Running Terraform from a restricted environment
When running Terraform to provision and manage Equinix Fabric, Metal, and Network Edge, you may want to run Terraform from a restricted environment. Network filtering ACLs will need a predictable set of IP ranges to permit. This discussion will help you discover the IP services, ports, and address ranges your Terraform runner environment will need access to. We'll also discuss alternative ways to run Terraform configuration. If your ACLs permit the Terraform runner environment outbound HTTPS (TCP 443) and responses, that would cover everything Terraform needs to start provisioning infrastructure on Equinix. We'll assume we don't have unrestricted access and dig in a little further. Upon running, `terraform init`, Terraform will attempt to use DNS (UDP/TCP 53) services and HTTPS services to download provider plugins, such as the Equinix Terraform provider. The default host for fetching these plugins is registry.terraform.io, managed by Hashicorp. This is the defacto hub for public providers and published Terraform modules, although you may run your own local registry service. DNS for the Terraform registry points to CloudFront, a CDN whose addresses may change. If this presents a problem, there are options to download (or mirror) the necessary plugins in advance and use locally distributed copies. https://developer.hashicorp.com/terraform/cli/plugins Similarly, the DNS service for api.equinix.com, the one base domain that the Terraform Equinix provider will need for API access, resolves to Akamai, another CDN whose addresses may change or depend on where the request originates. As a Terraform configuration grows, you'll likely want to enable SSH access to the Metal and NE nodes being provisioned to automate OS provisioning. The SSH addresses will vary depending on the Metro where services are deployed. One way to ensure that the addresses are predictable in Metal is to provision the servers usingElastic IP addresses. A good follow-up question to this discussion is which ranges are assigned to NE devices and whether these IP addresses can be drawn from a predefined pool like Metal's Elastic IP Addresses. Terraform configurations typically include resources from multiple cloud providers. The node where the configuration is run would need to permit access to the APIs of these other providers. We'll leave the network filters needed by provisioned nodes to another discussion. Depending on your needs, cloud service providers offer managed services for Terraform or OpenTofu (a fork of Terraform persisting the original open-source license). These services can run your Terraform configuration predictably and reliably from a central location. Hashicorp provides the HCP service. https://developer.hashicorp.com/terraform/cloud-docs/run/run-environment Alternatives include: https://spacelift.io/ https://upbound.io https://www.env0.com/ https://www.scalr.com/ You can run similar CI/CD Terraform configuration control planes in your own backend with opensource tools such as: https://argoproj.github.io/cd/ https://www.crossplane.io/ https://docs.tofutf.io/ These SaaS providers or local solutions will also need access to the cloud provider APIs and nodes. With these providers you have full control of the configuration that is run and you can work these into a GitOps workflow. There are even more alternatives outside of the Terraform ecosystem. However, the Terraform ecosystem is your best option for the richest IaC integration experience with Equinix digital services. Equinix provides several Terraform modules to make it easy to get started. That extended ecosystem includes IaC tools that take advantage of the robust Equinix Terraform provider. These tools includePulumi and Crossplane. TLDR; You'll want to expose select DNS, HTTPS, and SSH access from your Terraform runners. What alternative deployment strategies did I miss? What other network restrictions should be considered?CFP Readiness for Equinix Demo Day
⛔Closing May 5th The May 5th CFP closing date is fast approaching for Demo Day. Submissions and edits to submissions can be made at Equinix Demo Day 2023 Call for Proposals. Whether you've expressed interest, submitted a draft CFP, or already began working on your demo, here are some considerations to make your CFP standout and make your presentations memorable and actionable. 🔨 Nail the theme The event focus is Equinix integration with talks and demos where the code is shown and is user repeatable. Some example scenarios: A product that includes cloud provider integrations giving it the ability to deploy and manage Equinix resources. This may take advantage of public IaC (Infrastructure as Code), Kubernetes controllers, or SDK (Go, Python, Java) tools for Equinix Metal. Prove your project is resilient. Show it. Destroy it. Show how it can be reprovisioned. Can your project be brought back up without careful attention? A user case story or journey is told. How is this story a unique or common experience? How was integration with the platform utilized? What challenges were presented and overcome by this integration? Tell us more about the developer experience. What made Equinix the right choice for this project? What features would have made this smoother? What features made this shine? How did the developer support, the online community, documentation, tools, or platform features provide value to your organization, product, or project. If the product is a managed service or closed source, these examples would help to make the demo more applicable to the event theme: Helper code and documentation (a tool assisted guide or workshop) reproduces the environment and demonstrates applications