Compliance-driven network infrastructure automation with Consul-Terraform-Sync 0.3 is now generally available for HashiCorp Terraform Enterprise.
We are excited to announce the general availability of Consul-Terraform-Sync (CTS) 0.3 for HashiCorp Terraform Enterprise, the self-hosted distribution of HashiCorp Terraform Cloud. This release marks another step in the maturity of our larger Network Infrastructure Automation (NIA) solution. The focus for CTS is on automating Day 2 networking tasks and reducing the burden on operators caused by manual ticketing systems.
The 0.1 and 0.2 CTS releases enabled a publisher-subscriber paradigm to update the network infrastructure based on changes in the HashiCorp Consul catalog leveraging the Terraform CLI on the local node. These releases focused on establishing core networking use cases for practitioners, including applying firewall policies, updating load balancer member pools, and more.
With the 0.3 release, organizations can now manage their Day 2 application networking delivery lifecycle more dynamically while providing governance and security oversight of infrastructure across a broad range of network providers using Terraform Enterprise as the automation engine.
This post will highlight the new features in CTS 0.3, including regex support for service triggers and Terraform Enterprise integration. We’ll also discuss the benefits that the Terraform Enterprise integration opens up to users, and we’ll share a few words from our network vendor partners about the value of our shared integrations. CTS 0.3 is available for download on our release page.
CTS integration with Terraform Enterprise is an enterprise-only feature available through the CTS Enterprise binary. Operators require a valid Consul Enterprise license to get started. This binary supports a new CTS network driver named Terraform Cloud driver:
Tasks are the heart of Consul-Terraform-Sync’s automation capabilities. The Terraform Cloud driver enables creation and management of Terraform Enterprise workspaces for all tasks defined in CTS configuration using the API-driven run workflow.
Users of the CTS integration with Terraform Enterprise can do a number of useful things, including:
Consul is used as a service registry by different teams across an organization. Many times, these teams have inconsistent service naming practices. A task definition in CTS requires one or more service names as input. This leads to situations where the CTS operator finds it challenging to define tasks without knowing the exact name of the service.
To address this pain point, we are introducing a beta feature in 0.3 that triggers a task only for services that match a regex across the entire Consul catalog.
This feature is available in beta for both CTS OSS and Enterprise binaries.
At the core of CTS for Terraform Cloud is the partner ecosystem. Customers are already using these vendors to manage critical workloads, enhance security, and improve performance. By helping us create modules for their Terraform providers, these partners are helping users automate common tasks right away.
We plan to continue expanding our ecosystem of partners for CTS, collaborating closely with our partners to grow our CTS module library, deepen our native integrations, and provide additional capabilities. Several of our launch partners shared a few words about the value of these integrations in helping alleviate the challenges addressed with this release:
"Customers are constantly on the lookout for ways to optimize efficiency with existing and new networking infrastructure. A10 Networks and HashiCorp are partnering to help customers solve one of their biggest challenges — accelerating deployment of software and services — with Consul-Terraform-Sync for Terraform Enterprise. It facilitates the automation of many Day 2 tasks in a declarative and repeatable way across their organizations, while providing robust policy as code capabilities to help teams reduce cloud waste and safeguard access to sensitive information."
—Takahiro Mitsuhata, Senior Manager, Technical Marketing at A10 Networks
"Manual workflows impede security teams’ ability to work quickly across multiple security infrastructure devices, contributing to the likelihood of a non-compliant solution being developed. Our partnership with HashiCorp enables customers to use Network Infrastructure Automation with Consul-Terraform-Sync for Terraform Enterprise in order to quickly deploy applications, which cuts down on security operations overhead and mitigates misconfigurations through managing access to variables and Terraform state that connects it to other applications or services without compromising credential security."
— T.J. Gonen, Head of Cloud Security Product Strategy at Check Point Software Technologies
"Cisco ACI and HashiCorp Consul together facilitate consistent, automated workflows to gather application information and network health data. The new integration with Consul-Terraform-Sync for Terraform Enterprise provides granular visibility across infrastructure and robust governance capabilities to optimize application delivery across multiple clouds in reproducible ways. While Cisco ACI can dynamically manage the lifecycle of the required backend network resources and policies, this allows organizations to establish their own approval workflows to better align with organizational standards and best practices."
— Srinivas Kotamraju, Director, Product Management at Cisco
"Our customers have security top of mind. Whether it’s integrating web application firewall (WAF) or API protection, they are always looking for ways to stay ahead. Citrix and HashiCorp are teaming up to integrate enterprise-ready policy functionality to network infrastructure automation workflows using Consul-Terraform-Sync for Terraform Enterprise to mitigate risk through best practices like secure state."
— Michael “Mikko” Disini, Senior Director, Product Management, Modernized Apps and Cloud Native at Citrix
"Consul-Terraform-Sync for Terraform Cloud helps network teams bridge the gap between software development and production availability through dynamic automation and better management of F5 BIG-IP environments as code. We are excited to see the evolution of Consul-Terraform-Sync for Terraform Cloud to include more secure provisioning capabilities and look forward to our continued partnership to help customers along their network infrastructure automation journey."
— Phil de la Motte, Vice President of Business Development at F5
"When security teams learn about a new vulnerability, every second counts. Our customers are using Palo Alto Networks’ advanced security technology to respond to these threats as quickly as possible while also modernizing their overall approach to cloud native architectures. By partnering with HashiCorp to help customers achieve Network Infrastructure Automation through Consul-Terraform-Sync for Terraform Enterprise, our shared customers can unilaterally make policy changes across their infrastructure to update their Palo Alto Networks firewalls in near real-time using automation. Customers can now track associated changes through audit logging as another important benefit of the strategic partnership between our companies."
— Matthew Scott, Senior Director of Business Development at Palo Alto Networks
CTS supports an integration with Terraform Enterprise to let organizations manage their application networking delivery lifecycle in a more dynamic way while providing governance and security oversight. This capability is delivered as an enterprise feature through the CTS Enterprise binary.
Moving forward, every CTS release will consist of separate OSS and Enterprise binaries. We will continue to add more capabilities to both open source CTS and CTS Enterprise. And look for updates on the upcoming integration with HashiCorp Terraform Cloud Business tier.
To get started, please refer to the Consul documentation and HashiCorp Learn guides, we also have a dedicated guide for CTS Enterprise. Feel free to try out CTS 0.3 (Docker image, Enterpries binaries) and give us feedback in the issue tracker. You can also stay up to date on CTS by following our public roadmap or checking the changelog. For more information about Consul, please visit our product page.
Streamlined run task reviews provide meaningful context on run task evaluations to help practitioners resolve issues faster without having to leave Terraform Cloud.
No-code provisioning adds more Day 2 operations. Users can now update the module version used in their no-code workspaces.
Learn how to use GitOps to deploy and synchronize a Consul cluster on Kubernetes with Argo CD.