The Cattle Mindset
This page has no commands. It's the lens for everything else in this section. Read it slowly.
Pets and cattle
The phrase comes from operations folklore, and it's the cleanest way to explain what Terrantula is for.
A pet is infrastructure you care about individually. The production cluster. The shared CI account. The data warehouse. Pets get names. They get hand-tuned. When one is sick, you nurse it back to health, and everyone on the team knows its quirks. You review pets line-by-line in pull requests because each one is unique and the blast radius of a mistake is real.
Terraform is excellent at pets. It was built to describe a specific, durable piece of infrastructure precisely, version it, and reconcile it against reality. For a handful of long-lived, carefully-curated stacks, Terraform plus code review is close to perfect.
A cattle is infrastructure where the individual doesn't matter — the herd does. Per-tenant infrastructure. Per-customer database stacks. Per-PR ephemeral environments. Cells in a multi-region cluster fleet. You don't nurse a single head of cattle; you manage the population. You care about how many there are, where they're placed, whether you're at capacity, and whether the ones that left actually got cleaned up.
Terraform is awkward at cattle. Not because it's bad software — because cattle is a different problem than the one it was designed for. The tool that names your pets beautifully has no opinion about which cluster the next tenant should land on, or whether you've hit your per-cluster ceiling, or what order to tear things down in when a customer churns. Those aren't resource definitions. They're fleet decisions, and they live above the layer Terraform operates on.
What breaks when you herd cattle with pet tools
Everyone who runs templated infrastructure at scale hits the same wall. The symptoms are predictable:
- Workspace explosion. N tenants means N workspaces, or N variants of the same config. The management experience was never designed for N greater than about twenty. Past that, it's a wall of nearly-identical things you scroll through.
- State proliferation. Every tenant has its own state file scattered across buckets, workspaces, and the occasional laptop. There is no system-level view that answers "what's the whole fleet doing right now?"
- Capacity as tribal knowledge. "We cap at fifty tenants per cluster" lives in a runbook nobody reads, or in one engineer's head. Nothing enforces it at the moment you add the fifty-first.
- Naming collisions. Every tenant needs a unique slug, a region, a namespace. Without a coordinator, that becomes a manual review step — a human eyeballing a spreadsheet to avoid a clash.
- Deprovisioning rot. A customer churns. Who removes their resources? In what order? Half the time it's skipped, and the resources leak — quietly, on the bill.
- Onboarding latency. Adding a tenant "should take five minutes" but takes four hours of an engineer stitching together a workspace, a PR, a Slack thread, and a placement decision made by gut.
If two or more of those sound like your week, you have a cattle problem. You've probably already built a homegrown system to paper over it: a Lambda, a spreadsheet, a script, a Slack bot. That homegrown system is the missing layer — built by hand, every time, at every company with this shape.
What herding looks like instead
Terrantula doesn't replace Terraform. It adds the layer above it that Terraform alone doesn't give you. Three ideas carry the whole model:
Entities are cattle
Instead of describing each tenant as a unique pet stack, you describe a tenant once — as a typed record with properties, a lifecycle, and constraints. A Tenant isn't a hand-written workspace anymore; it's a row in a graph that Terrantula tracks. Two hundred tenants are two hundred entities of the same type, and you can ask the population questions: how many are active, which are suspended, who's over quota.
Cells are placement
A cell is a named group of entities with a placement policy and aggregate limits. "Put the next tenant on the least-loaded cluster, and never exceed five hundred tenants across the fleet" stops being tribal knowledge and becomes a rule Terrantula enforces before anything provisions. The cell is where the fleet decision lives — the decision Terraform was never going to make for you.
Relationships are the cascade
Entities connect through typed relationships — a tenant runs on a cluster, a customer owns a database. Those connections carry cardinality ("one cluster per tenant, many tenants per cluster") and they're what makes lifecycle hygiene possible. When a tenant is deprovisioned, the cascade walks its relationships and tears things down in the right order, so nothing leaks. The graph is what remembers what depends on what.
That's the whole mindset: typed entities you can count, cells that decide placement and enforce capacity, and relationships that drive an ordered lifecycle. Terraform still does the provisioning. Terrantula does the herding.
Two rules that keep the herd safe
The cattle mindset comes with two commitments that shape everything Terrantula does. They matter enough to state plainly here, because they're easy to assume wrong.
terraform apply
When Terrantula needs to change infrastructure, it doesn't execute Terraform. It opens a pull request against your repository with the change. Your existing CI runs the apply on merge, exactly as it does today. Placement decisions and capacity checks happen beforethe PR opens; the PR is the surgical, reviewable, auditable change. You keep your review process, your CI, your runner. Terrantula adds the structure on top.
The graph you see in the dashboard is a projectionof state derived from Terraform — it reflects reality, it doesn't author it. You don't edit a tenant's properties by dragging it around the graph. Real changes flow through Actions, which open PRs, which your CI applies. The model stays honest because the source of truth is still your Terraform, not a database someone clicked into.
These aren't limitations bolted on for safety theater. They're the reason the value compounds without Terrantula taking over your stack. You can run the entire cattle workflow self-hosted, with your own CI and your own runner, and nothing about your infrastructure has to leave your environment.
Where this leaves you
You don't have to adopt the whole model on day one. Many people start with visibility — import their existing Terraform state, see the fleet on one screen for the first time, and stop there for a while. That's a legitimate place to live. The cattle workflows reveal themselves over time, usually the next time deprovisioning rots or a capacity ceiling surprises someone on call.
But whether you're here for visibility today or orchestration tomorrow, the vocabulary is the same. The next page teaches it.
Next: Core Concepts → — the full vocabulary, one concept at a time.