object. The metadata block contains information about the object, including its name.

The spec field contains the specification for the Terraform object. The path field specifies the path to the Terraform configuration files, in this case a directory named "helloworld". The interval field specifies the frequency at which TF-controller should run the Terraform configuration, in this case every 10 minutes. The approvePlan field specifies whether or not to automatically approve the changes proposed by a Terraform plan. In this case, it is set to auto, meaning that changes will be automatically approved.

The sourceRef field specifies the Flux source object to be used. In this case, it is a GitRepository object with the name "helloworld". This indicates that the Terraform configuration is stored in a Git repository object with the name helloworld.