Managing Infrastructure From Kubernetes with the HashiCorp Terraform Operator

栏目: IT技术 · 发布时间: 4年前

HashiCorp has released the alpha version of Terraform operator for Kubernetes to manage infrastructure as code calling Terraform Cloud from Kubernetes. After installing the operator, users can synchronize Terraform workspaces using Kubernetes manifests. Then, applications running in Kubernetes can reference Terraform outputs using ConfigMaps. For now, this operator only works for Terraform Cloud.

The Terraform operator was created for use cases where developers want to provision infrastructure like a queue in AWS SQS using the Kubernetes interface. To get started, users need to create a token in their Terraform Cloud organization, both free and paid version works, and stored it as a secret in Kubernetes. Then, install the operator using Helm . Once the operator is running, users can start creating Terraform workspaces using Kubernetes manifests. The operator can create, update, and retrieve values from Terraform workspaces, execute a run in Terraform Cloud, and update Terraform workspace status in Kubernetes.

Managing Infrastructure From Kubernetes with the HashiCorp Terraform Operator

To provision infrastructure, it’s necessary to define a Terraform module first so that Kubernetes only sends the input parameters for the module. Developers don’t define nor interact with a Terraform template within a Kubernetes manifest. The reason for this is for design simplicity and reduces the number of custom resource definitions (CRDs) in the cluster. Developers create a Terraform workspace manifest and define the values for each of the Terraform module inputs they want to use. When an infrastructure resource is ready, developers can access the module outputs via ConfigMaps, like the AWS SQS endpoint. Then, reference these values from the application running in Kubernetes.

For every change in the Terraform workspace object, the operator picks it up, except for any sensitive information like the AWS secret keys, and apply it automatically with the auto-approve parameter. Also, to delete resources, users can delete the Terraform workspace using the Kubernetes API by running a command like kubectl delete workspace sqs-queue .

Internally, the Terraform workspace controller reconciles the Kubernetes workspace CRD with a Terraform Cloud workspace. To perform a change, the operator runs the terraform apply -auto-approve to perform changes automatically, but users can use Sentinel to validate changes before applying them. The operator is namespace-scoped for security reasons. Users need an access token via secrets to interact with Terraform Cloud, and giving access to only namespaces reduces risks.

Managing Infrastructure From Kubernetes with the HashiCorp Terraform Operator

In this alpha release, the operator works only for Terraform Cloud . And Rosemary Wang , developer advocate at HashiCorp, in a recent virtual office hour said: we scoped it to Terraform Cloud usage because we wanted to make sure we understand the behavior of it and didn’t want to add too much logic into the operator. If the community needs support for other backends like AWS S3, Wang encouraged users of the Terraform open-source version to open an issue in the GitHub repository and explain its use case.

Additionally, the Terraform operator allows developers to provision infrastructure for on-premise environments and not just only in the cloud or SaaS providers like the service broken API does.

To learn more about the Terraform operator, visit the GitHub page .


以上所述就是小编给大家介绍的《Managing Infrastructure From Kubernetes with the HashiCorp Terraform Operator》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

必然

必然

凯文·凯利 (Kevin Kelly) / 周峰、董理、金阳 / 译言·东西文库/电子工业出版社 / 2016-1-1 / 58

《必然》的作者凯文·凯利,被称为“硅谷精神之父”和“世界互联网教父”。前两部《失控》和《科技想要什么》在中国出版后,引起巨大反响。书中凯文·凯利对十二种必然的科技力量加以详细的阐述,并描绘出未来三十年这些趋势如何形成合力指引我们前行的方向。 作者凯文·凯利基于过往从业经历和对未来趋势的敏锐观察对十二个关键词“形成”“知化”“流动”“屏读”“使用”“共享”“过滤”“重混”“互动”“追踪”“提问......一起来看看 《必然》 这本书的介绍吧!

CSS 压缩/解压工具
CSS 压缩/解压工具

在线压缩/解压 CSS 代码

随机密码生成器
随机密码生成器

多种字符组合密码

XML、JSON 在线转换
XML、JSON 在线转换

在线XML、JSON转换工具