The diagram above illustrates the general idea of the workflow which can be simplified into the following bullet points:
- deployment artifact is fixed by versioning all the modules, providers
- deployment environment is fixed by using immutable docker image
- deployment process (.gitlab-ci.yml) is extensible
- all history of deployments are recorded in commit and pipeline history
- fine access control can be achieved with Gitlab Runner, Gitlab User, protected branch feature etc.
A rudimentary terraform deployment pipeline visually:
simple implementation of terraform GitOps workflow
pseudo .gitlab-ci.yml snippet:
pipeline code snippet
In a production-ready system, more details should be added with respect to project requirements, like .tfplan encryption, terraform lint, terraform destroy button, policy as code, tfstate dashboard, compliance check, etc.
In summary, this article introduced a modularized hierarchical architecture to enable systematical development and deployment of terraform at scale.
The Spirit of the hierarchical layout is to separate the development area (module layer and template layer) from the deployment area (stack layer). All elements of the layer are module, so can be easily versioned, reused, tested, and composed. At the stack layer, a workflow is installed to continuously deliver infrastructure change through pull requests.
Last but not least, the proposed architecture can be scaled to multi-account multi-cloud and integrated into complex enterprise processes like compliance checking, chain of approval, infrastructure chaos testing or monitoring etc.
Join FAUN today and receive similar stories each week in your inbox!Get your weekly dose of the must-read tech stories, news, and tutorials.
Follow us on Twitter and Facebook and Instagramand join our Facebook and Linkedin Groups