►
From YouTube: How to GitOps your Terraform!
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
So
what
is
get
Ops
get
Ops
is
an
operating
model
for
cloud
native
applications
such
as
kubernetes
I
do
want
to
highlight
that
it's
not
just
for
kubernetes.
If
you
are
using
doing
a
multi-cloud
infrastructure,
you
can
still
use
gitups
and
we'll
be
talking
about
that.
Obviously,
more
in
detail
today
get
Ops
utilizes
a
version
controlled
system
most
commonly
get
as
the
single
source
of
Truth.
It
enables
continuous
delivery
through
automated
deployment,
monitoring
and
management
by
a
version
controlled
system
and
with
gitups
you're,
managing
your
infrastructure
and
applications
to
clarity.
A
So
these
are
the
gitups
principles
are
a
set
of
best
practices.
They
have
been
defined
through
discussions
with
many
different
vendors
and
users,
experiences
by
the
git
Ops
working
group,
and
if
you
want
to
learn
more
about
the
get
Ops
working
group,
you
can
go
to
open,
gitops.dev
and
don't
feel
like
you
have
to
have
all
of
them
met
in
order
to
use
get
Ops.
Everyone's
Journey
looks
different
and
you
can
start
using
get
Ops
and
add
in
hardening
and
tweak
your
setup
to
meet
these
guidelines
as
you
go.
A
A
The
second
is
that
a
desired
state
is
stored
in
a
way
that
enforces
immutability
versioning
and
retains
a
complete
version
history,
so
there's
no
sneaking
in
and
change,
and
it
kind
of
goes
back
to
the
audit.
Trail
stuff
too,
the
third
is
that
software
agents
automatically
pull
the
desired
State
declarations
from
the
source,
and
the
fourth
is
that
software
agents
continuously
observe
actual
assistant,
State
and
attempt
to
apply
the
desired
state.
A
So
you
have
an
operator
such
as
flux
that
is
automatically
continuously
pulling
in
the
actual
System
state
and
making
sure
that
it
is
what
you
have
expressed.
Declaratively.
A
So
why
get
UPS?
There
are
so
many
benefits
to
get
Ops,
and
you
know
individuals,
teams
and
organizations
who
Implement
get
Ops
experience.
Many
benefits,
I
myself
at
my
previous
company,
was
on
a
team
that
implemented
get
Ops
using
flux,
and
we
did
see
a
lot
of
these
benefits,
including
stronger
security
guarantees,
increased
developer
and
operational
productivity
and
enhanced
developer
experience,
improve
stability,
higher
reliability
and
a
consistency
and
standardization
because
of
get
ops's
unique
ability
to
treat
everything
as
code.
It
creates
a
direct
impact
on
security,
for
example.
A
A
So
what
is
flux?
Flux
is
a
get
Centric
package
manager
for
your
applications,
but
git
isn't
the
only
system
you
can
use
and
it
provides
a
set
of
continuous
and
Progressive
Delivery
Solutions
for
kubernetes.
It
is
a
natural
extension
of
the
benefits
of
kubernetes
at
the
core
of
it.
It
continuously
monitors
your
version
control
system
and
it
applies
the
desired
State.
That's
been
declaratively
stated
there.
The
nice
part
of
this
is
that
you
don't
have
to
worry
about
configuration
drift
because
it
reconciles
on
a
schedule.
A
So
these
are
some
statements
that
we
like
to
put
out
there
about
flux
and
to
really
showcase.
What's
really
awesome
about
flux,
flux
provides
git
Ops
for
both
apps
and
infrastructure,
using
flux
and
Flagger,
you
can
deploy
apps
with
canaries,
feature
flags
and
a
b
rollouts
Lux
can
also
manage
any
kubernetes
resource
and
infrastructure
and
workload
dependency
management
is
built
in
you.
Just
push
to
get
and
flux.
Does
the
rest
flux
manages
deployments
through
automatic
reconciliation.
A
Flux
also
works
with
your
existing
tools.
Flux
works
with
your
git
providers,
GitHub
gitlab
bitbucket.
You
can
even
use
S3
compatible
buckets
as
a
source,
all
major
container
Registries
and
all
CI
workflow
providers
as
well.
Flux
works
with
any
kubernetes
and
all
common
kubernetes,
tooling,
customize,
Helm,
rbac
and
policy
driven
validation
such
as
Opa
trevurno,
admission
controllers,
so
it
simply
falls
into
place.
