Using Gitlab-CI to manage your Terraform/Cloudflare configuration

An easy way to manage your Cloudflare configuration using Terraform and Gitlab-CI

Everyone who uses Cloudflare already known the quality and reliability even to users of free plan.

So I don’t need any kind of backup alright?

Wrong. We are humans and shit happens… all time… always. Actually, at this moment, someone are making a mistake. Ask to Murphy.

That’s why it’s a good idea use Terraform and use a versioning system to maintain a history of modifications.

Well, basically you will need to create a new repository in yours Gitlab account (if you didn’t yet), add your terraform files into this repository.

I suggest you to add this line into your in your .gitignore:

.terraform

If you don’t known how to manage your Cloudflare settings using Terraform, here is a post in my blog where I explain how to do that. It is in Brazilian Portuguese, but I’m sure Google can help you with that.

Then you need to create this .gitlab-ci.yml into your repository. It tells to Gitlab how your Pipeline must run.

# Official image for Hashicorp's Terraform. It uses light image which is Alpine
# based as it is much lighter.
#
# Entrypoint is also needed as image by default set `terraform` binary as an
# entrypoint.
image:
  name: hashicorp/terraform:light
  entrypoint:
    - '/usr/bin/env'
    - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

# Default output file for Terraform plan
variables:
  PLAN: plan.tfplan

cache:
  paths:
    - .terraform

before_script:
  - terraform --version
  - terraform init

stages:
  - validate
  - build
  - deploy

validate:
  stage: validate
  script:
    - terraform validate

plan:
  stage: build
  script:
    - terraform plan -out=$PLAN
  artifacts:
    name: plan
    paths:
      - $PLAN

# Separate apply job for manual launching Terraform as it can be destructive
# action.
apply:
  stage: deploy
  environment:
    name: production
  script:
    - terraform apply -input=false $PLAN
  dependencies:
    - plan
      #  when: manual
  only:
    - master

This is it. I hope this post could help you to improve your workflow or made your day easier. Feel free to comment or contact me to discuss about anything. Will be a pleasure.

Thank you for read.

 
comments powered by Disqus