Infrastructure Provisioners Overview

Updated 1 week ago by Michael Cretzman

This article provides a general overview of Harness support for Infrastructure Provisioners. For detailed Harness Infrastructure Provisioner guides, see:

In this topic we'll discuss general information such as:

You can create any resource using Terraform, and output values can be published for use in Harness Workflows and Pipelines. Harness supports first-class Service Mapping for AWS-based infrastructures (SSH, ASG, ECS, Lambda) and Google Kubernetes (GKE). Google Kubernetes is not supported for CloudFormation, as CloudFormation is used for provisioning infrastructure on AWS only.

Overview

Harness Infrastructure Provisioners define deployment infrastructure blueprints from known Infrastructure-as-Code technologies, such as Terraform and CloudFormation, and map their output settings to provision the infrastructure. Infrastructure Provisioners enable Harness Workflows to provision infrastructure on the fly when deploying Services.

Typically, when creating your Harness deployment, there is an assumption that you already have an infrastructure in place where you want to deploy your Services. In some cases, you will want to use an Infrastructure Provisioner to define this infrastructure on the fly.

Add an Infrastructure Provisioner such as CloudFormation or Terraform as a blueprint for the system, networking, and security infrastructure for the service(s) you deploy. Define components such as load balancer, VPC, subnets, firewall rules, security groups, and so on. When Harness deploys your microservice, it will build your infrastructure according to this blueprint.

After you set up an Infrastructure Provisioner in your Harness Application, you can add it as a Pre-Deployment step in a Workflow or as a Service Infrastructure in an Environment. Once configured, your Workflow can deploy multiple Services, each using the same Infrastructure Provisioner as a blueprint, and passing in Service-specific input variables to create Service-specific deployments using the single Infrastructure Provisioner.

See also Application Checklist, Add a Service, Add an Environment, Add a Workflow.

Provisioning Process with Harness Variables

Infrastructure provisioner templates include inputs and outputs that Harness uses for provisioning:

  • Inputs - Typically, provisioner inputs are information needed to access the target environment, such access and secret keys. In Harness, you can write values from Harness Secrets Management or Workflow variables to template inputs to be used at runtime.
  • Outputs - In order for Harness to create infrastructure using your provisioner, you map template outputs (VPCs, regions, subnets, etc) to Harness Infrastructure Provisioner Service Mappings, and the outputs are used to provision as the Service is deployed.

The process is as follows:

  1. You create a Harness Infrastructure Provisioner using your infrastructure provisioner templates. You identify the inputs your template requires, such as access keys, and map the template outputs to the fields Harness requires for the different cloud platforms (VPC, subnets, etc).
  2. You set up the Harness Environment and Workflow that will use your Infrastructure Provisioner. For the Environment, you simply identify that the Service Infrastructure uses a Harness Infrastructure Provisioner. For the Workflow, you configure the input variables that Harness will pass to the Infrastructure Provisioner (access keys, etc).
  3. When Harness deploys the Workflow, it uses the infrastructure provisioner (Terraform, CloudFormation, Shell Script) to provision as part of the Pre-Deployment Steps, using the inputs and outputs you configured to provision on the target cloud platform or physical datacenter.
  4. Once provisioning has occurred, the Workflow deploys the Service to the provisioned infrastructure.

Intended Audience

  • DevOps

Before You Begin

Add an Infrastructure Provisioner

To add an infrastructure provisioner, do the following:

  1. Click Setup.
  2. Click the application where you want to add an infrastructure provisioner.
  3. Click Infrastructure Provisioners.
    The Infrastructure Provisioners page appears.
  4. Click Add Infrastructure Provisioner, and select Terraform, CloudFormation, or Shell Script.
    Below are the options for each infrastructure provisioner type.

CloudFormation

You can link to or add CloudFormation templates to the CloudFormation Infrastructure Provisioner. For information on CloudFormation templates, see AWS CloudFormation Templates. Another good resource for AWS CloudFormation templates is AWS Quick Starts.

The CloudFormation Provisioner dialog has several fields where you enter the source type and template.

The Add CloudFormation Provisioner dialog has the following fields.

Field

Description

Name

Enter a name for this infrastructure that describes when it should be used, such as QA Infrastructure.

Description

Enter a description for this infrastructure that tells users the purpose of this infrastructure.

Source Type

Select Amazon S3 or Template Body. If you select Amazon S3, you can enter the URL to the S3 bucket and filename for the template. If you select Template Body, you can paste in the CloudFormation template. For examples of CloudFormation templates, see AWS CloudFormation Templates.

Template File Path

URL to the S3 bucket and filename for the template in that bucket.

Input Variables

See Input Variables in Workflows below.

Terraform

For all information on using Harness Terraform Infrastructure Provisioner, Terraform Provisioner.

Service Mappings

Service Mappings enable Harness to map service-specific values from multiple services to a single Infrastructure Provisioner. Service Mappings are optional.

