Automate Cloudflare with Terraform and GitHub Actions! - Terraform Tutorial for Beginners
Ғылым және технология
Terraform is a powerful infrastructure as code tool to help you create and manage infrastructure across multiple public or private clouds. It can help you provision, configure, and manage infrastructure using their simple and human readable configuration language. Using Terraform helps you automate your infrastructure and your DevOps workflow, do it consistently, and allows you to collaborate with teams in Git. Today, we're going to set up and configure Terraform on your machine so we can start using Terraform. Then we'll configure cf-terraforming to import our Cloudflare state and configuration into Terraform. After that we'll set up a GitHub report and configure GitHub actions so you have CI and CD for deploying your Infrastructure automatically using a Git Flow. If you're new to Terraform, that's fine! This is a beginner tutorial for Terraform and by the end of this, you will feel like an expert!
Video Notes: technotim.live/posts/terrafor...
Support me on Patreon: / technotim
Sponsor me on GitHub: github.com/sponsors/timothyst...
Subscribe on Twitch: / technotim
Become a KZread member: / @technotim
Merch Shop: l.technotim.live/shop
Gear Recommendations: l.technotim.live/gear
Get Help in Our Discord Community: l.technotim.live/discord
2nd channel: / @technotimtalks
(Affiliate links may be included in this description. I may receive a small commission at no cost to you.)
#terraform #cloudflare #github
00:00 - What is Terraform and what are the benefits of Terraform?
01:15 - How to Automate Cloudflare with Terraform
03:19 - How to Install Terraform
03:59 - How to Initialize a new Terraform projects
04:38 - Terraform Providers
05:54 - Cloudflare Provider for Terraform
08:35 - Getting an API Token from Cloudflare
10:55 - Terraform Plan & Terraform Apply
12:18 - Importing Cloudflare State to Terraform
14:54 - Import State using cf-terraforming
17:16 - Configuring Terraform Cloud for your Terraform State
20:43 - CI / CD with Terraform
21:32 - Create a new GitHub Repo
21:59 - Import Project into GitHub with Git
24:34 - Adding GitHub Action for Terraform
27:22 - Adding Terraform Secret to GitHub Action
28:55 - Pull Request Workflow with CI / CD and Terraform
33:16 - What do I think about Terraform?
34:23 - Stream Highlight - "I'm done clicking buttons!"
Thank you for watching!
Пікірлер: 102
Have you thought about using Terraform? How do you use it?
@Jimmy_Jones
Жыл бұрын
Have thought about it. But want to learn Ansible first. Keep putting it off.
@weiyen
Жыл бұрын
I use Terraform to provision anything on a platform , Vmware , Azure , Rancher , I use it with Gitlab Runner for cicd . Its awesome.
@thejonte
Жыл бұрын
Hi Tim! I have thought about it, but I don't use it.
@Skyler9604
Жыл бұрын
Just started using it in the homelab. I recently discovered the Rancher Terraform provider 😁
@Skyler9604
Жыл бұрын
Would be cool to see a Rancher via Terraform video for learning about TF without having to pay for a cloud provider once the free tiers are up!
One of the biggest injustice in life is to see this video only got 35k views. This is great work Tim. Thanks for doing this.
Small correction here (unless I misunderstood in which case I apologize). Terraform does not take away the nuance of writing specific code away from you solely based on providers. The resources available (per provider) as well as the structure each provider offers differs greatly. For example for a VM on AWS you'd need resource called "aws_instance" whereas for GCP (Google) you'd need resource called "google_compute_instance". Each has its own configuration and would require you to write pretty much different stuff. Generally the "agnosticity" of Terraform stops on the fact that you can support _most_ providers in a single frramework, and on the same files of code and that you can _transfer_ your code from one to another. But (sadly) it does not allow you to hit multiple birds with one stone. Other than that of course great video Tim! Well done! :)
@TechnoTim
Жыл бұрын
Thank you!
30:50 Tim struggling to show us that he is other Tim/Guy ..... 😂🤣.... Appreciate his efforts💚
Awesome video. so helpful. looking forward to see more videos from you on CloudFlare Terraform, for example WAF, ruleSets, etc.
Big fan of terraform -- use it nearly every day for work.
I use terraform for customer onboarding and it really is an awesome tool. Writing a custom provider was challenging but well worth it! You can do almost anything with it!
I use terraform daily for work. It’s a great tool and lots of support. One small thing that I did for big production deploys was to make an alias that runs terraform apply and then notifies my discord server. Sometimes applies with ecr or images can take more than 15mins and it’s annoying to have to continually be checking on the deploy status instead of working on something else. Love the content Tim. Thanks for everything -Lesterine from twitch
This is awesome, I've been using terraform to provision my proxmox and upcoming harvester machines using a self hosted gitlab and their ci/cd. I'd love to see a video on setting up a "production" ready vault for secret management. Awesome content as always!!
