Deploy Resources and Toolchains with Terraform

3 min read

The journey to modernize our delivery pipeline continues. Learn how we moved to a Tekton CI/CD pipeline that is deployed using Schematics-managed Terraform (Toolchain as Code).

The IBM Cloud solution tutorial Apply end-to-end security to a cloud application, like many, comes with code and a related GitHub repository. As a reader, you can either follow all the steps and manually create services and deploy the application, or you can take a shortcut and use an automation.

Over time, the automation changed from a classic toolchain with shell scripts in the pipeline to a Tekton-based pipeline with a Terraform-created toolchain. In this blog post, we provide an overview of the recently updated toolchain and how we got there:

A Terraform-created Tekton pipeline running.

A Terraform-created Tekton pipeline running.

Overview: History of a toolchain

The IBM Cloud solution tutorial Apply end-to-end security to a cloud application walks you through how to use some key IBM Cloud security services together. The tutorial uses a file-sharing application as an example. The application source code and an automation to easily deploy the app and required resources are provided in a related GitHub repository.

We first published the tutorial around the early days of the Tekton project—a powerful and flexible open-source framework for creating CI/CD (continuous integration/continuous delivery) systems. At that time, the IBM Cloud Continuous Delivery service only offered support for what, today, is called a classic delivery pipeline. Hence, our initial code included a pipeline-invoked shell script to create the required resources and to deploy the app. The toolchain was based on the Open Toolchain format.

About two years ago, we upgraded the deployment automation to use Terraform code managed in IBM Cloud Schematics to create the cloud services and a Tekton pipeline hosted in the Continuous Delivery service to build and deploy the container image with the application. The toolchain itself still was based on the Open Toolchain format.

Recently, we switched the toolchain creation to Terraform, too. You create an IBM Cloud Schematics workspace to manage the Infrastructure as Code (IaC) deployment. In the workspace, you configure how the Terraform code should create the services and the toolchain. The settings include the resource group, target region, namespace in the Container Registry, service plans, etc. Then, you apply the Terraform code and create the resources. When done, run the delivery pipeline (see screenshot above) and the app is online (see screenshot below):

File-sharing app provided by the IBM Cloud solution tutorial.

File-sharing app provided by the IBM Cloud solution tutorial.

Get started

If you already know the tutorial and want to try out the updated code directly, head over to the GitHub repository and its README file. Make sure to meet the few documented prerequisites, then click the link to create the IBM Cloud Schematics workspace. During that creation process, the directory with the Terraform configuration files is read and evaluated. It includes two new files:

  • The resource configuration for the toolchain: It defines the toolchain, its integrations with GitHub to find the pipeline source code, the pipeline definitions and details on where to run in (spoiler: on a public worker).
  • The resource configuration for the toolchain properties: It defines the input parameters for the Tekton pipeline and its tasks.

When you apply the Terraform plan in Schematics, it creates the service instances for the solution and the toolchain with the Tekton pipeline to build and deploy the app. As part of the latter, it reads the definition files for the Tekton pipeline. Running the pipeline is managed by the Continuous Delivery service. Follow the instruction to run the pipeline in order to build the container image with the app and to deploy it to the Kubernetes cluster.


It is interesting to see how the code for the automated deployment of resources for a single tutorial evolved. As developer, I always try to learn from others or to get hands-on experience on my own. In that sense, I invite you to either learn from the available updated code which I described above or to even utilize the toolchain to deploy the sample app yourself.

Feel free to open an issue in the repository if you run into problems with the updated deployment automation. If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik), Mastodon ( or LinkedIn.

Be the first to hear about news, product updates, and innovation from IBM Cloud