A
A
It
also
alerts
and
notifies
flux,
provides
Health
assessments,
alerting
to
external
systems
and
external
events,
handling
you
just
get
push
and
get
notified
on
slack
and
other
chat
systems
and
I'm
going
to
actually
be
showing
that
in
our
demo
today,
users
trust
flux,
take
myself
as
a
user,
I,
definitely
trust
flux
and
hopefully
you'll
see
throughout
this
talk
why
users
do
trust
flux,
flux
has
a
lovely
community
that
is
very
easy
to
work
with.
We
welcome
contributors
of
any
kind.
A
So
what
are
the
benefits
of
flux?
Flux
reduces
developer
burden.
It
removes
the
cube
control
problem.
You
don't
have
to
worry
about
Cube,
controlled
versions
to
be
able
to
interact
with
the
cluster.
It's
also
extensible,
versatile.
It
works
with
existing
tools,
it's
flexible
and
modular,
and
it's
a
natural
extension
of
kubernetes
and
it's
also
extendable
because
of
the
microservice
architecture.
You
can
basically
pick
and
choose
what
you
want
to
use
to
tailor
your
own
experience.
A
So,
like
I
mentioned,
flux
has
a
microservice
architecture,
it's
a
set
of
kubernetes
controllers
and,
if
you're
not
familiar
with
controllers,
a
controller
handles
the
life
cycle
of
objects
in
kubernetes.
What
should
be
done
when
an
object
is
created,
updated
deleted,
Etc
and
the
terraform
controller
is
not
officially
a
flux
controller.
A
It
is
an
add-on
that
was
created
by
weaveworks,
but
the
controllers
that
make
up
flux
are
the
source
controller,
the
customized
controller,
the
helm,
controller,
the
notification
controller,
the
image,
reflector
controller
and
the
image
automation,
controller,
The,
Source
controller
fetches
resources
and
stores
them
as
artifacts
it.
The
main
role
of
it
is
to
provide
a
common
interface
for
artifacts
acquisition.
A
The
helm
controller
is
a
kubernetes
operator
allowing
one
to
declaratively
manage
Helm
chart
releases
with
kubernetes
manifests
the
notification
controller
is
a
kubernetes
operator
specialized
in
handling
inbound
and
outbound
events
and
the
image
reflector
controller
and
image
automation.
Controller
work
together
to
update
a
git
repository
when
new
container
images
are
available.
A
Yeah,
so
flux
works
with
tons
of
other
tools.
These
are
just
a
few
and
then
there's
a
lot
more
as
well,
so,
basically
anything
that
you're,
really
working
with
flux,
will
work
nicely
with
as
well.
Okay,
so
reasons
why
I
and
others
love
flux,
I
myself,
as
a
previous
user
of
flux,
that
I
just
come
up
with
a
little
list
of
the
reasons
that
I
really
adore
flux
and
one
is
that
it
really
just
makes
life
easier.
Getting
your
application
to
production
is
the
entire
goal
of
the
development
life
cycle.
A
Flux
is
a
tool
that
was
created
to
make
the
process
simpler
and
more
efficient.
It
gives
developers
the
ability
to
focus
on
what
really
matters
most
Innovation
and
the
user
experience.
Also
multi-tenancy
is
really
awesome
with
flux.
In
my
experience,
it's
very
easy
to
set
up
and
convenient
to
keep
working.
So
there's
also
a
really
neat
feature
called
depends
on
where
you
can
tell
flux
to
wait
until
something
is
up
and
ready
to
actually
stand
up
the
next
piece.
A
A
Bootstrapping
is
a
really
cool
way
to
get
started
with
flux,
which
is
part
of
the
flux
CLI
and
the
flexioli
is
a
super
super
user
friendly
way
to
integrate,
with
to
interact
with
flux
and
now
the
terraform
controller.
Another
awesome
reason
to
love
flux
as
well.
A
So
what
is
the
terraform
controller?
The
terraform
controller
is
a
flux
controller
that
was
created
by
weaveworks
that
can
manage
terraform
resources
it
and
and
these
terraform
resources
that
can
be
managed
by
it
are
not
limited
to
kubernetes
resources,
which
brings
us
back
to
that
multi-cloud
option.
I
was
mentioning
earlier,
and
so
you
can.
These
are
a
few
links
where
you
can
find
the
terraform
controller
on
GitHub.
There
are
some
really
awesome,
terraform
controller
docs
out
there
as
well
and
in
in
those
docs.
A
So
what
are
the
benefits
of
the
terraform
controller?
One
benefit
is
that
you
can
have
full
get
Ops
automation
get
Ops.
You
can
use
now
get
ups
for
existing
terraform
resources.
A
You
can
use
get
Ops
to
plan
and
manually
apply
terraform.
