How You Should Store Your Infrastructure as Code (IaC, Terraform, ARM, etc)
HTML-код
- Опубликовано: 1 окт 2024
- Where to store the Infrastructure as Code (IaC) scripts? Together with the App Code? Or in a separate GitHub repository?
In this video we discuss what are the best practices for storing IaC (Terraform, ARM, and more), how I do it and why I think you should do it too.
🆘 NEED HELP? 🆘
Book a 1:1 Consultation with CoderDave: geni.us/cdconsult
We can talk about GitHub, Azure DevOps, or any other DevOps tool or project you need help with!
🙏🏻SUPPORT THE CHANNEL🙏🏻
Buy me a coffee: www.buymeacoff...
PayPal me donation: paypal.me/dabe...
🎥VIDEOS
► Introduction to IaC (Infra as Code): • Introduction to Infras...
► Civo Cloud - Pros and Cons: • Is Civo Kubernetes Goo...
► ARM Templates from GitHub Actions: • GitHub Actions for Azu...
💬JOIN THE COMMUNITY
► Discord: geni.us/cddiscord
► Newsletter: coderdave.io/n...
► Blog: dev.to/n3wt0n
► GitHub: github.com/n3wt0n
► Twitter: / davidebenvegnu
► Facebook: / coderdaveyt
🎤PODCAST: geni.us/cdpodcast
❓QUESTIONS?
Have a question about DevOps, Cloud, Coding, or Anything Else? Post in comments section of this video!
🔴SUBSCRIBE to CoderDave here: www.youtube.co...
_______________
👕Get my MERCH: geni.us/cdmerch
🔮TOOLS I USE
► Twingate - Connect to your Private Resources SECURELY: geni.us/twingate
► TubeBuddy - #1 RUclips channel Management tool (FREE): www.tubebuddy....
► Moosend - Free Newsletter and Automation Platform: geni.us/moosend
📸🖥️GEAR AND SOFTWARE
► Music - Epidemic Sound (Get 30 days free): epidemicsound....
► Editing - Adobe Premiere Pro: geni.us/AdobeV...
► Gear I Use for RUclips: kit.co/CoderDa...
► Gear I Use for Streaming: kit.co/CoderDa...
► My Computer Setup: kit.co/CoderDa...
► Full office setup: github.com/n3w...
Disclaimer:
Some product links are affiliate links which means if you buy something I'll receive a small commission at no additional cost to you.
As an Amazon Associate, I earn from qualifying purchases.
I would love to see how you structure you IAC Repository's for multiple Accounts, Regions, Environments and Products! Nice work!!
Great suggestion!
✨ Question of the day ✨: How do you store your IaC?
GET EXCLUSIVE CONTENT: www.patreon.com/CoderDave
SUPPORT THE CHANNEL :
Buy me a coffee: www.buymeacoffee.com/CoderDave
PayPal me donation: paypal.me/dabenveg
I would say the ideal way to organize IaC is the following:
- Parameterized templates for/of a project/person/team/organization -> in a templates repo e.g. .NET build, test, package and publish template pipeline
- Purpose-specific resources, utilizing the parameterized templates (ideally) or not -> in the project's repo e.g. project's CI pipeline that gets data from some storage (e.g. AzDO Variuable Groups) and feeds it to the aforementioned .NET template
Other than easy of use and maintenance, the biggest benefit I like to point out is the unintentional standard enforcement, especially for organizations i.e. build applications to conform to being built, tested and packaged this way.
That's a good approach, yes
Very pertinent to some of my current thinking on a project, thanks!
Do you have any videos about secrets management with Terraform to avoid it being in the repository?
Good to know it was useful :) No, I currently don't have a video on that... but I can make one, hopefully soon :)
We will generally have one or more platform teams that facilitate the ability for software development teams to self-service on the cloud. The platform teams(s) can work on one or more repos which serve as the basis for the application development teams. This makes the application development teams completely self reliant, and the responsibility seperate. But everything is in code and all the benefits that come with that.
It's not that we want to remove Ops, or Dev to create a DevOps team. Instead, we want to avoid handovers of responsibility. Ops supplies the platform. Dev supplies the application.
You build it. You run it.
Interesting. If you have separation between the platform and the application, how do you make sure the platform is right for what the application needs? doesn't it also make it more difficult to troubleshoot if something happens, having the 2 (or more) teams in different silos?
Hi Dave, thanks for sharing your knowledge, i would like to see how you mange terraform modules and best practices to maintain and integrate with CI/CD
I will make a video about it ☺️ stay tuned 😉
Hi Dave I would like to see how you manage your terraform code. Hope you can share your experience with Terraform modules!
Sure thing! I will put together a video about that, I think it could be interesting for many people.
I didnt understand.. Can you make detailed video on Arm and Terraform
Which part didn't you understand? What would you like to see in the video?
Hi Dave, How do you validate your IAC scripts against best practices or mis configurations before running them. Any suggestions.
For ARM, I use the ARM Template Toolkit (ARM TTK) - docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit
For Terraform, at the moment all I'm doing for my personal IaC is relying on terraform itself (terraform fmt, terraform validate). I know it is not great.
At work, where we have a much bigger codebase of terraform scripts, we use Atlantis (www.runatlantis.io/) to automate, tflint to lint, and we are looking into terragrunt
@@CoderDave Thanks Dave for sharing details. Have you looked at using Checkov as well for validating the IaC scripts.
No, never seen it 😄