ref: 41e11f7d9d43ebc929aa90dbe0827d12a680ae64 infrastructure/terraform/README.md -rw-r--r-- 805 bytes
41e11f7d — Damien Radtke Use blue-green terraform strategy for cluster upgrades a month ago


$ terraform apply -var-file secrets.tfvars && post-apply


Log level and log path can be set using the TF_LOG and TF_LOG_PATH environment variables. See https://www.terraform.io/docs/internals/debugging.html


  • Looks like the CA key is persisted in the Terraform state. :gulp: Need to figure out how to not do that. Will probably require storing it somewhere other than git.
  • It would be nice to have all nodes in their own module, i.e. module.nodes.consul-servers rather than module.consul-servers. This would make it easier to apply only node changes, which may be necessary to do before applying DNS record changes.
  • Look into adding a healthcheck provisioner? See: https://www.hashicorp.com/blog/zero-downtime-updates-with-terraform/