Atmosphere 2018: Wojciech Krysmann- INFRA AS CODE - TERRAFORM DEEP DIVE AND BEST PRACTICES
0 likes20 views
This document summarizes a presentation about Terraform best practices and a deep dive into how it works. The presentation covers what Terraform is, how it can be used to implement infrastructure as code from manual processes to collaborative workflows, and why automating infrastructure provides benefits like faster deployments, increased control and predictability. It discusses best practices for Terraform configuration, implementation patterns like separating infrastructure from application code, and sample workflows for deploying infrastructure and platform services.
Atmosphere 2018: Wojciech Krysmann- INFRA AS CODE - TERRAFORM DEEP DIVE AND BEST PRACTICES
- 1. Terraform Best Practices and Deep Dive Wojciech Krysmann June 2018
- 3. /wkrysmann
- 5. 5 Horizontals New Ventures CarsReal Estate Verticals
- 6. What?
- 7. 7 Manual Semi-automated Infrastructure as code Collaborative infrastructure as code Evolution?
- 8. 8 Manual Semi-automated Infrastructure as code Collaborative infrastructure as code Evolution? Revolution!
- 10. How?
- 11. 11 Rules
- 12. 12 Greenfield
- 14. 14 Automation
- 15. 15 General best-practices DO’s DONT’s ● Review plan prior to apply ● Save plan to file, and apply from it ● $ terraform fmt ● Enable bucket versioning for tfstate ● Do not use ‘-target’ ● Do not keep too many resources in one directory ● Do not create bucket per tfstate ● Don’t keep secrets in repo unencrypted ● Don’t try to build abstract / general purpose modules
- 17. 17 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 18. 18 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 21. ⇐ Provider ⇐ Environment ⇐ Region ⇐ Project ⇐ Service ⇐ Code ⇐ Service ⇐ Code Infrastructure repo
- 22. 22 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 23. ⇐ infrastructure catalog ⇐ Provider ⇐ Environment ⇐ Region ⇐ Code App repo
- 26. main.tf (app repo) Data feed from infra repo ⇒ Data feed from infra repo ⇒
- 27. 27 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 28. Outputs
- 29. Data sources
- 30. Workflow
- 31. 31 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 33. 33 Application ● Application code ● Runtime environment Platform as a Service ● Instance ● Queue ● Database Infrastructure as a Service ● VPC, Network, Gateways, ... ● DNS ● CDN { {Infrastructure Service(s) Feeds data
- 35. 35 Build
- 36. 36 Deploy
- 37. Why?
- 38. 38 Automating / Packer worflowWhat’s your IP? What’s the subnet of Apollo 11? Could you whitelist my service?
- 43. Granularity = faster, safer deploy Centralisation = control, predictability
- 44. 44 CDNasCod Mon No! I will apply now I will apply now
- 46. 46 Infra as Code DNSasCode CDNasCode Garlic as Code Platform as Code
- 47. Thank you! Q & A? #weAreHiring