The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
Infrastructure as code (IaC) is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than managing physical hardware configuration or interactive configuration tools. The IT infrastructure managed by IaC can range from physical equipment such as bare-metal servers to virtual machines to other associated configuration resources. The definitions of the infrastructure are stored in a version control system, and changes are often applied automatically. IaC takes proven coding techniques and extends them to your infrastructure directly, effectively blurring the line between what is an application and what is the environment.
According to Gartner, Infrastructure and Operations (I&O) automation was the second most common investment target in 2021. Adoption is often led by a move to the cloud. Furthermore, IaC provisioning of on-prem infrastructure is also gaining momentum, with an expected rise from 5% to 40% between 2020 and 2023.
Despite the intention, one large obstacle remains for widespread adoption: the lack of skilled developers in the area.
By providing easy-to-use primitives and with a focus on good developer experience, GitLab is well-positioned to break down the obstacles of infrastructure as code adoption.
Every software runs on some type of infrastructure. This infrastructure needs to be provisioned, secured, managed and finally destroyed. GitLab users receive an integrated solution for all their infrastructure oriented tasks and processes in a single application.
We imagine GitLab to provide outstanding support for the most often used Infrastructure as Code tools (Terraform and Crossplane) for Platform Engineers, Application Operators and Software Developers. GitLab provides different abstractions for each persona, as a result, Platform Engineers can create infrastructure stacks templates that are easy and straightforward to use by Application Operators and Software Developers.
Once an infrastructure is provisioned, GitLab users can observe their stacks within GitLab and get notified about insecure components.
We focus most of our features in GitLab Free. Non-Free features are focused around reporting, access rights, security and compliance requirements.
GitLab already offers strong integrations with Terraform in the form of the GitLab Managed Terraform state backend, the Merge Request widget, the Terraform module registry and the GitLab Terraform provider.
We don't work actively on this category given other priorities. We are still encouraging community contributions, especially around Open Policy Agent integration for Policy as Code and the GitLab Terraform provider.
We are in the process of checking the category maturity.
We want to improve all the existing features:
Beside Terraform, as our Kubernetes features strenghten, we consider adding support for Crossplane to manage cloud infrastructure in a fully declarative way.
With GitLab's Infrastructure as Code support - in the order of importance - we are targeting:
During our customer interviews, we identified the following core jobs:
When I need to provision or administer cloud infrastructure resources, I want to do it through code, so that I can collaborate on it with others, can run automated tests and deployments, and check out compliance requirements.
|When I need to provision or administer cloud infrastructure resources, I want to do it through code, so that I can collaborate on it with others, can run automated tests and deployments, and check out compliance requirements.||Interviews based||Issue|
When I need to collaborate on cloud infrastructure, I want to control who has read and/or write level access to different parts of the infrastructure, so that I can comply with company security and compliance requirements. (leader)
|When I need to collaborate on cloud infrastructure, I want to control who has read and/or write level access to different parts of the infrastructure, so that I can comply with company security and compliance requirements. (leader)||Interviews based||Issue|
When I need to manage the infrastructure, I need an easy to use, simple workflow, so that I can focus on the task at hand.
|When I need to manage the infrastructure, I need an easy to use, simple workflow, so that I can focus on the task at hand.||Interviews based||Issue|
As Infrastructure as Code usage scales across teams collaboration pain points around security, compliance and adopting best practices arise. Traditionally these pain points are solved by written documentation. Modern infrastructure as code applications have implemented Policy as Code tools to enable automated checking of infrastructure definitions against easy to write policy definitions. One prime example of this is Hashicorp's Sentinel.
The principles of Policy as Code are closely aligned with Infrastructure as Code. Within GitLab our existing primitives of integrated CI with CI job definition in-code model similar behavior to modern Policy as Code frameworks. At present our existing CI approach allows easy integration of special Policy as Code tools and GitLab. The primary difference with policy as code is the separation of duties, namely the appearance of a new persona, the compliance manager.
Today, GitLab's infrastructure as code support is at "Viable" maturity, and we are in the process of validating for "Complete" maturity. We offer deep integrations with Terraform in the form of
Collaboration around Infrastructure as Code is more involved than generic collaboration around code is, because every code change has a direct effect on the underlying infrastructure. To support IaC collaboration workflows, we have developed the Terraform Merge Request widget.
We plan to extend the widget with more insights and have it integrated with the Managed Terraform state.
We would like to provide GitLab users with an unmatched Terraform experience. This involves a Terraform backend that integrates with GitLab pipelines without any setup from the user, and allows advanced state management from within GitLab. GitLab provides a versioned, encrypted Terraform state backend and templates to get started with it. The state backend removes every friction around starting a new Terraform project, and streamlines the complexity of infrastructure to manage.
We have many ideas planned to provide even more funtionality and a better experience around the GitLab Managed Terraform state.
Please contribute to our plans in the related epic.
For larger infrastructures, re-usable modules are a call part of the IaC codebase. We provide a Terraform module registry as part of GitLab by extending the current module registries. We plan to add insights into modules usage for module owners. This should help around deprecations and risk management of modules.
Please, contribute to our plans around the registry in the Terraform registry Epic
We don't consider GitLab a replacement of IaC tools, but rather a complement. Based on several discussions, we consider Terraform the de facto standard of infrastructure provisioning, and we want to support Terraform based workflows.
Given the trends around containerization, ephemeral and immutable infrastructures, we expect the relevance of configuration management tools to decrease, and infrastructure provisioning to gain more market share.
As already mentioned, we've several customers using IaC solutions with GitLab. The following list shows our primary points of contacts for customer interviews around IaC.
CloudSkiff describes itself as a CI/CD for Terraform, on steroids.
We consider HashiCorp to be a partner, not a competitor, and we do not support many advanced features offered by Terraform Enterprise.