Skip to content
/ k8s_infra_wg_tooling_terraform_refactoring_analysis Public

Temporary repository to test how documentation's markdown will render at GitHub

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bartsmykla/k8s_infra_wg_tooling_terraform_refactoring_analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
cip_auditor
cip_auditor
 
 
conformance_storage
conformance_storage
 
 
gsuite
gsuite
 
 
main_project
main_project
 
 
namespaces
namespaces
 
 
prod_storage
prod_storage
 
 
prod_storage_gclb
prod_storage_gclb
 
 
release_projects
release_projects
 
 
releng
releng
 
 
staging_storage
staging_storage
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

Infrastructure tools refactoring

[todo(@bartsmykla)]: Remember to write section with suggestion to rewrite k/k8s.io/groups to custom terraform provider

Preface

I strongly believe in rule that before you'll start solving the problem with the code you should understand well what is the problem and solve it conceptualy first.

[IMPORTANT!] As you can assume, I've spent some time working on this document. I come to some conclusions and have some thoughts and ideas but they are just MY conclusions and just MY foughts and ideas. PLEASE don't feel obliged to agree with me just because I spent my time working on it. If you think I'm wrong or/and you think we could improve it PLEASE write about it. Even if it would completely scrap my ideas/suggestions/plans. Let's treat it as a working document and have fruitful discussion.

tl;dr

How to read this document

Why I created this document

What problem are we trying to solve

Analysis of current state

One could ask why this much effort to analyse all this components by hand and not to just use audit and take them drom there. This is a great question and the answer is I wanted to compare if all components from audit are being created by our tooling.

What I don't like is there are places like CIP Auditor which need some scripts being run in a specified sequence for it to be able to correctly provision resources. We need to make it more atomic.

Proposed structure of new tooling

Plan of work

FAQ

Why terraform?

How can I help?

todos

Global Reference

  • G1 The name of components and structure of Yaml was used in conjuction to terraform components
  • G2 Remember the IAM Binding resources used are authoritative (they will remove all other IAM Bindings from the resource) and are used here just as an example (they are easier to read). When components needed in our infrastructure will be described with different archetypes in mind ("project" will be an archetype instead of i.e. "prod storage") we should write terraform modules in that maner, that by default archetypes will get some IAMs granted by authoritative IAM Bindings and if archetype needs unusuall ones they will by granted by IAM Member resources which are non-authoritative. (for more information you can look for example at notes of Terraform's Google Storage Bucket IAM resource documentation.

About

Temporary repository to test how documentation's markdown will render at GitHub

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published