Terraform Operator
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Devops Exercises | 41,762 | 3 days ago | 14 | other | Python | |||||
| Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions | ||||||||||
| 90daysofdevops | 22,150 | a day ago | 1 | May 10, 2022 | 5 | other | Shell | |||
| I am using this repository to document my journey learning about DevOps. I began this process on January 1, 2022, and plan to continue until March 31. I will be dedicating one hour each day, including weekends, to gaining a foundational understanding of the various aspects of DevOps. This will be a 90-day intensive study period. 2022 & 2023 inc. | ||||||||||
| Microservices Demo | 13,929 | 7 hours ago | 43 | August 04, 2022 | 41 | apache-2.0 | Python | |||
| Sample cloud-first application with 10 microservices showcasing Kubernetes, Istio, and gRPC. | ||||||||||
| Terraformer | 9,835 | 1 | 2 days ago | 20 | November 15, 2021 | 89 | apache-2.0 | Go | ||
| CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code | ||||||||||
| Homelab | 6,649 | a month ago | 17 | gpl-3.0 | Go | |||||
| Modern self-hosting framework, fully automated from empty disk to operating services with a single command. | ||||||||||
| Devops Guide | 6,318 | a month ago | 5 | mit | HTML | |||||
| DevOps Guide - Development to Production all configurations with basic notes to debug efficiently. | ||||||||||
| Docker Android | 5,451 | a month ago | 98 | other | Shell | |||||
| Android in docker solution with noVNC supported and video recording | ||||||||||
| Checkov | 5,421 |  | 4 | 6 hours ago | 2,207 | July 07, 2022 | 197 | apache-2.0 | Python | |
| Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew. | ||||||||||
| Guide | 5,336 | 2 months ago | 10 | mit | ||||||
| Kubernetes clusters for the hobbyist. | ||||||||||
| Steampipe | 5,013 | 3 | 6 hours ago | 352 | September 20, 2022 | 286 | agpl-3.0 | Go | ||
| Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required. | ||||||||||
Terraform Operator
Currently still in POC stage, there are plans to extend this functionality soon. Feel free to create issues but note it's only one person working here 😄
Simply want the binary run make.
Pre-requisites
The following are needed to run this repo:
Make sure to have also forked and cloned the repo if you are deploying with flux. This is recommended since it'll sync all your changes and help you to deploy consistently.
Building the operator
To build the operator image run the following:
IMG=<image-repo> make docker-build
Now push to your repo run:
IMG=<image-repo> make docker-push
Running Helm and Flux
To install helm flux please run the following:
kubectl create ns flux
Next we need to create the CRD's for helm operator in advance of creating the deployment:
kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/1.1.0/deploy/crds.yaml
Now we can add the fluxcd charts and run a install:
helm repo add fluxcd https://charts.fluxcd.io
helm upgrade -i flux fluxcd/flux \
--namespace flux \
--set [email protected]:krubot/terraform-operator \
--set git.readonly=true \
--set git.path=deploy \
--set rbac.pspEnabled=true
helm upgrade -i helm-operator fluxcd/helm-operator \
--namespace flux \
--set git.ssh.secretName=flux-git-deploy \
--set helm.versions=v3
The following need to now be run to get the pubic ssh key:
kubectl -n flux logs deployment/flux | grep identity.pub | cut -d '"' -f2
This should output should be the whole key which you add to your deployments configuration within your github repo. This key does not need write access so don't tick this box.
Running some tests
To test that the deployment please checkout the infra namespace and validate in the logs that the terraform operator is running correctly.
Workflow identity service account
If running this on the google kubernetes engine then make sure you have workload identity enable. The link below is to the terraform config argument where this must be set:
https://www.terraform.io/docs/providers/google/r/container_cluster.html#workload_identity_config
The using the gcloud cli you can generate the terraform-operator service account and permissions:
$ gcloud --project=<project> iam service-accounts create terraform-operator --display-name "Terraform operator service account"
$ gcloud --project=<project> iam service-accounts add-iam-policy-binding --role "roles/iam.workloadIdentityUser" --member "serviceAccount:<project>.svc.id.goog[infra/terraform-operator]" [email protected]<project>.iam.gserviceaccount.com
$ gcloud projects add-iam-policy-binding <project> --member='serviceAccount:[email protected]<project>.iam.gserviceaccount.com' --role='roles/storage.admin'
(<project> is the gcp project id)
This can be then added to the release values and used in the helm deploy:
serviceAccount:
create: true
name: terraform-operator
gcpServiceAccount:
create: true
name: [email protected]<project>.iam.gserviceaccount.com