Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparing Key Differences

Terraform & Pulumi
Comparing Key Differences

About us Nguyen Viet Hung
Role: DevOps Engineer
Phone: 0968 454 512
Gmail: hungvietnguyen6241@gmail.com
Nguyen Hoai Nam
Role: DevOps Consultant Engineer
Phone: 0986 166 571
Gmail: namnh568@gmail.com

Terraform overview
• What is Terraform?
• How does Terraform work?
• Why Terraform?
01.

Copyright by DevOps Services Center 2022
What is Terraform?
Terraform is an infrastructure as code tool that lets you define both cloud and on-premise
resources in human-readable configuration files.
Terraform facts:
- Created by HashiCorp
- Initial release: 28 July 2014
- Stable release v1.1.7 (March 02, 2022)
- Repository: https://github.com/hashicorp/terraform
- Written in Go
- License: Mozilla Public License v2.0
- Website: www.terraform.io

How does Terraform work?
Source: https://geekflare.com
Terraform has two main components that make up its architecture:
• Terraform Core
• Providers

How does Terraform work?
The core Terraform workflow has three
steps:
1. Write - Author infrastructure as code.
2. Plan - Preview changes before applying.
3. Apply - Provision reproducible
infrastructure.
Source: https://terraform.io

Why Terraform?
• It’s a great tool that is easy to use.
• It has many providers, including AWS, GCP, Azure, Kubernetes.
• It allows you to create reusable modules.

Pulumi overview
• What is Pulumi?
• How does Pulumi work?
• Why Pulumi?
02.

What is Pulumi?
Pulumi is an open source infrastructure as code
tool for creating, deploying, and managing
cloud infrastructure.
Pulumi was established at 2018 and able to works with traditional infrastructure like VMs, networks,
and databases, in addition to modern architectures, including containers, Kubernetes clusters, and
serverless functions.
Pulumi supports dozens of public, private, and hybrid cloud service providers.

How does Pulumi work?
• You write a Pulumi Program which
is executed by a language host.
• You handover that Program to
the Engine (using the Pulumi CLI).
• The engine compares the desired
state of your infrastructure with
the stack's current state and
figures out the needed changes.
• The engine then uses resource
providers to manage the
resources.

Pulumi components
• Programs reside in a project, which is a directory that contains source code for the program and metadata
on how to run the program.
• Stacks are similar to different deployment environments that you use when testing and rolling out
application updates.

Why Pulumi?
• Using familiar languages (JS,TS, Python, Go, C#, F#) for infrastructure as code, you get
many benefits: IDEs, abstractions including functions, classes, and packages, existing
debugging and testing tools, and more.
• Greater productivity with far less copy and paste, and it works the same way no matter
which cloud you're targeting.

Terraform vs. Pulumi/ Users and Providers
Users
Resource
support
Terraform
Suitable for many roles: Developers,
DevOps Engineers, System Admin,…
especially Developers with System admin
background who prefer to use because of
its easy-to-read, easy-to-write syntax.
1945 providers, 8673 modules & counting
Support:
• IaaS: AWS, Azure, GCP, Alibaba Cloud
• PaaS: K8S, heroku
• SaaS: Fastly, Clouldflare
• On-premise: Openstack, VMWare
vSphere
Pulumi
Suitable for Developers who have
working experiences with Cloud platform
and take advantage of working with
Cloud by API.
82 providers included: cloud, database,
infrastructure, monitoring, network,
utility, version control,...

Terraform vs. Pulumi/ Syntax
HashiCorp's Language with .tf extension

Terraform vs. Pulumi/ Syntax
dotNet ( C#, F#), Python, JS, Golang
Regular Python Python Programming Language
with .py extension

Terraform VS. Pulumi/ Testing source code
Unit test
Configuration parsing:
terraform fmt –check
terraform validate
Plan representation
terraform plan
Intergation test
• terratest
• kitchen-terraform
• inspec
Tool
Deploy/
Destroy
Validate Work with
Terratest Yes Yes
Terraform, K8S, Docker,
Packer, Server, Cloud APIs
kitchen-terraform Yes Yes Terraform
inspec No Yes Servers, Cloud APIs
Custome validation rule

Terraform VS. Pulumi/ Testing source code
- Pulumi uses general
purpose programming
languages to provision
cloud resources.
- Pulumi provides
multiple testing styles
for cloud programs: UT,
IT, ST,…

Terraform VS. Pulumi/ Structuring Large Projects
- Organized into modules for reusability
- Separate each environment into its own folder or even an
entirely separate repository
Pulumi is written and used by API, and is
not a DSL, so the structure of the source
code will depend on the skill of the
developers.

Terraform VS. Pulumi/ State File Troubleshooting
- Local state : terraform.tfstate
- Remote state: Terraform
Cloud, HashiCorp Consul, Amazon S3,
Azure Blob Storage, Google Cloud
Storage, Alibaba Cloud OSS, and more.
• terraform refresh // Update the state to match remote systems
• terraform import / Associate existing infrastructure with a Terraform resource
• terraform state (rm, mv) // Advanced state management
• Terraform plan/appy
Command:

Terraform VS. Pulumi/ State File Troubleshooting
References: Pulumi CLI | Pulumi
Pulumi is controlled primarily using the command line interface (CLI).
It works in conjunction with the Pulumi service to deploy changes to your cloud apps and
infrastructure.
Common commands
pulumi new: creates a new project using a template
pulumi stack: manage your stacks (at least one is required to
perform an update)
pulumi config: configure variables such as keys, regions, and
so on
pulumi up: preview and deploy changes to your program
and/or infrastructure
pulumi preview: preview your changes explicitly before
deploying
pulumi destroy: destroy your program and its infrastructure
when you’re done
Some commands for file state
troubleshooting
pulumi preview - Show a preview of updates to a stack’s
resources
pulumi refresh - Refresh the resources in a stack
pulumi import - Import resources into an existing stack

Terraform VS. Pulumi
Other Features Terraform Pulumi
Embedded within Application code No Yes
Import/ Convert other template to
Terraform/ Pulumi tools
No Yes

Best practices
1. Define format before stating
• Coding structure
• Naming convention: resource block label, variable name,
• Follow your language code

Best practices
1. Define format before stating
• Coding structure
• Naming convention: resource
block label, variable name,
• Follow your language code

Best practices/Terraform
2. Operations
• Always plan first
• Use service principal credentials for CI
• Don’t modify state manually
3. Security
• Use remote state and encrypt state
• Don’t store secrets in state
• Make sensitive outputs

Best practices/Terraform
1. Use for_each for iterated resources

Demo

akaWORK solution

References
- https://cloud.google.com/docs/terraform/best-practices-for-terraform#general-style
- https://www.pulumi.com/blog/pulumi-recommended-patterns-the-basics/
- https://phoenixnap.com/blog/pulumi-vs-terraform
- DevOps series and more

Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparing Key Differences

Related slideshows

More Related Content

Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparing Key Differences