This document discusses using GitOps and the Weaveworks Terraform Controller to manage AWS Lambda functions on Kubernetes. Key points include: - Flux is used to bootstrap the Terraform Controller on Kubernetes which then reconciles any changes to the Terraform manifest stored in Git. - The Terraform manifest defines an AWS Lambda resource and references the Git repo, AWS credentials secret, and outputs secret. - AWS access keys are stored as a Kubernetes secret referenced by the Terraform configuration to provision the Lambda function.

1. 1
GitOps
Everything
Steve Waterworth
Technical Marketing Manager

2. 2
There’s more to real applications than just Kubernetes

3. 3
Constant
Reconciliation

4. 4
Constant
Reconciliation

5. 5
AWS Lambda

6. 6
● Flux bootstrapped on K8s
● Install Weaveworks Terraform Controller via Helm
● Normal file layout
○ main.tf - variables.tf - outputs.tf
○ Function source in subdirectory
● Manual testing before committing to Git
● Terraform manifest
Technique

7. 7
apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
Metadata:
name: aws-lambda
namespace: flux-system
Spec:
approvePlan: "auto"
destroyResourcesOnDeletion: true
interval: 1m
sourceRef:
kind: GitRepository
name: tf-lambda
namespace: flux-system
varsFrom:
- name: tf-aws-keys
kind: Secret
writeOutputsToSecret:
name: aws-lambda-output
Terraform Manifest

8. 8
kubectl create secret generic tf-aws-keys
-n flux-system
--from-literal=access_key=$AWS_ACCESS_KEY_ID
--from-literal=secret_key=$AWS_SECRET_ACCESS_KEY
main.tf
provider "aws" {
region = var.aws_region
access_key = var.access_key
secret_key = var.secret_key
}
AWS Credentials

9. 9
Demo

10. 10
Questions?

11. 11
Weave GitOps
www.weave.works
Sign up for a Weave GitOps workshop
www.weave.works/events
Terraform Controller
weaveworks.github.io/tf-controller/
Thank You