DevFW-CICD/website-and-documentation
23
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(iac): Add intro to Infrastructure as Code
Some checks failed
build / build (push) Failing after 54s
Details
ci / build (push) Successful in 57s
Details

Browse source
This commit is contained in:
Martin McCaffery 2025-12-18 15:40:55 +01:00
parent 610e7d2767
commit cb7de08c7b
Signed by: martin.mccaffery
GPG key ID: 7C4D0F375BCEE533
2 changed files with 145 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

218
content/en/docs/edp/deployment/infrastructure/_index.md
View file

@ -3,127 +3,199 @@ title: Infrastructure as Code
linkTitle: Infrastructure as Code
weight: 10
description: >
Infrastructure deployment and catalog management (infra-deploy, infra-catalogue)
Managing infrastructure through machine-readable definition files rather than manual configuration
---
{{% alert title="Draft" color="warning" %}}
**Editorial Status**: This page is currently being developed.
* **Jira Ticket**: [TICKET-6732](https://jira.telekom-mms.com/browse/IPCEICIS-6732)
* **Assignee**: Martin
* **Status**: Draft
* **Last Updated**: YYYY-MM-DD
* **TODO**:
* [ ] Add detailed component description
* [ ] Add info on deploying infra-deploy / infra-catalogue, and how versioning works
* [ ] Include usage examples and code samples
* [ ] Add architecture diagrams
* [ ] Review and finalize content
{{% /alert %}}
## Overview
[Detailed description of the component - what it is, what it does, and why it exists]
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through code rather than manual processes. Instead of clicking through web consoles or running one-off commands, infrastructure is defined in version-controlled files that can be executed repeatedly to produce identical environments.
## Key Features
This approach treats infrastructure with the same rigor as application code: it's versioned, reviewed, tested, and deployed through automated pipelines.
* [Feature 1]
* [Feature 2]
* [Feature 3]
## Why Infrastructure as Code?
## Purpose in EDP
### The problem with manual infrastructure
[Explain the role this component plays in the Edge Developer Platform and how it contributes to the overall platform capabilities]
Traditional infrastructure management faces several challenges:
## Repository
- **Inconsistency**: Manual steps vary between operators and environments
- **Undocumented**: Critical knowledge exists only in operators' heads
- **Error-Prone**: Human mistakes during repetitive tasks
- **Slow**: Manual provisioning takes hours or days
- **Untrackable**: No audit trail of what changed, when, or why
- **Irreproducible**: Difficulty recreating environments exactly
**Code**: [Link to source code repository]
### The IaC solution
**Documentation**: [Link to component-specific documentation]
Infrastructure as Code addresses these challenges by making infrastructure:
## Getting Started
**Declarative** - Describe the desired state, not the steps to achieve it. The IaC tool handles the implementation details.
### Prerequisites
**Versioned** - Every infrastructure change is committed to Git, providing complete history and the ability to rollback.
* [Prerequisite 1]
* [Prerequisite 2]
**Automated** - Infrastructure deploys through pipelines without human intervention, eliminating manual errors.
### Quick Start
**Testable** - Infrastructure changes can be validated before production deployment.
[Step-by-step guide to get started with this component]
**Documented** - The code itself is the documentation, always current and accurate.
1. [Step 1]
2. [Step 2]
3. [Step 3]
**Reproducible** - The same code produces identical infrastructure every time, across all environments.
### Verification
## Core Concepts
[How to verify the component is working correctly]
### Declarative vs imperative
## Usage Examples
**Imperative** approaches specify the exact steps: "Create a server, then install software, then configure networking."
### [Use Case 1]
**Declarative** approaches specify the desired outcome: "I need a server with this software and network configuration." The IaC tool determines the necessary steps.
[Example with code/commands showing common use case]
Most modern IaC tools use the declarative approach, making them more maintainable and resilient.
```bash
# Example commands
```