Also,
you
can
use
the
terraform
controller
to
do
drip,
detection
of
terraform
resources
and
I'm
going
to
mention
that
in
a
little
bit,
but
you
can
also
use
it
to
just
notify
you
of
of
any
drift
detection.
That
happens
even
if
you're
not
using
it
to
apply
your
terraform
and
it
can
be
used
as
a
glue
for
terraform
resources
and
kubernetes
workloads.
A
There
are
lots
of
cool
features
of
the
terraform
controller
to
be
excited
about,
and
there
are
new
ones
coming
out
every
day,
so
keep
an
eye
on
that
guide.
That
I
mentioned
a
bit
ago.
One
such
feature
is
the
ability
to
set
manual
or
Auto
approvals
with
auto
approvals.
If
you
make
a
change
in
git,
then
the
change
will
be
automatically
realized
by
the
terraform
controller.
A
If
you
set
it
up
to
do
manual
approvals,
then
it
will
create
a
plan,
but
it
will
not
automatically
apply
the
change,
and
so
you
can
see
the
plan
and
decide
whether
you
want
to
make
the
change
and
there's
a
new
feature
now
to
actually
output
that
plan
into
a
config
map
and
I
will
show
that
in
my
demo
another
feature
is
drip
detection
and
with
drift
detection,
you
don't
have
to
worry
about
configuration
drift.
A
Detection,
and
another
feature
is
that
the
terraform
controller
actually
accepts
a
list
of
config
maps
and
secrets
as
variables.
So
you
can
use
those
to
input
as
variables
into
your
terraform.
A
Also,
a
state
file
by
default
is
stored
in
a
secret
for
your
terraform,
but
you
can
actually
set
the
back
end
to
be
whatever
you
want,
and
also
there
are
health
checks
that
you
can
set,
and
so
for
some
resources
it
may
be
helpful
to
perform
health
checks
on
them
to
verify
that
they
are
ready
to
accept
connection
before
the
terraform
goes
into
a
ready
state,
and
you
can
also
destroy
resources
on
deletion.
A
That
is
not
the
default
action
of
the
terraform
controller,
so
if
a
terraform
object
is
deleted
from
the
cluster,
the
resources
created
by
terraform
are
not
deleted.
Defaulted
to
be
destroyed.
A
To
enable
that
you
can
set
a
flag
to
true,
and
another
feature
is
that
you
can
actually
write
outputs
to
a
secret
and
you
can
specify
a
Target
secret
and
the
controller
will
write
all
outputs
to
the
secret
by
default
and
you
can-
or
you
can
also
write
outputs
selectively
to
a
secret
and
there's
also
name
mapping
and
other
features
as
well.
A
So
the
terraform
controller
team
is
really
excited
to
announce
that
the
performance
of
the
terraform
controller
has
been
improved
significantly
now.
The
controller
is
greatly
scalable
to
reconcile
and
provision
High
volumes
of
terraform
modules
concurrently
and
the
team
has
actually
tested
the
controller
with
1500
terraform
modules,
and
so
with
that
change
you
can
actually
customize
your
Runner
pod
as
well.
A
You
can
update
the
image
if
you
want
to,
if
you
have
any
need
to
include
certain
things
in
your
terraform
image:
Runner
terraform,
Runner
image,
and
also
you
can
config
some
pod
specs
as
well.
Recently.
Oci
support
has
been
added
to
flux
and
the
terraform
controller
has
been
updated
to
reflect
those
changes
as
well.
So
the
terraform
controller
can
also
use
oci
artifacts
as
a
source.
A
Another
thing
is
the
ability
to
force
unlock,
terraform
State
and
by
default
this
is
not
enabled,
and
so,
if
you
do
want
to
use
it,
you
can
check
out
how
to
do
that
in
the
guide
and
we're
also
very
excited
to
say
that
there
is
terraform
cloud
and
terraform
Enterprise
Integration
as
well,
and
that
is
also
in
our
guide.
If
you
want
to
check
out
how
to
use
the
terraform
controller
with
those
as
well.
A
Okay,
so
we're
gonna
be
standing
up
an
instance
of
Vault
using
flux
and
then
we're
going
to
be
using
terraform
to
configure
that
Vault
instance
such
as
adding
a
secret
and
adding
policies,
and
so
we're
going
to
be
using
this
repository.
A
That
was
forked
from
a
project
that
Russ
created
in
order
to
show
a
demo
of
Vault
with
flux,
and
so
in
here
in
this
make
file,
you
can
see
that
it's
going
to
create
a
kind
cluster
and
then
it's
going
to
be
running
this
flux,
bootstrap,
GitHub
command,
and
so
this
flux,
bootstrap
command
is
going
to
create,
is
basically
the
easiest
way
to
stand
up
flux
in
your
cluster
and
if,
if
the
in
this
case,
we're
actually
standing
it
up
in
a
repo
that
already
exists.
