Skip to main content

Enabling Drift Protection

Drift protection instructs the controller to periodically check for drift between the desired state and the upstream cloud provider; this could occur due to someone or something changing the configuration outside of the scope of terraform i.e. on the cloud console, API and so forth. The time frame is configured by the platform team, see Drift Detection for details.

When a configuration is detected as out of sync the status of the resource is updated and a kubernetes event is raised.

$ kubectl -n apps get configurations.terraform.appvia.io
NAME     MODULE                                                                            SECRET   ESTIMATED     SYNCHRONIZED   AGE
bucket   https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v3.1.0   test     Not Enabled   OutOfSync      3m5s

Enabling Drift Detection

To enable drift detection on a Configuration set spec.enableDriftDetection: true.

apiVersion: terraform.appvia.io/v1alpha1
kind: Configuration
metadata:
  name: bucket
spec:
  module: https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v3.1.0
  providerRef:
    name: aws
  # You can enable drift protection as so
  enableDriftDetection: true