Did you know that Terraform can run kubectl commands? Yep! There's a provider for Kubernetes.

The Kubernetes provider has a growing list of resources that you can manage via Terraform. For instance, you could declaratively and explicitly manage Kubernetes permissions via Terraform by defining roles and role bindings. Then when a push to the main branch of that repository happens, it can trigger a pipeline that applies the change to your environment. Now you are managing your user permissions via git. A simple change of text can add or revoke permissions. And that is GitOps, my friend. Here's a quick example of what it would look like to define a role:

resource "kubernetes_cluster_role" "example" {
  metadata {
    name = "terraform-example"
  }

  rule {
    api_groups = [""]
    resources  = ["namespaces", "pods"]
    verbs      = ["get", "list", "watch"]
  }
}

If you like this post and you think an end-to-end example would be useful, please let me know in the comments.

Happy Kuberneting!