When developing container-based services that will be orchestrated by Kubernetes, Terraform is an essential part of your artifact ecosystem. These infrastructure-as-code configuration files help automate the provisioning and maintenance of the cloud environments where your K8s applications will run.
That’s why it’s great news that you can now store your Terraform modules, providers, and remote state files in Artifactory as a part of your software supply chain. Keeping these IaC files in JFrog-powered repositories alongside those for Docker images and Helm charts puts Artifactory to use as your comprehensive Kubernetes registry – a traceable path for all your cloud native apps that are delivered through your secure circle of trust.
What is Terraform?
Terraform is a widely used open source infrastructure-as-code software tool to manage the entire lifecycle of cloud service infrastructure. By codifying cloud APIs into declarative configuration files, Terraform enables a uniform way to provision, adjust, and tear down infrastructure in a cloud provider, across many instances.
This is an essential practice of GitOps, a developer-centered experience in managing infrastructure provisioning and deployment through the same tools and processes used for software development. Under this practice, Terraform modules are stored in a Git VCS repository, with the state of production systems automatically managed through Git pull requests. This helps make the trail of systems state changes visible to developers.
Terraform in Artifactory
So why should you keep a Terraform module registry in a binary repository manager like Artifactory? Because, like your builds, your Terraform modules are a key part of your software supply chain and software delivery into production Kubernetes.
While every application begins with source code, it’s your binaries that pass through your pipeline stages before resulting in a deliverable piece of software. And in the complex dependency tree of modern applications, any change in that supply chain may trigger a new build.
By keeping your Terraform modules and providers in Artifactory registries, they become part of your software supply chain’s secure circle of trust, protected through the JFrog Platform’s authenticated access, checksum verification, and fine-grained permissions management. You can better associate those Terraform assets with the immutable builds and other artifacts they are meant for. Co-locating your Terraform modules, providers, and Helm Charts with your Docker images, you can more easily manage them through all promotion stages of your SDLC from development to testing and production.
Incorporating your Terraform and Helm artifacts with your packages and build metadata in Artifactory, you gain the most direct traceable path of what is being delivered into production. If you need to roll back to an earlier build, your automation can also know which Terraform configuration to apply for that build.
Types of Terraform Repositories
With Artifactory, you can maintain registries for three types of Terraform artifacts:
- Terraform Modules – a set of one or more Terraform configuration (
.tf) files in a single directory. Each file uses a declarative language to tell Terraform how to manage a given collection of infrastructure.
- Terraform Providers – Terraform plugins that enable users to manage an upstream API to configure a cloud platform or service.
- Terraform Backend Repository – serves as a remote state data store for state snapshots to share between all members of a team when used as a backend .
Artifactory supports local repositories for Terraform backend repositories, and all these types of repositories for both Terraform module and Terraform provider registries:
- Local Repositories – Private registries that are accessible only within your organization’s network.
- Remote Repositories – A proxy of an external registry (such as the public Terraform registry) that provides a cached version for locality and availability.
- Virtual Repositories – A logical repository that encapsulates any set of local and remote repositories of the same package type, accessed from a single URL.
JFrog BinOps Boosts GitOps
Declarative IaC tools like Terraform and orchestration tools like Helm charts are important parts of GitOps for a developer-enabling way to manage cloud infrastructure for K8s.
Taking charge of your Terraform registries with Artifactory, making them part of your Kubernetes registry, also puts the principles of BinOps – the JFrog DevOps Platform’s proven binaries-centric approach for successful software delivery – to work to further accelerate cloud native development.
These BinOps methods enabled by the JFrog Platform don’t compete with or replace GitOps – they partner your GitOps procedures with the best practices of software supply chain management to empower developers even more.
Don’t just take our word for it. Try it yourself for free.