running on this product integration. A story about the development process of the integration and the lessons learned Additional routes to explore for this event (fitting open source projects well): How does this solution stack up with alternatives in the ecosystem What design and development choices were made for this project How has the community size and adoption changed What are some of the open challenges past or present, how have they been overcome 🧰 Share your Toolbox There are several ways to publish your integration to get early eyes on it and share it with the community. Our first choice for projects like this is GitHub. Consider the following repositories on the Equinix Labs GitHub organization as a place to park your integration or a template for your project: Equinix Workshop - Create a workshop using this template. Once you've customized the project, enable GitHub Pages and the workshop will be publicly hosted and available. Terraform Template - This template bakes in our best practices and is ready-made for publishing an Equinix Terraform module Terraform Equinix Labs - If you want to share your project with other users of Equinix and turn that project into a workshop, take a look here and open a PR adding your project as a sub-module. Terraform Kubernetes Addons - If your project can run in any Kubernetes environment running on Equinix Metal and has Equinix resource requirements, submit your project as an add-on here so others can take advantage of your integration. Do you have another location in mind? Let us know. 🦺 Pass Inspection As the hosts of the event, we believe the value of any particular product can be demonstrated through open integrations. Our particular focus is on the capability to integrate with Equinix in a user demonstrable and reproducible way, along with the capabilities unlocked through those integrations. The review panel will process CFPs with these considerations. Keep in mind, other CFPs will target common user scenarios especially on network Infrastructure and edge compute automation. While event presentations are not in a product competition, for the purposes of the CFP review, there is a competition of compelling stories. The more engaging we believe those stories fit our user and engineering audience, the more they demonstrate the themes of integrations with Equinix in repeatable ways, the better the chance will be for the CFP to be accepted. The best presentations will be ones where the practitioner viewer is compelled to pull down the discussed project and start experimenting with it to deliver their projects. The presentation, including demos or integrations, does not need to be ready at the time the CFP is submitted. A CFP may be tentatively accepted with the recommendation for a different format or criteria for improving the fit. We will be considering alternate presentation formats for CFPs including panels, lightning talks, and workshops. Tentative acceptance communications will start on May 10th with final acceptance communicated on May 12th. 🧱 Build Your Story Once accepted, we want to have the opportunity to field test your work and storytelling in an advocacy stream or a recorded solution demo. The advocacy live stream is the perfect environment for an early, rough-edges, walkthrough. For demo day, we encourage (but do not require) ironed presentation videos to be submitted no later than two weeks ahead of the event. This will help to avoid any on-air mishaps such as a missed step, flakey builds or runs, and network or availability issues. Presentation windows should leave space for discussion during and after. Another format we can explore is to have the recording voiced over live by the presenter with an event host providing real-time feedback. In this case, the sooner pre-recordings can be offered the better. 🏗️ More Opportunities There are more opportunities for collaboration through presentations and demos on Equinix. This includes streams on Equinix Labs Live and recordings targeted at our solution teams. Future events may provide a better audience for talks and demos that we can't fit into this event. 🚧Demo Site The event page for Demo Day 2023 (equinix.com) is up. As the event nears, we'll be reaching out to CFP submitters with more details on preparation and ways to spread the word. If you haven't already, subscribe to the Equinix Developers YouTube channelwhere you can find playlists of our previous live streamed events: Uncensored GIFEE Day Proximity Dates to remember: CFP Closes: May 5, 2023 Tentative Acceptance: May 10, 2023 Acceptance: May 12, 2023 Pre-recordings submitted: June 7, 2023 Live Streaming: June 21, 2023. See you there! Participants must agree to follow a code of conduct.What's the difference between Playground, Sandbox, and Production?
You might be deploying on Network Edgetoday to run through Charles_Randall's tutorial. While reading up on Network Edge atDeveloper Platform, then perhaps you're thinking "what's the difference between Playground, Sandbox, and Production?". In short: Playground is a test environment to test Equinix APIs, using static data without integrating within the actual API. Sandbox is a mock test environmentto test Equinix APIs, using synthetic data (not production data)to integrate with Equinix APIs before moving to Production. Production is the live environment.New Fabric APIs expand usablity
Connect Using Service Token - Equinix APIs use OAuth 2.0 protocol to authenticate the requests you make to API endpoints. In order to interact with Equinix APIs, you need a bearer acess token. Bearer determines the type of authentication scheme and is a part of the OAuth 2.0 protocol. https://developer.equinix.com/docs
