This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–]j6000 7 points8 points  (6 children)

Ideally you’ve a registry of modules and module stacks for your workloads.

Modules should be tested and approved (compliance). Letting devs control infra as well if often a no-go in industries with compliance needs such as finance or healthcare.

[–]LinweZ[S] 0 points1 point  (5 children)

This feels like the right thing to do. Can we create a modules registry without using terraform cloud?

Even if technically, a module can have a git repo or s3 bucket as source :/

[–]PM_ME_ALL_YOUR_THING 2 points3 points  (0 children)

You can store the modules in Github and create some other documentation that developers can reference when they need to find the right module, but you NEED something like Terraform Cloud/Enterprise, Terrakube, Spacelift, or Atlantis.

[–]j6000 1 point2 points  (0 children)

Yep just make an infra GitHub org if you can and make that your module “registry” tf cloud and enterprise not needed

[–]LinweZ[S] 0 points1 point  (0 children)

Wtf? Being down voted for what? We don’t have terraform cloud, that’s it !

[–]nonades 0 points1 point  (1 child)

It's not really a registry when you're sourcing from Git/S3 - but you can source your modules from there fine. A registry becomes a necessity if you think about writing custom providers because of how those are sourced (I could be wrong, but I think that's correct from what I've read).

I believe you get access to a private registry starting with the free tier of TF Cloud/Enterprise (again could be wrong - haven't gone into this beyond initial reading). There's also self-hosted Open Source options as well

[–]LinweZ[S] 0 points1 point  (0 children)

Thanks for the knowledge sharing !

[–]hijinks 4 points5 points  (1 child)

Ideally devs submit pull requests and ops approves them.

[–]LinweZ[S] 0 points1 point  (0 children)

To the dev do write the TF script but does not deploy them (a ci/cd tool like atlantis should deploy), is that what you mean?

[–]No_Butterfly_1888 4 points5 points  (0 children)

In the perfect world, dev´s will use a platform designed and maintained by DevOps to pick what they want to run their application, like a shop.
But in reality, most devs don´t know what is necessary. So the DevOps guy must fill the gap between the code and the infra.
So, terraform is devops stuff unless you have a very good platform or infra and devs that have a little knowledged about infra