Infrastructure as code - Fork My Brain

%% date:: [[2023-04-26]], [[2024-05-13]] parent:: %% # [[Infrastructure as code]] Infrastructure as code is a practice of describing complex application infrastructures in a certain format with the goal of being able to programmatically build the entire stack as an automated process. Infrastructure as code arguably includes part of [[Kubernetes]], but it extends beyond the pods to the nodes themselves, the network configuration between them, and more. ## Principles of IaC ### Create a manifest file to describe the environment Infrastructure as code involves defining the desired state of the environment in a manifest file, which is usually in [[YAML]] format. Manifest files are not instructions for how to build an environment; rather, they are the end goal of what the environment should look like. Infrastructure as code tools then automatically detect differences between the current state and the desired state, and make the necessary changes to bridge the gap. ### Change the environment configuration, not the environment Making manual changes to an environment is error-prone and hard to replicate by others. Instead, change the environment configuration (such as the manifest file) so that the change is documented, repeatable, and easily rolled back. This principle is implemented by [[GitOps]], which is a the description of a [[Continuous Improvement|CI/CD]] pipeline where pushing an environment configuration file to a [[Git]] repository is all that is necessary for the environment itself to be changed according to the specifications. ## Benefits of IaC IaC helps enforce best practices: they encourage you not to [[Kubernetes#Pods are ephemeral|get too attached]] to pods and nodes, hardcoding IP addresses or server names. Instead, IaC encourages you to come up with smarter ways to identify resources in case the pods or nodes themselves are replaced. IaC also enforces documentation because the environment definitions encourage you to write things down as they are changed. ## Services that manage infrastructure as code - [[Hashicorp Terraform]] - [[Pulumi]] - [[Ansible]] - imperative not declarative in nature - [[AWS CloudFormation]] - [[Crossplane]] - [[OpenTofu]] ## See also - [[Test as code]]