### State Management
### [Use Case 2]
IaC tools maintain a "state" - a record of what infrastructure currently exists. When you change your code and re-run the tool, it compares the desired state (your code) with the actual state (what exists) and makes only the necessary changes.
[Another common scenario]
This enables:
- **Drift detection** - Identify manual changes made outside IaC
- **Safe updates** - Modify only what changed
- **Dependency management** - Update resources in the correct order
## Integration Points
### Idempotency
* **[Component A]**: [How it integrates]
* **[Component B]**: [How it integrates]
* **[Component C]**: [How it integrates]
Running the same IaC code multiple times produces the same result. If infrastructure already matches the code, the tool makes no changes. This property is called idempotency and is essential for reliable automation.
## Architecture
## Infrastructure as Code in EDP
[Optional: Add architectural diagrams and descriptions]
The Edge Developer Platform uses IaC extensively:
### Component Architecture (C4)
### Terraform and Terragrunt
[Add C4 Container or Component diagrams showing the internal structure]
[Terraform](terraform/) is our primary IaC tool for provisioning cloud resources. We use [Terragrunt](https://terragrunt.gruntwork.io/) as an orchestration layer to manage multiple Terraform modules and reduce code duplication.
### Sequence Diagrams
Our implementation includes:
- **[infra-catalogue](https://edp.buildth.ing/DevFW/infra-catalogue)** - Reusable infrastructure components (modules, units, and stacks)
- **[infra-deploy](https://edp.buildth.ing/DevFW/infra-deploy)** - Full environment definitions using catalogue components
[Add sequence diagrams showing key interaction flows with other components]
### Platform stacks
### Deployment Architecture
We organize infrastructure into [stacks](stacks/) - coherent bundles of related components:
[Add infrastructure and deployment diagrams showing how the component is deployed]
- **[Core Stack](stacks/core/)** - Essential platform services
- **[Forgejo Stack](stacks/forgejo/)** - Source control and CI/CD
- **[Observability Stack](stacks/observability/)** - Monitoring and logging
- **[OTC Stack](stacks/otc/)** - Cloud provider resources
- **[Coder Stack](stacks/coder/)** - Development environments
- **[Terralist Stack](stacks/terralist/)** - Terraform registry
## Configuration
Each stack is defined as code, versioned independently, and can be deployed across different environments.
[Key configuration options and how to set them]
### GitOps integration
## Troubleshooting
Our IaC integrates with GitOps principles:
### [Common Issue 1]
1. All infrastructure definitions live in Git repositories
2. Changes go through code review processes
3. Automated pipelines deploy infrastructure
4. ArgoCD continuously reconciles Kubernetes resources with Git state
**Problem**: [Description]
This creates an auditable, automated, and reliable deployment process.
**Solution**: [How to fix]
## Benefits realized
### [Common Issue 2]
### Consistency across environments
**Problem**: [Description]
Development, testing, and production environments are deployed from the same code. This eliminates the "works on my machine" problem at the infrastructure level.
**Solution**: [How to fix]
### Rapid environment provisioning
## Status
A complete EDP environment can be provisioned in minutes rather than days. This enables:
- Quick disaster recovery
- Easy creation of test environments
- Fast onboarding for new team members
**Maturity**: [Production / Beta / Experimental]
### Reduced operational risk
Code review catches infrastructure errors before deployment. Automated testing validates changes. Version control enables instant rollback if problems occur.
### Knowledge sharing
Infrastructure configuration is explicit and discoverable in code. New team members can understand the platform by reading the repository rather than shadowing experienced operators.
### Compliance and auditability
Every infrastructure change is tracked in Git history with author, timestamp, and reason. This provides audit trails required for compliance and simplifies troubleshooting.
## Getting started
To work with EDP's Infrastructure as Code:
1. **Understand Terraform basics** - Review [Terraform documentation](https://developer.hashicorp.com/terraform)
2. **Explore infra-catalogue** - Browse [infra-catalogue](https://edp.buildth.ing/DevFW/infra-catalogue) to understand available components
3. **Review existing deployments** - Examine [infra-deploy](https://edp.buildth.ing/DevFW/infra-deploy) to see how components are composed
