Google Cloud Deployment Manager vs Hashicorp Sentinel

Overview

Google Cloud Deployment Manager

Stacks24

Followers113

Votes5

Hashicorp Sentinel

Stacks25

Followers28

Votes0

Google Cloud Deployment Manager vs Hashicorp Sentinel: What are the differences?

Google Cloud Deployment Manager and HashiCorp Sentinel are both tools used in the deployment and management of cloud resources. Below are key differences between Google Cloud Deployment Manager and HashiCorp Sentinel.

Purpose: Google Cloud Deployment Manager is primarily used for automating the creation and management of Google Cloud Platform resources using configuration files called templates, whereas HashiCorp Sentinel is a policy as a code framework used to enforce governance and compliance policies across the HashiCorp product suite.
Scope: While Google Cloud Deployment Manager is specific to managing resources within Google Cloud Platform, HashiCorp Sentinel is designed to work across various HashiCorp products like Terraform, Vault, and Consul.
Functionality: Google Cloud Deployment Manager focuses on the provisioning of resources based on templates, whereas HashiCorp Sentinel focuses on policy enforcement, allowing users to define and apply various policies to control the actions undertaken by the HashiCorp products.
Flexibility: Google Cloud Deployment Manager offers a limited set of predefined resource types and properties to work with, while HashiCorp Sentinel provides more flexibility by allowing users to write custom policies using HashiCorp Configuration Language (HCL).
Integration: Google Cloud Deployment Manager is tightly integrated with Google Cloud Platform services, providing seamless deployment and management capabilities within the Google ecosystem. On the other hand, HashiCorp Sentinel can be integrated with multiple third-party tools and services, making it more versatile in terms of policy enforcement and compliance.
Community Support: Google Cloud Deployment Manager is supported by the Google Cloud community and official documentation, whereas HashiCorp Sentinel benefits from the broader HashiCorp community support and resources, including community-created policies and best practices.

In Summary, Google Cloud Deployment Manager focuses on resource provisioning using templates within the Google Cloud Platform, while HashiCorp Sentinel is a policy enforcement tool for governance and compliance across the HashiCorp product suite.

Share your Stack

Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.

View Docs

CLI (Node.js)

Manual

Advice on Google Cloud Deployment Manager, Hashicorp Sentinel

Sung Won

Nov 4, 2019

Decidedon

Google Cloud IoT Core

Terraform

Python

Context: I wanted to create an end to end IoT data pipeline simulation in Google Cloud IoT Core and other GCP services. I never touched Terraform meaningfully until working on this project, and it's one of the best explorations in my development career. The documentation and syntax is incredibly human-readable and friendly. I'm used to building infrastructure through the google apis via Python , but I'm so glad past Sung did not make that decision. I was tempted to use Google Cloud Deployment Manager, but the templates were a bit convoluted by first impression. I'm glad past Sung did not make this decision either.

Solution: Leveraging Google Cloud Build Google Cloud Run Google Cloud Bigtable Google BigQuery Google Cloud Storage Google Compute Engine along with some other fun tools, I can deploy over 40 GCP resources using Terraform!

Check Out My Architecture: CLICK ME

Check out the GitHub repo attached

2.25M views2.25M

Comments

Timothy

SRE

Mar 20, 2020

Decided

I personally am not a huge fan of vendor lock in for multiple reasons:

I've seen cost saving moves to the cloud end up costing a fortune and trapping companies due to over utilization of cloud specific features.
I've seen S3 failures nearly take down half the internet.
I've seen companies get stuck in the cloud because they aren't built cloud agnostic.

I choose to use terraform for my cloud provisioning for these reasons:

It's cloud agnostic so I can use it no matter where I am.
It isn't difficult to use and uses a relatively easy to read language.
It tests infrastructure before running it, and enables me to see and keep changes up to date.
It runs from the same CLI I do most of my CM work from.

