SlideShare a Scribd company logo

Commodified IaC using Terraform Cloud

M
Marko Bevc

Infrastructure as Code has gained a lot of traction within DevOps culture over the past ten years and brought significant changes how we manage IT infrastructure and its lifecycle. We want to deploy it as efficiently and frictionless as possible and there are many different tools available we can choose from. Using off-the-shelf SaaS solution can save us a lot of time and other resources needed to achieve that. At HashiConf'19 Terraform Cloud was announced and made generally available, which confirms IaC is getting more commodified and easily available as SaaS product. This talk will focus on a detailed overview of Terraform Cloud features, such as remote execution, state/lock management, private modules/registry and others. Further it will examine how is Terraform Cloud abstracting complexity and amending current infrastructure deployment workflows. We will also look into CI/CD integration, collaboration features and discuss current shortcomings with possible upcoming features.

Technology
1 of 18
COMMODIFIED IaC USING TERRAFORM CLOUD_ Marko Bevc
COMMON COMMODITIES_
POWER AS COMMODITY_
REFINING & ADOPTING_ S. Wardley: value chain mapping Thoughts and ideas Solution attempts Solution to known problems Refinement of solutions Very little knowledge Lots of knowledge product Problem definition Solution identification Standardization of solution Industrialization of solution New problems Gartner: hype cycle
ABOUT ME_ ● Senior IT Consultant at The Scale Factory (DevOps consultancy, AWS advanced consulting partner and K8s service provider) ● IT system engineering background with extensive Linux and virtualization experience ● Certifications and competencies: AWS, CKA, RHEL, Hashi stack ● Open source contributor and supporter ● Fan of automation/simplifying things, hiking, cycling and travelling
TALK AGENDA_ • Infrastructure as Code • Terraform Cloud • Abstracting complexity • Automation and CI/CD integration • Demo • Conclusions and takeaways
INFRASTRUCTURE AS CODE_ • Key attribute for enabling good DevOps practices: – breaking organisational silos – multi-team collaboration • State visibility across estate • Disposable infrastructure and reproducibility • Higher delivery velocity and automation • Better testing and lowering risk of errors
TERRAFORM CLOUD_ • GA announced at HashiConf’19 • Extensible SaaS solution (API, registries, plug-ins) • Abstraction of Terraform complexity • Safe: 2-factor authentication & Vault secrets • Collaboration: VCS integration, notifications, team management and Web UI/API • Fine-grained control: Sentinel policies, user roles, cost estimation • 160+ available providers
TERRAFORM CLOUD ARCHITECTURE_ Cloud / Enterprise OSS CLI Source: https://www.terraform.io/
ABSTRACTING COMPLEXITY_ ● Delegation of responsibility: – State and lock management – Remote/local execution & speculative plans – Unified workflows – Notifications – Web UI ● Same approach and structures (API / HCL) ● Changing infrastructure deployment perspective ● Of-the-shelf SaaS solution – commodity?
AUTOMATION AND PIPELINES_ • Integration with major VCS providers: GitHub, GitLab, Bitbucket, Azure DevOps • Containers used as runtime (Terraform version) • Auto or manual approvals • Variables/secrets & state access using: – TFE provider resources, i.e. tfe_variable – terraform_remote_state data resource • Private repositories and providers • Caveats: – Overwrites terraform.tfvars → *.auto.tfvars – Special vars: CONFIRM_DESTROY, TFE_PARALLELISM
HOW TO START_ ● Create organisation: team & workspaces ● Two factor authentication (TOTP, SMS) ● VCS integration ● Credential tokens ● Remote backend configuration ● Workspace creation – automatically with remote backend ● API tokens, SSH keys & policies*
$ cat ~/.terraformrc -------------------- plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" disable_checkpoint = true credentials "app.terraform.io" { token = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" } backend.tf: ----------- terraform { backend "remote" { organization = "my-org" workspaces { name = "demo-tf-remote" } } }
REMOTE RUNS_ •
TIME FOR DEMO!_
CONCLUSIONS_ & TAKEAWAYS ● Complexity delegation (state, locking, execution, ...) ● Automation and deployment workflow integration ● Careful not storing/emitting secrets in configurations and logs ● Non-free and beta features: cost estimation, polices, run triggers, ... ● Room for improvement: default is remote, custom Docker images, cloud SAML/SSO and audit logs/compliance,… ● Shift left practice and platform convergence (multi/poly-cloud) → IaC as software delivered commodity
CONTACTS_ & RESOURCES ● “Make things as simple as possible, but not simpler.” A. Einstein ● Twitter: @_MarkoB ● GitHub / GitLab: @mbevc1 ● LinkedIn: https://www.linkedin.com/in/marko-bevc/ ● Resources: – https://www.thehistoricalarchive.com/happenings/57/the-history-of-elec tricity-a-timeline/ – https://en.wikipedia.org/wiki/Wardley_map – https://en.wikipedia.org/wiki/Hype_cycle – https://en.wikipedia.org/wiki/Infrastructure_as_code – https://terraform.cloud – https://www.hashicorp.com/cloud-operating-model – https://www.terraform.io/docs/cloud/run/cli.html – https://www.hashicorp.com/products/terraform/pricing/

