from Hacker News

Structuring Your Infrastructure as Code

by jaxxstorm on 8/18/23, 1:14 PM with 43 comments

  • by redeux on 8/19/23, 11:08 PM

    I also think about layers when I set up IaC, but I'm more focused on how things connect and relate rather than sticking strictly to the OSI stack model. In my mind, it's all about grouping things that might influence each other. This approach usually leads me to think in three layers: foundation, shared services, and applications.

    Starting at the bottom, the foundation layer holds the basics like networking, storage, accounts, and permissions. The shared services layer is where I place tools like certificate managers and secret storage. I keep services that interact closely together, while separating those that work more independently. At the top, I lay out the applications. This is where I slot in services like auto-scaling groups, individual server instances, load balancers (depending on whether they're communal or specific), and pods in platforms like Kubernetes. Depending on the complexity of the environment there may be 1 or multiples of each layer.

    By structuring IaC this way, I find it’s clearer and more intuitive.

  • by crabbone on 8/19/23, 10:16 PM

    I was looking for the explanation about how this grouping is like the OSI model, but found none...

    Also, I think where OP uses "principal" they mean "principle".

    The whole article reads as an advertorial for Pulumi. :|

    OP also never bothers to ask themselves questions like "what if I'm wrong?" or "what to do with this obvious claim that doesn't add up?".

    For example: why is "Data" layer below "Compute"? -- that's the kind of question that's never addressed by OP. I mean, most people in the industry wouldn't think about this as being layers, and definitely not being one on top of the other. To convince someone you need to give a very solid argument here... but there's nothing there...

  • by msie on 8/19/23, 11:12 PM

    I don't believe everything should be in code. I think code is too verbose and a config file just make sense in many cases.

  • by agumonkey on 8/19/23, 10:58 PM

    the recent years often remind me of alan kay talking of objects made up of object talking to objects, i wonder if IaC amongst other trends is not an incarnation of that on a wide scale

  • by martini333 on 8/19/23, 11:08 PM

    Great read, but could benefit from some proofreading...

  • by lijok on 8/19/23, 12:41 AM

    This has to be the worst take on IAC organization I have ever seen. I would have never thought someone would try to apply the osi model to infra code management.

    How long does it take to deploy a new service with this approach? A week?