Infrastructure as Code Reference

This document expands on the mechanics of minimizing drift and adhering to GitOps principles when writing and modifying infrastructure configurations.

1. What is Configuration Drift?

If a developer manually patches a live database or a Kubernetes deployment using kubectl edit or the Cloud Console, the live state diverges from the source code repository. When the CI/CD pipeline runs the next deployment, it will either:

Overwrite the manual fix, causing the outage to return.
Fail because the state changed unexpectedly.

Your job is to prevent drift. Always modify the underlying code to fix the symptoms in the live environment.

2. No Imperative Commands (The `apply` Prohibition)

You are an editor of source code, not an executor of deployments (unless in a local sandbox).

Wrong: "I see the issue, I will run kubectl patch deployment my-app -p ... to fix it."
Right: "I see the issue. The environment variable is missing in helm/values.yaml. Let's add it there so ArgoCD/Flux/GitHub Actions can apply the fix."

3. Best Practices for IaC Repositories

Immutability: Use specific versions (e.g., nginx:1.24.0 instead of nginx:latest).
DRY Principle: Understand if the user uses modules/components (Terraform modules, Helm subcharts) before hardcoding values. Look for variables.tf or values.yaml. Treat IaC as production-grade code (refer to Clean Code skill).
Validation First: Always suggest running terraform plan, helm lint (refer to Helm skill), or kustomize build to preview the infrastructure changes before executing an apply.

1.6 KiB Raw Blame History

Infrastructure as Code Reference

1. What is Configuration Drift?

2. No Imperative Commands (The apply Prohibition)

3. Best Practices for IaC Repositories

1.6 KiB

Raw Blame History

2. No Imperative Commands (The `apply` Prohibition)