Recommended

Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysMitchell Pronschinske
 
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Mitoc Group
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes Mitchell Pronschinske
 
Vault 1.5 Overview
Vault 1.5 OverviewVault 1.5 Overview
Vault 1.5 OverviewMitchell Pronschinske
 
Extending HashiCorp Nomad with Plugins
Extending HashiCorp Nomad with PluginsExtending HashiCorp Nomad with Plugins
Extending HashiCorp Nomad with PluginsMitchell Pronschinske
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Stenio Ferreira
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar Mitchell Pronschinske
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloudMitchell Pronschinske
 

Recommended

Consul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysConsul 1.6: Layer 7 Traffic Management and Mesh Gateways
Consul 1.6: Layer 7 Traffic Management and Mesh GatewaysMitchell Pronschinske
 
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020
Hands-On Terraform Module for AWS Landing Zone at HashiTalks2020Mitoc Group
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes Mitchell Pronschinske
 
Vault 1.5 Overview
Vault 1.5 OverviewVault 1.5 Overview
Vault 1.5 OverviewMitchell Pronschinske
 
Extending HashiCorp Nomad with Plugins
Extending HashiCorp Nomad with PluginsExtending HashiCorp Nomad with Plugins
Extending HashiCorp Nomad with PluginsMitchell Pronschinske
 
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...
Secure and Convenient Workflows: Integrating HashiCorp Vault with Pivotal Clo...Stenio Ferreira
 
Vault 1.4 launch webinar
Vault 1.4 launch webinar Vault 1.4 launch webinar
Vault 1.4 launch webinar Mitchell Pronschinske
 
Using new sentinel features in terraform cloud
Using new sentinel features in terraform cloudUsing new sentinel features in terraform cloud
Using new sentinel features in terraform cloudMitchell Pronschinske
 
Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerSujay Pillai
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewStenio Ferreira
 
Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10Mitchell Pronschinske
 
Vault Digital Transformation
Vault Digital TransformationVault Digital Transformation
Vault Digital TransformationStenio Ferreira
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsAshish Mrig
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
Cloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudCloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudShapeBlue
 
PaaS Ecosystem Overview
PaaS Ecosystem OverviewPaaS Ecosystem Overview
PaaS Ecosystem OverviewDmitry Meytin
 
Webinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloadsWebinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloadsScaleway
 
CloudStack news
CloudStack newsCloudStack news
CloudStack newsShapeBlue
 
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...Lviv Startup Club
 
Building Enterprise Cloud Apps
Building Enterprise Cloud AppsBuilding Enterprise Cloud Apps
Building Enterprise Cloud AppsAmazon Web Services
 
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...Amazon Web Services
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMShapeBlue
 
Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere Janos Matyas
 
Introduction to IAC and Terraform
Introduction to IAC and Terraform Introduction to IAC and Terraform
Introduction to IAC and Terraform Venkat NaveenKashyap Devulapally
 
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Fwdays
 
CloudStack Clients and Tools
CloudStack Clients and ToolsCloudStack Clients and Tools
CloudStack Clients and ToolsSebastien Goasguen
 
