[Multiple projects, one Azure subscription], Terraform - feasibility of distributed configuration



  • I know terraform a bit, but in the past I worked just with one terraform repository serving all infrastructure (with modules per provider/function).

    infrastructure
       |- modules
       |   |- gcp
       |       |- main.tf
       |       |- variables.tf
       |   |- vsphere
       |       |- main.tf
       |       |- variables.tf
    

    Now I have following situation:

    • one Azure subscription
    • Need for multiple separated infrastructure "buckets" - per 2 different projects, and I would like to separate test/dev (which should be more ephemeral) from production servers (long life).
    • Need to hand over the infra per project in the future

    Is it convenient and feasible to have:

    • a bit of terraform code in each project repository, to keep it together
    • many tfstates on same Azure subscription (one state per each infra bucket) that are isolated on Azure side by (resource groups?)

    Any advice Guys?



  • You may want to use https://www.terraform.io/cloud this will allow you to publish your modules from the project repos to a registry and you can then consume these modules from another repo containing the terraform that you use for the IaC deployments you then need to work out what the pipeline triggers for this repo will be.

    Terraform cloud will also give you remote storage of the tfstate files and you will need a state per environment that you deploy. Azure DevOps and GitHub (and probably all other CI/CD providers) let you define environments and associate variables with them so you can use these to define which state file and resource group to target along with any other environment specific values you may need to use.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2