Visit us at Google Cloud Next ‘23 in San Francisco, Aug. 29 - 31, for breakout sessions, expert talks, and product demos to accelerate your cloud strategy.
Google Cloud's flagship cloud conference — Google Cloud Next — is back and once again HashiCorp will be there in full force. (Although the conference passes are sold out, you can still watch all the great sessions from Next '23 on demand, at your convenience with a free Digital Pass)
For both in-person and remote attendees, we’re pleased to share the latest news on our long-standing relationship with Google Cloud, and how we help organizations provision, secure, run, and connect applications running in Google Cloud. In this post, we’ll share some highlights of our partnership and our plans for the event, Tuesday through Thursday, Aug. 29 - 31, in San Francisco.
HashiCorp-Google Cloud developments this year include:
As of the publication of this post, the download count for the Google Cloud Platform provider for Terraform stands at 359 million downloads, half of which occurred in the past 12 months.
While hundreds of millions of downloads represent a major milestone, Google Cloud and HashiCorp continue to develop new integrations to help customers work faster, use more services and features, and provide developer-friendly ways to deploy cloud infrastructure.
Terraform Cloud's dynamic provider credentials let you establish a trust relationship between Terraform Cloud and Google Cloud. They limit the blast radius of compromised credentials by using unique, short-lived credentials for each Terraform run. Dynamic provider credentials also allow you to scope fine-grained control over the resources that each of your Terraform Cloud projects and workspaces can manage.
When you use dynamic provider credentials, Terraform Cloud begins each run by authenticating with Google Cloud, passing it details about the workload, including your organization and workspace name. Your cloud provider then responds with temporary credentials that Terraform Cloud uses to provision your resources for the run. This workflow is based on the OpenID Connect (OIDC) protocol, an open source standard for verifying identity across different systems. You can use Terraform Cloud’s native OIDC integration with Google Cloud to get dynamic credentials for the Google provider in your Terraform Cloud runs. To get started, learn how to configure dynamic credentials with the Google Cloud provider.
The continuous validation feature in Terraform Cloud allows users to validate the health of their infrastructure beyond the initial provisioning. This helps users to identify issues at the time they first appear and avoid situations where a change is identified only once it causes a customer-facing problem.
Users can add checks to their Terraform configuration using check blocks. Check blocks contain assertions that are defined with a custom condition expression and an error message. When the condition expression evaluates to true the check passes, but when the expression evaluates to false Terraform shows a warning message that includes the user-defined error message.
Custom conditions can be created using data from Terraform providers’ resources and data sources. Data can also be combined from multiple sources; for example, you can use checks to monitor expirable resources by comparing a resource’s expiration date attribute to the current time returned by Terraform’s built-in time functions. This guide provides multiple use cases of how to use Terraform check blocks and continuous validation with Google Cloud.
The Terraform Cloud Operator for Kubernetes provides first-class integration between Kubernetes and Terraform Cloud by extending the Kubernetes control plane to enable lifecycle management of cloud and on-premises infrastructure. This operator provides a unified way to manage a Kubernetes application and its infrastructure dependencies through a single Kubernetes CustomResourceDefinition (CRD). After the infrastructure dependencies are created, pertinent information such as endpoints and credentials are returned from Terraform Cloud to Kubernetes.
Terraform Cloud Operator for Kubernetes helps automate the provisioning of infrastructure from Google Kubernetes Engine (GKE) and lets users manage Terraform Cloud with Kubernetes custom resources.
Terraform Cloud agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. By deploying lightweight agents within a specific network segment, you can establish a simple connection between your environment and Terraform Cloud which allows for provisioning operations and management.
Google Cloud Terraform Cloud agents are Terraform modules that create self-hosted agents on Google Cloud. Using Terraform modules you now can quickly create and deploy agent pools for your Terraform Cloud workflows on Google Cloud. Google Cloud agents are available in the Terraform Registry now and include:
Google Cloud Infrastructure Manager (Infra Manager) automates the deployment and management of Google Cloud infrastructure resources using Terraform. Infra Manager allows you to use infrastructure as code to manage the lifecycle of Google Cloud resources. Terraform is defined declaratively in a Terraform blueprint that describes the end state of your infrastructure. You can version the Terraform blueprint, either in a public Git repository or in a Cloud Storage bucket, and use object versioning to version blueprints. To learn more, check out the newly published Terraform and Infrastructure Manager guide.
HashiCorp Consul is how teams automate networking across Google Cloud runtimes. Consul now includes several extensions for Envoy. Consul’s Envoy extension capability allows operators to offload service-to-service authorization to external tools and platforms. This allows more options to authorize traffic based on more conditions like allow/deny based on business hours.
Apigee’s AuthZ integration is an example of using the external AuthZ extension. Apigee’s implementation requires an API key to be passed between services in order to allow traffic. You can get started with the Consul AuthZ - Apigee repo. If you are using Apigee today or considering an Apigee deployment, check out how to use the Apigee Adapter for Envoy with an Apigee hybrid deployment.
If you are attending Google Next in person or following along virtually, please sign up for the Seamless Infrastructure Deployment and Management with Terraform session, where HashiCorp and Google will cover why Terraform is an integral component of many teams’ infrastructure and applications, and to Google Cloud. The talk will focus on how Terraform is used to build and operate resources as infrastructure as code. You’ll view Google Cloud projects that use Terraform as their foundation and learn Google's guidance on using Terraform to deliver the best user experience, time to value, and efficiency for Google Cloud customers. The session takes place on day two of Google Next, August 30th at 8 a.m. PT.
And if you are on site, be sure to join us at booth #1645 for demos and meet 1:1 with our technical experts to learn more about our product suite, and check out the latest on HashiCorp integrations with Google Cloud.
After Google Next, join our upcoming webinar series covering Google Cloud projects that use Terraform as their foundation, with guidance on using Terraform to deliver the best user experience, time to value, and efficiency.
With Vault and Boundary, HashiCorp makes its debut in Gartner’s Magic Quadrant for privileged access management.
HashiCorp continues to update our licensing FAQ based on questions from the community about our change to the Business Source License for future releases of HashiCorp products.
HashiCorp adopts the Business Source License to ensure continued investment in its community and to continue providing open, freely available products.