Why Decouple Terraform and Ansible?
Decoupling Terraform and Ansible allows for a clear separation of concerns in infrastructure management:
- Terraform excels at provisioning and managing cloud resources (infrastructure as code).
- Ansible specializes in configuration management and application deployment.
By decoupling these tools, we can:
- Improve modularity and maintainability of our infrastructure code
- Enable independent scaling of infrastructure provisioning and configuration management
- Facilitate easier troubleshooting and rollbacks
- Allow for more flexible workflows and tool choices
Approach 1: Jenkins CI Integration
This approach uses Jenkins as the orchestrator for both Terraform and Ansible operations.
Step-by-Step Example:
- Set up a Jenkins server with necessary plugins (Terraform, Ansible, AWS).
- Create a Jenkins pipeline for EKS cluster provisioning:
pipeline {
agent any
stages {
stage('Provision EKS Cluster') {
steps {
sh 'terraform init'
sh 'terraform apply -auto-approve'
}
}
stage('Configure EKS Cluster') {
steps {
sh 'ansible-playbook -i inventory eks-config.yml'
}
}
}
}- Create Terraform configuration for EKS:
resource "aws_eks_cluster" "example" {
name = "example-cluster"
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = ["subnet-12345678", "subnet-87654321"]
}
}- Create Ansible playbook for EKS configuration:
- name: Configure EKS Cluster
hosts: localhost
tasks:
- name: Update kubeconfig
shell: aws eks get-token --cluster-name example-cluster | kubectl apply -f -5. Run the Jenkins pipeline to provision and configure the EKS cluster.
Approach 2: GitOps Method
The GitOps approach uses Git as the single source of truth for both infrastructure and application deployments.
Step-by-Step Example:
- Set up a Git repository for your infrastructure code.
- Create a Terraform configuration for EKS in the repository:
resource "aws_eks_cluster" "example" {
name = "example-cluster"
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = ["subnet-12345678", "subnet-87654321"]
}
}- Create Ansible playbooks for cluster configuration in the same repository:
- name: Configure EKS Cluster
hosts: localhost
tasks:
- name: Update kubeconfig
shell: aws eks get-token --cluster-name example-cluster | kubectl apply -f -- Set up a GitOps operator (e.g., Flux or ArgoCD) in your EKS cluster.
- Create a GitOps configuration file (e.g., for Flux):
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: infrastructure-repo
namespace: flux-system
spec:
interval: 1m
url: https://github.com/your-org/infrastructure-repo
ref:
branch: main
---
apiVersion: infra.contrib.fluxcd.io/v1alpha1
kind: Terraform
metadata:
name: eks-cluster
namespace: flux-system
spec:
interval: 1h
path: ./terraform
sourceRef:
kind: GitRepository
name: infrastructure-repo6. Apply the GitOps configuration to your cluster.
Advantages of GitOps Approach:
- Version Control: All changes are tracked in Git, providing a clear audit trail.
- Automated Synchronization: The desired state in Git is automatically reconciled with the cluster state.
- Simplified Rollbacks: Reverting to a previous state is as easy as reverting a Git commit.
- Improved Collaboration: Teams can use familiar Git workflows for infrastructure changes.
- Enhanced Security: Reduced need for direct cluster access, as changes are made through Git.
Conclusion
While both approaches have their merits, the GitOps method aligns more closely with Kubernetes’ declarative nature and offers better scalability and auditability. However, the choice between Jenkins CI and GitOps should be based on your team’s specific needs, existing toolchain, and comfort with Git-centric workflows.As the DevOps landscape continues to evolve, the decoupling of infrastructure provisioning and configuration management tools will remain crucial for building flexible, maintainable, and scalable systems.
Hope you enjoyed the post.
Cheers
Ramasankar Molleti
Ramasankar Molleti Blog 