terraform-ci-cd-demo icon indicating copy to clipboard operation
terraform-ci-cd-demo copied to clipboard

Published 20 hours ago verified publisher icon jungopro

Understanding the Infrastructure

Open Russtym opened this issue 5 years ago • 2 comments

Hi Omer, Could you help me to understand your setup. I'm struggling to understand the Infrastructure (Infra) section. Why are you deploying dev and infra, and are these not the same thing?

In my setup, I have four subscriptions, dev, qa, pp, prod. I'm wondering if you are suggesting that I have a fifth subscription which only deploys the infrastructure.

Could you clarify please?

Btw great piece of work :)

Thanks Russ

Russtym avatar Mar 10 '20 09:03 Russtym

Hi @RussellMaycock

Thanks for reaching out.

I'm using the infra environment for testing purposes. Plan & Apply on the infra environment helps me catch different type of errors before I'm deploying my changes to actual environments (Plan will only get you half way, but it is crucial to run apply as well, as you may encounter problems only when you actually deploy the environment. For example, creating Azure Storage Account with a name that already exists will only raise exception in the the apply phase)

I'm using infra before I deploy the dev environment, since my assumption is that other application developers are working in the dev environment, and I don't want to break it. So, before I change the infra, I want to test it in an isolated environment

As for the subscriptions questions, In my scenario, all the environments are in a single subscription. If you want to use multiple subscriptions, I would suggest using different values for the azure provider block

(note: Below I'm supplying the provider values via answer file, but I would recommend passing it in a more secure format, such as secret variables in Azure DevOps Build pipeline. I just wanted to show you the concept of using the same terraform code with multiple subscriptions in Azure)

init.tf:

provider "azurerm" {
  version = "~> 2.0"

  subscription_id = var.subscription_id
  client_id       = var.client_id
  client_secret   = var.client_secret
  tenant_id       = var.tenant_id

  features {}
}

dev.tfvars:

subscription_id = 11111-11111...
client_id  = 11111-11111...
client_secret = 11111-11111...
tenant_id = 11111-11111...

prod.tfvars:

subscription_id = 22222-22222...
client_id  = 22222-22222...
client_secret = 22222-22222...
tenant_id = 22222-22222...

and using the proper file when creating a plan for each environment:


# dev CI

terraform workspace select dev
terraform plan -var-file dev.tfvars -out dev.plan

# prod CI

terraform workspace select prod
terraform plan -var-file prod.tfvars -out prod.plan

# dev CD

terraform apply dev.plan

# prod CD

terraform apply prod.plan

jungopro avatar Mar 17 '20 09:03 jungopro

Thanks for replying, I'd started to work out that must be what you were doing, but really appreciate you clarifying it for me. You can see it when you think it through, you've gotta have this other environment for the final test otherwise as you say it will deploy to a working environment.

Thanks V much Russ

Russtym avatar Mar 23 '20 16:03 Russtym