Playing around with Terraform and Vault

TheProf

Gold Member
Gold Supporter
Credits
1,412
Not sure if any folks here use these two tools, but I am a big fan of Terraform. I also recently started using Vault as my tool for secrets management. I ended up deploying it in my lab and through Terraform, configured the AWS secrets engine and then integrated Vault into other scripts I have to dynamically generate AWS credentials with a TTL.

I intend to build an Kubernetes cluster and host 3 instances of Vault as well as Consul for the backend storage. Going forward, I will use Vault for secrets management.

If you've worked with Vault, what has been your experience so far?
 


dos2unix

Well-Known Member
Credits
4,634
I don't know much about Vault. But what advantage does Terraform give over the standard azcli tools?
Seems to me, it's really only for templating. It doesn't really do anything for the VM once it is created.

For your Kubernetes cluster, are you just going to use the default Azure PAAS, or build your own large VM so you can have VM's on a VM? In which case, if that VM goes down, the whole cluster goes down.
 

TheProf

Gold Member
Gold Supporter
Credits
1,412
I don't know much about Vault. But what advantage does Terraform give over the standard azcli tools?
Seems to me, it's really only for templating. It doesn't really do anything for the VM once it is created.

For your Kubernetes cluster, are you just going to use the default Azure PAAS, or build your own large VM so you can have VM's on a VM? In which case, if that VM goes down, the whole cluster goes down.
Whats nice about Terraform is that you can use it to provision resources against any cloud, not just Azure. A lot of enterprise customers have a multi-cloud strategy. If you're using more than one cloud, I think terraform is a better option as an IaC tool. It's not perfect, but very promising.

For the Kubernetes cluster, I will be deploying in my personal home lab rather than going to the cloud. The reason being is that I want to learn the little details around deploying troubleshooting K8S. After I get comfortable, I will most likely use a managed instance of K8S in AWS, but the goal here is to learn.

To make any configurations to VMs post deployment, you'd need use a config management tool, which you can integrate with Terraform. For example, Ansible + Terraform. Again, the goal here is to be Cloud Agnostic.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Latest posts

Top