I love using terraform! Such a great tool. Mainly I am using it on all clouds and services to maintain my infrastructure setup and keep it repeatable deployable.
Love to see how you were excited once after hours of API Tokens, git commit ecc the record changes ahahah! Amazon tutorial, cheers from Italy!
I've been wanting to start learning Terraform for a while now and always found an excuse to do the same with Ansible. I'm a big fan of yours and it really made me want to sit down and finally try Terraform. Thank you very much!
@TechnoTim
Жыл бұрын
Thank you! I am glad this inspired you to try it out!
This was the most useful devops ci/di example video. Thank you
@slade208
Жыл бұрын
When I go through this 35 min video it's literally going to take me at least a whole day but as an OG systems guy trying to learn modern ops this was great example
@TechnoTim
Жыл бұрын
Glad it was helpful!
@slade208
Жыл бұрын
@@TechnoTim I finally made it through this tutorial. It took a bit of time as expected as there things I needed to learn (I never used github before). I integrated a personal twist (Doppler secrets manager). I learned so much so I wanted to thank you again
Once again, a great video! Thanks Tim
Really amazing tutorial and been waiting for your content, Thanks Tim
Thanks Tim, will try terraform after watch your video. Seems pretty simple and straightforward.
terraform cloud has version control integration.. can run a plan when pushed , then apply when merged to main. Good stuff Tim
More Terraform videos, you are awesome!
Awesome video as always. Thank you Tim!
@TechnoTim
Жыл бұрын
Glad you enjoyed it!
I was pretty skeptical at first, but this looks amazing.
thanks for the demo and info, have a great day TT
Awesome video Tim! o/
Great content!!
Amazing stuffs thank you for the effort
Nice video dude!
We use this professionally for all of our infrastructure. But I didn’t set it up myself, so a lot of the time I’m using our custom modules. We have our own custom modules in a separate git repo to our actual infrastructure too. It works really well, but we’re eventually moving from terragrunt and state in gcp to terraform cloud, which will be great.
@bradleystannard7875
Жыл бұрын
Interested to know why you're moving from state in GCS to terrraform cloud? We've got alot of CI setup so as soon as you create a folder in GCP and the subsequent projects, it creates a state bucket in a central project with the required IAM for the SA to apply ir
please share your future development on terraform, very interested!
Thanks for this video! Do you have plans to make videos about Crossplane?
Thank you for this video. I put it to use today with some minor tweaks of using S3 bucket instead of terraform cloud. I’d love to know how you would import all your cloudsflare configurations like dns, page rules, worker routes, etc. into one single tfstate? And be able to handle all of that between multiple zones. Would you handle multiple zones as separate state files or keep it as one big state file with all the zones and all their configurations?
thank you thank you thank you
I haven't looked into this at all, but this really seems like something Ansible would be better at doing. Generally Terraform is great for deploying infrastructure and Ansible is good at configuring things.
its so next level to me but its nice to have it on my server lol
Hi @TechnoTim, Great content. Had a query with respect to editing existing records in cloudflare. I have an existing cloudlflare zone with some page rules and records. If i want to add a new page rule (for caching some files) through terraform, should i import and add just the existing 'page rules' and add my page rule with it in the tf file? or should i be importing all the resources types, like cloudflare record etc along with the page rules and make it part of my tf file? Please let me know.
I wish I can see some tutorials on how to deploy docker containers/volumes using terraform in AWS🙏
Tim excellent video!, I would like ask you 2 questions: 1. Is possible to import any already exist resources even from another providers? 2. When your set the Terraform cloud API Key variable into of GitHub actions; its allow to retrieve the remote terraform state and environment variables too from Terraform cloud?
Great video, love your content! Just one question. If you make changes on the cloudflare website, does the state file get updated or do you have to re-import it all?
@TechnoTim
Жыл бұрын
I think you have to import it again. That’s why I moved it to CI. That does mean thought that I can’t change anything in the UI unless I want to import state again.
@LamethHUN
Жыл бұрын
If you delete something on cloudflare, and want the state file to reflect this change, run the `terraform apply -refresh-only` command. If you create a new resource, then you have to import it just as Tim mentioned.
Loved the video! Have you any ideas about managing state in a homelab? Presuming all the cloud options don't have access to manage internal services. I'm currently running terraform with pihole and proxmox mostly, but looking into the best way to create a ci workflow. Thanks
@samuelhulme8347
Жыл бұрын
Jenkins is very good for running CI on your own machines. It’s a bit complicated at first, but can automate nearly everything
i am using tearrform now and i was add cloudfler to my deployment
@TechnoTim are you able to automate cloudflare using gitlab ci/cd? do you have a demo?
