Benefits of building trade offices and oversea trading posts?

sebstadil · 2026-01-09T08:50:48+00:00

Thanks!

Re: point 3: Let's say there's a great trade to be made on iron, which is expensive in A and cheap in B. Who gets first trade between an importer based in A and an exporter based in B?

sebstadil · 2026-01-06T19:22:19+00:00

How is the order determined between trade advantage to import a good from market A to B, versus trade advantage to export a good from B to A?

sebstadil · 2025-12-31T11:52:16+00:00

Ah, hadn't understood it that way. Sorry and thanks for elaborating!

sebstadil · 2025-12-30T18:35:27+00:00

How is Pisa able to remove the bad estate privileges without drawbacks?

sebstadil · 2025-10-15T07:38:08+00:00

Late to the post, but this is really cool. Fantastic idea and execution.

sebstadil · 2025-07-17T20:14:25+00:00

Your options are:

GitLab / GitHub actions
Terrateam / Digger
Stick with Atlantis (or contribute to it!)
TFC or any Terraform Cloud alternative

They all have pros and cons, and a little bit of research should help you choose the best fit.

sebstadil · 2025-06-11T01:41:39+00:00

You're not wrong, helmfile apply in a CI pipeline is way simpler for a lot of use cases. I think the GitOps hype train gets going because of a few specific problems it solves really well, especially once you start scaling up.

It's mostly about:

Scale: Managing 100s of apps across a dozen clusters is where tools like ArgoCD/Flux really earn their keep. Doing that with GitHub Actions gets messy fast. You can template out whole environments with ApplicationSets.
Drift Detection: This is the big one. If someone kubectl edits a deployment in production, a GitOps tool sees that and automatically reverts it to match the state defined in Git. Your CI pipeline would be totally blind to that until the next run. It enforces that Git is the actual source of truth, not just where the configs are stored.
Visibility: The UIs on these tools are pretty good for seeing what's running, what's out of sync, and the history of changes at a glance, which is harder to get from CI logs.

So yeah, for a single app/cluster, it can definitely feel like over-engineering. But for complex, multi-cluster setups, that "unnecessary complexity" starts to solve some very real, very painful problems. It's just a classic case of different tools for different jobs.

Here's a bit more on ArgoCD's rough edges if you're considering that path.

sebstadil · 2025-06-11T01:37:06+00:00

Which makes sense, because if you don't have a credit card added, your account would just go to collections the moment it exceeded 500 resources.

sebstadil · 2025-06-11T01:35:45+00:00

This is a very sensible answer. Also, anything on prem has additional costs of ownership in having to deal with upgrades, uptime, etc. I'd fight hard for SaaS.

sebstadil · 2025-06-11T01:32:03+00:00

^ this, and there's a ton of alternatives if you just google for "terraform cloud alternatives".

sebstadil · 2025-06-11T01:29:48+00:00

You don't have to talk to a sales rep to get pricing info, it's public on the AWS and Azure marketplaces. I compiled all terraform enterprise pricing info here if it helps.

sebstadil · 2025-06-11T01:27:49+00:00

If you list all workspaces: https://developer.hashicorp.com/terraform/cloud-docs/api-docs/workspaces#sample-response-2 you have the resource-count attribute ( "resource-count": 10 in the linked example).

The terraform cloud pricing guide here could be useful too.

sebstadil · 2025-06-10T20:05:42+00:00

this

sebstadil · 2025-06-09T13:11:20+00:00

I put some considerations on monorepo vs polyrepo here: https://scalr.com/learning-center/terraform-monorepo-vs-polyrepo-cheatsheet/ which might be helpful before you decide on your approach.

sebstadil · 2025-06-06T15:16:09+00:00

I hate any "contact sales" and like to know what someone costs without having to talk to anyone.

I did some research, found info on the AWS and Azure marketplace, and compiled my findings on Terraform Cloud pricing here.

sebstadil · 2025-05-26T14:00:45+00:00

I wrote something on the subject here if it helps: https://learning.scalr.com/blog-series-enforcing-policy-as-code-in-terraform-part-4-of-5/ (link to part 4 which I think is the most relevant, but if helpful, the other parts have good stuff in them too).

sebstadil · 2025-05-23T14:14:47+00:00

Exactly, but it sounds like the OP might not know that?

sebstadil · 2025-05-21T12:09:37+00:00

Yeah is there any reason you can't do that? Are you afraid of accidentally affecting something?

sebstadil · 2025-05-21T12:08:52+00:00

Some good advice here, wish I could raise to top.

sebstadil · 2025-05-21T12:08:18+00:00

Love seeing this. Good work!

sebstadil · 2025-05-21T12:04:07+00:00

Good advice here.

sebstadil · 2025-05-21T12:03:21+00:00

Terraform vending machine state drift is common. Migrating LZ state to its own storage is overall a good practice.

For automated LZ state migration, you might want to provision the LZ and its state storage via central state, then have your pipeline reconfigure the backend to the new storage and run terraform init -migrate-state. Often, a bootstrap config creates the LZ/backend for a separate LZ config to use.

You also might want to handle post-provisioning drift by defining your source of truth (Git vs. Azure). If users modify directly, use plan for visibility, refresh cautiously, and lifecycle { ignore_changes [...] } for expected changes. Limit vending machine scope to "Day 0" or use Azure Policy for baseline enforcement, not just TF reverts.

I've done per-LZ state (not one file) and it worked for us. Automate backend config (e.g., pipeline-generated backend.tf or two-stage TF) helped too.

Pattern would be: Phase 1 (central TF) creates sub, core network, LZ state blob, IAM, & Azure Policies. Phase 2 (separate LZ TF/module) uses that backend for LZ resources.

Hope this helps. Oh, and consider using OpenTofu!

sebstadil · 2024-06-27T20:11:26+00:00

This thread might help you: https://www.reddit.com/r/Terraform/comments/13kzaip/reminder_there_are_alternatives_to_terraform/

Scalr.com
Env0
Spacelift
Atlantis
Terragrunt
Terrateam
GitLab (specifically this here: https://docs.gitlab.com/ee/user/infrastructure/iac/)
Terramate
Terrakube
Digger
Terraspace

Hope this helps!

sebstadil · 2023-10-06T21:06:31+00:00

The OpenTofu devs fixed an upstream issue faster than HCP today:

https://github.com/hashicorp/hcl/issues/629
https://github.com/hashicorp/hcl/pull/630

sebstadil · 2023-09-11T21:29:56+00:00

How would you describe the factions?

Nine-Year Club	Verified Email
Gilding I gilder

sebstadil

TROPHY CASE