385k views385k

Comments

Detailed Comparison

Google Cloud Deployment Manager	Hashicorp Sentinel
Google Cloud Deployment Manager allows you to specify all the resources needed for your application in a declarative format using yaml.	Sentinel is an embeddable policy as code framework to enable fine-grained, logic-based policy decisions that can be extended to source external information to make decisions.
-	policy as code;Fine-grained, condition-based policy; Multiple enforcement levels; Multi-cloud compatible
Statistics
Stacks 24	Stacks 25
Followers 113	Followers 28
Votes 5	Votes 0
Pros & Cons
Pros 2 Automates infrastructure deployments 1 Infrastracture as a code 1 Fast deploy and update 1 Easy to deploy for GCP Cons 1 Only using in GCP	No community feedback yet
Integrations
Jinja Python Google Cloud Storage Google Compute Engine Google Cloud SQL	Nomad Vault Terraform Consul

What are some alternatives to Google Cloud Deployment Manager, Hashicorp Sentinel?

AWS CloudFormation

You can use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don’t need to figure out the order in which AWS services need to be provisioned or the subtleties of how to make those dependencies work.

Packer

Packer automates the creation of any type of machine image. It embraces modern configuration management by encouraging you to use automated scripts to install and configure the software within your Packer-made images.

Scalr

Scalr is a remote state & operations backend for Terraform with access controls, policy as code, and many quality of life features.

Pulumi

Pulumi is a cloud development platform that makes creating cloud programs easy and productive. Skip the YAML and just write code. Pulumi is multi-language, multi-cloud and fully extensible in both its engine and ecosystem of packages.

Azure Resource Manager

It is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Habitat

Habitat is a new approach to automation that focuses on the application instead of the infrastructure it runs on. With Habitat, the apps you build, deploy, and manage behave consistently in any runtime — metal, VMs, containers, and PaaS. You'll spend less time on the environment and more time building features.

AWS Cloud Development Kit

It is an open source software development framework to model and provision your cloud application resources using familiar programming languages. It uses the familiarity and expressive power of programming languages for modeling your applications. It provides you with high-level components that preconfigure cloud resources with proven defaults, so you can build cloud applications without needing to be an expert.

Yocto

It is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. It provides a flexible set of tools and a space where embedded developers worldwide can share technologies, software stacks, configurations, and best practices that can be used to create tailored Linux images for embedded and IOT devices, or anywhere a customized Linux OS is needed.

GeoEngineer

GeoEngineer uses Terraform to plan and execute changes, so the DSL to describe resources is similar to Terraform's. GeoEngineer's DSL also provides programming and object oriented features like inheritance, abstraction, branching and looping.

Atlas

Atlas is one foundation to manage and provide visibility to your servers, containers, VMs, configuration management, service discovery, and additional operations services.

Related Comparisons

Google Cloud Deployment Manager vs Hashicorp Sentinel: What are the differences?

Purpose: Google Cloud Deployment Manager is primarily used for automating the creation and management of Google Cloud Platform resources using configuration files called templates, whereas HashiCorp Sentinel is a policy as a code framework used to enforce governance and compliance policies across the HashiCorp product suite.
Scope: While Google Cloud Deployment Manager is specific to managing resources within Google Cloud Platform, HashiCorp Sentinel is designed to work across various HashiCorp products like Terraform, Vault, and Consul.
Functionality: Google Cloud Deployment Manager focuses on the provisioning of resources based on templates, whereas HashiCorp Sentinel focuses on policy enforcement, allowing users to define and apply various policies to control the actions undertaken by the HashiCorp products.
Flexibility: Google Cloud Deployment Manager offers a limited set of predefined resource types and properties to work with, while HashiCorp Sentinel provides more flexibility by allowing users to write custom policies using HashiCorp Configuration Language (HCL).
Integration: Google Cloud Deployment Manager is tightly integrated with Google Cloud Platform services, providing seamless deployment and management capabilities within the Google ecosystem. On the other hand, HashiCorp Sentinel can be integrated with multiple third-party tools and services, making it more versatile in terms of policy enforcement and compliance.
Community Support: Google Cloud Deployment Manager is supported by the Google Cloud community and official documentation, whereas HashiCorp Sentinel benefits from the broader HashiCorp community support and resources, including community-created policies and best practices.

Google Cloud Deployment Manager vs Hashicorp Sentinel

Overview