Consul-Terraform-Sync Architecture

The diagram shows Consul-Terraform-Sync monitoring the Consul service catalog for updates and utilizing Terraform to update the state of the infrastructure.

Consul-Terraform-Sync monitors Consul for updates utilizing Consul’s whenever supported, falling back on polling when not. The watcher maintains a separate thread (known internally as a view) for each value monitored, running any tasks that depend on that watched value whenever it’s updated. Say, for example, running a task to update a proxy when an instance goes unhealthy.

A task is the action triggered by the updated data monitored in Consul. It takes the dynamic service data and translates it into a call to the infrastructure application to configure it with the updates. It uses a driver to push out these updates, the initial driver being a local Terraform run. An example of a task is to automate a firewall security policy rule with discovered IP addresses for a set of Consul services.

• Terraform Cloud driver

  Enterprise

The Secure Consul-Terraform-Sync for Production tutorial contains a checklist of best practices to secure your Consul-Terraform-Sync installation for a production environment.