Watch this talk on YouTube here: https://youtu.be/8xhEPPA6XUs Some organizations depend heavily on their Terraform scripts because they are using multiple providers, have built wrappers around those providers, and might even be deploying their application code along with Terraform. Additionally, GitOps is in every IT roadmap, but unfortunately Terraform doesn’t have an easy way to reconcile its resources. This means that teams won't notice a sudden change in the running environment often with critical consequences. What if teams could ensure that what they defined in the Terraform HCL code is what is always running and available? Flux can continuously look for changes on your Terraform resources and do reconciliation with the desired state. You can rest easy knowing that your deployments are always up to date with your desired state. This enables you to take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development! Priyanka provides an in-depth look at TF-controller, a Flux-based controller to reconcile your Terraform resources the GitOps Way. Pinky shares insights on the many benefits of TF-Controller, then demo a common use case implementation. Speaker Bio: Priyanka “Pinky” Ravi is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at a large insurance company where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.

1. 1
April 27, 2022
Reconcile Terraform
Resources the GitOps Way
Priyanka Ravi
Developer Experience Engineer, Weaveworks
Stacey Potter
Community Manager, Weaveworks

2. 2
Weaveworks is founded on open source
● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s
● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with
Prometheus
● Weave Ignite: VMs with container UX & built-in GitOps management
● EKSctl: Create an Amazon EKS cluster with one command
● (and many many more projects!)
And now … Weave GitOps!
weave.works

3. 3
Speakers Help/Support
Priyanka “Pinky” Ravi
DX Engineer
Weaveworks
Stacey Potter
Community Manager,
Weaveworks
Duration
30-60 Minutes
Browser
Safari copy/paste
shortcuts may not work
Using Zoom
Questions?
• Use chat (button: top
left corner of screen)
• Escape to exit full
screen
• “To Everyone” or “To
all panelists and
attendees”
Support:
https://support.zoom.us/hc/
en-us/articles/206175806-T
op-Questions
Troubleshooting
Use chat
If the issue is not easily resolved,
we ask that you follow along as
we demo the sample app.
Reconcile Terraform Resources the GitOps Way

4. 4
👋 Get Connected 💬 🤝
● Weave GitOps Terraform Controller on GitHub:
⭐ https://github.com/weaveworks/tf-controller ⭐
● Weave GitOps Terraform Controller Docs:
📑 https://weaveworks.github.io/tf-controller/ 📑
● Fluxcd.io - ⭐ Star us on GitHub ⭐
● Check out the Flux docs at: fluxcd.io/docs/get-started/
● GitHub Discussions Q&A:
https://github.com/fluxcd/flux2/discussions/categories/q-a
● CNCF Slack #Flux channel (or get a slack invite)

5. 5
5
● Operating model for cloud native applications such as Kubernetes
● Utilizes a version controlled system (Commonly Git) as the “single
source of truth”
● Enables continuous delivery through automated deployment,
monitoring, and management by a version controlled system
● Managing your infrastructure and applications declaratively
What is GitOps

6. 6
Source: GitOps Working Group
https://opengitops.dev/

7. 7
7
Individuals, teams, and organizations who implement GitOps experience
many benefits, including:
● Stronger Security Guarantees
● Increased Developer & Operational Productivity
● Enhanced Developer Experience
● Improved Stability
● Higher Reliability
● Consistency and Standardization
Why GitOps

8. 8
8
● A git centric package manager for your applications
● A set of continuous and progressive delivery solutions for Kubernetes
What is Flux
fluxcd.io

9. 9
9
Cloud Native Computing Foundation (CNCF)
The Cloud Native Computing Foundation (CNCF) is an open source software foundation that promotes
the adoption of cloud-native computing.
Maturity Levels: Sandbox ➡ Incubating ➡ Graduation
CNCF projects have a maturity level of sandbox, incubating, or graduated, which corresponds to
the Innovators, Early Adopters, and Early Majority tiers of the Crossing the Chasm diagram. The
maturity level is a signal by CNCF as to what sorts of enterprises should be adopting different
projects.
July 2019: Flux joins CNCF as a Sandbox Project 🏜 ⌛ 🏝
July 2020: Flux was one of only two projects in the ‘adopt’ category of CNCF CD Tech Radar 📡 ⚙ 💻
March 2021: Flux goes from Sandbox to Incubation 🥚 ⏲
November 2021: Flux Security Audit concludes in preparation for Graduation application 📄 📝
March 2022: Flux applies for Graduation 🤞🤞 🎉 🎓 🎉 🎓 🎉 🎓 🤞🤞
Flux’s Journey as an Open Source Project fluxcd.io

10. 10
10
🤝 Flux provides GitOps for both apps and infrastructure
🤖 Just push to Git and Flux does the rest
🔩 Flux works with your existing tools
☸ Flux works with any Kubernetes and all common Kubernetes tooling
🤹Flux does Multi-Tenancy (and “Multi-everything”)
📞 Flux alerts and notifies
👍 Users trust Flux
💖 Flux has a lovely community that is very easy to work with!
Flux in Short

11. 11
11
● Reduces developer burden
● Extensible
● Comes with out of the box support for Kustomize and Helm
● Designed For Kubernetes
Benefits of Flux
fluxcd.io

12. 12
12
Overview of Flux
Source
controller
Notification
Controller
Image Reflector
& Automation
Controller
Flux
Flux is a set of
Kubernetes Controllers
fluxcd.io
Terraform
Controller
Helm
Controller
Kustomize
controller

13. 13
What Flux’s Controllers do
Source Controller
- Fetch resources and store as
artifacts
Kustomize Controller
- Apply manifests, Run
manifest generation using
kustomize
Helm Controller
- Deployment of Helm Charts
Notification Controller
- Notification Dispatch
Image Reflector Controller
- Reflects Image metadata for
Automation Controller
Image Automation Controller
- Updates YAML when new
container images are
available
fluxcd.io

14. 14
14
● Helm
● Kustomize
● Prometheus
● Grafana
● Jenkins
● EKS
● AKS
● GCP
Flux Works with Other Tools
● Traefik
● Falco
● GitHub, GitLab, Bitbucket,
s3-compatible buckets
● Terraform
● …and more!!!
fluxcd.io

15. 15
15
● Makes life easier
● Multi-tenancy
● DependsOn
● Helm integration
● Notifications and Alerts
● Bootstrap
● Flux CLI
● And now the Terraform controller!
Reasons I and Others Love Flux fluxcd.io

16. 16
16
● A Flux controller that can manage Terraform resources
● Terraform resources that can be managed are not limited to Kubernetes resources
● Features:
○ Can do manual approvals or auto-approve
○ Can get the outputs after and optionally can input/output into a Kubernetes secret
○ tfctl CLI
○ It does exactly what you expect!
What is the Terraform Controller

17. 17
17
● Full GitOps Automation
● GitOps for Existing Terraform resources
● GitOps model for plan and manually apply Terraform
● Drift Detection of Terraform resources
● Can be used as a glue for Terraform resources and Kubernetes workloads
Benefits of the Terraform Controller

18. 18
18
Demo Time!

19. 19
● Weave GitOps Terraform Controller on GitHub:
⭐ https://github.com/weaveworks/tf-controller ⭐
● Weave GitOps Terraform Controller Docs
● Flux on GitHub: ⭐ https://github.com/fluxcd/flux2 ⭐
● Flux website: fluxcd.io
● Flux on CNCF Slack: https://slack.cncf.io/ (#flux channel)
● Join Our Weave Online User Group:
https://www.meetup.com/Weave-User-Group/
Next Steps

20. Confidential do not distribute
2
0
weave.works
Thank you