You can create any resource using Terraform and output values can be published for use in Harness Workflow and Pipelines. Harness supports first class Service Mapping for AWS-based infrastructures (SSH, ASG, ECS, Lambda) and Google Kubernetes (GKE). Google Kubernetes is not supported for CloudFormation as CloudFormation is for provisioning infrastructure on AWS only.

Most infrastructure resources have attributes associated with them, and outputs are a way to easily extract and query that information. For example, in a Terraform template, outputs specify values that will be provided to the user when Terraform applies the template, such as region, VPCs, and subnets.

If you have been running your deployments manually, you might not have outputs configured in your template files. To configure Service Mappings, you will need to add these output variables to your template.

When you use Terraform or CloudFormation with Harness, you can map the template outputs with Harness service settings so that a single Infrastructure Provisioner can be used by many of the services you have configured in Harness.

For example, your Terraform main.tf file contains an output for the AWS region:

output "region" { 
value = "${var_region}"
}

CloudFormation uses a similar outputs format:

"Outputs" : {
"Logical ID" : {
"Description" : "Information about the value",
"Value" : "Value to return",
"Export" : {
"Name" : "Value to export"
}
}
}

You can map the region variable to the Harness services that use this Terraform or CloudFormation template. When the services are deployed, they will use the mapped region.

Mapping is set up in the Infrastructure Provisioning Service Mapping dialog.

To setup service mapping, do the following:

  1. In the Terraform or CloudFormation infrastructure provisioner you configured, click Add Service Mapping. The Service Mapping dialog appears. Here you will specify a service to map to this infrastructure provisioner.

Once you select a service, you can map the Terraform template outputs using this syntax:

${terrafrom.exact_name}

You can map the CloudFormation outputs using this syntax:

${cloudformation.exact_name}

Here is an example of a mapping:

The Service Mapping dialog has the following fields.

Field

Description

Service

Select the service that you want to use this infrastructure provisioner.

Deployment Type

Select the deployment type for the service.

Cloud Provider Type

Select the Cloud Provider type for the deployment environment you will use.

Region

Enter the output variable name for the region output. If you do not have a region output in your template, please configure one.

VPCs

Enter the output variable name for the VPC output. If you do not have a VPC output in your template, please configure one.

Subnets

Enter the output variable name for the subnet output. If you do not have a subnet output in your template, please configure one.

Security Groups

Enter the output variable name for the security group output. If you do not have a security group output in your template, please configure one.

Tags

Enter the output variable name for the output tags. If you do not have a resource tag output in your template, please configure one. Tag variable type must be map.

For more information on Terraform outputs, see Output Variables from Terraform, and Introduction to AWS With Terraform from Medium. For more information on CloudFormation outputs, see Outputs and Amazon.

As an alternative to using variables, you can simply use constants. For example, you could tag nodes with foo and then you would not need to propagate this value through variables.

Set Up with YAML

You can set up an infrastructure provisioner quickly using the Harness code editor.

For information about syncing the Harness code editor with Git, see Configuration as Code.

To set up an infrastructure provisioner using code, do the following:

  1. In the Git repo for Harness, open your application folder.
  2. Inside your application folder, add a new folder named Provisioners.
  3. Add a YAML file with the name that describes your provisioner, like DEV, and save it.
  4. Open the YAML file and define your provisioner. Below are examples for CloudFormation and Terraform. Once you have added the YAML, sync your Git repo with Harness via Configuration As Code. The code editor appears and displays your provisioner.

CloudFormation Example

harnessApiVersion: '1.0'
type: CLOUD_FORMATION
mappingBlueprints:
- cloudProviderType: AWS
deploymentType: SSH
nodeFilteringType: AWS_INSTANCE_FILTER
properties:
- name: region
- name: region
- name: securityGroups
value: ${cloudformation.security_group}
- name: subnets
value: ${cloudformation.subnet}
- name: tags
value: ${cloudformation.aws_ssh_tags}
- name: vpcs
value: ${cloudformation.vpc}
serviceName: TAR-file
name: DEV-CF
sourceType: TEMPLATE_URL
templateFilePath: https://s3.amazon.aws.com/path
variables:
- name: access key
valueType: ENCRYPTED_TEXT
- name: secret key
valueType: ENCRYPTED_TEXT

Terraform Example

harnessApiVersion: '1.0'
type: TERRAFORM
description: module for front-end deployment infra
mappingBlueprints:
- cloudProviderType: AWS
deploymentType: SSH
nodeFilteringType: AWS_INSTANCE_FILTER
properties:
- name: region
value: ${terraform.region}
- name: securityGroups
value: ${terraform.security_group}
- name: subnets
value: ${terraform.Subnet}
- name: tags
value: ${terraform.aws_ssh_tags}
- name: vpcs
value: ${terraform.VPCs}
serviceName: TAR-file
name: front-end
path: terraform-CV
sourceRepoSettingName: git
variables:
- name: access key
valueType: ENCRYPTED_TEXT
- name: secret key
valueType: ENCRYPTED_TEXT


How did we do?