Workflow models go a long way in determining your team’s efficiency and adaptability - and more importantly, your ability to ship quickly and reliably. Two of the most common approaches are the API-Driven Workflow and the VCS-Driven Workflow.
API-Driven Workflow
An API-driven workflow is characterized by its flexibility, offering engineers granular control over their deployment processes. This approach is ideal for complex implementations that need to be highly customized, allowing direct interaction with APIs and the ability to script around unique business requirements.
- Terraform Cloud API: Allows managing infrastructure as code with direct API integrations. IaC is all the rage these days, and Terraform is the leading tool for cloud-agnostic infrastructure automation.
- Jenkins: For setting up CI/CD pipelines with customizable scripting options. Old-school, but still a beast.
- AWS SDK / Azure SDK / Google Cloud SDK: For interacting directly with cloud resources via custom scripts.
- HashiCorp Vault API: For agnostically managing secrets and sensitive information programmatically
Here’s an example of interacting with Terraform Cloud’s API to apply a configuration programmatically, demonstrating granular control over the deployment:
import requests
# Set your Terraform Cloud API token and workspace details
token = "your_terraform_cloud_token"
workspace_id = "your_workspace_id"
url = f"https://app.terraform.io/api/v2/workspaces/{workspace_id}/runs"
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/vnd.api+json"
}
# Payload to start a new run
payload = {
"data": {
"attributes": {
"is-destroy": False,
"message": "API-driven deployment run"
},
"type": "runs",
"relationships": {
"workspace": {
"data": {
"type": "workspaces",
"id": workspace_id
}
}
}
}
}
response = requests.post(url, json=payload, headers=headers)
if response.status_code == 201:
print("Run started successfully.")
else:
print(f"Error: {response.json()}")
This script triggers a deployment run in Terraform Cloud, showcasing how an API-driven workflow allows for dynamic interaction and granular control over infrastructure.
But this is NOT shots fired at VCS-Driven Workflows
A VCS-driven workflow is all about prescriptiveness. They emphasize governance, compliance, and automation through integration with a version control system like Git. Tools in this category often follow GitOps principles, where the VCS is the single source of truth for the deployment state, ensuring consistency and security.
- Argo CD: Manages Kubernetes clusters by syncing the desired state stored in Git with the actual state. Git is your source of truth.
- Flux CD: Automates application deployment in Kubernetes using Git as the source of truth. No human intervention.
- GitHub Actions: Native CI/CD for GitHub. Just plug and play.
- Pulumi with GitHub: Uses GitHub Actions to drive infrastructure updates based on code changes.
Below is a config file for Argo CD that syncs a Kubernetes application deployment from a Git repository:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: 'https://github.com/your-org/your-repo'
targetRevision: main
path: deploy
destination:
server: 'https://kubernetes.default.svc'
namespace: my-app-namespace
syncPolicy:
automated:
prune: true
selfHeal: true
Push to Git, and Argo CD handles the rest. Argo CD monitors the Git repository and automatically syncs changes to your Kubernetes cluster, ensuring that your deployment state matches the configuration stored in your VCS. This setup provides a clear, auditable, and consistent deployment workflow.
Ketchup or Catsup?
Consider using an API-driven workflow when you need deep customization and control over your workflows, such as in multi-cloud or complex deployment scenarios. You’re less likely to run into issues such as lock-ins. You’re better off using a prescriptive, VCS-Driven Workflow if governance, compliance, and consistency are crucial, such as in highly regulated industries. While managed services and click-ops can be very costly at scale, they offer a more structured approach to deployment. If you’re into tweaking every last detail and need maximum flexibility, the API-driven approach is your weapon of choice. But if you’re all about security, governance, and letting your VCS drive the ship, then VCS-driven workflows are where it’s at. And hey, sometimes the right call is to use a bit of both.