Q&A: HashiCorp CTO Armon Dadgar on IDPs and IaC
We caught up with Armon Dadgar, CTO of HashiCorp to discuss the latest in Infrastructure as Code (IaC), and the gaps that application developers still continue to face despite the enormous success of the Kubernetes. In our conversation, we touched on likely trends to watch for 2024, platforms that make it easier for app dev teams, the recent interest in internal developer platforms (IDPs) around Backstage, and why developers and architects should feel excited in 2024 about the immediate future for infrastructure development tools.
TNS: Terraform is the de-facto tool of choice for deploying infrastructure. Tools for application deployment are becoming increasingly important in the era of microservices. How does Waypoint (an IDP HashiCorp is building) complement Infrastructure deployment as a tool for application deployment?
As you said, Terraform has become the de-facto tool for doing infrastructure as code. A crucial part of its success is that it provides a powerful DSL [Domain Specific Language] and a workflow that gives users confidence. However, that flexibility and power comes at a cost, which is that users need to know how to configure the underlying infrastructure. For large organizations, we often get asked how to scale up to a development organization of thousands or tens of thousands of developers.
Waypoint is designed to bridge that gap between operators who have a deep understanding of cloud infrastructure, and development teams who want to focus on their applications.
The goal is to enable operators to define a repeatable set of “Golden Patterns” with Terraform, in the form of infrastructure as code modules, and then to expose those patterns in a simplified way to developers through Waypoint. Those patterns can then be vetted with security and compliance teams so that those concerns are incorporated at design time, rather than bolted on later.
“The goal is to enable operators to define a repeatable set of “Golden Patterns” with Terraform, in the form of infrastructure as code modules.”
Beyond doing the initial deployment, the goal is to enable platform teams to define the set of “Golden Workflows” that pair along with the patterns, so that developers can be abstracted from the details and focus on their outcomes.
For example, they might consume a Java application pattern, which could include workflows for building the app, deploying to production, rolling back if something goes wrong, etc. This allows Waypoint to serve as an Internal Developer Platform, rather than just a Terraform abstraction layer.
We think in combination Terraform and Waypoint can provide end-to-end automation for the applications teams while catering to the needs of both the platform operators and the end application teams.
In your keynote at HashiConf 2023, you talked about trends in cloud infrastructure. Kubernetes is the de facto platform for infrastructure and yet it’s deemed as complex and application development unfriendly. How do you see the Kubernetes and developer tools ecosystem evolving to make application development atop Kubernetes more friendly? Any related announcements you expect or would like to see at KubeCon EU 2024 in Paris?
Over the last decade, there has been an explosion of tools in the DevOps landscape. I think one of the best ways to chart that is to look at the Cloud Native Computing Foundation landscape. While these tools are powerful and have enabled us to solve a huge class of problems with more automation than before, they come at a cost. In particular, there is a high cognitive overhead and learning curve to using all these different tools.
It feels like the pendulum has started to swing back towards simplicity for developers, and that feels like the driving force behind the interest in Internal Developer Platforms. Our view is that there is a different set of needs for platform operators, who want control and flexibility, versus application developers, who want to focus on the lifecycle of their applications without getting bogged down in the details.
For Kubernetes specifically, I think that distinction also applies. We should acknowledge that Kubernetes is a very powerful and flexible platform, and that is great for the operations teams who understand it.
However, for the application teams, it’s probably not necessary for them to interface directly with its primitives, but rather to create a higher-level set of abstractions or platform interfaces.
I see a lot of customers trying to build their own abstraction layers with tools like Spotify Backstage, or entirely homegrown solutions.
For us, this was the motivation to build out Waypoint, so that it could provide a reusable solution that platform teams can configure, rather than custom build and maintain. Kubernetes is one of the most common platforms people use with Waypoint, given the popularity of the platform.
Let’s talk about Artificial Intelligence which was the last trend you talked about during your keynote. Does AI have a role to play in Infrastructure as Code (IaC)? How do you reconcile immutability, which is at the core of IaC, and the unpredictability that is the very nature of AI?
I’m very excited about the role of Generative AI for Infrastructure as Code. In many ways, what infrastructure as code enabled was the management of much larger and more complex infrastructure relative to traditional approaches which were more manual. However, that requires that you have to write infrastructure as code and maintain it over time.
I believe Generative AI can help with both of those aspects, by helping us to author the code and by helping to synthesize it to make it easier to understand and maintain. To your point, there are still challenges today, with things like hallucinations, or imperfect training data leading to generated code that may contain vulnerabilities or misconfigurations.
This puts pressure on doing a better job with validating the code that is generated, whether human-generated or machine-generated. This is why we’ve been investing in things like Policy as Code, which allows automated checks to validate the security or to validate that best practices are being followed. We think that is going to be the only way to review all the code that will be generated, as GenAI has the potential to massively increase the surface area.
My other perspective is that these tools are still used best to augment human experts. Having a human in the loop still provides a valuable sanity check, and allows unforeseen situations to be handled in a more graceful way.
Can you predict how the HashiCorp tools landscape is going to evolve in the short term (maybe a year or two) from application development in general and Kubernetes in particular?
Broadly speaking, the HashiCorp portfolio is focused on infrastructure lifecycle management and security lifecycle management. On the infrastructure side, we focus on managing infrastructure cradle to grave in an automated and secure way. On the security side, we are focused on automating access and credential management, both for people and applications.
Across the portfolio, I think the key themes for us are a focus on simplicity. We’ve built an incredibly powerful ecosystem of tools that are broadly used, but to enable the next generation of users we need to lower the bar of complexity. There are opportunities to leverage GenAI for some of this, but also a focus on more of an integrated platform experience, with products like Waypoint.
The focus on simplicity is also very inclusive of Kubernetes. It’s clear that Kubernetes is a very popular platform across the industry and with our users, so we are focusing on how do we make it easier to manage Kubernetes clusters and resources with Terraform, how to simplify secret management with Vault, how to broker access for developers with Boundary, enable cross-cluster networking with Consul, and how to abstract the complexities with Waypoint.
We even have some customers who are running Kubernetes on Nomad, which has enabled them to spin up clusters on demand for their internal application teams!
Anything else you want to add to developers and architects and why should they feel excited about 2024?
I continue to be excited about the world of cloud infrastructure. We’ve seen cloud evolve from providing low-level IaaS primitives, to the higher-level platform, and SaaS capabilities. This means we have a lot of tools in the tool chest to enable developers. That has given us a tremendous amount of power, but with it a lot of complexity.
I’m excited that going into 2024 the conversation has shifted and now there is a focus on bringing back simplicity and focusing on enabling developers to go quickly, rather than having to become experts in hundreds of different tools and ecosystems. I’m excited for the evolution of Internal Developer Platforms, as well as approaches to simplifying security in the cloud.
On top of all that is the impact of GenAI. It’s going to be fun to watch the space continue to evolve, and we are working on helping push forward the frontier at HashiCorp.