GitOps with Terraform for Kubernetes
Did you know that Terraform can run kubectl commands? Yep! There's a provider for Kubernetes.
The Kubernetes provider has a growing list of resources that you can manage via Terraform. For instance, you could declaratively and explicitly manage Kubernetes permissions via Terraform by defining roles and role bindings. Then when a push to the main branch of that repository happens, it can trigger a pipeline that applies the change to your environment. Now you are managing your user permissions via git. A simple change of text can add or revoke permissions. And that is GitOps, my friend. Here's a quick example of what it would look like to define a role:
resource "kubernetes_cluster_role" "example" {
metadata {
name = "terraform-example"
}
rule {
api_groups = [""]
resources = ["namespaces", "pods"]
verbs = ["get", "list", "watch"]
}
}
If you like this post and you think an end-to-end example would be useful, please let me know in the comments.
Happy Kuberneting!