Apache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First LookApache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First LookShanker Balan
 
PaaS: An Introduction
PaaS: An IntroductionPaaS: An Introduction
PaaS: An IntroductionLakmal Warusawithana
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Jelastic for Hosting & MSP
Jelastic for Hosting & MSPJelastic for Hosting & MSP
Jelastic for Hosting & MSPDmitry Lazarenko
 

More Related Content

What's hot

Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerSujay Pillai
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewStenio Ferreira
 
Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10Mitchell Pronschinske
 
Vault Digital Transformation
Vault Digital TransformationVault Digital Transformation
Vault Digital TransformationStenio Ferreira
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsAshish Mrig
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Katherine Golovinova
 
Cloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudCloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudShapeBlue
 
PaaS Ecosystem Overview
PaaS Ecosystem OverviewPaaS Ecosystem Overview
PaaS Ecosystem OverviewDmitry Meytin
 
Webinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloadsWebinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloadsScaleway
 
CloudStack news
CloudStack newsCloudStack news
CloudStack newsShapeBlue
 
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...Lviv Startup Club
 
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...Amazon Web Services
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMShapeBlue
 
Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere Janos Matyas
 
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Fwdays
 
Apache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First LookApache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First LookShanker Balan
 

What's hot (20)

Rover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker ContainerRover: Implementing Landing Zone Using Docker Container
Rover: Implementing Landing Zone Using Docker Container
 
Hashicorp Corporate and Product Overview
Hashicorp Corporate and Product OverviewHashicorp Corporate and Product Overview
Hashicorp Corporate and Product Overview
 
Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10Service Mesh With Consul Connect and Nomad 0.10
Service Mesh With Consul Connect and Nomad 0.10
 
Vault Digital Transformation
Vault Digital TransformationVault Digital Transformation
Vault Digital Transformation
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data Platforms
 
Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?Infrastructure as Code for Azure: ARM or Terraform?
Infrastructure as Code for Azure: ARM or Terraform?
 
Cloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudCloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloud
 
PaaS Ecosystem Overview
PaaS Ecosystem OverviewPaaS Ecosystem Overview
PaaS Ecosystem Overview
 
Webinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloadsWebinar - Relying on Bare Metal to manage your workloads
Webinar - Relying on Bare Metal to manage your workloads
 
CloudStack news
CloudStack newsCloudStack news
CloudStack news
 
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
Sergii Bielskyi "Using Kafka and Azure Event hub together for streaming Big d...
 
Building Enterprise Cloud Apps
Building Enterprise Cloud AppsBuilding Enterprise Cloud Apps
Building Enterprise Cloud Apps
 
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
(ENT201) New Generation Hybrid Architectures with Suncorp, NetApp, and AWS | ...
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
 
Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere Docker based Hadoop provisioning - anywhere
Docker based Hadoop provisioning - anywhere
 
Introduction to IAC and Terraform
Introduction to IAC and Terraform Introduction to IAC and Terraform
Introduction to IAC and Terraform
 
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...
 
CloudStack Clients and Tools
CloudStack Clients and ToolsCloudStack Clients and Tools
CloudStack Clients and Tools
 
Apache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First LookApache CloudStack 4.2: A First Look
Apache CloudStack 4.2: A First Look
 
PaaS: An Introduction
PaaS: An IntroductionPaaS: An Introduction
PaaS: An Introduction
 

Similar to Commodified IaC using Terraform Cloud

TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Jelastic for Hosting & MSP
Jelastic for Hosting & MSPJelastic for Hosting & MSP
Jelastic for Hosting & MSPDmitry Lazarenko
 
Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Cask Data
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeRobert van Mölken
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Private Cloud with Open Stack, Docker
Private Cloud with Open Stack, DockerPrivate Cloud with Open Stack, Docker
Private Cloud with Open Stack, DockerDavinder Kohli
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld
 
HOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLDHOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLDAleksandr Maklakov
 
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudCloudify Community
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO DevOps with ActiveMQ, Camel, Fabric8, and HawtIO
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO Christian Posta
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los AngelesVMware Tanzu
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Lucas Jellema
 
