Scribd
Upload
36 views39 pages

T13 - Modern Infrastructure As Code, or Taking Terraform, Pulumi and Bicep For A Ride.

Uploaded by

Roberta Abreu Lamvik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views39 pages

T13 - Modern Infrastructure As Code, or Taking Terraform, Pulumi and Bicep For A Ride.

Uploaded by

Roberta Abreu Lamvik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

Modern infrastructure as code

Taking Terraform, Pulumi and Bicep for a ride

Stas Lebedenko
Cloud architect, Solidify AB, Ukraine
BIO
■ 20+ years in tech
■ Microsoft Azure MVP
■ Certified cloud architect
■ #MSUGODUA & IT2SCHOOL
■ Developer and mentor
■ Working @Solidify AB
■ Have different perspective
■ Your friend and neighbour :)
Choosing your hat
Key terminology
■ IaC - infrastructure as code
■ Declarative or IaC desired state
■ Imperative or IaC changes delta
■ DevOps, Ops, ClickOps, ShadowOps
■ Ghosts & orphaned resources
■ State configuration drift
■ DSL - Domain specific language
■ PE - Platform engineering
■ IDP - Internal developer platform
What do you want?
Imperative for prototyping
TERRAFORM
■ Declarative & YAML based
■ HashiCorp Configuration Language (HCL)
■ State management via file
■ Rich modules & huge community
■ Providers for all major clouds
■ Terraform cloud SaaS, drift detection
registry, tasks, sentinel policies
■ Terraform CLI for free usage
How it works
How it looks
How it looks
Templating
■ Terraform “provisioners” for scripts
■ Parameter files and secrets
■ Template files *.tftpl with scripts
■ Variable definitions (.tfvars) files
■ Workspace and env concept
■ Providers/modules from terraform registry(*)
■ Terraform validate, tflint, Terratest(*), tf plan
■ LLM can easily write TF for you
Problems
■ Terraform relies on a cloud provider
■ Features not on par with cloud providers
■ State JSON file protection
■ Debugging problems
■ Killer features tied to the TF Cloud
■ Concurrency limit to 1 with access to file
■ Slower than native ARM(+1 abstraction)
■ Azure TF provider dependency
SaaS + AI
Terraform wars
BICEP
■ Declarative JSON DSL to escape ARM
■ No state, working well with ClickOps
■ Transparent abstraction for Azure
■ Easy to learn with ARM background
■ Modularity and ability to reuse the code
■ Syntax validation and code completion
■ Conversion of ARM templates to BICEP
■ Free, Azure only, still maturing
How it works
How it looks
How it looks
Might replace ARM
Templating
■ Good modularity & lack of community
■ JSON parameter file & new option coming
■ BASH or PS file transformations needed
■ Native YAML for Azure DevOps & GitHub
■ Limites programming model
■ No dynamic content usage
■ No official library of modules
Problems
■ Still no v.1 and slow release cadence
■ JSON based, not ARM bad
■ Lacks functionality, no loops, lot of strings,
external file preprocess needed to pass data
■ Debugging hell, no conscious errors
■ Versions & documentation mismatch
■ Not very scalable for a big organizations
Roadmap
PULUMI
■ Declarative & Imperative
■ C#, F#, JS, TS, Python, Go, Java
■ Native language constructions
■ Free via CLI and Cloud SaaS
■ No need for Ops engineer
■ Easy to generate code anywhere
■ Dedicated AI LLM, GPT 4-Turbo
■ Same dev/test tooling & process
How it works
How it looks
How it looks
Templating
■ Your favorite code style
■ Inheritance or any other approach
■ Per Stack isolation
■ Pulumi command scripting(preview)
■ Template registry
■ Unit testing
■ Developer community
■ Dedicated AI + Pulumi cloud
Problems
■ DevOps engineers tend to work with YAML
■ Complex pricing models, like TF cloud
■ Ops engineers lack of developer expertise
■ Hard to adopt with different dev stack
■ Hard to set split responsibility with network
■ Cloud provider issues & versions mismatch
■ No rollback on error
■ Handling intermediate state on error
Pulumi AI
Price
Overall problems
■ Public info about “happy paths”
■ Complex projects push you to SaaS
■ Separation of duties & code ownership
■ Modularity & incident blast radius
■ Many states and data sources
■ AI and code generators can be messy
■ Uroboros of CNCF tooling & security
■ Orchestrators: Terramate, Firefly
Choose wisely
■ Prototyping with minimum effort via Imperative
■ Product company - Backstage, LeanIX + Terraform + bash
■ Pulumi - developer team of 5-10, or lean startup
■ Pulumi - allows to work without DevOps engineers
■ Terraform - Ops team in place & to avoid civil war
■ Terraform - for explosive growth on multi-cloud
■ BICEP - Org with ARM or ClickOps on Azure
■ BICEP - Consultancy with MS stack and DevOps culture
Comparison
Platform engineering
■ Infrastructure orchestration & templates
■ Role-based action management
■ Application configuration management
■ Deployment & Environment management
■ Faster onboarding & feature delivery
■ Observability and security
■ Less Ops engineers to hire and train
■ GitHub, IKEA, Spotify, Netflix, Google, etc..
Backstage.io
Conclusion
■ Writing IaC in the AI era is not a problem
■ Consider price and teams composition
■ Most companies end up with SaaS solution
■ Bicep is easy free to adopt with less features
■ Enterprises need to look at Dev Platforms
■ Pulumi promotes engineer happiness
■ Terraform is a vendor lock for DevOps teams
■ Consider what you need for the next job
LinkedIn

You might also like