Why Automated Sync Policy?

At Camptocamp we have a huge experience in both Puppet and Terraform. This two tools use two different paradygm to apply configuration:

Pull for Puppet: an agent runs every 30 minutes on the server to deploy new configuration and ensure that every drift is fixed within half an hour at top,
Push for Terraform: as long as nobody really applies a Terraform manifest, nothing is deploy ; hence you code may not reflect what exists.

By experience, we know that it is hard to have hundreds of Terraform workspaces that always converge, hence with think that pull mode better fits GitOps philosophy.

To ensure continuous reconciliation, we enable Automated Sync Policy on our Applications. This forces us to be rigurous.