https://platformengineering.org logo
Title
k

Kevin Scheunemann

05/03/2023, 1:54 PM
Hello everyone! This is a bit of an open ended question but just wanted to start a discussion 😄. We are working on building a platform that incorporates terraform and container deployments to GCP cloud run and functions V2 as well a few other non-terraform infrastructure configurations. Has anyone attempted anything like this before? What tools and techniques should I be thinking of? etc. I have been exploring using containers as our unit of deployment/artifact using skaffold and then using keptn or getport to deploy a dev/ephemeral/preview environments then promoting services to preview and ultimatly production.
s

Scott Sickles

05/03/2023, 3:06 PM
Hey Kevin! At Nullstone we follow this same pattern. We use TF to provision infrastructure and containers as our unit of deployment. Once we had the initial automation in place for launching a full environment, adding ephemeral or preview environments followed the same pattern. If you want to chat about this, I don’t mind sharing our experiences and learnings. I sent you a DM to connect as well.
s

sabina

05/03/2023, 5:41 PM
hey kevin! im not sure if you guys have fully decided on terraform but ive worked with both and i think pulumi is a better choice for IAC 🙂 why? terraform forces you to use their domain-specific language = hashicorp config language (HCL) whereas you can write IAC for pulumi via any familiar general purpose languages (eg Python, Typescript, Jayascript, Java, etc). for our infrastructure and platform teams we found it much easier for them to write IAC in the same language they use for other development pulumi also offers better test support eg unit, property and integration tests + secrets management out of the box 🙂 this is my opinion having worked with platform teams using both
a

Akash Sethiya

05/03/2023, 6:32 PM
So we have bunch of private terraform module where we baked in some of our business logic and we use terragrunt on top of it to reuse these. Does pulumi have something like this? Would you recommend moving from tf to pulumi? @sabina
k

Kevin Scheunemann

05/03/2023, 6:37 PM
I have not looked at pulumi for IAC, but I can see how this would simplify the code side, however infrastructure changes and application delivery is still separated in some way. Also terraform has created terraform-cdk to compete against pulumi and aws CDK while being able to re-use modules and providers.
s

Scott Sickles

05/03/2023, 6:37 PM
One thing to keep in mind w/respect to Pulumi vs Terraform is that TF is much more widely used so finding engineers who know how to use it is much easier
m

Martin Iluminatti

05/03/2023, 10:52 PM
Just my two cents in this thread - if you are looking to have the IaC on the same language as your apps, you might want to consider using CDK for Terraform. Is quite powerful and easier for developers to adopt. https://developer.hashicorp.com/terraform/cdktf
a

Andrew Fong

05/04/2023, 2:19 PM
We have found that creating a seperation of concerns (deploy is different than Infra provisioning) builds a substantially more robust platform experience.
s

Scott Sickles

05/04/2023, 2:50 PM
@Andrew Fong I would agree with that, we separated the two as well
k

Kevin Scheunemann

05/04/2023, 3:08 PM
How do you handle passing infrastructure configuration into application deployment. The best example I have of this GCP service account information needed at application deployment time.
or any infrastructure dependency needed to configure the application to run
s

Scott Sickles

05/04/2023, 3:13 PM
Since we provision the infra using TF, the infra configuration needed is returned as TF module outputs We then store those outputs for the “workspace” When code deployments are triggered, we can then take those outputs and pass them into the deployment
k

Kevin Scheunemann

05/04/2023, 3:17 PM
make sense, I current do the same, just not in a very standard/opinionated way yet.
a

Andrew Fong

05/04/2023, 3:23 PM
we are building a deployment product that handles exactly this problem
for example we have pre, post, and mutation hooks for this type of workflow and protections to validate invariants in the deploy flow
in my experience most people don’t create new cloud resources as often as they deploy, cloud resources are similar to a database migration
so if you generalize the problem you can solve both
k

Kevin Scheunemann

05/04/2023, 3:39 PM
make sense. I came across the "platform" work group under the CNCF Application Delivery TAG that has a very similar charter: https://github.com/cncf/tag-app-delivery/tree/main/platforms-wg/charter
a

Andrew Fong

05/04/2023, 3:42 PM
happy to talk more about what we’re building www.prodvana.io
k

Kevin Scheunemann

05/04/2023, 3:42 PM
yup just looking at your solution now 🙂
a

Andrew Fong

05/05/2023, 12:02 AM
Thing of us as declarative configuration that has a workflow that sits on a convergence engine