Appearance

Core Concepts

Tempest's core concepts provide a comprehensive framework for managing and automating your cloud infrastructure. This guide covers essential elements such as Recipes, Projects, Environments, Orchestration, Resources, Events, Tempest Apps, and Credentials. By understanding these core concepts, you can leverage Tempest to streamline your development processes, ensure compliance, and maintain operational efficiency.

Recipes

Tempest Recipes empower organizations to define how their projects should be built, ensuring standardization and compliance across all development efforts. By leveraging recipes, developers can quickly self-serve recipes that are configured with the cloud resources administrators have defined according to their organization’s guardrails and standards.

Recipes can be created, configured, and adjusted on the Recipes tab of the lefthand navigation.

Overview of Recipes

Recipes serve the following core functions:

  • Define project standards: Recipes provide a blueprint for setting up projects, detailing how they should be built.
  • Resource configuration: Administrators can specify and configure the necessary cloud resources for each project.
  • Project creation: Developers create projects from these predefined recipes. Resources are not provisioned until a project is created. When a project is created, all resources are provisioned automatically in the correct order. Any failures during provisioning are captured and displayed on the Project Overview page.
  • Project catalog: Recipes are discovered and accessed via the Project Catalog.

Supported Resources

Tempest supports a wide variety of resources, such as:

  • Git repositories: GitHub
  • Cloud provider resources: AWS, GCP
  • Escalation policies: PagerDuty

Key Features of Tempest Recipes

You can configure key features and settings for each of resource provisioned in Tempest using a recipe, including:

  • Basic information: Set essential details like name and description for each recipe.
  • Team ownership: Assign a team owner to manage the recipe.
  • Classification: Apply compliance classifications such as SOC2 or CCPA.
  • Labels: Tag recipes with labels like Frontend or Backend.
  • Approval policies (coming soon): Add approval workflows.
  • Multiple environments: Define various environments that will be provisioned with each project that uses your recipe, including:
    • Dedicated environments: Set up for production, sandbox, and QA.
    • Ephemeral environments: Automatically created and cleaned up based on events like pull requests or branch creation.
  • Resource guardrails: Define and enforce organizational standards for resources.
  • Value configuration: Allow resources to accept both user-defined and recipe-defined values.
  • DevSecOps lifecycle: Organize resources within a DevSecOps framework to ensure security and operational efficiency.

Projects

A Project represents a group of resources that together form a single service. An example of a project might be an “Orders Microservice” or a “Marketing Page”. They are composed from resources that represent different lifecycle stages of your application such as code, deployment or operations. They also divide resources into environments like development, QA or production.

Developers can enter the Tempest platform and self-serve the projects they’d like to start in the Projects tab on the lefthand navigation. From there, they can view all of the recipes available to them to use, configure their project with the required operations standards pre-defined by the recipe, and immediately provision what they need.

Environments

Environments define the deployment lifecycle for your projects. Depending on how the project’s recipe is configured, it can support multiple pre-production and production deployment targets.

Tempest currently supports:

  • Dedicated Environments: Set up for production, sandbox, and QA.
  • Ephemeral Environments: Automatically created and cleaned up based on events like pull requests or branch creation.

Users can track which resources are provisioned for each environment and view related events.

Orchestration

Tempest projects are automated and deployed seamlessly via Orchestration. Orchestration takes the resources you’ve configured and automates their delivery from start to finish. Orchestration was built with the following principles in mind:

  1. Desired state automation: Orchestration ensures that your project gets to a desired state you’ve set, without you having to define every step along the way.
  2. Reasonable and secure defaults: Orchestration assumes reasonable and secure defaults, while transparently exposing the actions its taking on your behalf. And you have the ability to override defaults as needed.

Resources

Resources represent the real-world infrastructural components and assets that your business depends on. Examples include:

  • GitHub repositories
  • AWS object storage buckets
  • DNS records

Resources are Tempest’s records of these components and are the fundamental unit of your organization’s software.

The Resources page contains a list of all resources that Tempest knows about and that you have access to view. It’s populated either by the resources Tempest has provisioned for you as part of project deployment, or by importing existing resources from your cloud providers.

Each resource contains:

  • A name to help you identify the resource, such as the repository name or file path.
  • The type of resource, such as repository, CI workflow, database, etc.

This list will also contain any resources that are planned to be created via orchestration as part of a project. Tempest will have limited information about these until it requests that the external system create the resource.

Tempest tracks various properties of each resource on a regular basis. These properties vary and are specific to each resource as defined by the app that supports it. For example, a database may have properties about disk capacity and usage and software version, while a DNS record will have details about its TXT, MX, etc. information.

Events

Tempest tracks and assembles Events that happen across your projects and cloud resources. Events act as a log that helps users understand what has happened and when for every service in your organization.

Project events

Tempest tracks events related to your software projects. You can view any events associated with your project on the individual Project Details page, either in one view or broken down by environment. It will also show all aggregated events for related resources.

  • Examples of project events include:
    • Environment deployed
    • Team ownership changed

Resource events

Tempest tracks events on any provisioned and imported resources, regardless of whether they’re attached to a Tempest-deployed project.

  • Examples of events on a GitHub Repository resource include:
    • Repository created
    • Pull request opened
    • Branch created

Apps

Apps are our first-class integrations with third-party providers and represent the best-of-breed of critical cloud products, software, and infrastructure engineering organizations use. They’re designed to be opinionated enough to be easy to set up, and flexible enough for more complex and unique implementations. Key features include:

  • Mix and match: Organizations can mix and match their third-party providers in Tempest to represent how their infrastructure is set up.
  • Fully featured: Apps are deeply integrated with third-party providers, allowing for the full flexibility when leveraging them in Tempest.
  • Baked-in observability: Integrating with your third-party providers gives you baked-in observability to keep track of your service health.
  • Extensible via SDK: Anything feature or provider that’s not available out-of-the-box is fully integrable as a first-class experience via our Private Apps SDK.

Examples of some of our integrations include:

  • Cloud providers, like GCP and AWS,
  • Git providers, like GitHub, and
  • On-call providers like PagerDuty.

See Apps for deep dives into individual Tempest Apps.

Credentials

Credentials are a secure mechanism for connecting Tempest with your cloud service providers. Multiple authentication methods are supported, including App installation, OAuth, and API Keys. For more information, see Connect Tempest with your cloud providers.