Reasons why you shouldn't use programming languages for IaC

When it comes to IaC (infrastructure as code), most people might have heard of HashiCorp’s Terraform (it uses HCL as DSL. Interestingly enough, Terraform also has its own CDK to translate programming languages into HCL), Pulumi or AWS CDK. The latter two support programming languages as DSL. Mostly there are two camps: People who swear by HCL and think you shouldn’t use programming languages for IaC People who don’t see why you need to pick up a new language in order to use IaC, so they prefer using a programming language they already are familiar with instead Both camps are not wrong, they are both valid. However, I want to share my take on why you should use HCL for IaC. ...

August 5, 2024 · 2 min · Karn Wong

Reduce operational costs with terraform

Background Think of websites you visit each day. Most likely they are hosted on a cloud provider such as AWS, GCP, Azure. The good news is it’s very easy to create a simple deployment with a virtual machine, but for scalable and high-availability workloads, usual recommendations is to use a container-based runtime such as AWS ECS/EKS, GCP Cloud Run/GKE. These services also require more configurations than a simple VM deployment. ...

November 4, 2023 · 3 min · Karn Wong

Create Kubernetes service accounts with Terraform

Sometimes you’ll have to grant other people (or entities) access to your Kubernetes cluster. Easiest is you can give them your admin credentials, but this is similar to giving your house key to a friend, when they only need access to your living room. You can give them different keys, depending on access level required. Those could be readonly access to view services status, or deploy service account that can create/update services. ...

August 1, 2023 · 3 min · Karn Wong

Terraform RDS module with DNS setup

I love not having to manage databases. Hosting it on your compute is guaranteed to be cheaper, but I don’t want to be constantly worrying about backups and database upgrade / maintenance. AWS offers managed databases, known as RDS. Mostly I use postgres, which works well for most use cases. (It’s also a given that - if you don’t really need NoSQL database, then don’t use it). If I spin up RDS postgres, I can reach it assuming I have set up the correct networking pathways. (And you shouldn’t expose your database to public, unless it’s for playground with no sensitive data.) ...

March 17, 2023 · 2 min · Karn Wong

Cloudflare DNS management with Terraform

I self hosted a lot of services, sometimes I try out a few apps that would get deleted within the same day. All this requires setting up CNAME for reverse-proxy (because I want to make sure there’s no funny reverse-proxy shenanigans going on, for future reference). I can always log into Cloudflare console and manually add CNAME entries, but this is getting too tiresome since all I really need is another CNAME with the same config as the rest of the CNAMEs - pointing to the same DNS for my homelab. Cue lightbulb moment when I realize I can use Terraform to set it up. ...

November 20, 2022 · 1 min · Karn Wong