Interview: Armon Dadgar, CTO of HashiCorp, Discusses Identity and Access Management and Infrastructure as Code

Armon Dadgar

Our team spoke with Armon Dadgar, Chief Technology Officer of HashiCorp to delve into the most recent developments in Infrastructure as Code (IaC), and the challenges that application developers still encounter despite the extensive success of Kubernetes. During our discussion, we explored possible trends to anticipate in 2024, platforms that make it simpler for app dev teams, the recent interest in internal developer platforms (IDPs) around Backstage, and the reasons developers and architects should be enthusiastic about the immediate future for infrastructure development tools.

TNS: Terraform is the de-facto tool of choice for deploying infrastructure. Tools for application deployment are becoming increasingly important in the era of microservices. How does Waypoint (an IDP HashiCorp is building) complement Infrastructure deployment as a tool for application deployment?

As previously mentioned, Terraform has become the de-facto tool for performing infrastructure as code. An essential aspect of its success is that it provides a robust DSL [Domain Specific Language] and a workflow that instills confidence in its users. However, this versatility and capability come with a price, which is that users must be knowledgeable in configuring the underlying infrastructure. Large organizations frequently inquire about how to scale up to a development organization comprising thousands or tens of thousands of developers.

Waypoint is devised to bridge the gap between operators with an in-depth understanding of cloud infrastructure and development teams that want to concentrate on their applications.

The objective is to empower operators to define a repetitive array of “Golden Patterns” with Terraform, in the form of infrastructure as code modules, and then to present those patterns in a simplified manner to developers via Waypoint. These patterns can then be assessed by security and compliance teams to include those concerns at design time, rather than adding them later.

“The goal is to enable operators to define a repeatable set of “Golden Patterns” with Terraform, in the form of infrastructure as code modules.”

Beyond the initial deployment, the aim is to allow platform teams to establish the set of “Golden Workflows” that align with the patterns, so that developers can be distanced from the specifics and concentrate on their outcomes.

For instance, they might utilize a Java application pattern, which could incorporate workflows for building the app, deploying to production, and rolling back if something goes wrong, and so on. This enables Waypoint to operate as an Internal Developer Platform, rather than just a Terraform abstraction layer.

We believe that in combination, Terraform and Waypoint can provide end-to-end automation for application teams while catering to the needs of both the platform operators and the end application teams.

In your keynote at HashiConf 2023, you talked about trends in cloud infrastructure. Kubernetes is the de facto platform for infrastructure and yet it’s deemed as complex and application development unfriendly. How do you see the Kubernetes and developer tools ecosystem evolving to make application development atop Kubernetes more friendly? Any related announcements you expect or would like to see at KubeCon EU 2024 in Paris?

Over the past decade, the DevOps landscape has seen a proliferation of tools. A comprehensive approach to illustrating this is to scrutinize the Cloud Native Computing Foundation landscape. While these tools are powerful and have facilitated the resolution of a substantial set of problems with greater automation than before, they also entail a high cognitive overhead and learning curve for utilization.

It appears that developers are now inclined towards simplicity, and that this is the impetus behind the interest in Internal Developer Platforms. Our stance is that there is a diverse set of requirements for platform operators, who desire control and flexibility, versus application developers, who want to concentrate on the lifecycle of their applications without being weighed down by the specifics.

For Kubernetes specifically, I believe this differentiation also holds true. It’s crucial to realize that Kubernetes is a highly potent and flexible platform, which is advantageous for operations teams who comprehend it.

Yet, for application teams, it’s perhaps unnecessary for them to engage directly with its primitives, but instead, establish a higher-level set of abstractions or platform interfaces.

Many customers are endeavoring to develop their own abstraction layers with tools such as Spotify Backstage, or entirely bespoke solutions.

For us, this was the stimulus to expand Waypoint, enabling it to provide a reusable solution that platform teams can configure, rather than devising custom-built and sustained solutions. Given the platform’s popularity, Kubernetes is among the most frequently employed platforms with Waypoint.

Let’s talk about Artificial Intelligence, the last subject you touched upon during your keynote. Does AI have a role to play in Infrastructure as Code (IaC)? How do you reconcile immutability, which is at the core of IaC, and the unpredictability that is the very nature of AI?

I’m exceptionally enthusiastic about the involvement of Generative AI in Infrastructure as Code. In many ways, infrastructure as code has enabled the management of larger and more intricate infrastructure compared to traditional methods, which were more manual. However, this necessitates writing infrastructure as code and upholding it over time.

I am of the opinion that Generative AI can aid in both these aspects, by guiding us in authoring the code and by aiding in synthesizing it to make it simpler to comprehend and maintain. Nevertheless, there are existing challenges, such as hallucinations or imperfect training data leading to generated code containing vulnerabilities or misconfigurations.

This places an emphasis on improving the validation of the code that is generated, irrespective of whether it is human-generated or machine-generated. This is why we have been investing in concepts like Policy as Code, which permits automated checks to confirm the security or the observance of best practices. We are convinced that this is the only way to review all the code that will be generated, considering that GenAI has the potential to significantly increase the surface area.

Furthermore, I hold the view that these tools are most effectively utilized to supplement human experts. The presence of a human in the loop remains beneficial for a valuable sanity check, and enables the handling of unforeseen scenarios in a more graceful manner.

Can you predict the evolution of the HashiCorp tools landscape in the near future (ideally within a year or two) from the perspective of application development in general and Kubernetes in particular?

On a broad scale, the focus of the HashiCorp portfolio is on managing infrastructure lifecycle and security lifecycle. Concerning infrastructure, our focus is on administering infrastructure from inception to end in an automated and secure manner. Concerning security, we are dedicated to automating access and credential administration for both people and applications.

Throughout the portfolio, I believe the paramount themes for us revolve around simplicity. We have constructed an immensely powerful ecosystem of tools that are widely utilized, but to enable the succeeding generation of users, we need to lower the complexity quotient. There are opportunities to harness GenAI for some of this, but there is also an emphasis on a more integrated platform experience, incorporating products like Waypoint.

The emphasis on simplicity is also quite accommodating of Kubernetes. It’s apparent that Kubernetes is an immensely popular platform across the industry and with our users, thus we are striving to make it easier to oversee Kubernetes clusters and resources with Terraform, simplify secret management with Vault, broker access for developers with Boundary, enable cross-cluster networking with Consul, and abstract complexities with Waypoint.

We even have some clients operating Kubernetes on Nomad, which has enabled them to commission clusters on demand for their internal application teams!

Is there anything else you would like to convey to developers and architects, and why should they be filled with excitement about 2024?

I persist in harboring great enthusiasm for cloud infrastructure. We have observed the evolution of cloud, from provisioning low-level IaaS primitives, to the higher-level platform and SaaS capabilities. This signifies that we have an array of tools at our disposal to empower developers. This has provided us with an enormous amount of power and complexity.

It fills me with enthusiasm to observe that as we enter 2024, the conversation has turned, and now there is an emphasis on reinstating simplicity and pivoting towards facilitating developers to move swiftly, without being obligated to become experts in hundreds of different tools and ecosystems. I am thrilled about the evolution of Internal Developer Platforms, and approaches to simplifying security in the cloud.

In addition, the influence of GenAI is expected to be a source of amusement as the sector continues to evolve, and we are working towards propelling the frontier at HashiCorp.

Group Created with Sketch.

Leave a Reply

Your email address will not be published. Required fields are marked *