5 Takeaways From “Behind the Curtain: The Road to Terraform”
How much time are you wasting initializing your Terraform environments?
If your answer is, “more than we should,” then we have some tips for you.
Terraform is a popular infrastructure-as-code (IaC) tool for anyone who deploys to the cloud. We use it here at JFrog to help manage infrastructure for our SaaS customers, and recently added support in Artifactory to manage your Terraform files (provider, modules, and backend).
To that end, the JFrog DevOps and R&D teams recently pulled back the curtain and shared their experience with improving our own use of Terraform – what they changed and how it enhances your daily work – and how that effort contributed to building the new Terraform support in Artifactory. You should definitely watch the recording of that webinar (it’s under 30 min), but here are a few useful takeaways.
Five Major Steps to Improve Terraform Usage
The JFrog Infrastructure team is a heavy user of Terraform. They’re managing around 50 clusters, running in 40 different regions across 3 cloud providers, and managing 130 terraform workspaces. That’s serious scale to maintain. To streamline infrastructure operations, the team identified five areas to improve:
- Infrastructure Alignment – Align your current infrastructure to be managed only using infrastructure-as-code. Consolidating your approach will eliminate manual work and needing to maintain multiple tools. Without properly configured IaC managing a massive infrastructure layer is almost impossible – naming conventions, security standards, delivery time, and change logging all create challenges.
- Dev and Production Branches – Create a workflow that enables you to change the model without breaking workspaces. Branches per feature/environment can cause a lot of drift and cause challenges understanding which configuration was running on a given environment
- Master Branch for Modules – Leverage one master branch for the models repository with tags per model.
- An Orchestrator Over Terraform – Run all your Terraform workspaces automatically every day to detect drift. Split the permissions between different groups that consume your Terraform code and run logical code before and after every step – before/after the plan, before/after apply, etc.
- Models Decoupling – Eliminating interdependence between your data models empowers you to work on a data layer without needing to address drift that may be occurring in another layer. The JFrog team split their data models into four main models: networking layer, K8s layer, database layer and object storage.
How Artifactory can Help Optimize Your Terraform Usage
At JFrog, we eat what we cook. As our DevOps team worked on improving our own Terraform usage they collaborated with the Artifactory R&D team to build the necessary functionality into Artifactory to support the team’s Terraform initiatives. The result is the Terraform functionality available today – which includes local, remote and virtual repositories for your Terraform providers and modules as well as repositories for your backend state files.
Using Artifactory to host and manage your Terraform files transitions you from source control management to binaries. Rather than resolve modules directly from source control, those modules become binaries with all the benefits: checksum and checksum deploy, immutability, version controls, better security, and more. Using an Artifactory remote repository to proxy the official Hashicorp registry, you gain immutable, always-available access to that external resource. Combining your private and public registries into a virtual repository in Artifactory provides a single, managed access point for Terraform files.
Artifactory’s backend repository solution leverages a local repository implementation that supports Terraform remote backends including workspaces and locking mechanism. Migrate your existing backend solution to Artifactory using the JFrog CLI and benefit from managing all your users in one place, encrypted state content in the actual object storage, full state history, monitoring state actions/activities, and SmartDiff for state differences.
For more details on the benefits of using Artifactory to manage your Terraform files, as well as a live view of the solution, you can watch the Terraform webinar on demand. You can also try Artifactory for free, or request an Artifactory demo with one of our solution engineers.