r/opentofu

TL;DR: Checkout OpenDepot an open-source Kubernetes native module and provider registry for OpenTofu and Terraform I built! OpenDepot Documentation

Deploy your very own local registry in minutes following the Local Quickstart Guide!

If you're still with me, now the full story!

I had tasked my team last year with implementing one of the open-source registry options that were available at the time. They spent months trying to get each one implemented in a manner that we deemed secure and appropriate for production. However, each failed to meet our requirements for safety and soundness. We eventually caved in and went to Artifactory since it had a mature OIDC implementation. However, this came with a high cost.

I soon saw this as an opportunity to leverage my years of experience in the Kubernetes and IaC space to build a registry that was cloud native, easy to deploy, and built with security in mind. From that realization, OpenDepot was born!

OpenDepot is the first completely Kubernetes native registry that implements the Module and Provider registry protocols for both OpenTofu and Terraform. See how it stacks up to other registries! Feature Comparison

With OpenDepot, if you have a Kubernetes cluster, the same auth mechanisms you use to get access to the cluster are the same mechanisms you can leverage to fetch modules and providers. OpenDepot can be setup in minutes, not days, weeks, or months. It's built from the ground up with security in mind: Authentication

OpenDepot got its name from its most prominent feature: the Depot controller. Most registries are push or webhook based; the Depot controller operates differently by providing a pull-based mechanism for modules and providers so you don't have to expose your cluster or open additional ports to ingest your artifacts. The Depot also serves as an easy migration path to OpenDepot: Depot (Pull Based)

My favorite and preferred approach for private modules is using GitOps with ArgoCD. This allows you to add new module versions right alongside the module code itself so your team can approve the module and version in the same Pull Request! GitOps with ArgoCD

OpenDepot currently supports the three major cloud providers AWS, Azure, and GCP. It also supports Filesystem based storage backed by a PVC with a Storage Class that provides ReadWriteMany access. The cloud providers also support pre-signed URLs so large downloads don't add stress to your infrastructure: Storage Backends

OpenDepot also has opt-in scanning for modules, provider binaries, and source code using Trivy: Vulnerability Scanning

Please, feel free to DM me, or post issues, feature requests, or whatever else on GitHub! I'm hoping people out there find this as useful as we did!

Hello fellow Cloud / Platform / SRE / DevOps / (whatever we are called these days) engineers!

You remember that time when you had to import a ton of resources into Terraform-managed state? I bet you do!

The hunt for those "ClickOpsed" resources, searching for the specific info needed to generate the import ID, jumping into the cloud dashboard to find a single value, or writing clever (but fragile) bash one-liners to sort it all out...

Well, I have good news for you: I've solved that problem!

Oh, Well... not the ClickOps part. That is probably never going away. But as I usually like to do... I built a tool to make the process easier, quicker, and more reliable!

tfimport figures out import IDs by looking directly at your OpenTofu/Terraform plan. When the plan doesn't provide all the right info, it is smart enough to look it up using the cloud provider SDKs!

✅ Supports OpenTofu, Terraform, and Terragrunt.
✅ Supports a large pool of resources across most major cloud providers.
✅ Free and Open Source.
✅ Available as builds/packages for your favorite OS (or just grab the binary!).

Check it out here: https://tfimport.coolapso.sh