The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Infrastructure as code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. The IT infrastructure managed by this comprises both physical equipment such as bare-metal servers as well as virtual machines and associated configuration resources. The definitions are stored in a version control system. IaC takes proven coding techniques and extends them to your infrastructure directly, effectively blurring the line between what is an application and what is the environment.
Our focus will be to provide tight integration with best of breed IaC tools, such that all infrastructure related workflows in GitLab are well supported. Our initial focus will likely be on Terraform.
Infrastructure and Application provisioning shouldn't be mixed! Application delivery is covered by our Continuous Delivery directions.
Our vision is to provide several levels of Infrastructure as Code support:
GitLab supports transitioning traditional I&O teams to automated Infrastructure as Code solutions from the first steps of providing a source code repository to enabling developers with self-service solutions.
According to Gartner, I&O automation is the second most common investment target in 2021. Adoption is often led by the move to cloud, but it's expected to rise from 5% to 40% by 2023 for on-prem infrastructure provisioning too. The biggest obstacles for adoption are the lack of developers educated in the area.
With GitLab's Infrastructure as Code support - in the order of importance - we are targeting:
As Infrastructure as Code usage scales across teams collaboration pain points around security, compliance and adopting best practices arise. Traditionally these pain points are solved by written documentation. Modern infrastructure as code applications have implemented Policy as Code tools to enable automated checking of infrastructure definitions against easy to write policy definitions. One prime example of this is Hashicorp's Sentinel.
The principles of Policy as Code are closely aligned with Infrastructure as Code. Within GitLab our existing primitives of integrated CI with CI job definition in-code model similar behavior to modern Policy as Code frameworks. At present our existing CI approach allows easy integration of special Policy as Code tools and GitLab.
We have a dedicated page for Kubernetes management directions. The following directions are related to generic Infrastructure as Code tool support in GitLab.
First, we are going to focus on Terraform support, the de facto standard in infrastructure provisioning. Interested in joining the conversation for this category? Please join us in our public epic where we discuss this topic and can answer any questions you may have. Your contributions are welcome!
We would like to provide GitLab users with an unmatched Terraform experience. This involves a Terraform backend that integraets with GitLab pipelines without any setup from the user, and allows advanced state management from within GitLab.
The next steps for GitLab Managed Terraform State are tos provide protected state files support, and provide management interfaces to support debugging infraastructure issues. With protected state files we want to support various use cases where developers and project maintainers have different authorization rights around accessing the infrastructure state file. The management interfaces provide basic administration tasks around state files, like locking, unlocking and removal of the state file. Moreover, it provides views for comparing differernt versions of a state file.
Please contribute to our plans in the related epic.
In the case of Infrastructure as Code, a code change means a change in the infrastructure too. Thus we want to provide a solution that allows our users to have an overview of both the code changes and the final infrastructure changes in Merge Requests.
We've already shipped the first iteration of the Terraform plan in MR widget, and we are working on further improving the experience.
For larger infrastructures, re-usable modules are a call part of the IaC codebase. We intend to provide a Terraform module registry as part of GitLab by extending the current module registries. Please, contribute to our plans around the registry in the Terraform registry Epic
While Terraform is the de facto standard for infrastructure provisioning, there are other tools for configuration management, like Ansible or Chef. Following the Terraform devlopments, we intend to turn our attention to Ansible, and improve Ansible support inside GitLab. You are invited to express your interests and describe your use-case in Ansible integration in our related issue.
Even though we consider our Infrastructure as Code support to be
Minimal at the moment, we see several GitLab customers using our CI/CD capabilities in production environments. Usually, Terraform-focused CI/CD projects are run
as multi project pipelines.
We don't consider GitLab a replacement of IaC tools, but rather a complement. Based on several discussions, we consider Terraform the de facto standard of infrastructure provisioning.
Given the trends around containerization, ephemeral and immutable infrastructures, we expect the relevance of configuration management tools to decrease, and infrastructure provisioning to gain more market share.
As already mentioned, we've several customers using IaC solutions with GitLab. The following list shows our primary points of contacts for customer interviews around IaC.
CloudSkiff describes itself as a CI/CD for Terraform, on steroids.