[el-duderino42]

If devs write and maintain their own IAC then Pulumi is a good choice since they can write it in a familiar language.

If however a dedicated devops team has to manage it eventually, and there are multiple dev teams who all use different languages, then Terraform is better, since it’s practically impossible to learn all these languages. Terraform will give you a dumbed down enough lingua franca.

Also Terraform gives you the advantage to keep code complexity to a minimum. No chance to find some “clever” self referencing function or other language specific crazy stuff to solve a problem in it, it forces you to keep it simple.

[re-thc]

> If however a dedicated devops team has to manage it eventually, and there are multiple dev teams who all use different languages

How is this a disadvantage?

If you can mandate Terraform and HCL across the org you can mandate Pulumi and a language eg Typescript. What’s the difference?

You can also use Terraform with a programming language ie CDKTF so the Terraform choice doesn’t make it simpler.

[el-duderino42]

Under the case that “there are multiple dev teams who all use different languages” as stated, they have the advantage with TF that it’s an easier to learn DSL than Typescript.

CDKTF is totally optional and besides the point. Could as well say you can use Pulumi with Makefiles so the Pulumi choice doesn’t make it simpler.

[re-thc]

> CDKTF is totally optional and besides the point.

Eh? Then Terraform is optional too? You can do the reverse and say HCL is optional. Who decides? You're thinking from a Terraform 1st perspective.

> Could as well say you can use Pulumi with Makefiles so the Pulumi choice doesn’t make it simpler.

Except Pulumi doesn't support makefiles? It does support yaml.

So yaml is a simpler DSL that people know than HSL, so it still wins by your logic? Makes no sense. UI is simpler to learn than Terraform. Might as well do ClickOps?

> “there are multiple dev teams who all use different languages” as stated

And so you can't pick a language that is used more often? It doesn't have to be Typescript. So if >30% of the devs use 1 language it already has that advantage over HCL.

[edge-records]

>You're thinking from a Terraform 1st perspective.

You can use Terraform without CDKTF.

>Except Pulumi doesn't support makefiles?

Everything and nothing support Makefiles ;-)

> So yaml is a simpler DSL

Yaml isn't a DSL. It's just that 5000 different projects use it in 5001 different ways to express something randomly (e.g. Ansible) INSTEAD of creating a DSL.

> pick a language that is used more often

I would argue that Terraform is among devops people the most widespread tool for this purpose, so you'll have an easier job finding staff searching for people who know terraform than to find people knowing Pulumi + your mandated choice of language. Remember this is for the "central devops team supports multiple dev teams" scenario - for the other scenario of devs running their infra code themselves I've already said Pulumi makes a lot of sense, and then you don't need to mandate anything, and everyone will be able to reinvent their square wheel independently - until they're bought by a bigger company which has a dedicated SRE team that takes over Prod responsibility from the devs, and you'll find them searching for a tool to convert Pulumi into TF ;-) .

[sureglymop]

Can Terraform be used in place of ansible? I've seen way to much "logic" in ansible playbooks.

[el-duderino42]

Lol exactly - “logic”

Terraform can’t replace it well. Maybe facilitate the transition to more cloud native setups where you don’t need Ansible at all. But only within limits. If you’re asked to implement something there’s no cloud offering for, and it’s slightly more complex, you’re back to ansible.

[sureglymop]

I can't do clouds except if the cloud itself is self-hosted. I'm always working with minimal hypervisors based on something like kvm/libvirt. Then I can do all the cloud stuff on top of that and boot vms with cloud-init. But over time a lot of ansible playbooks have accumulated and ideally I would like the entire state of all the infrastructure to be in a git repository. It's possible with ansible but I think it'll break in no time ;(