In this talk I go over how Bankrate leveraged Terraform to go from a company where infrastructure was provisioned via tickets to a team to a company where developers fully own their own infrastructure. No tickets, no paging for help, no bottlenecks - just education and enablement. Interested in hearing the talk? Please reach out!
4. Overview
➝ Burning questions
➝ Terraform basics
➝ Where we were
➝ Where we are now
➝ How did WE get here?
➝ Terraform Enterprise basics
➝ Key takeaways
➝ Questions
4
6. Burning Questions
➝ Why are using Terraform if you’re an AWS shop?
⇾ Cloud Agnostic
⇾ QoL
⇾ Project Organization and Referencing
6
7. Burning Questions
➝ What KPI’s did you measure along the way?
⇾ None officially
→ Enabled by leadership buy-in and trust,
developer feedback
⇾ Unplanned Work (Jira)
➝ What KPI’s should I measure?
⇾ Provisioning Time
⇾ Unplanned Work
⇾ Developer Satisfaction
7
10. Terraform Basics
Heads up...
➝ HCL 2.0 released! (Terraform >= 0.12)
⇾ First-class expressions
→ “${var.foo}” becomes var.foo
⇾ For-loops for iterating lists/maps
⇾ Ternary conditionals for all data types
⇾ Rich types in modules (e.g. map with mixed
value types)
⇾ Dynamic child-block generation from
maps/list
⇾ etc...
10
11. Terraform Basics
Providers
11
➝ 110 official providers, many more community
providers
⇾ Examples: AWS, Rancher, PagerDuty,
DataDog, NewRelic, Fastly, GitHub,
SignalFx, etc.
➝ Provides a set of “resources” than can be
created/managed via Terraform
13. Terraform Basics
State Files
13
➝ State File
⇾ Maps resources in code to resources in
cloud
⇾ JSON Format
⇾ Can be stored locally, or remotely
→ Store it remotely, not in VC...
- Great example:
- https://thorsten-hans.com/terraform-state-
demystified
16. Terraform Basics
Remote State
16
➝ State file can be stored in S3, Artifactory,
Terraform Cloud, etc
⇾ Can even be in custom file server with an api
in front of it
➝ Can be referenced by other projects
⇾ A lot of power here!
20. Where we were
20
➝ New Infrastructure
⇾ Ticket System
➝ Something Breaks
⇾ In the cloud? Over the wall!
➝ Why it wasn’t sustainable
⇾ Cloud Bottleneck
⇾ All time writing TF
⇾ Cloud wasn’t evolving
→ Content with existing modules, etc
⇾ Developers weren’t learning/growing
→ How their app ran in the cloud
→ How to design cloud-native
21. Where we were
Aside: Thinking Cloud-Native
21
➝ What does that even mean?
⇾ Asking the right questions:
→ 1.) Are we rebuilding something
someone else already wrote?
→ 2.) Are we using the best tools for the
job?
→ 3.) Are we writing code for our laptops
or for the cloud?
22. Where we are now
Unicorns and rainbows baby*
22*Okay not quite...
23. Where we are now
23
➝ New Infrastructure
⇾ Developers write, approve, apply without our
team knowing or helping
⇾ Infra code goes right with app code
➝ Something Breaks
⇾ Developers are involved, often first
responders
➝ Developer Requests Transformed
⇾ Reactive turned Proactive
24. How did WE get here?
Our journey to self-service, your experience may vary...
24
25. How’d WE get here?
25
➝ Timeline: Creating new infrastructure
➝ Key Steps
⇾ Developer Education
⇾ Terraform Modules
⇾ Terraform Enterprise
26. How’d WE get here?
Timeline: Creating new infrastructure
26
➝ Ticket with an app name
➝ Tickets had actual details like “ASG, scales on
CPU, Postgres DB with X,Y Needs, Fastly"
➝ Pairing on infrastructure tickets
➝ Devs write, PR’s in, we fix
➝ Devs write, PR’s in, we merge/apply (longest
phase)
⇾ Opened up QA, Prod still lagging...
➝ Devs write, pair on Terraform Enterprise (TFE)
applies
➝ Devs write, devs apply
27. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
27
➝ Started monolithic: call once, creates everything
⇾ Not modular, hard to version
➝ Evolved to submodules strategy
➝ Essentials:
⇾ Plug and Play
⇾ Assumptions are defaults, not rails
⇾ Cowpath not railroad tracks
⇾ Purpose
→ Faster than rewriting
→ Enforcing some standards
28. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
28
➝ Pairing + Lunch & Learns
➝ Documentation, coursework, examples
➝ Peers start teaching each other
⇾ (Unicorns start appearing during this phase)
29. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
29
➝ Gifts from the Hashicorp Gods:
⇾ Remote-state locking
⇾ Pipelines
⇾ Audit Trails
⇾ Better scoped Access
→ AWS
→ TFE Itself
38. Terraform Enterprise Basics
Workflow - VCS-Driven Workflow
38
➝ Webhook into GitHub/BitBucket
⇾ Points to folder/branch
⇾ Triggers when change happens on that
branch
➝ My 2-Cents: Terrible
⇾ Doesn’t support release-based dev
⇾ Encourages different code for QA/Prod
⇾ Hard to iterate/test
39. Terraform Enterprise Basics
Workflow - CLI-Driven Workflow
39
➝ Runs triggered from anywhere via CLI
⇾ Local laptop
⇾ CI/CD
→ https://circleci.com/orbs/registry/orb/ba
nkrate/terraform
➝ Great for automation/pipelines
➝ Great for experimentation, local development
➝ Encourages single copy of code for QA/Prod
42. Key Takeaways
Terraform Best Practices
42
➝ Build your own vs the cost of TFE
➝ Modules should be modular
➝ Cow Path not Rail Road
43. Key Takeaways
Cultural
43
➝ Just build a platform? No.
⇾ Where are you on your journey?
⇾ Work with devs, leaders to determine end
goal
➝ Organization size and needs determine your
course
⇾ Embedded engineers
⇾ Tooling Team
⇾ Treading Water
➝ Devs need to be engaged: this is a cultural shift
⇾ Trust your devs
➝ Leaders need to be educated
⇾ Book Club: Accelerate, DevOps Handbook,
etc
