https://www.chenk.top/en/tags/infrastructure-as-code/Recent content in Infrastructure as Code on Chen Kai BlogHugoenSat, 09 May 2026 09:00:00 +0000https://www.chenk.top/en/aliyun-fullstack/12-terraform-e2e/Sat, 09 May 2026 09:00:00 +0000https://www.chenk.top/en/aliyun-fullstack/12-terraform-e2e/<p>Eleven articles. Dozens of CLI commands. Hundreds of manual steps. Now we throw all of that away and rebuild the entire stack with a single <code>terraform apply</code>. This is why infrastructure-as-code exists.</p> <p>Over the past eleven parts of this series, we have clicked through consoles, typed <code>aliyun</code> CLI commands, and manually configured everything from VPCs to Function Compute triggers. It worked. We learned every resource intimately because we built each one by hand. But if I asked you right now to recreate that entire stack in a new region — the VPC with its three tiers and two availability zones, the ECS instance with its cloud-init script, the RDS MySQL HA setup, the OSS bucket with lifecycle rules, the RAM policies, the SLS log pipeline, the Function Compute event processing — you would need at least a full day of careful work. And you would inevitably miss something. A security group rule. A backup policy. A CORS configuration.</p>https://www.chenk.top/en/terraform-agents/02-provider-and-state-setup/Sat, 14 Mar 2026 09:00:00 +0000https://www.chenk.top/en/terraform-agents/02-provider-and-state-setup/<p>This article is where you stop reading and start typing. By the end, you&rsquo;ll have:</p> <ol> <li>The <code>alicloud</code> Terraform provider installed and version-pinned.</li> <li>Authentication wired up — through the right method, not the convenient one.</li> <li>Remote state on an OSS bucket with Tablestore-based locking.</li> <li>Three workspaces (<code>dev</code>, <code>staging</code>, <code>prod</code>) that share a backend but isolate state.</li> <li>A working <code>terraform plan</code> against an empty config.</li> </ol> <p>Nothing here provisions an agent yet. This lays the foundation for all future articles. If you skip this and try to wing it in article 3, you&rsquo;ll likely face a state-corruption incident within a week.</p>https://www.chenk.top/en/terraform-agents/01-why-terraform-for-agents/Thu, 12 Mar 2026 09:00:00 +0000https://www.chenk.top/en/terraform-agents/01-why-terraform-for-agents/<p>I have shipped four agent systems on Alibaba Cloud in the last eighteen months. Three of them started life as a <code>tmux</code> session on a single ECS instance someone created by clicking through the console. All three of those needed a panicked weekend of rebuilding when the second engineer joined the project, when the prod region had a stockout, or when the security team asked for a network diagram.</p> <p>The fourth started life as <code>terraform apply</code>. It was the only one I haven&rsquo;t lost a weekend to.</p>https://www.chenk.top/en/cloud-computing/operations-devops/Fri, 26 May 2023 09:00:00 +0000https://www.chenk.top/en/cloud-computing/operations-devops/<p><figure class="article-figure"> <img src="https://blog-pic-ck.oss-cn-beijing.aliyuncs.com/posts/en/cloud-computing/operations-devops/illustration_1.png" alt="Cloud Computing (7): Cloud Operations and DevOps Practices — Chapter overview" loading="lazy" decoding="async" class="content-image"> </figure> </p> <p>In 2017 GitLab lost six hours of database state. An engineer, exhausted, ran <code>rm -rf</code> on the wrong server during an incident. The backup procedures had silently been broken for months; nobody noticed because no one was restoring from backups. The lesson is not &ldquo;be careful with rm&rdquo;. The lesson is that operations is a <em>system</em> — tools, runbooks, monitoring, automation, and the rituals around them. When the system is healthy, no single tired engineer can take down production. When the system is rotten, every late-night fix is one keystroke from disaster.</p>