Infrastructure as Code has gained a lot of traction within DevOps culture over the past ten years and brought significant changes how we manage IT infrastructure and its lifecycle. We want to deploy it as efficiently and frictionless as possible and there are many different tools available we can choose from. Using off-the-shelf SaaS solution can save us a lot of time and other resources needed to achieve that. At HashiConf'19 Terraform Cloud was announced and made generally available, which confirms IaC is getting more commodified and easily available as SaaS product.
This talk will focus on a detailed overview of Terraform Cloud features, such as remote execution, state/lock management, private modules/registry and others. Further it will examine how is Terraform Cloud abstracting complexity and amending current infrastructure deployment workflows. We will also look into CI/CD integration, collaboration features and discuss current shortcomings with possible upcoming features.
5. REFINING &
ADOPTING_
S. Wardley: value chain mapping
Thoughts
and ideas
Solution
attempts
Solution to
known problems
Refinement
of solutions
Very little
knowledge
Lots of
knowledge
product
Problem
definition
Solution
identification
Standardization
of solution
Industrialization
of solution
New
problems
Gartner: hype cycle
6. ABOUT
ME_ ●
Senior IT Consultant at The Scale Factory (DevOps consultancy,
AWS advanced consulting partner and K8s service provider)
●
IT system engineering background with extensive Linux and
virtualization experience
●
Certifications and competencies: AWS, CKA, RHEL, Hashi stack
●
Open source contributor and supporter
●
Fan of automation/simplifying things, hiking, cycling and travelling
7. TALK
AGENDA_
• Infrastructure as Code
• Terraform Cloud
• Abstracting complexity
• Automation and CI/CD integration
• Demo
• Conclusions and takeaways
8. INFRASTRUCTURE
AS CODE_
• Key attribute for enabling good DevOps practices:
– breaking organisational silos
– multi-team collaboration
• State visibility across estate
• Disposable infrastructure and reproducibility
• Higher delivery velocity and automation
• Better testing and lowering risk of errors
9. TERRAFORM
CLOUD_
• GA announced at HashiConf’19
• Extensible SaaS solution (API, registries, plug-ins)
• Abstraction of Terraform complexity
• Safe: 2-factor authentication & Vault secrets
• Collaboration: VCS integration, notifications, team
management and Web UI/API
• Fine-grained control: Sentinel policies, user roles,
cost estimation
• 160+ available providers
11. ABSTRACTING
COMPLEXITY_
●
Delegation of responsibility:
– State and lock management
– Remote/local execution & speculative plans
– Unified workflows
– Notifications
– Web UI
●
Same approach and structures (API / HCL)
●
Changing infrastructure deployment perspective
●
Of-the-shelf SaaS solution – commodity?
12. AUTOMATION
AND PIPELINES_
• Integration with major VCS providers: GitHub, GitLab, Bitbucket,
Azure DevOps
• Containers used as runtime (Terraform version)
• Auto or manual approvals
• Variables/secrets & state access using:
– TFE provider resources, i.e. tfe_variable
– terraform_remote_state data resource
• Private repositories and providers
• Caveats:
– Overwrites terraform.tfvars → *.auto.tfvars
– Special vars: CONFIRM_DESTROY, TFE_PARALLELISM
13. HOW TO
START_
●
Create organisation: team & workspaces
●
Two factor authentication (TOTP, SMS)
●
VCS integration
●
Credential tokens
●
Remote backend configuration
●
Workspace creation – automatically with
remote backend
●
API tokens, SSH keys & policies*