Consul-Terraform-Sync Architecture

The diagram shows CTS monitoring the Consul service catalog for updates and utilizing Terraform to update the state of the infrastructure.

CTS monitors Consul for updates utilizing Consul’s whenever supported, falling back on polling when not. The watcher maintains a separate thread (known internally as a view) for each value monitored, running any tasks that depend on that watched value whenever it’s updated. Say, for example, running a task to update a proxy when an instance goes unhealthy.

A task is the action triggered by the updated data monitored in Consul. It takes that dynamic service data and translates it into a call to the infrastructure application to configure it with the updates. It uses a driver to push out these updates, the initial driver being a local Terraform run. An example of a task is to automate a firewall security policy rule with discovered IP addresses for a set of Consul services.

• Terraform Cloud driver

  Enterprise

The Secure Consul-Terraform-Sync for Production tutorial contains a checklist of best practices to secure your CTS installation for a production environment.