Manage Infrastructure Using the Terraform Controller with Weave GitOps
Weave GitOps’ Terraform Controller lets you bring GitOps principles to Kubernetes infrastructure to achieve end-to-end automation of the application development lifecycle.
In the pursuit of end-to-end automation of software delivery, GitOps became a widely accepted practice for implementing continuous deployment through Kubernetes. It has successfully provided greater autonomy to developers, enabling them to move faster by building a streamlined stack of deployment tools.
Infrastructure-as-code (IaC) tools like Terraform are a great option to manage infrastructure. However, as operations mature, inefficiencies creep into an IaC stack making it hard to scale and automate the system. To extend the benefits of GitOps to every part of your infrastructure, Weave GitOps (Assured & Enterprise) has introduced Terraform Controller to automate infrastructure management using Terraform and Kubernetes. It enables you to ensure your Terraform resources are immune to configuration drifts and brings you the benefits of GitOps.
But before we learn more about Terraform Controller and how it helps with Terraform management, let’s briefly look at what Terraform is.
Terraform for Safe Infrastructure Configuration
Built by HashiCorp, Terraform is an open-source and IaC tool enabling you to build, update, and version infrastructure quickly. It describes the desired end state of the infrastructure using a high-level configuration language known as HCL (HashiCorp Configuration Language). Terraform can be used to automate the provisioning of Kubernetes clusters on the cloud to enable continuous deployment of applications into a cluster. It uses Sentinel, a policy-as-code framework, to automate compliance and guardrail enforcement.
This is where Terraform Controller helps your application delivery lifecycle by streamlining the end-to-end operations by bringing both teams on a single interface.
Terraform Controller - Managing Terraform resources, the GitOps way
Terraform Controller has its roots in a Flux controller that allows you to implement GitOps principles while managing infrastructure through Terraform resources. The controller will bridge Kubernetes and Terraform, automating Terraform approvals and storing the results as Kubernetes secrets. It offers various functionalities that enable seamless integration between Terraform and Kubernetes.
- GitOps Automation Model: Automate end-to-end Terraform management, including provisioning by enforcing GitOps principles of a single source of truth and continuous reconciliation. It lets you streamline coordination between the development and the platform teams, facilitating faster application development.
- Hybrid GitOps Automation Model: You can select the parts of your infrastructure management and Terraform resources for which you want to use GitOps. You can implement GitOps just for the node group or security group. In this model, you can bypass the complexity of handling HCL files and standards.
- State Enforcement Model: If you have a <TFSTATE> file, you can enforce just that using GitOps, without changing anything else, making infrastructure management a smooth process through automation and autonomy.
- Drift Detection Model: You can implement the GitOps concept to detect and determine the remediation approach you want to take when a drift is identified. A visual representation of your ecosystem’s existing dependencies helps you understand what went wrong and where.
Advantages of Terraform Controller
Breaks down silos between code & infrastructure
Weave GitOps allows you to bring your developers and platforms team onto a single platform for streamlined coordination regardless of where the source code is running. It automates continuous deployment through agents, while the teams can monitor both application deployment and infrastructure concurrently.
Figure: Seamless dashboard to control your environment
Effective monitoring through dependency graphs
Terraform Controller offers a unique feature of dependency graphs for efficient infrastructure management. It maps how every workload depends on others, both upstream and downstream.
UI for Deeper Visibility
Terraform Controller’s UI shows the status of Terraform managed resources that can include any cloud resources across many cloud providers. The UI shows you the status of Terraform deployments and allows you to plan on demand. This helps to know the health of your system at any time, and be more strategic with decision making.
Figure: Dependencies are mapped for easy understanding
Reduce HCL complexity for engineers
Developers can use the resource templates and predefined forms to outline different variables and values in the YAML files, such as cluster identifiers and database names. With this, Terraform Controller eliminates the need for developers to dabble with HCL syntaxes so that they can spend more time writing code instead of worrying about infrastructure.
Figure: Check YAML for everything
Enforce policy with zero dependencies on Sentinel
Terraform Controller allows you to enforce compliance regulations like GDPR and set policies for your infrastructure, offering a secure self-service platform for accelerated application development. Terraform Controller’s drift detection notifies operators when drift has occurred from the desired state in the git repository, allowing investigation and corrective action. You can also define events and integrate the notification system with any platform you want.
Make Terraform highly scalable
Weave GitOps is investing significant effort and resources to make Terraform Controller highly scalable to reconcile and provision a high volume of Terraform modules. Currently, it is capable of running 1,500 modules concurrently.
Improve user experience for the platforms team
Weave GitOps allows platform engineers the same benefits that developers enjoy with end-to-end automation and autonomous workflow. It also allows you to use any cloud platform, including AWS, Google Cloud, and Azure, to configure Terraform resources, and extends compatibility with a customized software stack, including databases and networking.
Figure: Single point view to view all the details of an object
GitOps-ify Your Infrastructure with Terraform Controller
Automation across software development lifecycles to deliver applications faster has become a business necessity. While both GitOps and infrastructure-as-code streamline deployments and infrastructure management, they don’t have to be two isolated system functions. Terraform Controller lets you implement GitOps principles to infrastructure management by Terraform. It enables you to implement constant reconciliation, monitor your system comprehensively, and enhance the experience for platform engineers.
The team at Weaveworks is actively working to improve the Terraform Controller to give it newer features adding more use cases. Weave GitOps is taking GitOps practices to your infrastructure no matter where it runs. Through advanced features like GitOps templates, policy-as-code integration, and effective monitoring mechanisms Weave GitOps is bringing a new level of ease and capability to your Terraform and Kubernetes workflows.