Hacker News new | ask | show | jobs
by marcus_holmes 1344 days ago
I got handed a Terraform project for a GCP-based service. Simple dev, staging, prod environment. Secrets managed by secret manager, SQL Run without a public IP address for prod (but accessible via SSH for admins).

I more or less gave up after a month of beating my head on the brick wall. We hired an expert. Took him another month to get it all more or less sorted. There were still aspects that we wanted that we could not get Terraform/GCP to do.

In the end, we dropped Terraform and went back to modifying the GCP manually.
2 comments
waz0wski 1344 days ago
That's a generic and well documented stack that utilizes GCP defaults and works out of the box. An "expert" should not take a month to fail to set it up.

I've deployed similar, additionally including GKE, via terraform in a day - Checking TF code for an example 3-env GCP/GKE/CloudSQL stack it's less than 300 LoC

That said, it's not all good - my ongoing complaint with terraforming GCP is that the provider lags behind the features & config available in GCP console - worse than the AWS provider - especially w/r/t GKE and CloudSQL

link
marcus_holmes 1343 days ago
Maybe we should have hired you instead of a "terraform expert" ;)

and yes, which features worked in GCP but not in terraform GCP were not clear, and there was always a "this works in beta" thing going on.

link
makestuff 1344 days ago
We have been using CDK on AWS and it is really nice because you can do complex things through Typescript.
link
0x445442 1344 days ago
Been a couple of years since I used AWS and I remember when CDK was just coming out. My big question at the time was whether or not the CDK would alert you to errors at compile time and save a bunch of whaling and gnashing of teeth that comes with Terraform.
link
makestuff 1340 days ago
Yeah it is much more mature now. Basically the CDK will generate YAML cloudformation templates at compile time so any errors are generally caught then. If you utilize typescript it is even safer since you know there are no missing parameters or anything like that.

I have not used terraform that much, but they did launch a CDK for terraform that does a similar thing https://www.terraform.io/cdktf. Basically you write in code and at compile time it converts it to the terraform templates.

link