Terraform has become a de facto standard as a cloud-provider-agnostic infrastructure-as-code tool in recent years.
Unfortunately, the license change for HashiCorp products in August 2023 has caused some turmoil within the open-source community. Terraform can no longer be considered truly open source. Of particular concern are the usage limitations that prohibit "competitive offerings" to HashiCorp's products. The vagueness of this definition, coupled with the fact that HashiCorp can change their interpretation of what constitutes a "competitive offer" at any time, poses a potential liability for agencies and their customers.
As a result, we are currently assessing OpenTofu as a drop-in replacement for Terraform. OpenTofu is an open-source fork under the umbrella of the Linux Foundation, created from the last commit before Terraform's license change.
Terraform is a tool for building, changing, and versioning infrastructure using the infrastructure-as-code pattern. Terraform supports popular service providers like AWS, Google Cloud Platform, Azure, and many more.
Infrastructure is described in configuration files through HCL (HashiCorp Configuration Language), which offers a set of string interpolations and built-in functions, including conditionals and loops. Terraform validates configuration files before attempting to run updates, checking not only that all files use the correct syntax, but also that all parameters are accessible and the configuration as a whole is valid. In Terraform, you can (and should) run a plan
step before applying any changes. This step precisely outlines what is going to change and why.
Another feature of Terraform is its facilitation of code reuse through modules. This allows for a lot of flexibility in structuring projects in the way that makes the most sense.
At AOE, we utilize Terraform across multiple teams to provision infrastructure and manage its lifecycle on cloud platforms such as AWS, as well as for platforms such as Kubernetes.
For the infrastructure of our OM3 projects, we operate multiple Kubernetes clusters. To orchestrate the infrastructure provisioning, we quickly decided to use Terraform. Terraform enables us to easily manage our infrastructure, from AWS EC2 instances to RabbitMQ message queues. Additionally, the Kops installer for Kubernetes on AWS utilizes Terraform as its main building block, allowing us to trigger Kops via Terraform.
We combine Terraform with Helm to manage similar parts of the infrastructure. For example, a shared file with domain name to application mappings allows us to provision Route 53 DNS entries via Terraform and then deploy Kubernetes Ingress definitions with the appropriate hostname-to-service mapping via Helm.