基础设施即代码

(Beginnings)

HashiCorp had revolutionized infrastructure as code when they launched Terraform a number of years ago. Since then, Terraform has replaced vendor-specific infrastructure as code solutions like AWS’s CloudFormation. Terraform abstracts away the complexity of CloudFormation and also provides a common Infrastructure as Code platform to move to a multi-cloud environment. In the beginning, Terraform got really complex with scale, maintaining a modular approach to infrastructure wasn’t easy, especially when you had many different environments having similar infrastructure.

几年前,HashiCorp启动了Terraform时,已经彻底改变了基础架构的代码。 从那时起,Terraform已经取代了特定于供应商的基础架构,成为诸如AWS CloudFormation之类的代码解决方案。 Terraform消除了CloudFormation的复杂性,还提供了通用的基础架构即代码平台,可迁移到多云环境。 最初,Terraform的规模确实非常复杂,要维护模块化的基础架构方法并不容易,尤其是当您有许多具有相似基础架构的不同环境时。

Gruntwork’s Terragrunt is a wrapper over Terraform which concentrates on solving your problems of Terraform state management and configuration. It also solves some of the problems around having similar infrastructure deployed in different environments.

Gruntwork的Terragrunt是Terraform的包装,它专注于解决Terraform状态管理和配置的问题。 它还解决了围绕在不同环境中部署相似基础结构的一些问题。

The age-old principle of Don’t Repeat Yourself is borrowed from good software development practices where you create a function or a method of something that you have to do repeatedly. A Terraform equivalent would be a module. A module is a repeatable, independent piece of code that can be used to deploy infrastructure. Give this a read. With Terraform being widely adopted across engineering teams of sizes and backgrounds, Terragrunt is a good upgrade to have around.

“不重复自己”的古老原则是从良好的软件开发实践中借鉴的,在该实践中,您创建了必须重复执行的功能或方法。 一个Terraform等效项将是一个模块。 模块是可重复的,独立的代码段,可用于部署基础结构。 给这个一读。 随着Terraform在各种规模和背景的工程团队中被广泛采用,Terragrunt是一个不错的升级。

演示地址

From the author himself, Yevgeniy Brikman — Co-founder of Terragrunt 来自作者本人Yevgeniy Brikman-Terragrunt的联合创始人

(And now …)

Although Terragrunt gives us some really important features and is definitely an upgrade over Terraform, another upgrade was announced by Gruntwork today. It’s nothing but another layer of abstraction that will prevent you from making bad design decisions when designing your Terraform modules or writing Terraform code.

尽管Terragrunt为我们提供了一些非常重要的功能,并且绝对是对Terraform的升级,但Gruntwork今天宣布了另一项升级。 仅仅是另一层抽象,它将阻止您在设计Terraform模块或编写Terraform代码时做出错误的设计决策。

This abstraction divides the Infrastructure as Code library into three parts

此抽象将基础结构即代码库分为三个部分

  • Module Catalog — deploy infrastructure by combining hundreds of reusable, battle-tested modules. A module can be used to deploy a database or an EC2 server. For instance, a module for an EC2 server might also have IAM, security group, DNS record settings too.
    模块目录 -通过组合数百个可重复使用,经过测试的模块来部署基础架构。 模块可用于部署数据库或EC2服务器。 例如,用于EC2服务器的模块可能也具有IAM,安全组,DNS记录设置。
  • Service Catalog — this is the first of the two new layers of abstraction. It combines a lot of modules underneath and gives you an option to deploy services. Service would include Terraform code, configuration management code, logging & alerting, security, automated tests, and whatever else is required for an application to function in a production environment.
    服务目录 -这是两个新的抽象层中的第一个。 它在下面结合了许多模块,并为您提供了部署服务的选项。 服务将包括Terraform代码,配置管理代码,日志和警报,安全性,自动化测试,以及应用程序在生产环境中运行所需的任何其他功能。
  • Architecture Catalog — this simply deploys the complete stack, everything wired-in. Similar to AWS’s Landing Zone, this would have the security baseline set up. In addition to that, this will have complete networking, container orchestration, storage, privacy, CI/CD, monitoring, alerting, compliance, and almost everything that an application running in production has.
    体系结构目录 -只需部署完整的堆栈,所有内容都已插入。 与AWS的着陆区类似,这将设置安全基准。 除此之外,它还将具有完整的网络,容器编排,存储,隐私,CI / CD,监视,警报,合规性以及生产中运行的应用程序几乎具有的所有功能。

Gruntwork, once again, has come out with a great addition to the existing bunch of products that make an SRE, DevOps, DataOps person’s life easy. The only catch (and a big one) is that you have to be on a subscription plan to get access to the code. For a team investing in IaC, a subscription might be worth the investment. Also, all of this code is completely independent of Terragrunt and doesn’t lock you in. It works with Terragrunt, Terraform Enterprise, and Terraform Cloud. You can check out the subscription plans here

再来一次,Gruntwork在现有产品系列中又增加了很多功能,使SRE,DevOps和DataOps人员的生活变得轻松。 唯一的陷阱(也是很大的陷阱)是您必须遵守订阅计划才能访问代码。 对于投资IaC的团队来说,订阅可能是值得的。 而且,所有这些代码都完全独立于Terragrunt,不会将您锁定。它与Terragrunt,Terraform Enterprise和Terraform Cloud一起使用。 您可以在此处查看订阅计划