4. **Follow the Terraform guide** - See [Terraform-based deployment](terraform/) for detailed instructions
## Best Practices
Based on our experience building and operating IaC:
**Version everything** - All infrastructure code belongs in version control. No exceptions.
**Keep it simple** - Start with basic modules. Add abstraction only when duplication becomes painful.
**Test before production** - Deploy infrastructure changes to test environments first.
**Use meaningful commit messages** - Explain why changes were made, not just what changed.
**Review all changes** - Infrastructure changes should go through the same review process as application code.
**Document assumptions** - Use code comments to explain non-obvious decisions.
**Manage secrets securely** - Never commit credentials to version control. Use secret management tools.
**Plan for drift** - Regularly compare actual infrastructure with code state to detect manual changes.
## Challenges and limitations
Infrastructure as Code is powerful but has challenges:
**Learning curve** - Teams need to learn IaC tools and practices. Initial productivity may decrease.
**State management complexity** - State files must be stored securely and accessed by multiple team members. State corruption can cause serious issues.
**Provider limitations** - Not all infrastructure can be managed as code. Some resources require manual configuration.
**Breaking changes** - Poorly written code can destroy infrastructure. Safeguards and testing are essential.
**Tool lock-in** - Switching IaC tools (e.g., Terraform to Pulumi) requires rewriting infrastructure code.
Despite these challenges, the benefits far outweigh the costs for any infrastructure of meaningful complexity.
## Why we invest in IaC
The IPCEI-CIS Edge Developer Platform requires reliable, reproducible infrastructure. Manual provisioning cannot meet these requirements at scale.
By investing in Infrastructure as Code:
- We can deploy complete environments consistently
- Platform engineers can focus on improvement rather than repetitive tasks
- Infrastructure changes are transparent and auditable
- New team members can contribute confidently
- Disaster recovery becomes routine rather than heroic
Our IaC tools ([infra-catalogue](https://edp.buildth.ing/DevFW/infra-catalogue) and [infra-deploy](https://edp.buildth.ing/DevFW/infra-deploy)) embody these principles and enable the platform's reliability.
## Additional Resources
* [Link to external documentation]
* [Link to community resources]
* [Link to related components]
### Terraform Ecosystem
- [Terraform Documentation](https://developer.hashicorp.com/terraform)
- [OpenTofu](https://opentofu.org/) - Community-driven Terraform fork
- [Terragrunt](https://terragrunt.gruntwork.io/) - Terraform orchestration
## Documentation Notes
### Infrastructure as Code Concepts
- [Infrastructure as Code book](https://www.oreilly.com/library/view/infrastructure-as-code/9781098114664/) by Kief Morris
- [Terraform Best Practices](https://www.terraform-best-practices.com/)
- [CNCF Platforms White Paper](https://tag-app-delivery.cncf.io/whitepapers/platforms/)
[Instructions for team members filling in this documentation - remove this section once complete]
### EDP-Specific Resources
- [Terraform-based deployment](terraform/) - Detailed deployment guide
- [Infrastructure Stacks](stacks/) - Reusable component bundles
- [Platform Orchestration](../) - How IaC fits into overall deployment

16
content/en/docs/edp/deployment/infrastructure/terraform.md
View file

@ -6,22 +6,6 @@ description: >
As-code definitions of EDP clusters, so they can be deployed reliably and consistently on OTC whenever needed.
---
{{% alert title="Draft" color="warning" %}}
**Editorial Status**: Mostly ready
* **Jira Ticket**: [TICKET-6732](https://jira.telekom-mms.com/browse/IPCEICIS-6732)
* **Assignee**: Martin
* **Status**: Draft
* **Last Updated**: 2025-12-02
* **TODO**:
* [x] Add detailed component description
* [x] Include usage examples and code samples
* [ ] Add architecture diagrams
* [ ] Review and finalize content
* **Review**:
* 2025-11-26: Review from Stephan inline
{{% /alert %}}
## Overview
The [infra-deploy](https://edp.buildth.ing/DevFW/infra-deploy) and [infra-catalogue](https://edp.buildth.ing/DevFW/infra-catalogue) repositories work together to provide a framework for deploying Edge Developer Platform instances.