Reusing existing terraform scripts to create Harness entities.
Overview
Infrastructure as Code (IaC) is the practice of managing and provisioning computing infrastructure through machine-readable configuration files, rather than through physical hardware configuration or interactive configuration tools. Opentofu, popularluy known as OpenTF, is an open-source IaC tool that lets you define cloud and on-premises resources in human-readable configuration files that you can version, reuse, and share. In this blog we will walk through a stepwise tutorial for creating Harness entities and how you can reuse existing terraform scripts to create resources.
Prerequisites
Before we dive into the code, make sure you have the following prerequisites:
- A Harness account
- Opentofu installed on your machine
Setting up Environment
Install Opentofu
OpenTofu documentation provides a range of methods for its installation based on your operating system. You can also use a publicly available Docker image ghcr.io/opentofu/opentofu:latest to install it. In this blog, I will discuss installing it on macOS via Homebrew for running the tf script locally.
Installing opentofu locally via Homebrew
brew update
brew install opentofu
Migrating to OpenTofu from Terraform
If you are already using Terraform, you may need to migrate to Opentofu. You can transition from Terraform to Opentofu by following this migration guide.
Configure Harness
Create a main.tf file in the root directory of your project using your local IDE and add the configuration in your main.tf file.
This configuration sets up the Harness provider and specifies the required provider version for Terraform. Make sure to replace the ACCOUNT_ID and PLATFORM_API_KEY values with your actual Harness account ID and platform API key.
Now, it’s time to create entities using a collection of Terraform modules. In this blog, we will discuss step by step the creation of Organization, Project, Services, Environment, Infrastructure Definition, Kubernetes connector, GitHub Connector, Secrets, and Deployment Pipelines in Harness using automation with the help of Terraform modules.
Create Harness entities with OpenTofu
Creating Organization and Project
You can give name to the module as well as Organization as per your choice.
You need to provide the following input under module project_OpenTofu.
Inputs
- organization_id
tofu init
tofu apply -auto-approve
You will find an organization named OpenTofu, and within this organization, you will see the project named OpenTofu that was created in your account.
Create Kubernetes Cluster Connector
To create a Kubernetes connector, you need to first install a delegate.
Refer to this documentation to install a delegate in Harness.
Learn more on Kubernetes cluster connector.
After delegate installation is complete we will add a module to provision a Kubernetes delegate in our main.tf file.
In this tutorial we are keeping all our entities within one organization and project, you can create resources at account level as well. Since we have installed the delegate at project level, we are going to provision our kubernetes connector within our project.
To connect the connector via a delegate, you need to mention the name of the delegate in the delegate selector. You can specify multiple delegate names so that if one delegate is disconnected, the connector can still connect via another delegate.
Inputs
- organization_id
- project_id
After adding the above configuration to terraform script run.
tofu init
tofu apply -auto-approve
You will see a connector named as dev_k8s_connector in your project.
Creating Github Connector
We will need a Github connector where we are going to store our manifest files. We are going to create a Github PAT Token as well that will authenticate with our Github connector.
Learn more about Github connector in Harness.
Inputs
- organization_id
- project_id
- GITHUB_PAT - Name of Github PAT
- GITHUB_USERNAME - Githib username
- GITHUB_URL - https://github.com/GITHUB_USERNAME
After adding the above configuration to terraform script run.
tofu init
tofu apply -auto-approve
You will see a Github connector named as github_connector and secret names as github_secret in your project.
Creating Services, Environments and Infrastructure Definition
Environments represent your deployment targets. They can be either non-production or production, and can have any number of overrides.
The terraform resource for environments takes in some basic information, but mainly uses yaml to define the content of the environment. It can sometimes be helpful to create your first environment using the Harness UI and then copy its yaml definition into terraform. From there you can modify copies as needed.
Learn more about Environments in Harness.
Inputs
- organization_id
- project_id
Services encapsulate the definition of the application you are going to deploy.
Learn more about Services in Harness.
Inputs
- organization_id
- project_id
- connector_ref - name of Github connector created previously
- repoName - name of github repository where your manifest file resides
- path - path of your manifest yaml
Environments require an infrastructure definition to define where an application should be deployed. A given environment can have one to many infrastructure definitions of all different types.
The terraform resource for infrastructures takes in some basic information, but mainly uses yaml to define the content of the infrastructure. It can sometimes be helpful to create your first infrastructure using the Harness UI and then copy its yaml definition into terraform. From there you can modify copies as needed.
Learn more about Infrastructure in Harness.
Inputs
- organization_id
- project_id
- connector_ref - give the name of your kubernetes cluster connector or either reference it as connectorRef: ${module.dev_k8s_delegate.connector_details.id}
- kubernetes_cluster_connector_id - id of your Kubernetes cluster connector
- namespace - provide the namespace where you want to deploy your service.
After adding the above configuration to terraform script run.
tofu init
tofu apply -auto-approve
You will see a service and an environment, and inside the environment, you will find the infrastructure definition created in your project.
Creating Deployment Pipeline
Now, it’s time to create a deployment pipeline where you will deploy your services.
It is important to note that tag created_by = “Terraform” is mandatory while creating pipelines with opentofu.
Inputs
- organization_id
- project_id
- serviceRef - id of your service
- environmentRef - mention the id of your environment
- identifier under infrastructure definition - mention the id of your infrastructure definition.
After adding the above configuration to terraform script run.
tofu init
tofu apply -auto-approve
In your project, you will see a deployment pipeline created with the name of Deployment_Pipeline.
It was that simple to create a deployment pipeline with OpenTofu in Harness by running a simple Terraform script.
Now, all you need to do is run the pipeline, and your service will be deployed in the target environment.
By using Opentofu configuration, you can automate the creation and management of your Harness resources, ensuring that your continuous delivery pipelines are set up consistently and efficiently.
You can refer to the whole main.tf script in the following Github Repo.
Learn more
The Harness Terraform modules are a set of Terraform modules that wrap the native Terraform provider with best practices and templates to ensure resources are created in a recommended way. Refer to these resources to seamlessly create resources and use modules that will assist you with your build and deployment using Harness.
Conclusion
Opentofu plays a crucial role in the world of Infrastructure as Code (IaC) by providing a consistent, automated, and scalable way to manage infrastructure. Its integration with Harness makes it an ideal tool for managing continuous delivery resources, enhancing the efficiency and reliability of your deployment processes. By adopting Opentofu, teams can focus on innovation and delivery, knowing that their infrastructure is handled by a robust and proven tool.