Jump to content

HashiCorp at Google Cloud Next: Seamless infrastructure deployment and management

Hashicorp

By Hashicorp
in Infrastructure-as-Code

 Share

Recommended Posts

Hashicorp Newbie

Hashicorp

Posted
Posted

Google Cloud's flagship cloud conference — Google Cloud Next — is back and once again HashiCorp will be there in full force. (Although the conference passes are sold out, you can still watch all the great sessions from Next '23 on demand, at your convenience with a free Digital Pass)

For both in-person and remote attendees, we’re pleased to share the latest news on our long-standing relationship with Google Cloud, and how we help organizations provision, secure, run, and connect applications running in Google Cloud. In this post, we’ll share some highlights of our partnership and our plans for the event, Tuesday through Thursday, Aug. 29 - 31, in San Francisco.

HashiCorp-Google Cloud developments this year include:

  • Google provider for Terraform passes 350 million downloads
  • Control and secure Terraform workflows on Google Cloud with dynamic provider credentials
  • Validate the health of Google Cloud infrastructure via continuous validation
  • Automate Terraform Cloud from Google Kubernetes Engine (GKE)
  • Create Terraform self-hosted Cloud agents on Google Cloud
  • Manage Google Cloud resources with Terraform and Infrastructure Manager
  • Automate networking across Google Cloud runtimes with HashiCorp Consul and Apigee

Google Cloud provider for Terraform surpasses 350 million downloads

As of the publication of this post, the download count for the Google Cloud Platform provider for Terraform stands at 359 million downloads, half of which occurred in the past 12 months.

Google

While hundreds of millions of downloads represent a major milestone, Google Cloud and HashiCorp continue to develop new integrations to help customers work faster, use more services and features, and provide developer-friendly ways to deploy cloud infrastructure.

Control and secure Terraform workflows on Google Cloud with dynamic provider credentials

Terraform Cloud's dynamic provider credentials let you establish a trust relationship between Terraform Cloud and Google Cloud. They limit the blast radius of compromised credentials by using unique, short-lived credentials for each Terraform run. Dynamic provider credentials also allow you to scope fine-grained control over the resources that each of your Terraform Cloud projects and workspaces can manage.

When you use dynamic provider credentials, Terraform Cloud begins each run by authenticating with Google Cloud, passing it details about the workload, including your organization and workspace name. Your cloud provider then responds with temporary credentials that Terraform Cloud uses to provision your resources for the run. This workflow is based on the OpenID Connect (OIDC) protocol, an open source standard for verifying identity across different systems. You can use Terraform Cloud’s native OIDC integration with Google Cloud to get dynamic credentials for the Google provider in your Terraform Cloud runs. To get started, learn how to configure dynamic credentials with the Google Cloud provider.

Validate the health of Google Cloud infrastructure via continuous validation

The continuous validation feature in Terraform Cloud allows users to validate the health of their infrastructure beyond the initial provisioning. This helps users to identify issues at the time they first appear and avoid situations where a change is identified only once it causes a customer-facing problem.

Users can add checks to their Terraform configuration using check blocks. Check blocks contain assertions that are defined with a custom condition expression and an error message. When the condition expression evaluates to true the check passes, but when the expression evaluates to false Terraform shows a warning message that includes the user-defined error message.

Custom conditions can be created using data from Terraform providers’ resources and data sources. Data can also be combined from multiple sources; for example, you can use checks to monitor expirable resources by comparing a resource’s expiration date attribute to the current time returned by Terraform’s built-in time functions. This guide provides multiple use cases of how to use Terraform check blocks and continuous validation with Google Cloud.

Automate Terraform Cloud from Google Kubernetes Engine (GKE)

The Terraform Cloud Operator for Kubernetes provides first-class integration between Kubernetes and Terraform Cloud by extending the Kubernetes control plane to enable lifecycle management of cloud and on-premises infrastructure. This operator provides a unified way to manage a Kubernetes application and its infrastructure dependencies through a single Kubernetes CustomResourceDefinition (CRD). After the infrastructure dependencies are created, pertinent information such as endpoints and credentials are returned from Terraform Cloud to Kubernetes.

Terraform Cloud Operator for Kubernetes helps automate the provisioning of infrastructure from Google Kubernetes Engine (GKE) and lets users manage Terraform Cloud with Kubernetes custom resources.

Create self-hosted Terraform Cloud agents on Google Cloud

Terraform Cloud agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. By deploying lightweight agents within a specific network segment, you can establish a simple connection between your environment and Terraform Cloud which allows for provisioning operations and management.

Google Cloud Terraform Cloud agents are Terraform modules that create self-hosted agents on Google Cloud. Using Terraform modules you now can quickly create and deploy agent pools for your Terraform Cloud workflows on Google Cloud. Google Cloud agents are available in the Terraform Registry now and include:

  • Terraform Cloud agents on Google Kubernetes Engine (GKE)
  • Managed instance groups using virtual machines
  • Instance groups using container virtual machines

Manage Google Cloud resources with Terraform and Infrastructure Manager

Google Cloud Infrastructure Manager (Infra Manager) automates the deployment and management of Google Cloud infrastructure resources using Terraform. Infra Manager allows you to use infrastructure as code to manage the lifecycle of Google Cloud resources. Terraform is defined declaratively in a Terraform blueprint that describes the end state of your infrastructure. You can version the Terraform blueprint, either in a public Git repository or in a Cloud Storage bucket, and use object versioning to version blueprints. To learn more, check out the newly published Terraform and Infrastructure Manager guide.

Automate networking across Google Cloud runtimes with Consul and Apigee

HashiCorp Consul is how teams automate networking across Google Cloud runtimes. Consul now includes several extensions for Envoy. Consul’s Envoy extension capability allows operators to offload service-to-service authorization to external tools and platforms. This allows more options to authorize traffic based on more conditions like allow/deny based on business hours.

Apigee’s AuthZ integration is an example of using the external AuthZ extension. Apigee’s implementation requires an API key to be passed between services in order to allow traffic. You can get started with the Consul AuthZ - Apigee repo. If you are using Apigee today or considering an Apigee deployment, check out how to use the Apigee Adapter for Envoy with an Apigee hybrid deployment.

Authorization

Join us at Google Cloud Next and learn what’s next after Next

If you are attending Google Next in person or following along virtually, please sign up for the Seamless Infrastructure Deployment and Management with Terraform session, where HashiCorp and Google will cover why Terraform is an integral component of many teams’ infrastructure and applications, and to Google Cloud. The talk will focus on how Terraform is used to build and operate resources as infrastructure as code. You’ll view Google Cloud projects that use Terraform as their foundation and learn Google's guidance on using Terraform to deliver the best user experience, time to value, and efficiency for Google Cloud customers. The session takes place on day two of Google Next, August 30th at 8 a.m. PT.

And if you are on site, be sure to join us at booth #1645 for demos and meet 1:1 with our technical experts to learn more about our product suite, and check out the latest on HashiCorp integrations with Google Cloud.

After Google Next, join our upcoming webinar series covering Google Cloud projects that use Terraform as their foundation, with guidance on using Terraform to deliver the best user experience, time to value, and efficiency.

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...