Background

Terrafir is a personal project that I have turned into a business. It is a platform the leverages Open Policy Agent, to assess a Terraform plan. Terrafir is completely self-hosted on my Homelab's Kubernetes cluster. The idea began when I was assessing colleagues Terraform deployments and there was not a clear solution in terms of best practices for using Terraform to provision cloud resources.

Process

I began looking into Policy-as-Code and exploring Open Policy Agent (OPA). There was minimal information on how OPA could be used in partnership with Terraform, as OPA is seemingly geared towards Kubernetes deployments. From personal research and industry trends, I codified a library of policies as an engine that could be exposed to an API. I then went about creating the platform and the infrastructure that would support it. I made it my goal to have this platform completely self-hosted, but use all the concepts that I have grown to expect from cloud deployments - yet I didn't want to be beholden to a cloud.

Result

Terrafir runs within my self-hosted Kubernetes cluster. The stack includes:

• • Typescript
• • Vue
• • NodeJs
• • Open Policy Agent
• • Traefk
• • Nginx Reverse Proxy
• • Minio (static site bucket)
• • Terraform (manage Minio and Cloudflare)
• • Jenkins
• • Grafana
• • Prometheus
• • Alert Manager
• • Certificate Management