Shipa Blog

Latest updates on our products, plus helpful articles relating to Kubernetes, container security, microservices and more

Terraform and Shipa 101 – Your First Terraform and Shipa Cloud Integration

Leveraging Terraform, which is an infrastructure-as-code [IaC] provider, with Shipa, which is an application-as-code [AaC] platform, is a great match. Using both technologies together is becoming more mature and there have been some great pieces around the art of the possible between the two platforms. Though if you are unfamiliar with both, this guide will get you up and started with both Terraform and Shipa together. In this example will be using Terraform to create all of the necessary Shipa resources to deploy to a Kubernetes cluster. 

Getting Started with Terraform and Shipa

This example will require Terraform, Shipa Cloud, and a Kubernetes cluster. If using a Mac and you don’t have Terraform installed, you can simply use Homebrew

brew install terraform
terraform version
HomeBrew Terraform install

Next will be Shipa Cloud. You can sign up from the Shipa website. In our latest cloud release, you can now use an OAuth provider to sign up with e.g Github or Google or just use an email address. 

Shipa OAuth Signup

Next you can download and wire the Shipa CLI to your Shipa Cloud Instance. 

curl -s | bash
shipa target add shipa-cloud --set-current
shipa login
shipa version

Shipa CLI Version

Lastly you will need a Kubernetes cluster. Any of the major cloud vendors’ Kubernetes offerings such as EKS will work or you can leverage a local cluster like k3d or minikube. Assuming you have a cluster that is spun up and kubectl wired to that cluster, Shipa does use a service account to perform actions on your behalf. The Shipa Documentation has the Kubernetes manifest for this. 

Shipa Admin Service Account

Then just apply the manifest.

kubectl apply -f shipa-admin-service-account.yaml
Apply Shipa Admin Service Account

With that out of the way, you are now ready to create some Shipa Objects with Terraform.

Terraform and Shipa Wiring

All the prerequisites are there so now you are ready to leverage Terraform to create Shipa Objects. To deploy using Shipa, you will need to create a Framework, Cluster, and Application. 

Creating a Cluster requires the Kubernetes API address, an authentication token based off the service account, and a certificate. 

A great place to start is with this archetype project from one of our software engineers, Daniel. You can also take a look at the Shipa Documentation around Terraform for some more templates. Assuming that you start with Daniel’s archetype, I made a few tweaks for this example to leverage Shipa Cloud defaults, which you can clone here

You can download or clone the files and run them by hand if you are comfortable with an IDE like Visual Studio Code, can import the project and wire in the needed variables. 

If using Visual Studio, clone

Clone Terraform Archetype

 Once imported, can work on wiring up the environmental variables [<local_folder>env/dist.tfvars] and fill out required pieces. We will be deploying the WordPress image as an example.

Blank Terraform Shipa Env Variables

Since this Terraform module will create a Shipa Framework for us, we can immediately wire in the Framework name and go ahead and wire in the Application Name and Image. 




Framework filled in TF Env Variables

The next piece to wire in is a Shipa Cloud Authentication token. 

shipa token show
Shipa Auth Token

Now you can wire that into env/dist.tfvars.

The last piece needed will be the Kubernetes specific pieces. The cluster name will be how the cluster appears in Shipa, So you can wire in a name immediately. 


Shipa Token wired to Terraform

Here are the kubectl commands to get the Kubernetes API Endpoint [cluster_ip], token, and certificate. 

kubectl cluster-info | grep 'Kubernetes' | awk '/http/ {print $NF}'
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}')
kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{\.crt}' | base64 --decode
Kubernetes CA Cert

Note: If using the GitHub archetype project, you don’t need to copy in the “-BEGIN-” and “-END-” lines Terraform will append these for you. 

Wire these into env/dist.tfvars.

Your environmental/input variables should look something like this when wired. 

All Terraform Shipa Environmental Variables

Now you are ready to run some Terraform. 

Execute your Terraform

Now you are ready to run some Terraform. In three commands, you will be on your way. 

In Terminal if you have not, CD into the directory with the “00-deploy,tf” file or your if writing by hand. 

The first item is to install the Shipa Terraform Provider. 

terraform init
Shipa Terraform Init

Now you are ready to do a dry-run with Terraform.

terraform plan  -var-file="env/dist.tfvars”
Shipa Terraform Plan

Once that looks good, you are ready to execute/apply Terraform. 

terraform apply -var-file="env/dist.tfvars" -auto-approve

You can watch the progress on in Terraform CLI and Shipa UI. 

Shipa Terraform Apply

And in the UI.

Terraform Apply Events in Shipa UI

Now you can navigate back in the Shipa UI and get an endpoint address for your newly deployed WordPress Image. 

Shipa Cloud -> Applications -> wordpress 

Click on or copy the endpoint

Shipa Endpoint

And ta-da! You are all set with Terraform and Shipa. 

Wordpress deployed by Terraform and Shipa

Learn More From Your Friends at Shipa

Using an IaC and Shipa together is a powerful combination. Recently Shipa was invited to talk at an HashiCorp event where we showed off the integration and art of the possible. Also hope to catch you and one of our upcoming webinars where we dive a little deeper into IaC and AaC [Application-as-Code] concepts.