Jelastic DevOps Platform Product Overview for ISVs
Jelastic DevOps Platform Product Overview for ISVsJelastic DevOps Platform Product Overview for ISVs
Jelastic DevOps Platform Product Overview for ISVsJelastic Multi-Cloud PaaS
 
Data(?)Ops with CircleCI
Data(?)Ops with CircleCIData(?)Ops with CircleCI
Data(?)Ops with CircleCIJinwoong Kim
 

Similar to Commodified IaC using Terraform Cloud (20)

TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdf
 
Jelastic for Hosting & MSP
Jelastic for Hosting & MSPJelastic for Hosting & MSP
Jelastic for Hosting & MSP
 
Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?Webinar: What's new in CDAP 3.5?
Webinar: What's new in CDAP 3.5?
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
 
Private Cloud with Open Stack, Docker
Private Cloud with Open Stack, DockerPrivate Cloud with Open Stack, Docker
Private Cloud with Open Stack, Docker
 
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
VMworld 2015: Build and Run Cloud Native Apps in your Software Defined Data C...
 
HOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLDHOW TO DRONE.IO IN CI/CD WORLD
HOW TO DRONE.IO IN CI/CD WORLD
 
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO DevOps with ActiveMQ, Camel, Fabric8, and HawtIO
DevOps with ActiveMQ, Camel, Fabric8, and HawtIO
 
DCHQ
DCHQDCHQ
DCHQ
 
.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles.NET Cloud-Native Bootcamp- Los Angeles
.NET Cloud-Native Bootcamp- Los Angeles
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
Cmake kitware
Cmake kitwareCmake kitware
Cmake kitware
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
 
Jelastic DevOps Platform Product Overview for ISVs
Jelastic DevOps Platform Product Overview for ISVsJelastic DevOps Platform Product Overview for ISVs
Jelastic DevOps Platform Product Overview for ISVs
 
Data(?)Ops with CircleCI
Data(?)Ops with CircleCIData(?)Ops with CircleCI
Data(?)Ops with CircleCI
 

More from Marko Bevc

Using HCP Waypoint
Using HCP WaypointUsing HCP Waypoint
Using HCP WaypointMarko Bevc
 
Efficient Kubernetes scaling using Karpenter
Efficient Kubernetes scaling using KarpenterEfficient Kubernetes scaling using Karpenter
Efficient Kubernetes scaling using KarpenterMarko Bevc
 
Nodeless scaling with Karpenter
Nodeless scaling with KarpenterNodeless scaling with Karpenter
Nodeless scaling with KarpenterMarko Bevc
 
Seamless scaling of Kubernetes nodes
Seamless scaling of Kubernetes nodesSeamless scaling of Kubernetes nodes
Seamless scaling of Kubernetes nodesMarko Bevc
 
How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?Marko Bevc
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Marko Bevc
 
Terraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesTerraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesMarko Bevc
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Marko Bevc
 
Terraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesTerraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesMarko Bevc
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Marko Bevc
 

More from Marko Bevc (10)

Using HCP Waypoint
Using HCP WaypointUsing HCP Waypoint
Using HCP Waypoint
 
Efficient Kubernetes scaling using Karpenter
Efficient Kubernetes scaling using KarpenterEfficient Kubernetes scaling using Karpenter
Efficient Kubernetes scaling using Karpenter
 
Nodeless scaling with Karpenter
Nodeless scaling with KarpenterNodeless scaling with Karpenter
Nodeless scaling with Karpenter
 
Seamless scaling of Kubernetes nodes
Seamless scaling of Kubernetes nodesSeamless scaling of Kubernetes nodes
Seamless scaling of Kubernetes nodes
 
How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?How secure are your Terraform sensitive values?
How secure are your Terraform sensitive values?
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 
Terraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesTerraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modules
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 
Terraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modulesTerraform 0.13: Rise of the modules
Terraform 0.13: Rise of the modules
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

