open-consul/website/content/docs/nia/architecture.mdx

61 lines
2.6 KiB
Plaintext
Raw Normal View History

---
layout: docs
page_title: Architecture
description: >-
Consul-Terraform-Sync Architecture
---
# Consul-Terraform-Sync Architecture
Consul-Terraform-Sync is a service-oriented tool for managing
network infrastructure near real-time. Consul-Terraform-Sync runs as a daemon
and integrates the network topology maintained by your Consul cluster with your
network infrastructure to dynamically secure and connect services.
## 10,000 Foot View
2020-11-23 07:47:58 +00:00
[![Consul-Terraform-Sync Architecture](/img/nia-highlevel-diagram.svg)](/img/nia-highlevel-diagram.svg)
The diagram shows Consul-Terraform-Sync monitoring the Consul service catalog
for updates and utilizing Terraform to update the state of the infrastructure.
There are two principal aspects of Sync to know about corresponding to the
lines to Consul and Terraform in the diagram above. The line to Consul
represents the Watchers monitoring the state of Consul's service catalog (and
possibly KV store) while the line to Terraform represents tasks being run to
update the infrastructure.
## Watcher and Views
Consul-Terraform-Sync monitors Consul for updates utilizing Consul's [Blocking
Queries](/api-docs/features/blocking) whenever supported, falling back on
polling when not. The watcher maintains a separate thread (known internally as
a view) for each value monitored, running any tasks that depend on that watched
value whenever it's updated. Say, for example, running a task to update a
proxy when an instance goes unhealthy.
## Tasks
A task is the action triggered by the updated data monitored in Consul. It
takes that dynamic service data and translates it into a call to the
infrastructure application to configure it with the updates. It uses a driver
to push out these updates, the initial driver being a local Terraform run. An
example of a task is to automate a firewall security policy rule with
discovered IP addresses for a set of Consul services.
## Drivers
A driver encapsulates the resources required to communicate the updates to the
network infrastructure. The following [drivers](/docs/nia/network-drivers#terraform) are supported:
docs/nia: scheduled tasks (#11283) * docs/nia: scheduled tasks Add basic scheduled task documentation * Add source input documentation Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> * Fix some links * Update Optional Input Variables section * Apply suggestions from code review Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com> * Add source input documentation Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> * updated docs with new "source input" terminology where necessary * Apply suggestions from code review applied Karl's recommendations Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> * addressed code review comments - added rendered input examples to terraform-modules.mdx - added hyperlinks to terraform-modules.mdx in configuration.mdx - re-worded initial description of Services Source Input in terraform-modules.mdx * addressed code review comments - fixed spacing of regexp parameter for services source input - reworded description of source input in terraform-modules.mdx * Update from feedback - Add "currently" to clarify source input is currently only supported with schedule condition - Reword inspect mode behavaior for scheduled tasks Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com> Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com> Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-13 14:58:12 +00:00
- Terraform driver
- Terraform Cloud driver<EnterpriseAlert inline />
Each driver includes a set of providers that [enables support](/docs/nia/terraform-modules) for a wide variety of infrastructure applications.
## Security Guidelines
docs/nia: scheduled tasks (#11283) * docs/nia: scheduled tasks Add basic scheduled task documentation * Add source input documentation Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> * Fix some links * Update Optional Input Variables section * Apply suggestions from code review Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com> * Add source input documentation Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> * updated docs with new "source input" terminology where necessary * Apply suggestions from code review applied Karl's recommendations Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> * addressed code review comments - added rendered input examples to terraform-modules.mdx - added hyperlinks to terraform-modules.mdx in configuration.mdx - re-worded initial description of Services Source Input in terraform-modules.mdx * addressed code review comments - fixed spacing of regexp parameter for services source input - reworded description of source input in terraform-modules.mdx * Update from feedback - Add "currently" to clarify source input is currently only supported with schedule condition - Reword inspect mode behavaior for scheduled tasks Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com> Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com> Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com> Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-13 14:58:12 +00:00
The [Secure Consul-Terraform-Sync for Production](https://learn.hashicorp.com/tutorials/consul/consul-terraform-sync-secure?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS)
tutorial contains a checklist of best practices to secure your
Consul-Terraform-Sync installation for a production environment.