|
|
|
|
|
|
by alien_
1104 days ago
|
|
|
The OP here, thanks for the comment! Why does the developer need to care about the certs and ALBs? The devops engineer you need to set up all those controllers could as well deploy those resources from Terraform. As I showed in the diagrams from the article this application has a single ALB and a single cert per environment and the internal services only talk to each other through the rabbit MQ queue. DNS, ALB and TLS certs could be easily handled from just a few lines of Terraform, and nobody needs to touch it ever again. With EKS you would need multiple controllers and multiple annotations controlling them, and then each controller will end up setting up a single resource per environment. The controllers make sense if you have a ton of distinct applications sharing the same clusters, but this is not the case here, and would be overkill. |
|
|
Welcome to reality, where this is not the case.
I'm currently working at a company where we're using TF and ECS, and app specific infra is supposedly owned by the service developers.
In reality, what happens is devs write up some janky terraform, potentially using the modules we provide, and then when something goes wrong, they come to us cos they accidentally messed around with the state or whatever. DNS records change. ALB listener rules need to change.