Hacker News new | ask | show | jobs
by dijit 491 days ago
I’ve seen things you wouldn't believe.

Python deterministically generating terraform HCL files based on yaml.

Execution wrappers that encapsulate terraform in CI/CD to parse the json output and prevent database deletion, but apply everything else.

Scripts that pull every git repo and execute every terraform file they can find while walking the directory tree.

Terraform is about 80% of the way to a good tool, that last 20% is a ball-ache and solved totally differently every time; the best setups I’ve seen is where terraform just “hands off” to something else after making a minimum infrastructure.

But, otherwise, it can get incredibly messy.
2 comments
maccard 491 days ago
I agree with your 80/20 take, but I’ve come to the conclusion that the only reason terraform is a good tool is because it leaves the messy stuff (the other 20%) to other tools and pretends it doesn’t exist.
link
cruffle_duffle 491 days ago
Yeah but it sure feels like what is in that 20% has to be common enough to have good best practices around it?

Or perhaps that 20% is simply the remainder of organizational complexity that cannot be standardized in a single tool like Terraform? Every org and every product have unique enough attributes that it is just not possible.

I dunno. I find terraform a uniquely fascinating product because it does so much yet leaves so much for you to do on your own.

link
maccard 491 days ago
> Or perhaps that 20% is simply the remainder of organizational complexity that cannot be standardized in a single tool like Terraform

I think this is what it is in practice. My opinion is that if these organisations had slightly less opinions terraform could probably solve another 15% and just leave the 5% that is _definitely_ organizational complexity.

link
TYMorningCoffee 491 days ago
> Python deterministically generating terraform HCL files based on yaml.

That sounds terrible. I'm sorry you had to deal with that.

If they could go back in time, would modules have been good enough?

link
dijit 491 days ago
No, because control flow is very janky and completely tacked-on.

I considered (in all three cases) making a forked version of terraform for use in CI and for aiding control flow.

Pulumi/Terragrunt would probably have helped the specific issue you’re mentioning though.

link