Terraform your Zentral Configuration.
GitOps for device management are no longer science ficton.
GitOps for device management are no longer science ficton.
Terraform is an infrastructure as code tool. It allows you to create, change, and improve cloud and on-prem resources. Safe and without uncertainty.
Describe a desired state in files using the HCL language, first (more on that below). Then, Terraform will interact with the required APIs to calculate a plan to get to this state, and apply it.
This seemed like a great way to integrate GitOps for the whole configuration of Zentral: All create, read, update and delete operations could be orchestrated automatically by Terraform.
We have developed an official Terraform provider for the Zentral configuration. You don’t have to create a script to use the Zentral API and manage the state yourself. You can describe your configuration items, and apply them with Terraform.
The provider currently supports the Munki, Santa, Osquery and MDM configuration items. We are continuously updating the provider to implement more resources. Our goal is to have full coverage of the Zentral configuration.
How do you migrate to Terraform GitOps you ask? You use Zentral’s Terraform export feature. It’s a fast and easy way to get Terraform-ready HCL files from an existing Zentral deployment.
The exporter creates Zip archives that have all the resource definitions organized neatly . They also include the provider configuration that points to your Zentral deployment. Cherry on top: they contain an import script to synchronize the Terraform state. All you need to do is configure the Zentral API token!
The exporter works for all the modules supported by the Zentral Terraform provider.
Migrate to a Terraform CI/CD setup for you Zentral configuration, with protected branches, change previews, and mandatory peer-reviews.
If your team wants to benefit from a Terraform CI/CD pipeline for the Zentral configuration, but is not familiar with the required tools, we can assist and train them.
You are maybe using a custom secret store for your CI/CD pipeline, or you may have constraints specific to your on-prem environment or industry. We can guide you toward the best custom solution.