How Do You Orchestrate Infrastructure as Code?

0
4
Asked By TechieDoodle123 On

I'm curious about how you all orchestrate your Infrastructure as Code, especially using tools like Terraform or Bicep. Do you integrate standard development practices like CI/CD pipelines, or do you find that setups often end up being a one-off with occasional redeploys due to configuration drift?

6 Answers

Answered By DevOpsDoggo On

I prefer Terraform with Azure, storing the state in a storage account. It's key to maintain strict governance. Depending on the team's culture, you might choose to keep infrastructure hidden from devs completely, or provide a limited abstraction using modules. CI/CD is mandatory, while I've found Bicep to be a way for Microsoft to transition from ARM templates. Personally, I've been leaning back toward Azure CLI and PowerShell due to simplicity and governance needs, especially with the current job market challenges.

BicepBeliever -

I wouldn't say Bicep is a rip-off. I've used both, and though they have pros and cons, I find Bicep offers some cool features that can simplify things.

Answered By CloudGuru88 On

I use Azure DevOps with service principals to connect to different environments, along with multiple CI/CD pipelines that require approvals. State is managed in blob storage, and I check for drift daily. It's crucial to ensure no changes are made directly in the portal—everyone should follow the process. Removing access for individual roles with approval mechanisms helps maintain order, especially for Terraform pipelines. A one-off approach is just not effective in the long run.

FutureArch2024 -

That sounds like a solid approach! I’m aiming for something similar but need to address internal skill challenges before I can fully implement it.

NetworkNinja -

How do you manage the networking aspect with private endpoints in your deployments? Do your service principals have the necessary access for that?

Answered By TerraformWarrior On

I find Terraform much easier for the long-term, even if the initial learning curve is steeper. Its `terraform plan` command is invaluable. I trust it implicitly compared to Bicep's `what-if`, which can be inconsistent. For drift detection, running `terraform plan` on a schedule in CI pipelines is a game-changer and can even trigger alerts if changes are found. I really believe in giving devs the freedom to manage their infrastructure while ensuring they have the right templates to standardize processes.

Answered By InfrastructureInnovator On

Each team has its own subscription and a dedicated deployment service principal. We enforce access through PIM, and everything gets built and deployed via pipelines in Azure DevOps with necessary approvals. All code, whether Terraform or Pulumi, goes into individual blob storage for state management, allowing teams to own their deployments.

Answered By ARMAdventurer On

It really comes down to team skills and project complexity. I've worked with both pure ARM and Terraform. I find Bicep kind of unnecessary, even though I always stick to CI/CD pipelines for deployments.

BicepSkeptic -

Bicep is just a lesser version of ARM, so I get the hesitation.

Answered By BicepFanatic99 On

We're committed to using Bicep for all our infrastructure. We treat it like a typical software development lifecycle, complete with policies and deployments via YAML pipelines. It covers everything from Azure Front Door with WAF to private endpoints. Even with some criticisms, it works perfectly for us, and new users in my organization love it, especially those transitioning from Terraform.

DriftDetective -

How do you manage state and configuration drift with Bicep? That’s been a challenge for us.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.