Hashicorp Waypoint - Some initial thoughts, and what's yet to come...
Last week Hashicorp dropped a product bomb on the world. Not one, but two new open source products were released!
I took one of them, Waypoint, for a spin, and have to say that I'm intrigued. The team took the pluggable ecosystem that they've perfected for the IaC world in the Terraform ecosystem, and are trying to replicate it for the world of web application deployments.
Essentially the product promises to take any application that is targeted to a web deployment, abstract out the build (packaging) system and deployment infrastructure, and provide a unified - and simplified - interface to ship your software. The promise is that you can just write a few (I seem to remember the number 15-ish being used) lines of basic configuration, then type `waypoint up` and the plugins will take care of all of the implementation details.
A bit of déjà vu: it reminds me very much of `vagrant up` for those who remember the early days of Hashicorp. Except that hopefully without the waiting we all remember with love ??.
Anyway, getting back to Waypoint, the promise is absolutely fantastic! And Hashicorp being Hashicorp. there's betting odds that the product will mature to the point that it truly delivers on that promise.
The look and feel and overall architecture is a pattern I've seen lately in Hashicorp products. A central "server" holding the state, providing a web UI and performing as a central hub; runners which is basically anywhere you care to run the CLI, from your desktop to a headless terminal in the cloud; "entrypoints" which are injected into your application to capture basic logs and provide a way for the server to communicate with your software package. The web UI is somewhat reminiscent of the Atlas, and more recently Terraform Cloud, SaaS offering interfaces. There is also basic access control which is there to say "Hello, world!" but doesn't actually do much at the moment, but it is definitely there to be noticed and it promises that the gaps around modern access control will eventually be filled.
The platform is also somewhat opinionated - at the moment, at least - about how web applications should be deployed. It's not necessarily a bad opinion, but you need to live with the concept of deploying immutable new versions - possibly on dedicated infrastructure in the case of the EC2 plugin - which are inherently public facing, and "releasing" the deployments by modifying either the ingress traffic point - think of a load balancer or API gateway - and/or configuration entry - think of a consul service, or DNS record - to flow traffic to the new target. Again, not a bad opinion, but you need to adopt it to make this work.
The reality is that with the exception of tinkering with the software, and perhaps deploying containerized applications into some very vanilla target environments, there's not much you can do yet, beyond "ooh"ing and "ahh"ing at the slick web UI. Which, I should mention, I did do. It does seem like a very natural control plane interface for viewing your web application software lifecycle.
Remember that Hashicorp is good at leading with open-source versions of its tools to iterate rapidly while using the world as a soundboard - so holes are to be expected in an initial release, and often are pointed out in the official docs. And, to be honest, there were some holes that I found surprising even for an early release.
One was a ZIP-based deployment to be used for packaging functions for a serverless architecture. Most specifically, AWS Lambda, which was talked about a lot in the blog and videos surrounding the release. Another was an interface to Packer for the AMI build phase of EC2 deployment. Also which was talked a lot in the blog and videos surrounding the release.
Another one, which I'm sure isn't far away, is a generic "Terraform" plugin. Allow me to explain: Currently the deployment plugins are very specifically targeted and themselves opinionated. For example the EC2 deployment target will expect the software to be baked into a custom AMI, and will provision either an instance or auto-scaling group. In reality, production EC2 instances have a heck of a lot of tuning points. While the EC2 plugin does expose some of these tuning points - such as choosing ports to open in a managed security group, additional security groups to attach, SSH keys, instance types and counts, and even VPC subnets to launch in - this is far from enough for most deployments. And, in my humble opinion, it's not needed. Terraform already allows operators to fine tune exactly what needs to be a part of an EC2 based deployment - or any of the other deployment targets that are baked in to the Waypoint product - and would be a simple bridge to allowing deployments to go anywhere that Terraform can provision things.
Lastly, Waypoint is great at creating immutable patterned deployments, meaning that it always creates new deployments. But there's almost no clean-up. I say _almost_ because there is a crude `waypoint destroy` command that just tears everything down. But given the overall design, and the attention given to the deployment experience - from the rich plugin ecosystem, to CI (via GitHub actions) and chatbot (via a slack bot) interfaces - I would have expected some cleanup cycle - even an opinionated one - in place from day one.
Despite all of that, I'm overall really happy with the 0.1 release, and very interested in seeing where this project goes. Kudos to the entire team at Hashicorp for getting this out the door!