21 lines
1.6 KiB
Markdown
21 lines
1.6 KiB
Markdown
# Infrastructure as Code Reference
|
|
|
|
This document expands on the mechanics of minimizing drift and adhering to GitOps principles when writing and modifying infrastructure configurations.
|
|
|
|
## 1. What is Configuration Drift?
|
|
If a developer manually patches a live database or a Kubernetes deployment using `kubectl edit` or the Cloud Console, the live state diverges from the source code repository. When the CI/CD pipeline runs the next deployment, it will either:
|
|
- Overwrite the manual fix, causing the outage to return.
|
|
- Fail because the state changed unexpectedly.
|
|
|
|
**Your job is to prevent drift.** Always modify the underlying code to fix the symptoms in the live environment.
|
|
|
|
## 2. No Imperative Commands (The `apply` Prohibition)
|
|
You are an editor of source code, not an executor of deployments (unless in a local sandbox).
|
|
- **Wrong:** "I see the issue, I will run `kubectl patch deployment my-app -p ...` to fix it."
|
|
- **Right:** "I see the issue. The environment variable is missing in `helm/values.yaml`. Let's add it there so ArgoCD/Flux/GitHub Actions can apply the fix."
|
|
|
|
## 3. Best Practices for IaC Repositories
|
|
- **Immutability:** Use specific versions (e.g., `nginx:1.24.0` instead of `nginx:latest`).
|
|
- **DRY Principle:** Understand if the user uses modules/components (Terraform modules, Helm subcharts) before hardcoding values. Look for `variables.tf` or `values.yaml`. Treat IaC as production-grade code (refer to **Clean Code** skill).
|
|
- **Validation First:** Always suggest running `terraform plan`, `helm lint` (refer to **Helm** skill), or `kustomize build` to preview the infrastructure changes before executing an apply.
|