Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IBCDPE-935] Setting up declerative defintion of TF resources #11

Merged
merged 65 commits into from
Jul 18, 2024
Merged

[IBCDPE-935] Setting up declerative defintion of TF resources #11

merged 65 commits into from
Jul 18, 2024

Conversation

BryanFauble
Copy link
Contributor

Problem:

  1. Creation and management of resources within spacelift was largely manual setting values in the UI and a "click-ops" procedure.
  2. Organization of the TF resources was needed.

Solution:

  1. Managing the deployment of all resources both spacelift and AWS declarative and automatically with auto-deploy.
  2. Using https://github.com/antonbabenko/terraform-best-practices/tree/master/examples as inspiration for directory structure, as well as the great work that @philerooski did for the snowflake tables in RECOVER.

BryanFauble added 30 commits July 9, 2024 12:23
@BryanFauble
Start the process of organizing the tf resources
95d012f
@BryanFauble
correct project root
ef60c20
@BryanFauble
Remove setting provider vals
7065d8a
@BryanFauble
Add provider to modules
a3ffe84
@BryanFauble
Set versions tf on module
1df915c
@BryanFauble
Swap to Opentofu
069b3b9
@BryanFauble
Set to opentofu 1.7.2
721d5d1
@BryanFauble
Correct reference
5fa814a
@BryanFauble
Remove policy attachment for now
93fc88d
@BryanFauble
import root admin stack
15577f3
@BryanFauble
Set space on spacelift modules, auto deploy admin stack
fe49839
@BryanFauble
Enable space inheritence
8d674c9
@BryanFauble
Move location of autoscaler
63e8093
@BryanFauble
Update eks module to take in VPC name
a0eaf32
@BryanFauble
Update k8s sandbox stack
c0c0411
@BryanFauble
Correct output
4783cd0
@BryanFauble
Attach cloud integration to stack
a889572
@BryanFauble
Pass along IDs so they're dynamically passed
484f65c
@BryanFauble
Pass along vpc_id to eks cluster
c26d084
@BryanFauble
Remove data elements in favor of variables
972346d
@BryanFauble
Testing out stack dependencies
5e0f536
@BryanFauble
Try out setting a context within module
6f9a192
@BryanFauble
Move where context is defined
b675176
@BryanFauble
Update var reference
153e670
@BryanFauble
Update space id
79d6faa
@BryanFauble
Correct which module context is attached to
22edf71
@BryanFauble
Watch for changes to modules from root admin stack
1cb3eda
@BryanFauble
Change where kubeconfig context is created
696fa36
@BryanFauble
Include contexts in common
00d85da
@BryanFauble
Output cluster name and region
9b28986
@BryanFauble BryanFauble requested a review from a team as a code owner July 11, 2024 17:11
@spacelift-int-sagebionetworks spacelift-int-sagebionetworks bot temporarily deployed to spacelift/dpe-dev-kubernetes-deployments July 11, 2024 17:15 Inactive
@spacelift-int-sagebionetworks spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 11, 2024 17:28 Inactive
@spacelift-int-sagebionetworks spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 11, 2024 17:35 Inactive
@spacelift-int-sagebionetworks spacelift-int-sagebionetworks bot temporarily deployed to spacelift/root-spacelift-administrative-stack July 11, 2024 17:55 Inactive
thomasyu888
thomasyu888 approved these changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@thomasyu888 thomasyu888 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 LGTM! Going to pre-approve. I really like the structure, just have some questions about future state in terms of CI/CD of dev/prod and where you envision this going.

dev/spacelift/dpe-sandbox/main.tf Show resolved Hide resolved
dev/spacelift/dpe-sandbox/main.tf Show resolved Hide resolved
dev/stacks/dpe-sandbox-k8s-deployments/main.tf Show resolved Hide resolved
main.tf Show resolved Hide resolved
modules/main.tf
name = "sage-aws-vpc"
terraform_provider = "aws"
administrative = false
branch = "ibcdpe-935-vpc-updates"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you thinking we would copy dev and have a prod when we get there? Or would we parametrize {branch} based off of the branch we are working on and have dev and prod set up as blue green deployments

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the docs they talk a little bit about it here:
https://docs.spacelift.io/integrations/source-control/github#multi-stack-version

One frequent type of setup involves two similar or even identical environments - for example, staging and production. One approach would be to have them in a single repository but in different directories, setting project_root runtime configuration accordingly. This approach means changing the staging directory a lot and using as much or as little duplication as necessary to keep things moving, and a lot of commits will necessarily be no-ops for the production stack. This is a very flexible approach, and we generally like it, but it leaves Git history pretty messy and some people really don't like that.

I was thinking of not using long-lived branches for this project (No dev, staging, branch ect...) and instead handle it by moving resources between the appropriate folders are we moved items up. I do recognize that also brings some complexity and possibility to leave behind changes if they're not moved/copied to the appropriate locations.

Conversely long-lived branches has similar issues too where 1 branch can be wildly out-of-date; You have conflicts between branches where you cannot merge dev into staging (for example), you have to merge your feature branch into dev and staging. Which that could also bring problems where a feature branch doesn't get moved to production for a long time, and dev/staging are in an awkward state.

This is all to say - I haven't fully settled on one or the other.

What does @Sage-Bionetworks-Workflows/dpe think on this matter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This talks a bit about trunk based development:
https://trunkbaseddevelopment.com/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thomasyu888 Here is that blog post that I finally found:

https://medium.com/env0/terraform-files-and-folder-structure-organizing-infrastructure-as-code-749572469d04

They show using some structures like:

image

Which is close to what we are doing here, instead, we are just putting the dev/prod/staging into the root directory.

The thing though is that it does not cover what moving from dev -> staging looks like :(

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something else I was thinking about this as well. One way we could go about this is that we do not put any environment specific logic within the stacks we are building. So rather than having an environment specific folder, and then a replication of all the TF resource files we:

  1. Create a spacelift context for each of the environments that we are going to be running the stacks in
  2. Create spacelift stacks for each of those environments so they're all handled with different CICD processes
  3. Have 1 definition of the cloud resources that we apply to each environment with variables coming
  4. If we need to have any environment specific logic we can conditionally create it based on the variables defined in the context

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that idea. That is sort of the way sceptre has it to have configurations per environment and then having central infrastructure stacks that aren't duplicated.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent - I am going to follow up and do the work as a part of this ticket: https://sagebionetworks.jira.com/browse/IBCDPE-953

dev/spacelift/dpe-sandbox/main.tf Show resolved Hide resolved
@BryanFauble BryanFauble merged commit beeac99 into main Jul 18, 2024
2 of 9 checks passed
@BryanFauble BryanFauble deleted the ibcdpe-935-vpc-updates branch July 18, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasyu888 thomasyu888 thomasyu888 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BryanFauble @thomasyu888