Infrastructure as Code
Infrastructure Automation
Declarative infrastructure with Terraform and Pulumi, enabling reproducible deployments across 3 cloud regions in under 15 minutes.
< 15 min
Deploy Time
Real-time
Drift Detection
847
Resources Managed
100%
Policy Compliance
Terraform Configuration
Declarative infrastructure with HashiCorp Terraform for multi-cloud deployments.
# infra/terraform/main.tf
terraform {
required_version = ">= 1.6"
required_providers {
google = {
source = "hashicorp/google"
version = "~> 5.0"
}
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
fly = {
source = "fly-apps/fly"
version = "~> 0.1"
}
}
backend "gcs" {
bucket = "justkalm-terraform-state"
prefix = "production"
}
}
# Multi-region deployment
module "api_cluster" {
source = "./modules/fly-cluster"
for_each = toset(["iad", "lhr", "nrt"])
app_name = "justkalm-api"
region = each.value
image = var.api_image
min_machines = each.value == "iad" ? 3 : 2
max_machines = each.value == "iad" ? 10 : 5
cpu_kind = "shared"
cpus = 2
memory_mb = 1024
environment = {
ENVIRONMENT = "production"
DATABASE_URL = module.database.connection_string
REDIS_URL = module.redis.url
OTEL_ENDPOINT = var.otel_endpoint
}
secrets = {
OPENAI_API_KEY = data.google_secret_manager_secret_version.openai.secret_data
ANTHROPIC_API_KEY = data.google_secret_manager_secret_version.anthropic.secret_data
}
}
# Database cluster
module "database" {
source = "./modules/neon-postgres"
project_name = "justkalm-prod"
branch_name = "main"
compute_size = "2cu"
autoscaling_max = "8cu"
pooler_enabled = true
pooler_mode = "transaction"
}Infrastructure Status
Fly.io API Cluster
iad, lhr, nrt
9 machineshealthy
Neon PostgreSQL
us-east-1
1 clusterhealthy
Upstash Redis
Global
3 instanceshealthy
Cloudflare CDN
Global
245 PoPshealthy
GCS Storage
us-central1
4 bucketshealthy
Secret Manager
global
23 secretssynced
GitOps Terraform Workflow
# .github/workflows/terraform.yml
name: Terraform
on:
push:
branches: [main]
paths: ['infra/terraform/**']
pull_request:
paths: ['infra/terraform/**']
jobs:
plan:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.6.6"
cli_config_credentials_token: ${"{{"} secrets.TF_API_TOKEN }}
- name: Terraform Init
run: terraform init
working-directory: infra/terraform
- name: Terraform Validate
run: terraform validate
working-directory: infra/terraform
- name: Terraform Plan
id: plan
run: terraform plan -no-color -out=tfplan
working-directory: infra/terraform
env:
GOOGLE_CREDENTIALS: ${"{{"} secrets.GOOGLE_CREDENTIALS }}
FLY_API_TOKEN: ${"{{"} secrets.FLY_API_TOKEN }}
- name: Comment Plan on PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const plan = `${"{{"} steps.plan.outputs.stdout }}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '## Terraform Plan\n\`\`\`hcl\n' + plan + '\n\`\`\`'
});
apply:
needs: plan
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- name: Terraform Apply
run: terraform apply -auto-approve
working-directory: infra/terraformInfrastructure as Code
Reproducible, version-controlled infrastructure across all environments.
847 Resources Managed3 Cloud RegionsZero Drift