A
Okay,
now
that
the
bootstrap
command
is
done,
we
can
run
a
cube
control,
get
pods,
Dash
and
flux
system
and
see
the
pods
that
were
stood
up
there.
A
So
you
can
see
here
that
there
are
the
controllers
that
were
stood
up
and
by
default,
the
terraform
controller
does
not
come
with
bootstrap,
but
we'll
we'll
I'll
show
you
how
that
was
stood
up
in
just
a
second,
so
the
gotk
components,
yaml
is
what's
created
by
bootstrap
and
it
has
the
namespace
the
flux
system,
namespace
that
has
custom
resource
definitions,
all
of
the
Manifest
for
all
the
controllers,
and
things
like
that.
Geotk
sync
is
where
we
have
the
get
repository
source.
A
So
this
is
telling
the
source
controller
to
listen
to
this
git
repository,
Flex,
Vault
demo
and
every
minute
it's
going
to
go
in
and
pull
the
Manifest
and
make
sure
there's
no
changes,
and
then
the
customization
is
telling
the
customization
controller
to
then
apply
the
files
that
are
found
in
the
Clusters
kind,
folder
every
10
minutes,
and
so
it's
going
to
apply
whatever
is
pulled
in
by
the
source
repo
in
that
folder.
A
And
so,
if
we
go
in
there,
if
we
go
into
that
folder,
we
can
see
that
there's
also
this
apps.yaml
file,
which
is
going
to
be
applied
as
well,
and
this
is
another
customization.
That's
then
pointing
to
the
space
apps
folder.
If
we
go
into
there,
we
can
see
that
this
is
where
the
terraform
controller
and
Vault
are
being
stood
up.
A
So
in
here
this
Helm
repository
is
pointing
to
the
TF
controller
Helm
repository,
and
this
is
the
helm
repository
Source,
that's
created
for
the
yeah
for
the
terraform
controller,
it's
being
pulled
every
five
minutes
and
then
the
helm
release
is
what
actually
defines
what
the
chart
is
going
to
look
like.
So
this
is
telling
the
the
chart
specs.
A
It's
saying
the
version
of
the
chart
that
you
want
to
be
stood
up,
and
it
also
has
the
values
that
you
want
that
you
set
for
the
Helm
chart,
and
so
this
is
telling
the
helm
controller
to
go,
apply
this
chart
and
then
every
one
hour
to
go
and
then
update
it.
So
in
the
there's
also,
the
Vault
instance
that's
being
stood
up
in
in
the
same
way.
It's
a
it's.
A
Helm
chart
as
well,
and
so
that's
just
the
basic
instance
of
Vault-
that's
being
stood
up.
A
So
now
we're
gonna
go
into
vs
code
and
we're
gonna
apply
the
secret.yaml,
and
this
is
basically
just
to
apply
the
secret
that
points
to
the
web
hook
address
for
slack
and
I
learned
this
the
hard
way.
But
if
you
push
a
web,
a
slack
web
hook
into
a
public
GitHub,
then
it
will
actually
delete
it
from
slack.
A
So
that's
why
we're
applying
it
here
and
then
we're
just
going
to
delete
this,
so
we
don't
commit
it
to
get
and
we're
gonna
now
go
into
actually
add
in
the
terraform.
The
notifications
for
the
terraform
controller.
So
the
first
thing
we
need
to
do
is
add
in
some
patches
to
tell
the
notification
controller
to
also
listen
to
terraform
events
as
well,
and
not
just
the
ones
that
come
default
with
flux.
A
And
then
I'm
gonna
show
you
what
that,
what's
in
that
actual
terraform
notifications
yaml
that
we
just
added
to
the
customization.
So
this
is
the
provider
that's
created
for
the
notification
controller,
it's
pointing
to
that
slack
web
hook,
secret
ref
that
we
just
told
it
so
it's
gonna
listen
to
that
slack
web
hook,
and
then
it's
going
to
also
be
listening
for
terraform
events.
So
that's
what
the
alert
is
saying
here
as
well.
So
if
there's
any
terraform
events,
all
terraform
events
then
alert
us
in
Slack.
A
Okay,
so
now
we're
gonna
reconcile
the
the
get
Source
the
flux
system
gets
Source,
that's
pointing
to
that
repository,
and
it's
gonna
realize
that
there's
been
a
change.
That's
been
made
and
it'll
also
trigger
the
customization
to
then
run
a
apply
as
well,
because
there's
been
a
change.