Commodified IaC using Terraform Cloud

  • 1.
  • 5. REFINING & ADOPTING_ S. Wardley: value chain mapping Thoughts and ideas Solution attempts Solution to known problems Refinement of solutions Very little knowledge Lots of knowledge product Problem definition Solution identification Standardization of solution Industrialization of solution New problems Gartner: hype cycle
  • 6. ABOUT ME_ ● Senior IT Consultant at The Scale Factory (DevOps consultancy, AWS advanced consulting partner and K8s service provider) ● IT system engineering background with extensive Linux and virtualization experience ● Certifications and competencies: AWS, CKA, RHEL, Hashi stack ● Open source contributor and supporter ● Fan of automation/simplifying things, hiking, cycling and travelling
  • 7. TALK AGENDA_ • Infrastructure as Code • Terraform Cloud • Abstracting complexity • Automation and CI/CD integration • Demo • Conclusions and takeaways
  • 8. INFRASTRUCTURE AS CODE_ • Key attribute for enabling good DevOps practices: – breaking organisational silos – multi-team collaboration • State visibility across estate • Disposable infrastructure and reproducibility • Higher delivery velocity and automation • Better testing and lowering risk of errors
  • 9. TERRAFORM CLOUD_ • GA announced at HashiConf’19 • Extensible SaaS solution (API, registries, plug-ins) • Abstraction of Terraform complexity • Safe: 2-factor authentication & Vault secrets • Collaboration: VCS integration, notifications, team management and Web UI/API • Fine-grained control: Sentinel policies, user roles, cost estimation • 160+ available providers
  • 10. TERRAFORM CLOUD ARCHITECTURE_ Cloud / Enterprise OSS CLI Source: https://www.terraform.io/
  • 11. ABSTRACTING COMPLEXITY_ ● Delegation of responsibility: – State and lock management – Remote/local execution & speculative plans – Unified workflows – Notifications – Web UI ● Same approach and structures (API / HCL) ● Changing infrastructure deployment perspective ● Of-the-shelf SaaS solution – commodity?
  • 12. AUTOMATION AND PIPELINES_ • Integration with major VCS providers: GitHub, GitLab, Bitbucket, Azure DevOps • Containers used as runtime (Terraform version) • Auto or manual approvals • Variables/secrets & state access using: – TFE provider resources, i.e. tfe_variable – terraform_remote_state data resource • Private repositories and providers • Caveats: – Overwrites terraform.tfvars → *.auto.tfvars – Special vars: CONFIRM_DESTROY, TFE_PARALLELISM
  • 13. HOW TO START_ ● Create organisation: team & workspaces ● Two factor authentication (TOTP, SMS) ● VCS integration ● Credential tokens ● Remote backend configuration ● Workspace creation – automatically with remote backend ● API tokens, SSH keys & policies*
  • 14. $ cat ~/.terraformrc -------------------- plugin_cache_dir = "$HOME/.terraform.d/plugin-cache" disable_checkpoint = true credentials "app.terraform.io" { token = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" } backend.tf: ----------- terraform { backend "remote" { organization = "my-org" workspaces { name = "demo-tf-remote" } } }
  • 17. CONCLUSIONS_ & TAKEAWAYS ● Complexity delegation (state, locking, execution, ...) ● Automation and deployment workflow integration ● Careful not storing/emitting secrets in configurations and logs ● Non-free and beta features: cost estimation, polices, run triggers, ... ● Room for improvement: default is remote, custom Docker images, cloud SAML/SSO and audit logs/compliance,… ● Shift left practice and platform convergence (multi/poly-cloud) → IaC as software delivered commodity
  • 18. CONTACTS_ & RESOURCES ● “Make things as simple as possible, but not simpler.” A. Einstein ● Twitter: @_MarkoB ● GitHub / GitLab: @mbevc1 ● LinkedIn: https://www.linkedin.com/in/marko-bevc/ ● Resources: – https://www.thehistoricalarchive.com/happenings/57/the-history-of-elec tricity-a-timeline/ – https://en.wikipedia.org/wiki/Wardley_map – https://en.wikipedia.org/wiki/Hype_cycle – https://en.wikipedia.org/wiki/Infrastructure_as_code – https://terraform.cloud – https://www.hashicorp.com/cloud-operating-model – https://www.terraform.io/docs/cloud/run/cli.html – https://www.hashicorp.com/products/terraform/pricing/