Terraform. How are you managing yor deployments?

Soldato
Joined
18 May 2010
Posts
22,784
Location
London
I am hoping there are people on these forums with experience with Terraform.

We currently use Ansible to manage our AWS infrastructure and use blue green deployments to promote staging to live after it goes through a QA process.

We are planning to migrate form Ansible to Terraform to manage the AWS infrastructure but have no idea how to manage our blue green deployments using Terraform.

How are people deploying new infrastructure in to their live env using Terraform?
 
It'll be a bit dependent on your CICD and hosting technologies. Typically you won't use Terraform to do the actual blue green flipping, but instead to help setup the longer lived infrastructure around it.

- VPCs / nats / etc
- longer lived load balancers, dns routing rules (route53)
- iam permissions
- s3 buckets etc

Then often you'll have another technology which does the final part of setting up hosting & blue/green flipping

What build, languages and hosting are you currently using?
 
The above is pretty much spot on. Write the code to build the infrastructure, and have a gated release CI/CD technology (we use Azure DevOps but we're migrating to GitHub actions). Have branch polices that protect any updates directly to the main branch, and have the main branch updated via pull requests. The pull requests are configured to run a terraform plan to show the proposed infrastructure changes to the peer reviewers. Once x number of those hit approve, there's a release pipeline that's triggered to automatically push the code to live once the main branch is updated.
 
yeah just as an examples

our first AWS CICD system was a mixture of
- terraform for all static aws infra
- packer with ansible to make gold ami's of windows
- gitlab / teamcity
- octupus deploy which took care of calls to create new ASGs and swap them in the ALB target groups

Been running for 5+ years now with no issues but it's not exactly the best modern way to do things. We needed windows hosting at the time for .net framework code. This had some issues though including really long windows EC2 spin up times. Often would take 10 minutes to finish.

New solution is
- terraform for all static aws infra
- Azure Devops for CICD
- EKS using linux for hosting

There's the AWS Toolkit for Azure Devops which helps with automation as part of Azure Devops pipeline steps which has replaced the old clunky Octopus Deploy setup we had. Deploys are much faster.
 
It'll be a bit dependent on your CICD and hosting technologies. Typically you won't use Terraform to do the actual blue green flipping, but instead to help setup the longer lived infrastructure around it.

- VPCs / nats / etc
- longer lived load balancers, dns routing rules (route53)
- iam permissions
- s3 buckets etc

Then often you'll have another technology which does the final part of setting up hosting & blue/green flipping

What build, languages and hosting are you currently using?

Like what kind of technologies for the blue green flipping?
 
We use azure devops with the aws toolkit plugin for the new stuff. It helps us to automate some parts of EKS deployments.

It really depends on which hosting technology you use and your current CI solution. What are you guys using?
 
We use azure devops with the aws toolkit plugin for the new stuff. It helps us to automate some parts of EKS deployments.

It really depends on which hosting technology you use and your current CI solution. What are you guys using?

Gitlab, but there is plans to move to Azure Devops as the rest of the company use that.

(My team uses AWS and Gitlab but the rest of the company are Azure and Azure Devops)

I found this which seems to show a technique to do a blue green deployment with TF.
 
yeah this looks ok. I guess it just depends on how much you want to try and automate vs someone manually flipping the traffic over in stages
We found we could just rely on automated smoke screen calls to check that the site/api is ok to take traffic which means there's very little human intervention required

I guess depending on the size and importance of your site/api will determine how carefully you need to deploy i.e. if you even need to do full blue/green
 
DevOps, Jenkins / GitLabs all allow pipeline creation to support CICD (and any IaC too, not just terraform).

Don't get rid of Ansible though. You'll want that for almost all post deployment tasks.
 
Back
Top Bottom