A
Okay,
so
now
we're
going
to
go
in
and
actually
add
the
the
terraform
object
now.
So
this
is
what
the
terraform
controller
will.
This
is
what
is
telling
the
terraform
controller
to
then
go
and
actually
apply
those
terraform
files
that
are
going
to
be
customizing,
The
Vault
instance.
So,
let's
commit
this
change.
Add
this
this
back
in
and
so
what
you
can
see
here
is
it's
telling
it
every
minute
to
go
and
apply
the
terraform
files
that
are
found
in
this
base.
A
Terraform
Kate's
fault,
config
path
and
it's
pointing
to
the
same
Source,
ref
too,
oh
and
and
here
because
the
approved
plan
is
empty,
it's
going
to
require
manual
approvals
and
the
store,
readable
plan
in
human
is
telling
it
to
output
the
plan
into
a
config
map.
A
And
so
in
here
we
can
see
that
this
is
the
terraform
that
we
just
told
that
terraform
object
to
point
to.
So
this
is
the
terraform
that
the
terraform
controller
is
going
to
be
applying
and
it
has
policies,
it
has
a
past,
a
secret,
that's
created,
and,
and
all
of
that,
so
we
are
going
to
now
reconcile
flux
system
again
the
flux
system
source
to
pick
up
the
change
we
just
added.
A
A
We
can
see,
and
so,
if
we
go
into
slack,
we
can
see
that
there
is
a
terraform
plan
that
was
generated
in
this
General
thing.
So
if
we
take,
it
tells
us
that
we
can
set
a
proof
plan
to
this
string
in
order
to
actually
approve
the
plan.
So
we'll
go
in
here.
A
Oh
right,
okay,
so
I'm
gonna
do
a
cube.
Control,
get
config,
Maps.
First,
to
show
you
the
the
config
map
that
was
created
with
the
terraform
plan,
and
that
way
we
can
actually
check
that
the
plan
is
what
we
want
and
I
can
show
you
guys
how
to
look
at
check
for
your
config
map.
So
in
here
you
can
see
that
the
plan
is
all
listed
out
here.
A
It
has
it's
if
you're
familiar
with
terraform
you're
very
familiar
with
like
a
terraform
plan,
it
shows
you
all
the
things
that
are
going
to
be
added,
and
so
now
we
can
go
in
and
commit
that
change
to
approve
the
plan.
So
now
the
plan
will
be
applied,
and
so,
if
we
go
back
and
reconcile
it
again,
we
can
make
sure
that
that
apply
is
being
taken
care
of.
So
if
we
go
back
and
get
terraform.
A
A
And
so
now,
I'm
going
to
go
in
and
I
am
going
to
update
the
file
to
do
auto,
approve
approvals
and
I'm
going
to
remove
the
store,
readable
plan
as
well.
So
now,
if
a
change
is
made,
it
will
automatically
apply
those
changes.
So
there's
no
more
need
for
me
to
look
at
the
plan
and
then
manually
apply
it.
A
Okay,
so
now
I
am
going
to
log
into
the
local
Vault
instance
that
we
created
and
I'm
just
going
to
enter
the
token
that
was
set
up
it's
just
root,
and
then
we
can
see
in
here
that
the
creds
password
secret
was
created
the
one
that's
in
that
terraform
code
and
so
I'm
going
to
be
a
bad
actor
and
I'm
going
to
go,
delete
it
to
show
you
the
drift
detection
and
so
in
here
now
you
can
see
the
notification
in
slack.
A
A
You
know
to
show
y'all
what
it
would
look
like
to
get
a
notification
if,
for
some
reason,
things
got
out
of
sync,
and
so
now,
if
we
go
back
in
here
and
refresh
and
retype
it
in
creds
are
back
because
the
the
terraform
controller
set
it
back
up
when
it
noticed
that
there
was
a
configuration
drift,
it
reapplied,
the
terraform,
so
that's
it
for
the
demo
and
thank
you
so
much
for
listening
to
me.
Talk
about
the
terraform
controller.
A
We
are
very
excited
about
this
Edition
and
please
give
it
a
try
and
let
us
know
your
experience
on
the
cncf
flux,
slack
Channel
and
here
are
a
few
links
for
you
to
check
out.
We
have
a
weave
online
user
group
that
also
meets
regularly
and
has
different
talks
about
the
different
tools
that
we
are
using
or
integrate
with
flux,
and
please
check
out
flux
on
GitHub
and
give
us
a
star
on
both
the
terraform
controller
GitHub
and
the
flux
GitHub
as
well.
Thank
you.