#terragrunt (2018-12)

terragrunt

Terragrunt discussions Archive: https://archive.sweetops.com/terragrunt/

2018-12-22

imiltchman avatar
imiltchman

So, I’m just starting out with Terraform. There is not a lot of complexity in our stack, but I want to get off on the right foot and keep things simple. So far, I’m not a big fan of having nearly identical backend configs everywhere, and also I don’t really feel comfortable with the notion of workspaces. Seems like Terragrunt could address these concerns, but it’s a wrapper and I don’t know if it’s a good idea for me to be starting off with it. Thoughts? Should I try to incorporate Terragrunt in to the solution, or keep to Terraform for now and come back when I have more experience and legitimate issues that need to be solved?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Good questions… so I think that it’s a good idea to first master the fundamentals of terraform before relying on terragrunt. It’s possible to keep things dry without needing to use the wrapper approach. I’m also not keen on relying on terragrunt as a wrapper, but have used it in a few circumstances.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t like how the varfiles are overloaded with interpolations which make them non-portable

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
uber/astro

Astro is a tool for managing multiple Terraform executions as a single command - uber/astro

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’re not currently using it, but it’s an interesting alternative

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’re using mostly Makefiles if we need any more complex orchestration

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


I’m not a big fan of having nearly identical backend configs everywhere

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. https://slack.cloudposse.com/ - cloudposse/geodesic

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that way we don’t need to hardcode any backend configs in source control

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also terragrunt it might take some time before terragrunt supports terraform 0.12 , but that might not matter

imiltchman avatar
imiltchman

Thanks, this is helpful. There is this temptation to try to set everything up perfectly from the get-go, but ultimately it’s a process, and I feel like it’s not healthy to try to skip too many steps in the evolution.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha, I can relate to that.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t think you can necessarily go wrong with using terragrunt.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The good thing is you’ll decompose everything nicely into lots of modules and organize things as you should.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You can remove terragrunt as well, down the road.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

….that said, have you seen our strategy?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We use docker and multi-stage builds to keep things dry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

run everything in containers

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

…that is, we run even our “infrastructure as code” in containers

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. https://slack.cloudposse.com/ - cloudposse/geodesic

imiltchman avatar
imiltchman

Great, more late night reading material for the holidays! Haha, thanks for that, it looks interesting. And thanks for addressing my Terragrunt question; I agree - seems like the key is to get the modules in place and I’ll have flexibility to adjust my approach in the future.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

exactly - that’s the most important thing

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

write small reusable, composable modules that build on each other

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

do not embed any stage or environment specific settings - those should be inputs (variables)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

consider using terraform-null-label to consistently generate resource name

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

look into chamber for secrets

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

look into aws-vault for assuming roles

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, recommend studying a lot of other modules to see how they are organized and broken down

imiltchman avatar
imiltchman

Yes, great advice, much appreciated.

2018-12-02

davidvasandani avatar
davidvasandani

There’s a #terragrunt channel!!

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

But of course! We don’t discriminate :P

antonbabenko avatar
antonbabenko

LOL

    keyboard_arrow_up