So, we are buildung currently many terraform code to be able to deploy the resources we would like to have, in our case to Azure but that doesn’t really matter.
From high level, we will have, at least tree environments:
as we don’t expect, that the environments will consists of the same set of resources, we have create for each environment a dedicated root configuration and decided to not use terraform workspace for environment separation.
To reduce code logic duplication, we have further more created two types of modules
- resource-modules = our own implementation of a dedicated resource to meet our requirements with just a single resource in
- deploy-modules = compose the resource modules together to handle a complete use case like “deploy network”, “deploy app1”, “deploy vm”…
Now we are able to call the (deploy-)module from the environment root configuration.
Which is working as expected, so far, so good.
We know, that we can now add as much as required deploy-modules to the root configurations to get the things up and running in each environment.
How ever, we would, for example, never be able to remove a dedicated workload from an environment with
terraform destroy as that would kill the whole environment instead of a dedicated workload.
So we are wondering, what would be the most efficiant approach to go for to have
- as much flexibility as possible
- avoiding code duplication as much as possible
- keeping the code clean/understandable as much as possible
Any suggestions from real world?