Question, since your using Terraform Cloud for the state file did you look into the option to connect your GitHub repository from terraform cloud?
@TechnoTim
Жыл бұрын
Yes, I did see that option and tried it, but I’d rather create the action myself rather than grant a service access to my repo!
@agelosnm
Жыл бұрын
@@TechnoTim It's a nice option! I am using it and it's working nicely with the git workflow. It's what fits better to everyone. :)
Great video, but maybe I'm missing the point. If I keep the bind file in git and then just use the CloudFlare API to export/import that git backed bind file aren't I getting the same result. Is the selling point the linting? Disclaimer, git backed dns is how I've been managing dns for a long time on selfhosted bind servers, only recently started with CloudFlare since they have such and awesome API! Terraform is awesome, just not sure how it's better for CloudFlare DNS.
Automating MitM survailance on your data with ease
is there a workaround if i don't have an active domain so that the terraform config file can run without errors ?
Terraform would be so much cooler if there was no local state. Basically if the state would always be derived from the state of the live infrastructure.
@Pariah902
Жыл бұрын
What you describe is essentially the concept of Ansible, when it comes to state. But obviously, Ansible works completely different than terraform.
@carlsjr7975
Жыл бұрын
Terraform would be good if it could be reused across cloud providers and instantiations. I got fed up when I was having to write code to write the hcl. You cannot conditionally configure a provider. It's hot garbage if you actually want to reuse your IAC.
@Pariah902
Жыл бұрын
@@carlsjr7975 I know the feeling, I switched to Pulumi and defined my whole Infrastructure in Python.
@MrWadezz
Жыл бұрын
@@Pariah902 I'm not sure to follow. Ansible is stateless, meaning it has no records of the infrastructure. What he's describing is a rather dangerous system where there is a two-way sync between the infra and the code, which prevents drift detection and stuff like that that terraform can do because it is the only source of truth.
@Pariah902
Жыл бұрын
@@MrWadezz yeah, you are right, i shouldn't have said that this is the way Ansible handles state (because, as you have said, Ansible doesn't manage state). What I meant was, that if you strictly implement idempotency with Ansible, it should infer state from it, because any drift would be corrected.
did 'other tim' with hat forward actually genuinely help anyone else track what he was saying? 🙌 lol
You talked about putting keys in bashrc. Well that works but you should be putting terraform variables file: Terraform automatically loads all files in the current directory with the exact name terraform.tfvars or matching *.auto.tfvars. You can also use the -var-file flag to specify other files by name.
@hiimvink123
Жыл бұрын
Then make sure to put *.auto.tfvars in the .git ignore file
quite a few inconsistencies in the video ... but overall good enough didn't know about the cloudflare mass importer for terraform i'm also very hesitant adding API keys on third party apps/platforms that i don't control like terraform cloud or github 😊
@TechnoTim
Жыл бұрын
uhhh thanks?
@alex.prodigy
Жыл бұрын
@@TechnoTim i said good enough since you did say it's for beginners ¯\_(ツ)_/¯ other than that i do enjoy your videos 😁
I have a file downloading and uploading thing running on my homelab AND Cloudflare has this html content limiting thing due to which the download speeds are just 500kbps. The sppeds were fine for about a year but suddenly they went slow and their support says its not meant for downloading/uploading. Can u do a vedio on how to use bunnyCDN ? It has great pricing but i am worried how to proxy (hide) origin server's ip through it...
do you have cloudflare terraform integration to gitlab ci?
@TechnoTim
9 ай бұрын
Not yet but I should. I need to solve the state drift first to be sure I am only making changes via CI vs. some in CI and some in the UI
Yeah, I got reorged into a group that does this. I don't do it. I get the concept but not the actual application.
Hello Tim, I like your videos, and watch all of them. Can you create video for Proxmox, how to use it to sell vps and hosting, how to integrate billing and automatic deploy system ???
@montyh9448
Жыл бұрын
that is a business plan, it needs consultation fee😆
@bestcinemaonline
Жыл бұрын
@@montyh9448 I need free billing system that can be integrated with Proxmox, not whole business plan :)
Second, haha
Sound much easier to make changes directly in cloudflare
@MrWadezz
Жыл бұрын
That's true if you have like 5 records, in a single domain. When you deal with thousands of records, dozens of domains, terraform makes more sense. same for anything else terraform does :)
@BensTechLab
Жыл бұрын
@@MrWadezz @alqods80 It's also for communicating infrastructure changes across teams of people who can all inspect a diff and see who changed something and when. Then of course disaster recovery (if your account "gets hacked" how quick can you fix or stand-up a new instance or if a key person quits and a new person fills the role how quick can they discover the infra and history of changes). There are lots of reasons for infrastructure as code!