HashiCorp has released a number of new improvements to Terraform and Terraform Cloud. Within Terraform Cloud, there is a new CI/CD pipeline integration tool. Terraform has added support for Azure Linux container host for Azure Kubernetes Service. The HashiCorp Terraform AWS provider version 5.0 was released with improved support for default tags.
The new CI/CD pipeline tool has an associated command line tool called tfci
. This tool automates Terraform Cloud runs via API and has support for Terraform Cloud operations that can be embedded into CI tools. tfci
has commands for showing run details by Terraform Cloud Run ID, executing new plan runs, applying a run that is paused on confirmation after a plan, and returning the plan details.
Alongside the tfci
CLI tool, there are templates provided for both GitHub Actions and GitLab CI. These templates showcase common actions that users may need to configure using tfci
. For example, within GitHub Actions, the following snippet shows the runs portion of performing a new plan run using tfci
:
runs:
using: docker
image: 'docker://hashicorp/tfci:v1.0.1'
args:
- tfci
## global flags
- -hostname=${{ inputs.hostname }}
- -token=${{ inputs.token }}
- -organization=${{ inputs.organization }}
## command
- run
- create
- -workspace=${{ inputs.workspace }}
- -configuration_version=${{ inputs.configuration_version }}
- -message=${{ inputs.message }}
- -plan-only=${{ inputs.plan_only }}
HashiCorp has also added support for deploying Azure Linux container hosts on Azure Kubernetes Service (AKS). Microsoft recently moved Azure Linux container host (previously called Mariner OS) in general availability. Azure Linux is designed to be a minimal, cloud-first Linux distribution.
The updates are within the azurerm Terraform provider. Provisioning Azure Linux container host for AKS can be done by setting the os_sku
to Mariner
:
resource "azurerm_kubernetes_cluster" "default" {
name = "aks-${random_string.suffix.result}"
location = azurerm_resource_group.default.location
resource_group_name = azurerm_resource_group.default.name
kubernetes_version = var.kubernetes_version
dns_prefix = "k8s-${random_string.suffix.result}"
default_node_pool {
name = "default"
node_count = var.aks_node_count
vm_size = var.aks_confidential_computing_enabled ? "Standard_DC2s_v2" : "Standard_D2_v2"
os_sku = "Mariner"
os_disk_size_gb = 50
}
confidential_computing {
sgx_quote_helper_enabled = true
}
identity {
type = "SystemAssigned"
}
tags = {
name = "demo-aks-${random_string.suffix.result}"
environment = "demo"
}
}
Version 5.0 of the HashiCorp Terraform AWS provider was released with improvements to default tagging allowing tags to be set at the provider level. This update solves a number of pain points with the previous defaulting tagging implementation. This includes addressing inconsistent final plans, identical tags between default and resource tags, and perpetual diffs within the tag configurations.
Default tags can be specified at the provider level using default_tags:
provider "aws" {
default_tags {
tags = {
environment = "Dev"
department = "WebEng"
application = "HashiCafe website"
cost_center = "8675309"
}
}
}
resource "aws_s3_bucket" "example" {
bucket = "example-bucket-aj-11122"
tags = {
environment = "Production"
created_at = timestamp()
}
}
The release also adjusts how attributes marked as deprecated or removed are reported. Previously users would receive a warning notification. Now an unsupported error will be shown to the user. EC2 classic functionality has also been fully removed as this functionality was deprecated by AWS back in August 2022.
The CI/CD pipeline integration tool and templates are available for users of Terraform Cloud and Terraform Enterprise. More details can be found on the release blog and within the GitHub repository. The Terraform AWS provider 5.0 release has an upgrade guide that provides more details on the release's changes.