I am new to Terraform, and have inherited a terraform set of files “aka Person” that creates a few containers, an a load balancer and places them on subnets in a vnet. The terrafom uses a remote state for each env from a cloud based storage account. The containers are setup as blue/green, with the loadbalancer pointing to the live color
Terraform is how code is deployed to the environment. Terraform is ran with some extra vars denoting which env, and color should be live, and what versions from the container registry should be in each color. (run terraform with vars that update the non live color version #, then run it again with vars that change the live color)
I’ve now been asked to set this up for 6 more ‘instances’ of the above (Person, Account, Org, etc.). These setups are all the same architecturally speaking. Really the only differences are in subnet/vnets, naming of containers/load balancer, and which repository on the registry to pull images from.
Being new to terraform I spent about 30 minutes pulling the above hardcoded values out into variables. My plan was to just have the values above be additional variables I could pass in from an env file, prior to running the terraform.
To test things, I re-ran my now parameterized terraform with the “person” values in a new env file. The terraform plan came straight back with no changes.
Success! or so I thought.
I cloned the ‘person’ env file, and swapped out the ‘person’ values, for ‘account’ values.
I reran a terraform plan and was disappointed to see that terraform wants to now rename everything from person to account.
I think this is due to ‘overusing’ the state. In the .TF files, the resource entry (resource “azurerm_container_group” “blue”) is not getting the ‘person’ vs ‘account’ vs ‘org’ etc uniqueness, so I’m confusing terraform…
What’s the right way to do this? i do want to have the ability to deploy code individually to a given container group (person, or account, etc), but I don’t want to have 5 copies of the terraform files with the only difference being the names… I think using a terraform for loop inside of the terraform to create/manage this infrastructure would also make it difficult to deploy only one, but I’m not sure. (I’m new)
One of the incoming vars into this terraform is the state file location. (the env (dev,qa,prod))
I was thinking one way would be to just split these off into multiple state files. I.e. where I just now have a dev statefile, I could have a devperson, devaccount, etc.
Is there a different of better way to get uniqueness? can I use a variable in a ("resource “azurerm_container_group” “blue”) reference so terraform understands that incoming env var is account, and not person?
Thanks for your advice. I’m really liking terraform… I’ve used a plan to catch someone hand configuring some bad configuration data into some resources already with it!