Providers
Providers are tools integrated into the Rafay platform to manage and deploy infrastructure resources efficiently. They allow users to choose between different methods, like HCP Terraform, OpenTofu, or Rafay's System Provider, for creating and managing resources. Each provider offers specific benefits, such as centralized management with HCP Terraform, open-source flexibility with OpenTofu, or streamlined native integration with Rafay's System Provider. These providers help users simplify complex infrastructure tasks, reduce dependency on external tools, and improve overall resource management within the platform.
HCP Terraform¶
HCP Terraform is a managed service that allows teams to run Terraform together. It manages Terraform runs in a consistent and reliable environment, and includes easy access to shared state and secret data
The HCP Terraform provider option is intended for licensed HashiCorp customers. With this option, users are required to provide a custom driver to manage Terraform binaries in compliance with the BSL License. The backend type is always set to HCP Terraform, enabling centralized management of state store files etc.
Note: On selecting HCP Terraform, Custom Driver is MANDATORY
- To enable the Terraform driver to work with the Terraform Cloud organization, users need to provide a token that allows the driver to authenticate with Terraform Cloud. This token should be stored in a specific file:
File Name: .terraform.d/credentials.tfrc.json
{
"credentials": {
"app.terraform.io": {
"token": "your-token-here"
}
}
}
- Next step is to configure the driver to read the token from this file using an environment variable:
Environment Variable:
- Key: TF_CLI_CONFIG_FILE
- Value: .terraform.d/credentials.tfrc.json
Specify this file and environment variable in either of the following ways: - In the custom driver configuration used for Terraform - Using a configuration context which is then attached to the Resource Template
- Additionally, in the Container Driver, the "working directory path" value should either be set to
/home/terraform
or left empty (in which case, the default value will be /home/terraform).
- Add the Cloud block. You can define it's arguments in the configuration file or supply them as environment variables
OpenTofu¶
OpenTofu is an open-source infrastructure IaC (infrastructure as code) tool. Rafay offers first class integration for OpenTofu that allows customers to leverage OpenTofu as the IaC provisioning tool with the Environment Manager framework.
Migrating from Terraform to OpenTofu
For users looking to migrate from the deprecated Terraform Provider option to OpenTofu Provider option, the process involves the following steps.
- Create a new version of the resource template with the provider selected as OpenTofu ensuring that all other configurations remain consistent with the older template version
- Additionally, create a new version of the Environment Template that includes the updated Resource Template. This new Environment Template version can then be used to create new environments
Important
Updating an existing environment that uses Terraform provider to the new OpenTofu provider is possible by republishing the existing environment using an updated version of Environment Template (that includes Resource Template(s) with the OpenTofu provider). While this approach may work in most cases, it's important to proceed with caution as there may be risks involved. Rafay recommends creating a new environment using OpenTofu, verifying its functionality, and then deleting the older environment.
By default, a few GitHub APIs need to be accessed to download the OpenTofu binary. If the infrastructure where the agent is running does not have access to GitHub APIs, or if users prefer to download the Tofu binary from a different endpoint for operational or security reasons, this can be accommodated using the OVERRIDE_OPENTOFU_DOWNLOAD_ENDPOINT
environment variable. This variable should point to any URL that hosts the Tofu binary in a zip file, and the agent will download the Tofu binary from this endpoint. Alternatively, customers can build a custom driver (based on OpenTofu) and reference that as part of the resource template configuration.
Example
OVERRIDE_OPENTOFU_DOWNLOAD_ENDPOINT=https://github.com/opentofu/opentofu/releases/download/v1.6.2/tofu_1.6.2_linux_amd64.zip
System Provider - Coming Soon
System Provider¶
The new System Provider feature allows users to natively create and manage Rafay first-class objects, such as clusters and cloud credentials, directly within the Rafay platform. This enhancement eliminates the need for third-party providers like Terraform, simplifying resource management and reducing complexities related to external tools and licensing. Users can now handle the creation of both credentials and clusters together with Environment Manager, avoiding multiple processes and streamlining their workflow.
This feature is especially useful for users facing limitations with certain Terraform versions that restrict cluster creation. By using the System Provider, users can leverage Environment Manager to manage Rafay resources effectively, without relying on external providers.
Additionally, users can add hooks before and after the deployment of clusters and credentials, offering greater flexibility and control over the deployment process. This dynamic capability facilitates a more streamlined and integrated approach to managing Rafay resources.
On selecting System Provider, configure Hooks, Agents, Input Variables, and Config Contexts.