Our Thoughts on Modern Configuration and Secrets Management

Feature Focus: Manage CloudTruth with the Terraform Provider

Written by Michael Levan | Aug 16, 2022 4:43:18 PM

CloudTruth has released a Terraform Provider! Since its inception, CloudTruth has had the ability to deploy, manage, and maintain Terraform configuration files. Now, you can manage CloudTruth itself with Terraform.

In this blog post, you'll learn how to get started with the CloudTruth Terraform Provider by creating a Parameter Resource.

The Main.tf File

First, let's start with the main.tf Terraform file and break it down.

The first piece is the required provider block. At the time of writing, the CloudTruth provider version is 0.3.5, but this will, of course, change in the future.

terraform {
  required_providers {
    cloudtruth = {
      source  = "cloudtruth/cloudtruth"
      version = "0.3.5"
    }
  }
}

Next, specify the provider and the values for the provider. In this case, you're specifying the CloudTruth API token/secret to authenticate to CloudTruth.

provider "cloudtruth" {
  api_key = var.secret
}

The last piece is the resource block. In this instance, you're creating a new CloudTruth parameter that will hold the value for a Kubernetes Pod replica code.

resource "cloudtruth_parameter" "k8smanifest" {
  name    = "replicaCount"
  project = var.project
  value   = var.replicaCountValue
  secret  = false
  dynamic = true
}

The Variable.tf File

The variables configuration file will consist of three variables:

  • Project: The CloudTruth project that you want to create the Parameter in.
  • replicaCountValue": The parameter is for a Kubernetes Pod replica count, so this is the value for how many replicas will be created. In this case, the default is 2.
  • secret: The CloudTruth API key that you'll use to authenticate to CloudTruth.

It's important to create variables, especially for values that may change frequently like a project name, because you want to ensure that the code is as repeatable as possible. Hard-coded values don't allow code to stay repeatable and DRY.

variable "project" {
  type = string
  default = "kubernetes-secrets"
}
variable "replicaCountValue" {
  type = number
  default = 2
}
variable "secret" {
  type = string
  sensitive = true
}

Putting It All Together

Open up VSCode, or another code editor of your choosing, and save the following:

For the main.tf configuration file:

terraform {
  required_providers {
    cloudtruth = {
      source  = "cloudtruth/cloudtruth"
      version = "0.3.5"
    }
  }
}
provider "cloudtruth" {
  api_key = var.secret
}
resource "cloudtruth_parameter" "k8smanifest" {
  name    = "replicaCount"
  project = var.project
  value   = var.replicaCountValue
  secret  = false
  dynamic = true
}

For the variables.tf configuration file:

variable "project" {
  type = string
  default = "kubernetes-secrets"
}
variable "replicaCountValue" {
  type = number
  default = 2
}
variable "secret" {
  type = string
  sensitive = true
}

Now, you have both Terraform configuration files saved, and in the next section, you'll run a few Terraform commands to create the Parameter.

Running The Terraform Code

Now that you've put the code together, it's time to run it.

First, open up a terminal and initialize the Terraform configuration. You'll see that the CloudTruth provider gets pulled down.

terraform init

 

Next, run Terraform plan and ensure to pass in the variable for the CloudTruth API token.

terraform plan -var secret="cloudtruth_api_token"

Finally, apply the Terraform configuration to your cloudTruth environment.

terraform apply -var secret="cloudtruth_api_token"

Congrats! You've successfully created a CloudTruth parameter using Terraform.

 
View full post