BanklessDAO
BanklessDAO
/
Developers Guild
Developers Guild
/
Knowledge Sessions
/
Knowledge Session: Terraform Notes

Knowledge Session: Terraform Notes

9/21/2021 8:00 PM Eastern.
 
  • Terraform is used by Bogdrakonov in job to manage dozens of AWS instances.
  • Demo starts off with a blank Digital Ocean team.
  • One security downside is that terraform won't keep track of infrastructure that isn't explicitly configured with terraforming.
  • Environments
    • The environments as code.
  • modules
    • Droplet modules run user data on deployment
  • For demo using .git-crypt to encrypt code on commit.
  • Once a paid team is set up, can use CI (i.e. Jenkins) to continuously rollout.
  • Jumpcloud - authentication tool. Free for ten users and free for ten servers.
    • Can set up groups to manage which users have access to what infrastructure.
    • Allows users to upload SSH keys and deploy across all servers they have permission to use.
    • Has LDAP and SAML support.
    • Will generate temporary API keys for infrastructure services such as AWS.
  • With some operations, terraform will attempt to destroying and recreate.
  • Allows DevOps teams to track the setup of infrastructure via GIT.
    • Helps with Auditing
    • Infrastructure changes are facilitated through GIT commits
      • PR Review is where teams would audit changes.
  • Terraform is just a CLI, no server backend.
  • 99% of DevOps personnel should be the only ones with direct access.
    • DAO members would submit requests for infrastructure.
  • Difficulty with Terraform comes with more complex environments.
Summary
  • Terraform - helps set up, administer, and teardown infrastructure all through code.
    • Across many instances.
    • From the CLI.
    • Allows linking infrastructure very straightforward.
    • Can easily walk away from it if it becomes too cumbersome
  • JumpCloud - Authentication service, used in conjunction with Terraform.
  • Relatively easy to pick up.
    • Good Documentation
    • Hashicorp Language 2
  • Private Repo available on Bankless DAO Github for anyone looking to learn and review.
  • Ansible also available for review. On Github, ask Devops team for access.
BanklessDAO
BanklessDAO
/
Developers Guild
Developers Guild
/
Knowledge Sessions
/
Knowledge Session: Terraform Notes

Knowledge Session: Terraform Notes

9/21/2021 8:00 PM Eastern.
 
  • Terraform is used by Bogdrakonov in job to manage dozens of AWS instances.
  • Demo starts off with a blank Digital Ocean team.
  • One security downside is that terraform won't keep track of infrastructure that isn't explicitly configured with terraforming.
  • Environments
    • The environments as code.
  • modules
    • Droplet modules run user data on deployment
  • For demo using .git-crypt to encrypt code on commit.
  • Once a paid team is set up, can use CI (i.e. Jenkins) to continuously rollout.
  • Jumpcloud - authentication tool. Free for ten users and free for ten servers.
    • Can set up groups to manage which users have access to what infrastructure.
    • Allows users to upload SSH keys and deploy across all servers they have permission to use.
    • Has LDAP and SAML support.
    • Will generate temporary API keys for infrastructure services such as AWS.
  • With some operations, terraform will attempt to destroying and recreate.
  • Allows DevOps teams to track the setup of infrastructure via GIT.
    • Helps with Auditing
    • Infrastructure changes are facilitated through GIT commits
      • PR Review is where teams would audit changes.
  • Terraform is just a CLI, no server backend.
  • 99% of DevOps personnel should be the only ones with direct access.
    • DAO members would submit requests for infrastructure.
  • Difficulty with Terraform comes with more complex environments.
Summary
  • Terraform - helps set up, administer, and teardown infrastructure all through code.
    • Across many instances.
    • From the CLI.
    • Allows linking infrastructure very straightforward.
    • Can easily walk away from it if it becomes too cumbersome
  • JumpCloud - Authentication service, used in conjunction with Terraform.
  • Relatively easy to pick up.
    • Good Documentation
    • Hashicorp Language 2
  • Private Repo available on Bankless DAO Github for anyone looking to learn and review.
  • Ansible also available for review. On Github, ask Devops team for access.